# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 09:10:47 # Log Creation Date: 22.06.2020 21:14:31.241 Process: id = "1" image_name = "zfxqrq7mxhhem2v2.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zfxqrq7mxhhem2v2.exe" page_root = "0x47a3a000" os_pid = "0x86c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x460" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ec75" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x87c [0026.793] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x52ff68 | out: lpSystemTimeAsFileTime=0x52ff68*(dwLowDateTime=0x2d099f20, dwHighDateTime=0x1d648da)) [0026.793] GetCurrentThreadId () returned 0x87c [0026.793] GetCurrentProcessId () returned 0x86c [0026.793] QueryPerformanceCounter (in: lpPerformanceCount=0x52ff60 | out: lpPerformanceCount=0x52ff60*=14654497372) returned 1 [0026.798] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0026.798] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0026.798] GetLastError () returned 0x57 [0026.798] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0026.798] GetLastError () returned 0x57 [0026.798] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76ac0000 [0026.799] GetProcAddress (hModule=0x76ac0000, lpProcName="InitializeCriticalSectionEx") returned 0x76ad4d28 [0026.799] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0026.799] GetLastError () returned 0x57 [0026.799] GetProcAddress (hModule=0x76ac0000, lpProcName="FlsAlloc") returned 0x76ad4f2b [0026.799] GetProcAddress (hModule=0x76ac0000, lpProcName="FlsSetValue") returned 0x76ad4208 [0026.799] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x0 [0026.799] GetLastError () returned 0x57 [0026.799] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x0 [0026.799] GetLastError () returned 0x57 [0026.799] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x0) returned 0x76ac0000 [0026.799] GetProcAddress (hModule=0x76ac0000, lpProcName="InitializeCriticalSectionEx") returned 0x76ad4d28 [0026.799] GetProcessHeap () returned 0x5a0000 [0026.800] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0026.800] GetLastError () returned 0x57 [0026.800] GetProcAddress (hModule=0x76ac0000, lpProcName="FlsAlloc") returned 0x76ad4f2b [0026.800] GetLastError () returned 0x57 [0026.800] GetProcAddress (hModule=0x76ac0000, lpProcName="FlsGetValue") returned 0x76ad1252 [0026.800] GetProcAddress (hModule=0x76ac0000, lpProcName="FlsSetValue") returned 0x76ad4208 [0026.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x364) returned 0x5b5678 [0026.800] SetLastError (dwErrCode=0x57) [0026.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe00) returned 0x5b59e8 [0026.801] GetStartupInfoW (in: lpStartupInfo=0x52fea0 | out: lpStartupInfo=0x52fea0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x2f8270, hStdOutput=0x45c44e2d, hStdError=0xfffffffe)) [0026.801] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0026.801] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0026.801] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0026.801] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe\" " [0026.801] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe\" " [0026.801] GetACP () returned 0x4e4 [0026.801] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x220) returned 0x5b6ff0 [0026.801] IsValidCodePage (CodePage=0x4e4) returned 1 [0026.801] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x52fec0 | out: lpCPInfo=0x52fec0) returned 1 [0026.801] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x52f788 | out: lpCPInfo=0x52f788) returned 1 [0026.801] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x52fd9c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0026.801] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x52fd9c, cbMultiByte=256, lpWideCharStr=0x52f528, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0026.801] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpCharType=0x52f79c | out: lpCharType=0x52f79c) returned 1 [0026.801] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x52fd9c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0026.801] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x52fd9c, cbMultiByte=256, lpWideCharStr=0x52f4d8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0026.801] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x0 [0026.801] GetLastError () returned 0x57 [0026.801] GetProcAddress (hModule=0x76ac0000, lpProcName="LCMapStringEx") returned 0x76b547f1 [0026.801] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0026.802] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x52f2c8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0026.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x52fc9c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿe4¦EØþR", lpUsedDefaultChar=0x0) returned 256 [0026.802] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x52fd9c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0026.802] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x52fd9c, cbMultiByte=256, lpWideCharStr=0x52f4f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0026.802] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0026.802] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x52f2e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0026.802] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x52fb9c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿe4¦EØþR", lpUsedDefaultChar=0x0) returned 256 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x80) returned 0x5b7218 [0026.802] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x52fce4, nSize=0x105 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zfxqrq7mxhhem2v2.exe")) returned 0x3a [0026.802] GetProcAddress (hModule=0x76ac0000, lpProcName="AreFileApisANSI") returned 0x76b540d1 [0026.802] AreFileApisANSI () returned 1 [0026.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0026.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe", cchWideChar=-1, lpMultiByteStr=0x30acf8, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe", lpUsedDefaultChar=0x0) returned 59 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x43) returned 0x5aeda8 [0026.802] RtlInitializeSListHead (in: ListHead=0x30ac20 | out: ListHead=0x30ac20) [0026.802] GetLastError () returned 0x0 [0026.802] SetLastError (dwErrCode=0x0) [0026.802] GetEnvironmentStringsW () returned 0x5b72a0* [0026.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x565) returned 0x5b7d78 [0026.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x5b7d78, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0026.802] FreeEnvironmentStringsW (penv=0x5b72a0) returned 1 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x98) returned 0x5b72a0 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f) returned 0x5b6b28 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x36) returned 0x5b7340 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x37) returned 0x5b7380 [0026.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b8300 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5b73c0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5b7400 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b7420 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14) returned 0x5b7450 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd) returned 0x5b1710 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x25) returned 0x5b7470 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x39) returned 0x5b8348 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5b74a0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5b74c0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe) returned 0x5b1728 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x69) returned 0x5b74e0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3e) returned 0x5b8390 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b) returned 0x5b6b50 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d) returned 0x5b6b78 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5b7558 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5b75a8 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5b75c8 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b) returned 0x5b6ba0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b75e8 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5b7618 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5b6bc8 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x41) returned 0x5b7650 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5b76a0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf) returned 0x5b1740 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16) returned 0x5b76c0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5b76e0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5b7718 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15) returned 0x5b7750 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5b6bf0 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5b7770 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5b77a8 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5b77c8 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x46) returned 0x5b77e8 [0026.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b7d78 | out: hHeap=0x5a0000) returned 1 [0026.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x800) returned 0x5b7838 [0026.803] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0026.803] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x2f7f21) returned 0x0 [0026.803] GetStartupInfoW (in: lpStartupInfo=0x52ff04 | out: lpStartupInfo=0x52ff04*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0026.803] GetDriveTypeW (lpRootPathName="Q:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="W:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="E:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="R:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="T:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="Y:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="U:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="I:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="O:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="P:\\") returned 0x1 [0026.804] GetDriveTypeW (lpRootPathName="A:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="S:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="D:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="F:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="G:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="H:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="J:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="K:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="L:\\") returned 0x1 [0026.805] GetDriveTypeW (lpRootPathName="Z:\\") returned 0x1 [0026.806] GetDriveTypeW (lpRootPathName="X:\\") returned 0x1 [0026.806] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0026.806] GetDriveTypeW (lpRootPathName="V:\\") returned 0x1 [0026.806] GetDriveTypeW (lpRootPathName="B:\\") returned 0x1 [0026.806] GetDriveTypeW (lpRootPathName="N:\\") returned 0x1 [0026.806] GetDriveTypeW (lpRootPathName="M:\\") returned 0x1 [0026.806] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5b9730 [0026.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9738 [0026.807] FindFirstVolumeW (in: lpszVolumeName=0x5b9730, cchBufferLength=0x8000 | out: lpszVolumeName="\\\\?\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\") returned 0x5b8040 [0026.807] GetVolumePathNamesForVolumeNameW (in: lpszVolumeName="\\\\?\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\", lpszVolumePathNames=0x52fe40, cchBufferLength=0x78, lpcchReturnLength=0x52fd18 | out: lpszVolumePathNames=0x52fe40, lpcchReturnLength=0x52fd18) returned 1 [0026.808] lstrlenW (lpString="C:\\") returned 3 [0026.808] FindNextVolumeW (in: hFindVolume=0x5b8040, lpszVolumeName=0x5b9730, cchBufferLength=0x7fff | out: hFindVolume=0x5b8040, lpszVolumeName="\\\\?\\Volume{92eb13a2-4a1d-11e7-bae1-806e6f6e6963}\\") returned 0 [0026.808] FindVolumeClose (hFindVolume=0x5b8040) returned 1 [0026.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9738 | out: hHeap=0x5a0000) returned 1 [0026.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b9730 | out: hHeap=0x5a0000) returned 1 [0026.808] GetTickCount () returned 0x1142bf1 [0026.808] Sleep (dwMilliseconds=0x3f2) [0027.829] GetTickCount () returned 0x1142fe7 [0027.829] Sleep (dwMilliseconds=0x3f2) [0028.830] GetTickCount () returned 0x11433dd [0028.830] Sleep (dwMilliseconds=0x3f2) [0029.844] GetTickCount () returned 0x11437d3 [0029.844] Sleep (dwMilliseconds=0x3f2) [0030.861] GetTickCount () returned 0x1143bc9 [0030.861] Sleep (dwMilliseconds=0x3f2) [0031.873] GetTickCount () returned 0x1143fbf [0031.873] Sleep (dwMilliseconds=0x3f2) [0032.886] GetTickCount () returned 0x11443b5 [0032.886] Sleep (dwMilliseconds=0x3f2) [0033.900] GetTickCount () returned 0x11447ab [0033.900] Sleep (dwMilliseconds=0x3f2) [0034.914] wsprintfA (in: param_1=0x30b33c, param_2="LOL\n%s\nKEK" | out: param_1="LOL\nNNNNNNNN\nKEK") returned 16 [0034.914] CryptAcquireContextA (in: phProv=0x52fd18, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x52fd18*=0x5ba370) returned 1 [0035.092] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x52fe20 | out: pbBuffer=0x52fe20) returned 1 [0035.093] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=300, lMaximumCount=300, lpName=0x0) returned 0xa8 [0035.093] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=300, lpName=0x0) returned 0xac [0035.093] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7250, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb4 [0035.094] SetThreadPriority (hThread=0xb4, nPriority=15) returned 1 [0035.098] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xbc [0035.098] SetThreadPriority (hThread=0xbc, nPriority=15) returned 1 [0035.099] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc8 [0035.152] SetThreadPriority (hThread=0xc8, nPriority=15) returned 1 [0035.152] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xcc [0035.154] SetThreadPriority (hThread=0xcc, nPriority=15) returned 1 [0035.154] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd0 [0035.154] SetThreadPriority (hThread=0xd0, nPriority=15) returned 1 [0035.155] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xc4 [0035.245] SetThreadPriority (hThread=0xc4, nPriority=15) returned 1 [0035.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xdc [0035.258] SetThreadPriority (hThread=0xdc, nPriority=15) returned 1 [0035.355] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xd8 [0035.355] SetThreadPriority (hThread=0xd8, nPriority=15) returned 1 [0035.356] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xf0 [0035.442] SetThreadPriority (hThread=0xf0, nPriority=15) returned 1 [0035.443] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xec [0035.451] SetThreadPriority (hThread=0xec, nPriority=15) returned 1 [0035.452] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x114 [0035.510] SetThreadPriority (hThread=0x114, nPriority=15) returned 1 [0035.510] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x134 [0035.511] SetThreadPriority (hThread=0x134, nPriority=15) returned 1 [0035.511] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7590, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x138 [0035.511] SetThreadPriority (hThread=0x138, nPriority=15) returned 1 [0035.512] GetLogicalDrives () returned 0x4 [0035.512] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x208) returned 0x5c5ea0 [0035.512] wsprintfW (in: param_1=0x5c5ea0, param_2="\\\\?\\%c:" | out: param_1="\\\\?\\C:") returned 6 [0035.512] GetDriveTypeW (lpRootPathName="\\\\?\\C:") returned 0x1 [0035.512] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2f7030, lpParameter=0x5c5ea0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13c [0035.512] SetThreadPriority (hThread=0x13c, nPriority=15) returned 1 [0035.922] WaitForMultipleObjects (nCount=0x2, lpHandles=0x52fd20*=0xb4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0066.787] CloseHandle (hObject=0xb4) returned 1 [0066.787] CloseHandle (hObject=0x13c) returned 1 [0066.787] CloseHandle (hObject=0xac) returned 1 [0066.787] CloseHandle (hObject=0xa8) returned 1 [0066.787] CryptReleaseContext (hProv=0x5ba370, dwFlags=0x0) returned 1 [0066.787] GetModuleHandleW (lpModuleName=0x0) returned 0x2f0000 [0066.787] GetModuleHandleW (lpModuleName=0x0) returned 0x2f0000 [0066.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b7218 | out: hHeap=0x5a0000) returned 1 [0066.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b7838 | out: hHeap=0x5a0000) returned 1 [0066.788] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2", hFile=0x0, dwFlags=0x800) returned 0x0 [0066.788] GetLastError () returned 0x57 [0066.788] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x52fefc | out: phModule=0x52fefc) returned 0 [0066.788] ExitProcess (uExitCode=0x0) [0066.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b5678 | out: hHeap=0x5a0000) returned 1 Thread: id = 2 os_tid = 0x94c Thread: id = 3 os_tid = 0x888 [0035.094] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x0, lphEnum=0x231fba8 | out: lphEnum=0x231fba8*=0x5bc2a0) returned 0x0 [0035.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5bd790 [0035.502] WNetEnumResourceW (in: hEnum=0x5bc2a0, lpcCount=0x231fbb4, lpBuffer=0x5bd790, lpBufferSize=0x231fbac | out: lpcCount=0x231fbb4, lpBuffer=0x5bd790, lpBufferSize=0x231fbac) returned 0x0 [0035.502] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x5bd790, lphEnum=0x231f910 | out: lphEnum=0x231f910*=0x669a28) returned 0x0 [0041.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e3dc70 [0041.905] WNetEnumResourceW (in: hEnum=0x669a28, lpcCount=0x231f91c, lpBuffer=0x3e3dc70, lpBufferSize=0x231f914 | out: lpcCount=0x231f91c, lpBuffer=0x3e3dc70, lpBufferSize=0x231f914) returned 0x103 [0041.905] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3dc70 | out: hHeap=0x5a0000) returned 1 [0041.906] WNetCloseEnum (hEnum=0x669a28) returned 0x0 [0041.906] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x5bd7b0, lphEnum=0x231f910 | out: lphEnum=0x231f910*=0x669a28) returned 0x4b8 [0066.785] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x5bd7d0, lphEnum=0x231f910 | out: lphEnum=0x231f910*=0x669a28) returned 0x4c6 [0066.786] WNetEnumResourceW (in: hEnum=0x5bc2a0, lpcCount=0x231fbb4, lpBuffer=0x5bd790, lpBufferSize=0x231fbac | out: lpcCount=0x231fbb4, lpBuffer=0x5bd790, lpBufferSize=0x231fbac) returned 0x103 [0066.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5bd790 | out: hHeap=0x5a0000) returned 1 [0066.786] WNetCloseEnum (hEnum=0x5bc2a0) returned 0x0 Thread: id = 4 os_tid = 0x898 [0035.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.518] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.518] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2", dwFileAttributes=0x80) returned 1 [0035.829] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0035.830] CloseHandle (hObject=0x15c) returned 1 [0035.830] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.830] GetFileSize (in: hFile=0x15c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0035.830] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0035.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x5fc208 [0035.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5fc600 [0035.830] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0035.830] ReadFile (in: hFile=0x15c, lpBuffer=0x5fc600, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x5fc600*, lpNumberOfBytesRead=0x2a4e35c*=0x0, lpOverlapped=0x0) returned 1 [0035.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0035.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc208 | out: hHeap=0x5a0000) returned 1 [0035.830] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0035.830] WriteFile (in: hFile=0x15c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0035.831] WriteFile (in: hFile=0x15c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0035.831] WriteFile (in: hFile=0x15c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0035.831] WriteFile (in: hFile=0x15c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0035.831] CloseHandle (hObject=0x15c) returned 1 [0035.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x60c608 [0035.836] wsprintfW (in: param_1=0x60c608, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Boot\\BCD.LOG2.lolkek") returned 27 [0035.836] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), lpNewFileName="\\\\?\\C:\\Boot\\BCD.LOG2.lolkek" (normalized: "c:\\boot\\bcd.log2.lolkek")) returned 1 [0035.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c608 | out: hHeap=0x5a0000) returned 1 [0035.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec0c8 | out: hHeap=0x5a0000) returned 1 [0035.847] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.866] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.866] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf", dwFileAttributes=0x80) returned 0 [0035.868] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.870] RmStartSession () returned 0x0 [0036.526] RmRegisterResources () returned 0x0 [0036.529] RmGetList () returned 0x0 [0037.351] RmEndSession () returned 0x0 [0037.373] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fa78 | out: hHeap=0x5a0000) returned 1 [0037.373] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.373] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.373] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.373] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.373] RmStartSession () returned 0x0 [0037.376] RmRegisterResources () returned 0x0 [0037.378] RmGetList () returned 0x0 [0038.026] RmEndSession () returned 0x0 [0038.054] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0038.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x630098 | out: hHeap=0x5a0000) returned 1 [0038.054] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.054] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.054] SetFileAttributesW (lpFileName="\\\\?\\C:\\hiberfil.sys", dwFileAttributes=0x80) returned 0 [0038.054] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0038.054] RmStartSession () returned 0x0 [0038.057] RmRegisterResources () returned 0x0 [0038.059] RmGetList () returned 0x20 [0038.083] RmEndSession () returned 0x0 [0038.105] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0038.105] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62e980 | out: hHeap=0x5a0000) returned 1 [0038.105] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.105] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.105] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", dwFileAttributes=0x80) returned 1 [0038.107] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0038.107] CloseHandle (hObject=0x290) returned 1 [0038.107] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0038.107] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x102fcbb [0038.107] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.107] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0038.114] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0038.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x62fe30 [0038.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cc5d98 [0038.114] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.114] ReadFile (in: hFile=0x290, lpBuffer=0x3cc5d98, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cc5d98*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0038.117] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.117] WriteFile (in: hFile=0x290, lpBuffer=0x3cc5d98*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cc5d98*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0038.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc5d98 | out: hHeap=0x5a0000) returned 1 [0038.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fe30 | out: hHeap=0x5a0000) returned 1 [0038.117] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.117] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0038.117] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.117] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.117] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0038.117] CloseHandle (hObject=0x290) returned 1 [0038.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.379] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.lolkek") returned 85 [0038.379] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.lolkek")) returned 1 [0038.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c2078 | out: hHeap=0x5a0000) returned 1 [0038.379] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.379] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.379] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi", dwFileAttributes=0x80) returned 1 [0038.380] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0038.380] CloseHandle (hObject=0x290) returned 1 [0038.380] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0038.380] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x263400 [0038.380] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.380] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0038.385] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0038.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.385] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.385] ReadFile (in: hFile=0x290, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0038.389] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.389] WriteFile (in: hFile=0x290, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0038.389] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.389] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.389] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.389] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0038.389] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.389] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.389] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0038.389] CloseHandle (hObject=0x290) returned 1 [0038.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.427] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.lolkek") returned 91 [0038.427] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.lolkek")) returned 1 [0038.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x633018 | out: hHeap=0x5a0000) returned 1 [0038.428] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.428] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.428] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0038.428] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0038.428] CloseHandle (hObject=0x290) returned 1 [0038.428] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0038.428] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x75e [0038.428] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.428] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0038.430] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0038.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x62fe30 [0038.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0038.430] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.430] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x75e, lpOverlapped=0x0) returned 1 [0038.431] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffff8a2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.431] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x75e, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x75e, lpOverlapped=0x0) returned 1 [0038.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0038.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fe30 | out: hHeap=0x5a0000) returned 1 [0038.431] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.431] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0038.431] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.431] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.431] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0038.431] CloseHandle (hObject=0x290) returned 1 [0038.432] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.432] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0038.432] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0038.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x633418 | out: hHeap=0x5a0000) returned 1 [0038.432] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.432] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.432] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi", dwFileAttributes=0x80) returned 1 [0038.474] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0038.474] CloseHandle (hObject=0x290) returned 1 [0038.475] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0038.475] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x265c00 [0038.475] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.475] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0038.517] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0038.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.518] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.518] ReadFile (in: hFile=0x290, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0038.565] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.565] WriteFile (in: hFile=0x290, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0038.565] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.565] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.565] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.565] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0038.565] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.565] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.565] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0038.565] CloseHandle (hObject=0x290) returned 1 [0038.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.641] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.lolkek") returned 90 [0038.641] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.lolkek")) returned 1 [0038.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cb28 | out: hHeap=0x5a0000) returned 1 [0038.642] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.642] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.642] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", dwFileAttributes=0x80) returned 1 [0038.643] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0038.643] CloseHandle (hObject=0x290) returned 1 [0038.643] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0038.643] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5aa [0038.643] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.643] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0038.696] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0038.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.696] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.696] ReadFile (in: hFile=0x290, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x2a4e35c*=0x5aa, lpOverlapped=0x0) returned 1 [0038.696] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffa56, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.696] WriteFile (in: hFile=0x290, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x5aa, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x2a4fda0*=0x5aa, lpOverlapped=0x0) returned 1 [0038.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.696] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.696] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0038.696] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.696] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.696] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0038.697] CloseHandle (hObject=0x290) returned 1 [0038.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.697] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.lolkek") returned 90 [0038.697] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.lolkek")) returned 1 [0038.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cc80 | out: hHeap=0x5a0000) returned 1 [0038.698] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.698] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.698] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", dwFileAttributes=0x80) returned 1 [0038.698] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0038.698] CloseHandle (hObject=0x290) returned 1 [0038.699] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0038.699] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x97f3f4 [0038.699] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.699] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0038.704] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0038.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.705] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.705] ReadFile (in: hFile=0x290, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0038.709] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.709] WriteFile (in: hFile=0x290, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0038.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.709] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.709] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0038.710] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.710] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0038.710] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0038.710] CloseHandle (hObject=0x290) returned 1 [0039.048] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.048] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.lolkek") returned 83 [0039.048] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.lolkek")) returned 1 [0039.049] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.049] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cdd8 | out: hHeap=0x5a0000) returned 1 [0039.049] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.049] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.049] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi", dwFileAttributes=0x80) returned 1 [0039.049] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0039.050] CloseHandle (hObject=0x290) returned 1 [0039.050] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.050] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2bba00 [0039.050] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.050] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0039.149] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0039.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0039.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0039.149] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.149] ReadFile (in: hFile=0x290, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0039.154] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.156] WriteFile (in: hFile=0x290, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0039.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0039.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0039.156] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.157] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0039.157] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.157] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.157] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0039.157] CloseHandle (hObject=0x290) returned 1 [0039.223] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0039.223] wsprintfW (in: param_1=0x67d400, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.lolkek") returned 88 [0039.223] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.lolkek")) returned 1 [0039.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0039.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d1a0 | out: hHeap=0x5a0000) returned 1 [0039.224] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.224] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.224] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi", dwFileAttributes=0x80) returned 1 [0039.224] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0039.224] CloseHandle (hObject=0x290) returned 1 [0039.225] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.225] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x267e00 [0039.225] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.225] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0039.236] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0039.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0039.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0039.236] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.236] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0039.279] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.279] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0039.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0039.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0039.280] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.280] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0039.280] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.280] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.280] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0039.280] CloseHandle (hObject=0x290) returned 1 [0039.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.440] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.lolkek") returned 85 [0039.440] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.lolkek")) returned 1 [0039.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.441] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634560 | out: hHeap=0x5a0000) returned 1 [0039.441] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.441] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.441] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", dwFileAttributes=0x80) returned 1 [0039.545] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.546] CloseHandle (hObject=0x24c) returned 1 [0039.547] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.548] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaf35ed [0039.548] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.548] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0039.551] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0039.551] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0039.551] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x635fb0 [0039.552] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.552] ReadFile (in: hFile=0x290, lpBuffer=0x635fb0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x635fb0*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0039.557] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.557] WriteFile (in: hFile=0x290, lpBuffer=0x635fb0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x635fb0*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0039.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0039.557] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.557] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0039.557] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.557] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.557] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0039.558] CloseHandle (hObject=0x290) returned 1 [0039.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0039.830] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.lolkek") returned 92 [0039.830] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.lolkek")) returned 1 [0039.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0039.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6357f8 | out: hHeap=0x5a0000) returned 1 [0039.856] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.856] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.856] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", dwFileAttributes=0x80) returned 1 [0039.856] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0039.857] CloseHandle (hObject=0x290) returned 1 [0039.857] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.857] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5b1 [0039.857] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.857] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0039.912] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0039.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0039.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0039.912] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.912] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x5b1, lpOverlapped=0x0) returned 1 [0039.912] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffa4f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.913] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x5b1, lpOverlapped=0x0) returned 1 [0039.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0039.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0039.913] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.913] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0039.913] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.913] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0039.913] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0039.913] CloseHandle (hObject=0x290) returned 1 [0039.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.914] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.lolkek") returned 92 [0039.914] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.lolkek")) returned 1 [0039.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c608 | out: hHeap=0x5a0000) returned 1 [0039.914] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.915] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.915] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi", dwFileAttributes=0x80) returned 1 [0039.962] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0039.962] CloseHandle (hObject=0x290) returned 1 [0039.962] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.962] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd8400 [0039.962] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.963] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.055] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.055] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.055] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.055] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.055] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.158] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.158] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.158] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.158] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.158] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.158] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.158] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.158] CloseHandle (hObject=0x290) returned 1 [0040.210] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.211] wsprintfW (in: param_1=0x67d400, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.lolkek") returned 92 [0040.211] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.lolkek")) returned 1 [0040.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c8c8 | out: hHeap=0x5a0000) returned 1 [0040.212] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.212] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.212] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", dwFileAttributes=0x80) returned 1 [0040.212] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.212] CloseHandle (hObject=0x290) returned 1 [0040.212] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.213] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5b2 [0040.213] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.213] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.261] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.262] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.262] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x5b2, lpOverlapped=0x0) returned 1 [0040.262] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffa4e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.262] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x5b2, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x5b2, lpOverlapped=0x0) returned 1 [0040.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.262] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.262] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.262] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.262] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.262] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.262] CloseHandle (hObject=0x290) returned 1 [0040.263] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.263] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.lolkek") returned 92 [0040.263] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.lolkek")) returned 1 [0040.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ca28 | out: hHeap=0x5a0000) returned 1 [0040.264] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.264] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.264] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", dwFileAttributes=0x80) returned 1 [0040.264] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.264] CloseHandle (hObject=0x290) returned 1 [0040.265] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.265] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x32b [0040.265] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.265] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.336] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0040.336] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.337] ReadFile (in: hFile=0x290, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x2a4e35c*=0x32b, lpOverlapped=0x0) returned 1 [0040.337] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffcd5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.337] WriteFile (in: hFile=0x290, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x32b, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x2a4fda0*=0x32b, lpOverlapped=0x0) returned 1 [0040.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.337] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.337] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.337] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.337] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.338] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.338] CloseHandle (hObject=0x290) returned 1 [0040.338] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.338] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.lolkek") returned 86 [0040.338] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.lolkek")) returned 1 [0040.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634938 | out: hHeap=0x5a0000) returned 1 [0040.339] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.339] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.339] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.339] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.340] CloseHandle (hObject=0x290) returned 1 [0040.340] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.340] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16fc [0040.340] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.340] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.363] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.363] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.363] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.363] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.363] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x16fc, lpOverlapped=0x0) returned 1 [0040.367] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffe904, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.367] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x16fc, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x16fc, lpOverlapped=0x0) returned 1 [0040.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.367] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.367] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.367] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.367] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.367] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.367] CloseHandle (hObject=0x290) returned 1 [0040.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.368] wsprintfW (in: param_1=0x67d400, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.368] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634a80 | out: hHeap=0x5a0000) returned 1 [0040.369] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.369] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.369] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", dwFileAttributes=0x80) returned 1 [0040.369] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.369] CloseHandle (hObject=0x290) returned 1 [0040.370] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.370] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2cb13b [0040.370] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.370] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.397] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.397] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.397] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.397] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.398] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.405] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.405] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.405] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.405] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.405] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.405] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.405] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.405] CloseHandle (hObject=0x290) returned 1 [0040.452] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.453] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.lolkek") returned 86 [0040.453] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.lolkek")) returned 1 [0040.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d058 | out: hHeap=0x5a0000) returned 1 [0040.453] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.453] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.454] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", dwFileAttributes=0x80) returned 1 [0040.454] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.454] CloseHandle (hObject=0x290) returned 1 [0040.454] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.454] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4cf [0040.454] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.454] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.501] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.501] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.501] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4cf, lpOverlapped=0x0) returned 1 [0040.501] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffb31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.501] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4cf, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4cf, lpOverlapped=0x0) returned 1 [0040.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.502] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.502] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.502] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.502] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.502] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.502] CloseHandle (hObject=0x290) returned 1 [0040.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.502] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.lolkek") returned 89 [0040.502] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.lolkek")) returned 1 [0040.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635248 | out: hHeap=0x5a0000) returned 1 [0040.503] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.503] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.503] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", dwFileAttributes=0x80) returned 1 [0040.528] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0040.529] CloseHandle (hObject=0x294) returned 1 [0040.529] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.532] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x30780dd [0040.532] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.532] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.537] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.537] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.537] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.537] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.537] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.546] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.546] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.546] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.546] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.546] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.546] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.546] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.546] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.546] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.546] CloseHandle (hObject=0x290) returned 1 [0040.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.547] wsprintfW (in: param_1=0x3be0f38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.lolkek") returned 85 [0040.547] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.lolkek")) returned 1 [0040.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635620 | out: hHeap=0x5a0000) returned 1 [0040.547] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.547] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.547] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi", dwFileAttributes=0x80) returned 1 [0040.547] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.548] CloseHandle (hObject=0x290) returned 1 [0040.548] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.548] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x263400 [0040.548] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.548] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.555] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.555] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.556] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.556] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.559] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.559] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.559] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.559] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.559] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.559] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.559] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.559] CloseHandle (hObject=0x290) returned 1 [0040.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.560] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.lolkek") returned 88 [0040.560] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.lolkek")) returned 1 [0040.565] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.565] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ce18 | out: hHeap=0x5a0000) returned 1 [0040.565] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.565] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.565] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi", dwFileAttributes=0x80) returned 1 [0040.566] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.566] CloseHandle (hObject=0x290) returned 1 [0040.566] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.566] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x265400 [0040.566] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.566] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.567] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.567] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.567] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.567] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.568] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.569] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.569] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.569] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.569] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.569] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.569] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.569] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.569] CloseHandle (hObject=0x290) returned 1 [0040.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.569] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.lolkek") returned 88 [0040.569] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.lolkek")) returned 1 [0040.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d340 | out: hHeap=0x5a0000) returned 1 [0040.570] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.570] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.570] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", dwFileAttributes=0x80) returned 1 [0040.574] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0040.574] CloseHandle (hObject=0x294) returned 1 [0040.574] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.575] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ac [0040.575] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.575] ReadFile (in: hFile=0x294, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.577] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.577] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.577] ReadFile (in: hFile=0x294, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x5ac, lpOverlapped=0x0) returned 1 [0040.577] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffa54, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.577] WriteFile (in: hFile=0x294, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x5ac, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x5ac, lpOverlapped=0x0) returned 1 [0040.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.577] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.577] WriteFile (in: hFile=0x294, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.577] WriteFile (in: hFile=0x294, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.578] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.578] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.578] CloseHandle (hObject=0x294) returned 1 [0040.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.578] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.lolkek") returned 88 [0040.578] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.lolkek")) returned 1 [0040.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d490 | out: hHeap=0x5a0000) returned 1 [0040.578] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.578] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.578] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", dwFileAttributes=0x80) returned 1 [0040.582] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x250 [0040.582] CloseHandle (hObject=0x250) returned 1 [0040.582] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0040.582] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7e1dcd [0040.582] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.582] ReadFile (in: hFile=0x250, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.588] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.588] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.588] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.588] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.588] ReadFile (in: hFile=0x250, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.600] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.600] WriteFile (in: hFile=0x250, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.600] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.600] WriteFile (in: hFile=0x250, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.600] WriteFile (in: hFile=0x250, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.600] WriteFile (in: hFile=0x250, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.600] WriteFile (in: hFile=0x250, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.600] CloseHandle (hObject=0x250) returned 1 [0040.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.600] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.lolkek") returned 84 [0040.600] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.lolkek")) returned 1 [0040.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d5e0 | out: hHeap=0x5a0000) returned 1 [0040.601] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.601] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.601] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", dwFileAttributes=0x80) returned 1 [0040.629] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0040.630] CloseHandle (hObject=0x160) returned 1 [0040.631] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.632] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x391 [0040.632] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.632] ReadFile (in: hFile=0x160, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.637] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x658b20 [0040.637] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.637] ReadFile (in: hFile=0x160, lpBuffer=0x658b20, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x658b20*, lpNumberOfBytesRead=0x2a4e35c*=0x391, lpOverlapped=0x0) returned 1 [0040.638] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffc6f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.638] WriteFile (in: hFile=0x160, lpBuffer=0x658b20*, nNumberOfBytesToWrite=0x391, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x658b20*, lpNumberOfBytesWritten=0x2a4fda0*=0x391, lpOverlapped=0x0) returned 1 [0040.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.638] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.638] WriteFile (in: hFile=0x160, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.638] WriteFile (in: hFile=0x160, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.638] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.638] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.638] CloseHandle (hObject=0x160) returned 1 [0040.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.638] wsprintfW (in: param_1=0x658b20, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.lolkek") returned 87 [0040.638] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.lolkek")) returned 1 [0040.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60daf8 | out: hHeap=0x5a0000) returned 1 [0040.640] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.641] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.641] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.641] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0040.641] CloseHandle (hObject=0x160) returned 1 [0040.641] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.641] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ac [0040.641] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.641] ReadFile (in: hFile=0x160, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.647] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0040.648] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.648] ReadFile (in: hFile=0x160, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x2a4e35c*=0x5ac, lpOverlapped=0x0) returned 1 [0040.648] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffa54, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.648] WriteFile (in: hFile=0x160, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x5ac, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x2a4fda0*=0x5ac, lpOverlapped=0x0) returned 1 [0040.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.648] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.648] WriteFile (in: hFile=0x160, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.648] WriteFile (in: hFile=0x160, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.648] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.648] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.648] CloseHandle (hObject=0x160) returned 1 [0040.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.649] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.649] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60dc48 | out: hHeap=0x5a0000) returned 1 [0040.649] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.649] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.649] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", dwFileAttributes=0x80) returned 1 [0040.663] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.664] CloseHandle (hObject=0x24c) returned 1 [0040.664] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.664] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x91975 [0040.664] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.665] ReadFile (in: hFile=0x24c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.667] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.668] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.668] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.671] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.671] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.671] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.671] WriteFile (in: hFile=0x24c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.671] WriteFile (in: hFile=0x24c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.672] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.672] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.672] CloseHandle (hObject=0x24c) returned 1 [0040.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.672] wsprintfW (in: param_1=0x658b20, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.lolkek") returned 86 [0040.672] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.lolkek")) returned 1 [0040.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6341b8 | out: hHeap=0x5a0000) returned 1 [0040.673] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.673] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.673] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe", dwFileAttributes=0x80) returned 1 [0040.673] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.673] CloseHandle (hObject=0x24c) returned 1 [0040.673] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.673] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7eda0 [0040.673] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.673] ReadFile (in: hFile=0x24c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.678] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.678] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.678] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.680] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.680] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.680] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.680] WriteFile (in: hFile=0x24c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.680] WriteFile (in: hFile=0x24c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.680] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.680] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.680] CloseHandle (hObject=0x24c) returned 1 [0040.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.681] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.lolkek") returned 86 [0040.681] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe.lolkek")) returned 1 [0040.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eef0 | out: hHeap=0x5a0000) returned 1 [0040.704] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.705] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.705] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", dwFileAttributes=0x80) returned 1 [0040.714] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0040.715] CloseHandle (hObject=0x270) returned 1 [0040.715] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.718] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd79282 [0040.718] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.718] ReadFile (in: hFile=0x270, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.725] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.725] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.726] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.726] ReadFile (in: hFile=0x270, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.728] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.729] WriteFile (in: hFile=0x270, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.729] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.729] WriteFile (in: hFile=0x270, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.729] WriteFile (in: hFile=0x270, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.729] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.729] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.729] CloseHandle (hObject=0x270) returned 1 [0040.729] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.729] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.lolkek") returned 86 [0040.729] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.lolkek")) returned 1 [0040.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f180 | out: hHeap=0x5a0000) returned 1 [0040.730] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.730] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.730] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi", dwFileAttributes=0x80) returned 1 [0040.730] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0040.730] CloseHandle (hObject=0x270) returned 1 [0040.730] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.731] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4200 [0040.731] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.731] ReadFile (in: hFile=0x270, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.740] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.740] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.740] ReadFile (in: hFile=0x270, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.745] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.745] WriteFile (in: hFile=0x270, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.745] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.745] WriteFile (in: hFile=0x270, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.746] WriteFile (in: hFile=0x270, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.746] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.746] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.746] CloseHandle (hObject=0x270) returned 1 [0040.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.746] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.lolkek") returned 90 [0040.746] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi.lolkek")) returned 1 [0040.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611300 | out: hHeap=0x5a0000) returned 1 [0040.746] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.747] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.747] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm", dwFileAttributes=0x80) returned 1 [0040.747] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0040.747] CloseHandle (hObject=0x270) returned 1 [0040.747] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.747] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10676 [0040.747] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.747] ReadFile (in: hFile=0x270, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.757] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.758] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.758] ReadFile (in: hFile=0x270, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.764] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.764] WriteFile (in: hFile=0x270, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.764] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.764] WriteFile (in: hFile=0x270, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.764] WriteFile (in: hFile=0x270, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.764] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.764] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.764] CloseHandle (hObject=0x270) returned 1 [0040.765] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.765] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.lolkek") returned 83 [0040.765] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.lolkek")) returned 1 [0040.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f558 | out: hHeap=0x5a0000) returned 1 [0040.765] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.765] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.765] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi", dwFileAttributes=0x80) returned 1 [0040.812] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.823] CloseHandle (hObject=0x290) returned 1 [0040.823] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.824] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x266a00 [0040.824] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.824] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.827] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.828] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.828] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.835] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.835] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.836] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.836] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.836] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.836] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.836] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.836] CloseHandle (hObject=0x290) returned 1 [0040.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e27ee0 [0040.836] wsprintfW (in: param_1=0x3e27ee0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.lolkek") returned 100 [0040.836] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.lolkek")) returned 1 [0040.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e27ee0 | out: hHeap=0x5a0000) returned 1 [0040.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eb70 | out: hHeap=0x5a0000) returned 1 [0040.837] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.837] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.837] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi", dwFileAttributes=0x80) returned 1 [0040.837] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.837] CloseHandle (hObject=0x290) returned 1 [0040.837] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.837] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4200 [0040.837] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.837] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.845] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0040.845] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.845] ReadFile (in: hFile=0x290, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.853] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.853] WriteFile (in: hFile=0x290, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.853] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.853] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.853] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.853] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.853] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.853] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.853] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.853] CloseHandle (hObject=0x290) returned 1 [0040.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.853] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.lolkek") returned 90 [0040.854] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi.lolkek")) returned 1 [0040.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6125b8 | out: hHeap=0x5a0000) returned 1 [0040.854] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.854] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml", dwFileAttributes=0x80) returned 1 [0040.864] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.865] CloseHandle (hObject=0x290) returned 1 [0040.865] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.866] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10b2 [0040.866] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.866] ReadFile (in: hFile=0x2a8, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.869] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0040.869] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.870] ReadFile (in: hFile=0x2a8, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x2a4e35c*=0x10b2, lpOverlapped=0x0) returned 1 [0040.873] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffef4e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.873] WriteFile (in: hFile=0x2a8, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x10b2, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x2a4fda0*=0x10b2, lpOverlapped=0x0) returned 1 [0040.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.873] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.873] WriteFile (in: hFile=0x2a8, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.873] WriteFile (in: hFile=0x2a8, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.873] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.873] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.873] CloseHandle (hObject=0x2a8) returned 1 [0040.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e2bee8 [0040.873] wsprintfW (in: param_1=0x3e2bee8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.lolkek") returned 88 [0040.873] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.lolkek")) returned 1 [0040.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e2bee8 | out: hHeap=0x5a0000) returned 1 [0040.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6129b8 | out: hHeap=0x5a0000) returned 1 [0040.877] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.877] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.877] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", dwFileAttributes=0x80) returned 1 [0040.881] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0040.883] CloseHandle (hObject=0x2a8) returned 1 [0040.883] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.885] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x228df5c [0040.885] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.885] ReadFile (in: hFile=0x2a8, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.887] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.888] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.888] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.891] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.892] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.892] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.892] WriteFile (in: hFile=0x2a8, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.892] WriteFile (in: hFile=0x2a8, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.892] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.892] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.892] CloseHandle (hObject=0x2a8) returned 1 [0040.892] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.892] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.lolkek") returned 86 [0040.893] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.lolkek")) returned 1 [0040.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60fbc0 | out: hHeap=0x5a0000) returned 1 [0040.893] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.893] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.893] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi", dwFileAttributes=0x80) returned 1 [0040.901] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0040.902] CloseHandle (hObject=0x270) returned 1 [0040.902] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.904] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a41c00 [0040.904] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.904] ReadFile (in: hFile=0x270, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.906] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.906] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.906] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.906] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.906] ReadFile (in: hFile=0x270, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.907] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.907] WriteFile (in: hFile=0x270, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.907] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.907] WriteFile (in: hFile=0x270, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.907] WriteFile (in: hFile=0x270, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.907] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.907] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.907] CloseHandle (hObject=0x270) returned 1 [0040.908] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.908] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.lolkek") returned 88 [0040.908] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.lolkek")) returned 1 [0040.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612db8 | out: hHeap=0x5a0000) returned 1 [0040.911] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.911] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.911] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab", dwFileAttributes=0x80) returned 1 [0040.926] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.927] CloseHandle (hObject=0x290) returned 1 [0040.927] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.929] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd49ee31 [0040.929] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.929] ReadFile (in: hFile=0x160, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.935] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.935] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.935] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.937] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.938] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.938] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.938] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.938] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.938] WriteFile (in: hFile=0x160, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.938] WriteFile (in: hFile=0x160, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.938] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.938] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.938] CloseHandle (hObject=0x160) returned 1 [0040.938] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.938] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.lolkek") returned 86 [0040.938] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.lolkek")) returned 1 [0040.939] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.939] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ff98 | out: hHeap=0x5a0000) returned 1 [0040.939] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.939] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.939] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi", dwFileAttributes=0x80) returned 1 [0040.951] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.952] CloseHandle (hObject=0x290) returned 1 [0040.952] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.954] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1e6600 [0040.954] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.954] ReadFile (in: hFile=0x2a8, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.956] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.957] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.957] ReadFile (in: hFile=0x2a8, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.962] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.962] WriteFile (in: hFile=0x2a8, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.962] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.962] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.962] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.962] WriteFile (in: hFile=0x2a8, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.962] WriteFile (in: hFile=0x2a8, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.962] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.962] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.962] CloseHandle (hObject=0x2a8) returned 1 [0040.963] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.963] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.lolkek") returned 88 [0040.963] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.lolkek")) returned 1 [0040.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60e948 | out: hHeap=0x5a0000) returned 1 [0040.963] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.963] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.963] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", dwFileAttributes=0x80) returned 1 [0040.971] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0040.973] CloseHandle (hObject=0x160) returned 1 [0040.973] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.975] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x228df5c [0040.975] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.975] ReadFile (in: hFile=0x160, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.976] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.977] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.977] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.978] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.978] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.978] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.978] WriteFile (in: hFile=0x160, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.978] WriteFile (in: hFile=0x160, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.978] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.979] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.979] CloseHandle (hObject=0x160) returned 1 [0040.979] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.979] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.lolkek") returned 86 [0040.979] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.lolkek")) returned 1 [0040.982] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.982] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6104b8 | out: hHeap=0x5a0000) returned 1 [0040.982] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.982] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.982] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi", dwFileAttributes=0x80) returned 1 [0040.989] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0040.989] CloseHandle (hObject=0x270) returned 1 [0040.990] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.990] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa4c400 [0040.990] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.990] ReadFile (in: hFile=0x270, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0040.995] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0040.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.995] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.995] ReadFile (in: hFile=0x270, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0040.998] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.998] WriteFile (in: hFile=0x270, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0040.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.999] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.999] WriteFile (in: hFile=0x270, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0040.999] WriteFile (in: hFile=0x270, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.999] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0040.999] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0040.999] CloseHandle (hObject=0x270) returned 1 [0041.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.001] wsprintfW (in: param_1=0x3c03e90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.lolkek") returned 87 [0041.002] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.lolkek")) returned 1 [0041.006] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.006] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613458 | out: hHeap=0x5a0000) returned 1 [0041.006] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.006] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.006] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x80) returned 1 [0041.009] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.012] CloseHandle (hObject=0x2a8) returned 1 [0041.012] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.015] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x150578 [0041.015] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.015] ReadFile (in: hFile=0x160, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.016] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.016] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.016] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.017] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.017] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.022] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.022] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.022] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.022] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.022] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.022] WriteFile (in: hFile=0x160, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.022] WriteFile (in: hFile=0x160, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.022] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.022] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.023] CloseHandle (hObject=0x160) returned 1 [0041.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0041.023] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.lolkek") returned 83 [0041.023] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe.lolkek")) returned 1 [0041.023] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0041.023] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610890 | out: hHeap=0x5a0000) returned 1 [0041.023] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.023] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.023] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi", dwFileAttributes=0x80) returned 1 [0041.024] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0041.024] CloseHandle (hObject=0x160) returned 1 [0041.024] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.024] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1e6600 [0041.025] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.025] ReadFile (in: hFile=0x160, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.028] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.028] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.028] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e77ff0 [0041.028] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.028] ReadFile (in: hFile=0x160, lpBuffer=0x3e77ff0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e77ff0*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.038] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.038] WriteFile (in: hFile=0x160, lpBuffer=0x3e77ff0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e77ff0*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e77ff0 | out: hHeap=0x5a0000) returned 1 [0041.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.039] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.039] WriteFile (in: hFile=0x160, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.039] WriteFile (in: hFile=0x160, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.039] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.039] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.040] CloseHandle (hObject=0x160) returned 1 [0041.040] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.040] wsprintfW (in: param_1=0x3c03e90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.lolkek") returned 88 [0041.041] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.lolkek")) returned 1 [0041.057] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.057] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613ba0 | out: hHeap=0x5a0000) returned 1 [0041.057] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.057] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.057] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll", dwFileAttributes=0x80) returned 1 [0041.066] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0041.069] CloseHandle (hObject=0x210) returned 1 [0041.069] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.072] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x709768 [0041.072] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.072] ReadFile (in: hFile=0x210, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.076] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.077] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.077] ReadFile (in: hFile=0x210, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.082] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.082] WriteFile (in: hFile=0x210, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.083] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.083] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.084] WriteFile (in: hFile=0x210, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.084] WriteFile (in: hFile=0x210, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.084] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.084] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.084] CloseHandle (hObject=0x210) returned 1 [0041.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.085] wsprintfW (in: param_1=0x3c13e98, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.lolkek") returned 84 [0041.085] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.lolkek")) returned 1 [0041.085] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.085] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610b20 | out: hHeap=0x5a0000) returned 1 [0041.085] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.085] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.085] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", dwFileAttributes=0x80) returned 1 [0041.086] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0041.086] CloseHandle (hObject=0x210) returned 1 [0041.086] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.086] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaec3a [0041.086] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.086] ReadFile (in: hFile=0x210, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.095] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.095] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.095] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.096] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.096] ReadFile (in: hFile=0x210, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.100] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.100] WriteFile (in: hFile=0x210, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.100] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.100] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.100] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.100] WriteFile (in: hFile=0x210, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.100] WriteFile (in: hFile=0x210, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.100] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.100] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.100] CloseHandle (hObject=0x210) returned 1 [0041.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c23ea0 [0041.102] wsprintfW (in: param_1=0x3c23ea0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.lolkek") returned 98 [0041.102] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.lolkek")) returned 1 [0041.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c23ea0 | out: hHeap=0x5a0000) returned 1 [0041.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617b68 | out: hHeap=0x5a0000) returned 1 [0041.107] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.107] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.107] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab", dwFileAttributes=0x80) returned 1 [0041.114] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0041.119] CloseHandle (hObject=0x160) returned 1 [0041.119] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0041.120] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb9fa2f7 [0041.120] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.120] ReadFile (in: hFile=0x208, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.126] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.126] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.126] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e73fe8 [0041.127] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.127] ReadFile (in: hFile=0x208, lpBuffer=0x3e73fe8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e73fe8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.136] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.136] WriteFile (in: hFile=0x208, lpBuffer=0x3e73fe8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e73fe8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.137] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.137] WriteFile (in: hFile=0x208, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.137] WriteFile (in: hFile=0x208, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.137] WriteFile (in: hFile=0x208, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.137] WriteFile (in: hFile=0x208, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.137] CloseHandle (hObject=0x208) returned 1 [0041.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.138] wsprintfW (in: param_1=0x3c13e98, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.lolkek") returned 86 [0041.138] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.lolkek")) returned 1 [0041.139] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.139] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615f58 | out: hHeap=0x5a0000) returned 1 [0041.139] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.139] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.139] SetFileAttributesW (lpFileName="\\\\?\\C:\\pagefile.sys", dwFileAttributes=0x80) returned 0 [0041.139] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.139] RmStartSession () returned 0x0 [0041.143] RmRegisterResources () returned 0x0 [0041.145] RmGetList () returned 0x20 [0041.163] RmEndSession () returned 0x0 [0041.199] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.199] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c21c0 | out: hHeap=0x5a0000) returned 1 [0041.199] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.200] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.200] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp", dwFileAttributes=0x80) returned 1 [0041.200] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x208 [0041.200] CloseHandle (hObject=0x208) returned 1 [0041.200] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0041.200] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10e3000 [0041.200] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.200] ReadFile (in: hFile=0x208, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.219] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0041.219] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.219] ReadFile (in: hFile=0x208, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.229] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.229] WriteFile (in: hFile=0x208, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0041.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.230] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.230] WriteFile (in: hFile=0x208, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.230] WriteFile (in: hFile=0x208, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.230] WriteFile (in: hFile=0x208, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.230] WriteFile (in: hFile=0x208, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.230] CloseHandle (hObject=0x208) returned 1 [0041.230] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.230] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.lolkek") returned 73 [0041.230] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp"), lpNewFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.lolkek" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10110_mui.msp.lolkek")) returned 1 [0041.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618df8 | out: hHeap=0x5a0000) returned 1 [0041.231] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.231] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.231] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W", dwFileAttributes=0x80) returned 1 [0041.243] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.244] CloseHandle (hObject=0x2a8) returned 1 [0041.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.246] GetFileSize (in: hFile=0x1dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x365fc [0041.246] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.247] ReadFile (in: hFile=0x1dc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.249] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e37ee8 [0041.249] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.249] ReadFile (in: hFile=0x1dc, lpBuffer=0x3e37ee8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.255] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.256] WriteFile (in: hFile=0x1dc, lpBuffer=0x3e37ee8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.256] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e37ee8 | out: hHeap=0x5a0000) returned 1 [0041.256] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.256] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.256] WriteFile (in: hFile=0x1dc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.256] WriteFile (in: hFile=0x1dc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.256] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.256] WriteFile (in: hFile=0x1dc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.256] CloseHandle (hObject=0x1dc) returned 1 [0041.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.256] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.lolkek") returned 85 [0041.256] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.lolkek" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_assetid.h1w.lolkek")) returned 1 [0041.258] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.258] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6165c0 | out: hHeap=0x5a0000) returned 1 [0041.258] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.258] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.258] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck", dwFileAttributes=0x80) returned 1 [0041.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1dc [0041.259] CloseHandle (hObject=0x1dc) returned 1 [0041.259] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.259] GetFileSize (in: hFile=0x1dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4 [0041.259] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.259] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.259] ReadFile (in: hFile=0x1dc, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x2a4e35c*=0x4, lpOverlapped=0x0) returned 1 [0041.260] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.260] WriteFile (in: hFile=0x1dc, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x2a4fda0*=0x4, lpOverlapped=0x0) returned 1 [0041.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.260] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.260] WriteFile (in: hFile=0x1dc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.260] WriteFile (in: hFile=0x1dc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.260] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.260] WriteFile (in: hFile=0x1dc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.260] CloseHandle (hObject=0x1dc) returned 1 [0041.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.260] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.lolkek") returned 83 [0041.260] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.lolkek" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.lck.lolkek")) returned 1 [0041.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616998 | out: hHeap=0x5a0000) returned 1 [0041.261] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.261] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.261] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", dwFileAttributes=0x80) returned 1 [0041.261] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1dc [0041.261] CloseHandle (hObject=0x1dc) returned 1 [0041.261] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.262] GetFileSize (in: hFile=0x1dc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5310 [0041.262] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.262] ReadFile (in: hFile=0x1dc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0041.271] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0041.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e37ee8 [0041.271] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.271] ReadFile (in: hFile=0x1dc, lpBuffer=0x3e37ee8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0041.308] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.308] WriteFile (in: hFile=0x1dc, lpBuffer=0x3e37ee8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0041.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e37ee8 | out: hHeap=0x5a0000) returned 1 [0041.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.308] SetFilePointerEx (in: hFile=0x1dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.308] WriteFile (in: hFile=0x1dc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0041.308] WriteFile (in: hFile=0x1dc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.308] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0041.309] WriteFile (in: hFile=0x1dc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0041.309] CloseHandle (hObject=0x1dc) returned 1 [0041.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.309] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.lolkek") returned 110 [0041.309] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.lolkek" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help{9daa54e8-cd95-4107-8e7f-ba3f24732d95}.h1q.lolkek")) returned 1 [0041.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c178 | out: hHeap=0x5a0000) returned 1 [0041.310] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.310] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.310] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", dwFileAttributes=0x80) returned 0 [0041.323] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.324] RmStartSession () returned 0x0 [0041.326] RmRegisterResources () returned 0x0 [0041.329] RmGetList () returned 0x0 [0042.260] RmEndSession () returned 0x0 [0042.448] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddeef8 | out: hHeap=0x5a0000) returned 1 [0042.448] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.448] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.448] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", dwFileAttributes=0x80) returned 0 [0042.448] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.448] RmStartSession () returned 0x0 [0042.451] RmRegisterResources () returned 0x0 [0042.456] RmGetList () returned 0x0 [0043.125] RmEndSession () returned 0x0 [0043.146] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d7d8 | out: hHeap=0x5a0000) returned 1 [0043.146] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.146] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.146] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", dwFileAttributes=0x80) returned 0 [0043.146] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.147] RmStartSession () returned 0x0 [0043.149] RmRegisterResources () returned 0x0 [0043.152] RmGetList () returned 0x0 [0044.325] RmEndSession () returned 0x0 [0044.347] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6777d0 | out: hHeap=0x5a0000) returned 1 [0044.347] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.347] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.347] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", dwFileAttributes=0x80) returned 0 [0044.347] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.347] RmStartSession () returned 0x0 [0044.350] RmRegisterResources () returned 0x0 [0044.352] RmGetList () returned 0x0 [0045.029] RmEndSession () returned 0x0 [0045.051] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676be8 | out: hHeap=0x5a0000) returned 1 [0045.051] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.051] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.051] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", dwFileAttributes=0x80) returned 0 [0045.051] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.051] RmStartSession () returned 0x0 [0045.054] RmRegisterResources () returned 0x0 [0045.057] RmGetList () returned 0x0 [0045.688] RmEndSession () returned 0x0 [0045.710] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614d18 | out: hHeap=0x5a0000) returned 1 [0045.710] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.710] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.710] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", dwFileAttributes=0x80) returned 0 [0045.710] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.710] RmStartSession () returned 0x0 [0045.713] RmRegisterResources () returned 0x0 [0045.715] RmGetList () returned 0x0 [0046.708] RmEndSession () returned 0x0 [0046.729] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cada70 | out: hHeap=0x5a0000) returned 1 [0046.729] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.729] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.729] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi", dwFileAttributes=0x80) returned 1 [0046.730] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.730] CloseHandle (hObject=0x210) returned 1 [0046.730] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.730] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x24000 [0046.730] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.730] ReadFile (in: hFile=0x210, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.735] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.736] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.736] ReadFile (in: hFile=0x210, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.742] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.742] WriteFile (in: hFile=0x210, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.742] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.742] WriteFile (in: hFile=0x210, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.742] WriteFile (in: hFile=0x210, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.742] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.742] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.742] CloseHandle (hObject=0x210) returned 1 [0046.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.742] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek") returned 146 [0046.742] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.lolkek")) returned 1 [0046.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf1138 | out: hHeap=0x5a0000) returned 1 [0046.743] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.743] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.743] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi", dwFileAttributes=0x80) returned 1 [0046.743] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.743] CloseHandle (hObject=0x210) returned 1 [0046.743] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.743] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23000 [0046.743] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.744] ReadFile (in: hFile=0x210, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.747] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.747] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.747] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.750] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.750] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.750] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.750] WriteFile (in: hFile=0x210, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.750] WriteFile (in: hFile=0x210, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.751] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.751] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.751] CloseHandle (hObject=0x210) returned 1 [0046.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee9cb8 [0046.752] wsprintfW (in: param_1=0x3ee9cb8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.lolkek") returned 152 [0046.752] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.lolkek")) returned 1 [0046.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee9cb8 | out: hHeap=0x5a0000) returned 1 [0046.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6359c8 | out: hHeap=0x5a0000) returned 1 [0046.754] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.755] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.755] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi", dwFileAttributes=0x80) returned 1 [0046.755] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.755] CloseHandle (hObject=0x210) returned 1 [0046.755] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.755] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x24000 [0046.755] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.755] ReadFile (in: hFile=0x210, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.762] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.762] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.762] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.765] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.765] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.765] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.765] WriteFile (in: hFile=0x210, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.766] WriteFile (in: hFile=0x210, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.766] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.766] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.766] CloseHandle (hObject=0x210) returned 1 [0046.767] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee9cb8 [0046.767] wsprintfW (in: param_1=0x3ee9cb8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek") returned 148 [0046.767] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.lolkek")) returned 1 [0046.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee9cb8 | out: hHeap=0x5a0000) returned 1 [0046.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cc80 | out: hHeap=0x5a0000) returned 1 [0046.769] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.769] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.769] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi", dwFileAttributes=0x80) returned 1 [0046.778] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.779] CloseHandle (hObject=0x210) returned 1 [0046.779] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.779] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23000 [0046.779] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.779] ReadFile (in: hFile=0x210, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.781] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.781] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.781] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.781] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.781] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.782] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.783] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.783] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.783] WriteFile (in: hFile=0x210, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.783] WriteFile (in: hFile=0x210, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.783] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.783] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.783] CloseHandle (hObject=0x210) returned 1 [0046.786] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee9cb8 [0046.786] wsprintfW (in: param_1=0x3ee9cb8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek") returned 153 [0046.786] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.lolkek")) returned 1 [0046.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee9cb8 | out: hHeap=0x5a0000) returned 1 [0046.789] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c8c8 | out: hHeap=0x5a0000) returned 1 [0046.789] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.789] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.789] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi", dwFileAttributes=0x80) returned 1 [0046.789] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.789] CloseHandle (hObject=0x210) returned 1 [0046.789] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.789] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23000 [0046.789] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.789] ReadFile (in: hFile=0x210, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.797] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.797] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.797] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.800] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.800] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.800] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.800] WriteFile (in: hFile=0x210, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.800] WriteFile (in: hFile=0x210, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.800] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.801] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.801] CloseHandle (hObject=0x210) returned 1 [0046.801] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee9cb8 [0046.802] wsprintfW (in: param_1=0x3ee9cb8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek") returned 147 [0046.802] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.lolkek")) returned 1 [0046.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee9cb8 | out: hHeap=0x5a0000) returned 1 [0046.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf2080 | out: hHeap=0x5a0000) returned 1 [0046.804] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.804] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.804] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi", dwFileAttributes=0x80) returned 1 [0046.809] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0046.809] CloseHandle (hObject=0x1b4) returned 1 [0046.809] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.810] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x25000 [0046.810] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.810] ReadFile (in: hFile=0x1b4, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.813] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.813] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.813] ReadFile (in: hFile=0x1b4, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.816] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.816] WriteFile (in: hFile=0x1b4, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.816] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.816] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.816] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.816] WriteFile (in: hFile=0x1b4, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.817] WriteFile (in: hFile=0x1b4, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.817] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.817] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.817] CloseHandle (hObject=0x1b4) returned 1 [0046.817] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.817] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.lolkek") returned 151 [0046.817] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.lolkek")) returned 1 [0046.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x633270 | out: hHeap=0x5a0000) returned 1 [0046.817] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.817] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.817] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi", dwFileAttributes=0x80) returned 1 [0046.818] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0046.818] CloseHandle (hObject=0x1b4) returned 1 [0046.818] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.818] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x25000 [0046.818] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.818] ReadFile (in: hFile=0x1b4, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.820] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.820] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.821] ReadFile (in: hFile=0x1b4, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.829] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.829] WriteFile (in: hFile=0x1b4, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.829] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.830] CloseHandle (hObject=0x1b4) returned 1 [0046.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.834] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek") returned 145 [0046.834] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.lolkek")) returned 1 [0046.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6334c0 | out: hHeap=0x5a0000) returned 1 [0046.836] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.836] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.836] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 1 [0046.840] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0046.840] CloseHandle (hObject=0x1ec) returned 1 [0046.840] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0046.840] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f398 [0046.840] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.840] ReadFile (in: hFile=0x1ec, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.843] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.843] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.843] ReadFile (in: hFile=0x1ec, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.846] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.847] WriteFile (in: hFile=0x1ec, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.847] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.847] WriteFile (in: hFile=0x1ec, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.847] WriteFile (in: hFile=0x1ec, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.847] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.847] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.847] CloseHandle (hObject=0x1ec) returned 1 [0046.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.847] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.lolkek") returned 95 [0046.847] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.lolkek" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe.lolkek")) returned 1 [0046.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb000 | out: hHeap=0x5a0000) returned 1 [0046.848] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.848] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.848] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi", dwFileAttributes=0x80) returned 1 [0046.850] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0046.850] CloseHandle (hObject=0x1ec) returned 1 [0046.851] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0046.851] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x25000 [0046.851] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.851] ReadFile (in: hFile=0x1ec, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.853] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.853] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.853] ReadFile (in: hFile=0x1ec, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.855] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.855] WriteFile (in: hFile=0x1ec, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.855] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.856] WriteFile (in: hFile=0x1ec, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.856] WriteFile (in: hFile=0x1ec, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.856] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.856] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.856] CloseHandle (hObject=0x1ec) returned 1 [0046.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.856] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek") returned 147 [0046.856] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\vc_runtimeminimum_x64.msi.lolkek")) returned 1 [0046.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb368 | out: hHeap=0x5a0000) returned 1 [0046.857] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi", dwFileAttributes=0x80) returned 1 [0046.868] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.868] CloseHandle (hObject=0x1bc) returned 1 [0046.868] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.869] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23000 [0046.869] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.869] ReadFile (in: hFile=0x1bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.871] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.871] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.871] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.872] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.872] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.873] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.873] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.873] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.873] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.873] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.873] CloseHandle (hObject=0x1bc) returned 1 [0046.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.874] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek") returned 154 [0046.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.lolkek")) returned 1 [0046.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d228 | out: hHeap=0x5a0000) returned 1 [0046.874] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.874] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.874] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm", dwFileAttributes=0x80) returned 1 [0046.875] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.875] CloseHandle (hObject=0x1bc) returned 1 [0046.875] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.875] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fe [0046.875] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.875] ReadFile (in: hFile=0x1bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.880] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.880] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.880] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.880] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.880] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x2fe, lpOverlapped=0x0) returned 1 [0046.880] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffd02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.880] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x2fe, lpOverlapped=0x0) returned 1 [0046.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.880] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.880] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.881] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.881] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.881] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.881] CloseHandle (hObject=0x1bc) returned 1 [0046.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee9cb8 [0046.881] wsprintfW (in: param_1=0x3ee9cb8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.lolkek") returned 88 [0046.881] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.lolkek" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm.lolkek")) returned 1 [0046.887] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee9cb8 | out: hHeap=0x5a0000) returned 1 [0046.887] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caea90 | out: hHeap=0x5a0000) returned 1 [0046.887] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.887] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.887] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm", dwFileAttributes=0x80) returned 1 [0046.887] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.887] CloseHandle (hObject=0x1bc) returned 1 [0046.887] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.888] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29a [0046.888] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.888] ReadFile (in: hFile=0x1bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.888] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.889] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.889] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x29a, lpOverlapped=0x0) returned 1 [0046.889] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffd66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.889] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x29a, lpOverlapped=0x0) returned 1 [0046.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.889] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.889] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.889] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.889] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.889] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.890] CloseHandle (hObject=0x1bc) returned 1 [0046.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.890] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.lolkek") returned 88 [0046.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.lolkek" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm.lolkek")) returned 1 [0046.896] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.896] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caebe8 | out: hHeap=0x5a0000) returned 1 [0046.896] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.896] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.896] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 1 [0046.902] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.903] CloseHandle (hObject=0x2bc) returned 1 [0046.903] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.903] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x71080 [0046.903] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.903] ReadFile (in: hFile=0x2bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.907] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.907] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.907] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.907] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.907] ReadFile (in: hFile=0x2bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.911] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.911] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.911] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.911] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.911] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.912] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.912] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.912] CloseHandle (hObject=0x2bc) returned 1 [0046.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee9cb8 [0046.912] wsprintfW (in: param_1=0x3ee9cb8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.lolkek") returned 95 [0046.912] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.lolkek" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe.lolkek")) returned 1 [0046.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee9cb8 | out: hHeap=0x5a0000) returned 1 [0046.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cc90 | out: hHeap=0x5a0000) returned 1 [0046.912] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.912] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.912] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe", dwFileAttributes=0x80) returned 1 [0046.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.919] CloseHandle (hObject=0x1bc) returned 1 [0046.919] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.919] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee30 [0046.919] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.919] ReadFile (in: hFile=0x1bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.923] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.923] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.923] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.923] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.923] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.932] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.932] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.932] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.932] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.932] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.932] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.932] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.932] CloseHandle (hObject=0x1bc) returned 1 [0046.932] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.932] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.lolkek") returned 96 [0046.932] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe.lolkek" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\vc_redist.x86.exe.lolkek")) returned 1 [0046.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ce00 | out: hHeap=0x5a0000) returned 1 [0046.933] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.933] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.933] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi", dwFileAttributes=0x80) returned 1 [0046.933] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.933] CloseHandle (hObject=0x1bc) returned 1 [0046.934] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.934] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23000 [0046.934] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.934] ReadFile (in: hFile=0x1bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0046.962] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0046.962] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.962] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.962] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.962] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0046.986] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.986] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0046.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.986] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.986] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0046.986] WriteFile (in: hFile=0x1bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.986] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0046.987] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0046.987] CloseHandle (hObject=0x1bc) returned 1 [0046.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.987] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.lolkek") returned 151 [0046.987] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\vc_runtimeadditional_x86.msi.lolkek")) returned 1 [0046.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d340 | out: hHeap=0x5a0000) returned 1 [0046.987] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.987] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.987] SetFileAttributesW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", dwFileAttributes=0x80) returned 1 [0046.994] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.995] CloseHandle (hObject=0x2bc) returned 1 [0046.995] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.995] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa160012 [0046.995] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.995] ReadFile (in: hFile=0x2bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0047.006] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0047.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0047.006] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.006] ReadFile (in: hFile=0x2bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0047.051] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.051] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0047.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0047.052] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.052] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.052] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0047.052] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0047.052] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0047.052] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0047.052] CloseHandle (hObject=0x2bc) returned 1 [0047.052] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.052] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.lolkek") returned 69 [0047.052] MoveFileW (lpExistingFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), lpNewFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim.lolkek" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim.lolkek")) returned 1 [0047.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6461a8 | out: hHeap=0x5a0000) returned 1 [0047.053] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.053] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.053] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst", dwFileAttributes=0x80) returned 1 [0047.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.053] CloseHandle (hObject=0x2bc) returned 1 [0047.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.054] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x21cdb [0047.054] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.054] ReadFile (in: hFile=0x2bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0047.276] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0047.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0047.276] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.276] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0047.278] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.279] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0047.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.280] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.280] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0047.283] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0047.283] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0047.283] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0047.283] CloseHandle (hObject=0x2bc) returned 1 [0050.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.355] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.lolkek") returned 91 [0050.355] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst.lolkek")) returned 1 [0050.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d680 | out: hHeap=0x5a0000) returned 1 [0050.476] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.476] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.476] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico", dwFileAttributes=0x80) returned 1 [0050.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.477] CloseHandle (hObject=0x268) returned 1 [0050.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.477] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x28df6 [0050.477] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.477] ReadFile (in: hFile=0x268, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0050.484] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0050.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.484] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.485] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0050.486] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.486] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0050.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.486] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.486] WriteFile (in: hFile=0x268, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0050.486] WriteFile (in: hFile=0x268, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0050.486] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0050.487] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0050.487] CloseHandle (hObject=0x268) returned 1 [0050.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.487] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.lolkek") returned 157 [0050.487] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.lolkek")) returned 1 [0050.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddea28 | out: hHeap=0x5a0000) returned 1 [0050.489] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.489] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.489] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal", dwFileAttributes=0x80) returned 1 [0050.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.664] CloseHandle (hObject=0x27c) returned 1 [0050.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.740] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.740] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0050.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.740] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.740] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x0, lpOverlapped=0x0) returned 1 [0050.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.740] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.740] WriteFile (in: hFile=0x268, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0050.741] WriteFile (in: hFile=0x268, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0050.741] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0050.741] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0050.741] CloseHandle (hObject=0x268) returned 1 [0050.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.748] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal.lolkek") returned 103 [0050.748] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal.lolkek")) returned 1 [0050.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cbf0 | out: hHeap=0x5a0000) returned 1 [0050.829] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.829] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.829] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl", dwFileAttributes=0x80) returned 1 [0050.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.884] CloseHandle (hObject=0x268) returned 1 [0050.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.900] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x427 [0050.900] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.900] ReadFile (in: hFile=0x280, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0050.903] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0050.903] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.903] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.903] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.903] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x427, lpOverlapped=0x0) returned 1 [0050.903] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffbd9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.903] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x427, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x427, lpOverlapped=0x0) returned 1 [0050.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.904] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.904] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.904] WriteFile (in: hFile=0x280, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0050.904] WriteFile (in: hFile=0x280, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0050.904] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0050.904] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0050.904] CloseHandle (hObject=0x280) returned 1 [0050.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0050.905] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.lolkek") returned 124 [0050.905] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl.lolkek")) returned 1 [0050.992] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0050.994] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6388 | out: hHeap=0x5a0000) returned 1 [0050.994] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.994] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.994] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl", dwFileAttributes=0x80) returned 1 [0051.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0051.072] CloseHandle (hObject=0x210) returned 1 [0051.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.123] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x249 [0051.123] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.124] ReadFile (in: hFile=0x1b4, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.139] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.139] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.139] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x249, lpOverlapped=0x0) returned 1 [0051.139] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffdb7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.139] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x249, lpOverlapped=0x0) returned 1 [0051.140] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.140] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.140] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.140] WriteFile (in: hFile=0x1b4, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.140] WriteFile (in: hFile=0x1b4, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.140] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.140] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.140] CloseHandle (hObject=0x1b4) returned 1 [0051.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67cd08 [0051.151] wsprintfW (in: param_1=0x67cd08, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.lolkek") returned 127 [0051.151] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.lolkek")) returned 1 [0051.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd08 | out: hHeap=0x5a0000) returned 1 [0051.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddaa68 | out: hHeap=0x5a0000) returned 1 [0051.280] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.280] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.280] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", dwFileAttributes=0x80) returned 1 [0051.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.305] CloseHandle (hObject=0x24c) returned 1 [0051.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.330] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18ed [0051.330] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.330] ReadFile (in: hFile=0x228, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.333] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.333] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.333] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x18ed, lpOverlapped=0x0) returned 1 [0051.334] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffe713, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.334] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18ed, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x18ed, lpOverlapped=0x0) returned 1 [0051.334] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.334] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.334] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.334] WriteFile (in: hFile=0x228, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.334] WriteFile (in: hFile=0x228, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.334] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.334] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.334] CloseHandle (hObject=0x228) returned 1 [0051.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ef7e50 [0051.334] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.lolkek") returned 106 [0051.334] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.lolkek")) returned 1 [0051.363] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ef7e50 | out: hHeap=0x5a0000) returned 1 [0051.363] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61be60 | out: hHeap=0x5a0000) returned 1 [0051.363] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.363] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore", dwFileAttributes=0x80) returned 1 [0051.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.364] CloseHandle (hObject=0x228) returned 1 [0051.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.364] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x204000 [0051.364] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.364] ReadFile (in: hFile=0x228, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.366] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.366] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.366] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.369] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.369] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.370] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.370] WriteFile (in: hFile=0x228, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.370] WriteFile (in: hFile=0x228, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.370] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.370] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.371] CloseHandle (hObject=0x228) returned 1 [0051.371] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.371] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.lolkek") returned 104 [0051.371] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.lolkek")) returned 1 [0051.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657d80 | out: hHeap=0x5a0000) returned 1 [0051.372] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.372] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.372] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat", dwFileAttributes=0x80) returned 1 [0051.375] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.375] CloseHandle (hObject=0x228) returned 1 [0051.375] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.375] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0051.375] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.375] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.375] ReadFile (in: hFile=0x228, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2a4e35c*=0x0, lpOverlapped=0x0) returned 1 [0051.376] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.376] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.376] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.377] WriteFile (in: hFile=0x228, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.377] WriteFile (in: hFile=0x228, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.377] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.377] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.377] CloseHandle (hObject=0x228) returned 1 [0051.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.378] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.lolkek") returned 93 [0051.378] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat.lolkek")) returned 1 [0051.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5e38 | out: hHeap=0x5a0000) returned 1 [0051.378] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.378] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.378] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML", dwFileAttributes=0x80) returned 1 [0051.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.388] CloseHandle (hObject=0x23c) returned 1 [0051.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.388] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x27cf [0051.388] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.388] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.393] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.393] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.393] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x27cf, lpOverlapped=0x0) returned 1 [0051.398] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffd831, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.398] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x27cf, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x27cf, lpOverlapped=0x0) returned 1 [0051.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.398] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.398] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.399] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.399] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.399] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.399] CloseHandle (hObject=0x23c) returned 1 [0051.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.399] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.lolkek") returned 95 [0051.399] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.lolkek")) returned 1 [0051.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94aa8 | out: hHeap=0x5a0000) returned 1 [0051.400] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.400] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.400] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01", dwFileAttributes=0x80) returned 1 [0051.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.400] CloseHandle (hObject=0x23c) returned 1 [0051.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.400] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4898 [0051.400] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.401] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.405] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.406] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.406] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.407] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.407] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.408] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.408] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.408] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.408] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.408] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.408] CloseHandle (hObject=0x23c) returned 1 [0051.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0051.409] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.lolkek") returned 116 [0051.409] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01.lolkek")) returned 1 [0051.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0051.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb188 | out: hHeap=0x5a0000) returned 1 [0051.410] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.410] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.410] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01", dwFileAttributes=0x80) returned 1 [0051.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0051.421] CloseHandle (hObject=0x224) returned 1 [0051.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.421] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x204fd [0051.421] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.421] ReadFile (in: hFile=0x224, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.424] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.425] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.425] ReadFile (in: hFile=0x224, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.429] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.429] WriteFile (in: hFile=0x224, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.429] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.429] WriteFile (in: hFile=0x224, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.429] WriteFile (in: hFile=0x224, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.429] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.430] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.430] CloseHandle (hObject=0x224) returned 1 [0051.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.430] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.lolkek") returned 116 [0051.430] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01.lolkek")) returned 1 [0051.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb348 | out: hHeap=0x5a0000) returned 1 [0051.431] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.431] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.431] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01", dwFileAttributes=0x80) returned 1 [0051.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0051.437] CloseHandle (hObject=0x290) returned 1 [0051.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0051.437] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20543 [0051.437] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.437] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.441] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.441] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.441] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.443] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.443] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.443] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.443] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.443] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.443] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.443] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.443] CloseHandle (hObject=0x290) returned 1 [0051.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.443] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.lolkek") returned 116 [0051.443] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01.lolkek")) returned 1 [0051.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb888 | out: hHeap=0x5a0000) returned 1 [0051.446] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.446] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.446] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01", dwFileAttributes=0x80) returned 1 [0051.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.454] CloseHandle (hObject=0x23c) returned 1 [0051.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.454] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x133d5 [0051.454] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.454] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.456] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.456] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.456] ReadFile (in: hFile=0x23c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.460] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.461] WriteFile (in: hFile=0x23c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.461] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.461] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.461] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.461] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.461] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.461] CloseHandle (hObject=0x23c) returned 1 [0051.461] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.461] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.lolkek") returned 116 [0051.461] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01.lolkek")) returned 1 [0051.462] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.462] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ebc08 | out: hHeap=0x5a0000) returned 1 [0051.462] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.462] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01", dwFileAttributes=0x80) returned 1 [0051.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.463] CloseHandle (hObject=0x23c) returned 1 [0051.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.463] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x21839 [0051.463] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.463] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.465] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.465] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.465] ReadFile (in: hFile=0x23c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.471] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.471] WriteFile (in: hFile=0x23c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.471] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.471] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.471] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.471] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.471] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.471] CloseHandle (hObject=0x23c) returned 1 [0051.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.471] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.lolkek") returned 116 [0051.471] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01.lolkek")) returned 1 [0051.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b7e0 | out: hHeap=0x5a0000) returned 1 [0051.472] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.472] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.472] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01", dwFileAttributes=0x80) returned 1 [0051.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.473] CloseHandle (hObject=0x23c) returned 1 [0051.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.473] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10d22 [0051.473] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.473] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.476] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0051.476] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.476] ReadFile (in: hFile=0x23c, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.484] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.484] WriteFile (in: hFile=0x23c, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.484] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.484] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.484] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.484] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.484] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.485] CloseHandle (hObject=0x23c) returned 1 [0051.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.485] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.lolkek") returned 116 [0051.485] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01.lolkek")) returned 1 [0051.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x668cc8 | out: hHeap=0x5a0000) returned 1 [0051.486] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.486] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.486] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01", dwFileAttributes=0x80) returned 1 [0051.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.487] CloseHandle (hObject=0x23c) returned 1 [0051.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.487] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa80f [0051.487] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.487] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.490] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.490] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.490] ReadFile (in: hFile=0x23c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.494] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.494] WriteFile (in: hFile=0x23c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.495] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.495] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.495] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.495] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.495] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.495] CloseHandle (hObject=0x23c) returned 1 [0051.495] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.495] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.lolkek") returned 116 [0051.495] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01.lolkek")) returned 1 [0051.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eef0 | out: hHeap=0x5a0000) returned 1 [0051.496] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.496] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.496] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_", dwFileAttributes=0x80) returned 1 [0051.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.499] CloseHandle (hObject=0x23c) returned 1 [0051.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.499] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x400000 [0051.499] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.499] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.500] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.500] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.500] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.504] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.562] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.562] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.562] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.562] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.562] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.591] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.591] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.591] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.591] CloseHandle (hObject=0x23c) returned 1 [0051.591] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.591] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.lolkek") returned 114 [0051.591] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_.lolkek")) returned 1 [0051.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669200 | out: hHeap=0x5a0000) returned 1 [0051.595] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.595] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.595] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_", dwFileAttributes=0x80) returned 1 [0051.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.606] CloseHandle (hObject=0x23c) returned 1 [0051.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.606] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2114 [0051.606] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.606] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.629] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.630] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.630] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x2114, lpOverlapped=0x0) returned 1 [0051.642] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffdeec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.642] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2114, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x2114, lpOverlapped=0x0) returned 1 [0051.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.643] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.643] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.643] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.643] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.643] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.643] CloseHandle (hObject=0x23c) returned 1 [0051.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.644] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.lolkek") returned 114 [0051.644] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_.lolkek")) returned 1 [0051.645] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.645] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669570 | out: hHeap=0x5a0000) returned 1 [0051.645] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.645] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.645] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png", dwFileAttributes=0x80) returned 1 [0051.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0051.931] CloseHandle (hObject=0x224) returned 1 [0051.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.984] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40b0 [0051.984] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.984] ReadFile (in: hFile=0x224, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0051.986] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0051.986] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.986] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.986] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.986] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0051.989] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.989] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0051.989] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.989] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.989] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.989] WriteFile (in: hFile=0x224, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0051.989] WriteFile (in: hFile=0x224, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.989] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0051.989] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0051.989] CloseHandle (hObject=0x224) returned 1 [0051.989] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0051.989] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.lolkek") returned 144 [0051.989] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png.lolkek")) returned 1 [0051.990] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0051.990] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadff8 | out: hHeap=0x5a0000) returned 1 [0051.990] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.990] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.990] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", dwFileAttributes=0x80) returned 1 [0052.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.010] CloseHandle (hObject=0x2bc) returned 1 [0052.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.023] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x680 [0052.023] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.023] ReadFile (in: hFile=0x2a0, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.026] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.026] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.026] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x680, lpOverlapped=0x0) returned 1 [0052.026] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffff980, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.026] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x680, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x680, lpOverlapped=0x0) returned 1 [0052.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.027] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.027] WriteFile (in: hFile=0x2a0, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.027] WriteFile (in: hFile=0x2a0, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.027] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.027] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.027] CloseHandle (hObject=0x2a0) returned 1 [0052.028] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0052.028] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.lolkek") returned 158 [0052.028] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.lolkek")) returned 1 [0052.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0052.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6357c8 | out: hHeap=0x5a0000) returned 1 [0052.051] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.051] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.051] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", dwFileAttributes=0x80) returned 1 [0052.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0052.072] CloseHandle (hObject=0x214) returned 1 [0052.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.083] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x67c [0052.083] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.083] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.091] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.091] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.091] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.091] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.091] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x67c, lpOverlapped=0x0) returned 1 [0052.091] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffff984, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.091] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x67c, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x67c, lpOverlapped=0x0) returned 1 [0052.091] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.092] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.092] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.092] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.092] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.092] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.092] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.092] CloseHandle (hObject=0x23c) returned 1 [0052.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.094] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.lolkek") returned 158 [0052.094] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.lolkek")) returned 1 [0052.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1298 | out: hHeap=0x5a0000) returned 1 [0052.112] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.112] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.112] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", dwFileAttributes=0x80) returned 1 [0052.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.130] CloseHandle (hObject=0x280) returned 1 [0052.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.143] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.143] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.143] ReadFile (in: hFile=0x214, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.143] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.144] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.144] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x1cf, lpOverlapped=0x0) returned 1 [0052.144] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.144] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x1cf, lpOverlapped=0x0) returned 1 [0052.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.144] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.144] WriteFile (in: hFile=0x214, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.144] WriteFile (in: hFile=0x214, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.144] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.144] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.144] CloseHandle (hObject=0x214) returned 1 [0052.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.145] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.lolkek") returned 158 [0052.145] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.lolkek")) returned 1 [0052.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8c70 | out: hHeap=0x5a0000) returned 1 [0052.173] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.173] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.173] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", dwFileAttributes=0x80) returned 1 [0052.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.189] CloseHandle (hObject=0x258) returned 1 [0052.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0052.204] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x652 [0052.204] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.204] ReadFile (in: hFile=0x228, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.206] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.206] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.206] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.206] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.206] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x652, lpOverlapped=0x0) returned 1 [0052.206] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffff9ae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.206] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x652, lpOverlapped=0x0) returned 1 [0052.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.206] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.206] WriteFile (in: hFile=0x228, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.206] WriteFile (in: hFile=0x228, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.207] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.207] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.207] CloseHandle (hObject=0x228) returned 1 [0052.207] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.208] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.lolkek") returned 158 [0052.208] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.lolkek")) returned 1 [0052.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa218 | out: hHeap=0x5a0000) returned 1 [0052.233] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.233] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.233] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", dwFileAttributes=0x80) returned 1 [0052.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.251] CloseHandle (hObject=0x258) returned 1 [0052.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.269] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e3 [0052.269] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.269] ReadFile (in: hFile=0x290, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.271] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.271] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.271] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x6e3, lpOverlapped=0x0) returned 1 [0052.271] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffff91d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.271] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x6e3, lpOverlapped=0x0) returned 1 [0052.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.271] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.271] WriteFile (in: hFile=0x290, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.271] WriteFile (in: hFile=0x290, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.271] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.271] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.271] CloseHandle (hObject=0x290) returned 1 [0052.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.273] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.lolkek") returned 158 [0052.273] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.lolkek")) returned 1 [0052.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daba28 | out: hHeap=0x5a0000) returned 1 [0052.364] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.365] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.365] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", dwFileAttributes=0x80) returned 1 [0052.372] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.391] CloseHandle (hObject=0x2a0) returned 1 [0052.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.398] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18e [0052.398] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.398] ReadFile (in: hFile=0x2a0, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.399] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.399] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.399] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x18e, lpOverlapped=0x0) returned 1 [0052.399] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe72, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.399] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x18e, lpOverlapped=0x0) returned 1 [0052.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.399] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.399] WriteFile (in: hFile=0x2a0, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.399] WriteFile (in: hFile=0x2a0, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.399] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.399] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.399] CloseHandle (hObject=0x2a0) returned 1 [0052.400] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.400] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.lolkek") returned 159 [0052.400] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.lolkek")) returned 1 [0052.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3e480 | out: hHeap=0x5a0000) returned 1 [0052.425] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.425] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.425] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", dwFileAttributes=0x80) returned 1 [0052.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.444] CloseHandle (hObject=0x224) returned 1 [0052.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.449] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182 [0052.449] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.449] ReadFile (in: hFile=0x23c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.450] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.450] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.450] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x182, lpOverlapped=0x0) returned 1 [0052.450] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.450] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x182, lpOverlapped=0x0) returned 1 [0052.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.450] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.451] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.451] WriteFile (in: hFile=0x23c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.451] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.451] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.451] CloseHandle (hObject=0x23c) returned 1 [0052.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.451] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.lolkek") returned 159 [0052.451] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.lolkek")) returned 1 [0052.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7f88 | out: hHeap=0x5a0000) returned 1 [0052.475] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.475] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.475] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", dwFileAttributes=0x80) returned 1 [0052.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0052.495] CloseHandle (hObject=0x290) returned 1 [0052.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0052.500] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x196 [0052.500] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.500] ReadFile (in: hFile=0x228, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.500] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.500] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.500] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x196, lpOverlapped=0x0) returned 1 [0052.500] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffe6a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.501] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x196, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x196, lpOverlapped=0x0) returned 1 [0052.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.501] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.501] WriteFile (in: hFile=0x228, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.501] WriteFile (in: hFile=0x228, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.501] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.501] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.501] CloseHandle (hObject=0x228) returned 1 [0052.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.502] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.lolkek") returned 159 [0052.502] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.lolkek")) returned 1 [0052.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8210 | out: hHeap=0x5a0000) returned 1 [0052.532] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.532] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.532] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", dwFileAttributes=0x80) returned 1 [0052.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.551] CloseHandle (hObject=0x2a0) returned 1 [0052.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.559] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x204 [0052.559] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.559] ReadFile (in: hFile=0x224, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.561] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.561] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.561] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x204, lpOverlapped=0x0) returned 1 [0052.562] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffdfc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.562] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x204, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x204, lpOverlapped=0x0) returned 1 [0052.562] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.562] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.562] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.562] WriteFile (in: hFile=0x224, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.562] WriteFile (in: hFile=0x224, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.562] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.562] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.562] CloseHandle (hObject=0x224) returned 1 [0052.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.565] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.lolkek") returned 159 [0052.565] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.lolkek")) returned 1 [0052.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9b68 | out: hHeap=0x5a0000) returned 1 [0052.586] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.586] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.586] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76", dwFileAttributes=0x80) returned 1 [0052.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.587] CloseHandle (hObject=0x2a0) returned 1 [0052.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.587] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfc [0052.587] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.587] ReadFile (in: hFile=0x2a0, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0052.588] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0052.588] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.588] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.588] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.588] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0xfc, lpOverlapped=0x0) returned 1 [0052.588] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffff04, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.588] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0xfc, lpOverlapped=0x0) returned 1 [0052.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.588] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.588] WriteFile (in: hFile=0x2a0, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0052.588] WriteFile (in: hFile=0x2a0, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.588] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0052.588] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0052.588] CloseHandle (hObject=0x2a0) returned 1 [0052.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.589] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.lolkek") returned 126 [0052.589] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76.lolkek")) returned 1 [0052.984] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.984] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94d38 | out: hHeap=0x5a0000) returned 1 [0052.984] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.984] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.984] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d", dwFileAttributes=0x80) returned 1 [0053.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.720] CloseHandle (hObject=0x280) returned 1 [0053.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.748] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0053.748] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.748] ReadFile (in: hFile=0x190, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0053.748] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0053.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.749] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.749] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x1d4, lpOverlapped=0x0) returned 1 [0053.749] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.749] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x1d4, lpOverlapped=0x0) returned 1 [0053.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.749] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.749] WriteFile (in: hFile=0x190, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0053.749] WriteFile (in: hFile=0x190, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0053.749] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0053.749] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0053.749] CloseHandle (hObject=0x190) returned 1 [0053.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0053.752] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.lolkek") returned 158 [0053.752] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d.lolkek")) returned 1 [0053.767] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0053.767] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1518 | out: hHeap=0x5a0000) returned 1 [0053.767] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.767] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.767] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", dwFileAttributes=0x80) returned 1 [0053.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.788] CloseHandle (hObject=0x2b8) returned 1 [0053.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0053.795] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa00000 [0053.795] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.795] ReadFile (in: hFile=0x224, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0053.795] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0053.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0053.795] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.796] ReadFile (in: hFile=0x224, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0053.797] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.797] WriteFile (in: hFile=0x224, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0053.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.797] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.797] WriteFile (in: hFile=0x224, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0053.842] WriteFile (in: hFile=0x224, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0053.842] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0053.842] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0053.842] CloseHandle (hObject=0x224) returned 1 [0053.874] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.874] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.lolkek") returned 112 [0053.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite.lolkek")) returned 1 [0054.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde5c0 | out: hHeap=0x5a0000) returned 1 [0054.214] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.214] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.214] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3", dwFileAttributes=0x80) returned 1 [0054.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rpwo.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.219] CloseHandle (hObject=0x2bc) returned 1 [0054.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rpwo.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.219] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7a08 [0054.219] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.219] ReadFile (in: hFile=0x2bc, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0054.220] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0054.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.220] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.220] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0054.220] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.220] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0054.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.220] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.220] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0054.220] WriteFile (in: hFile=0x2bc, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0054.221] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0054.221] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0054.221] CloseHandle (hObject=0x2bc) returned 1 [0054.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.232] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3.lolkek") returned 57 [0054.232] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rpwo.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rpwo.mp3.lolkek")) returned 1 [0054.263] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.263] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd8f8 | out: hHeap=0x5a0000) returned 1 [0054.263] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.263] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.263] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods", dwFileAttributes=0x80) returned 1 [0054.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0w9tsn9xbaukrjus.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0054.267] CloseHandle (hObject=0x224) returned 1 [0054.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0w9tsn9xbaukrjus.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0054.267] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13fd7 [0054.267] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.267] ReadFile (in: hFile=0x224, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0054.268] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0054.268] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.268] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.268] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.268] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x4000, lpOverlapped=0x0) returned 1 [0054.268] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.268] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x4000, lpOverlapped=0x0) returned 1 [0054.268] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.268] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.268] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.268] WriteFile (in: hFile=0x224, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0054.268] WriteFile (in: hFile=0x224, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0054.268] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0054.268] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0054.268] CloseHandle (hObject=0x224) returned 1 [0054.272] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.272] wsprintfW (in: param_1=0x3be0390, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods.lolkek") returned 70 [0054.272] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0w9tsn9xbaukrjus.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0w9tsn9xbaukrjus.ods.lolkek")) returned 1 [0054.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec3e10 | out: hHeap=0x5a0000) returned 1 [0054.707] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.707] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.707] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url", dwFileAttributes=0x80) returned 1 [0054.733] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0054.754] CloseHandle (hObject=0x190) returned 1 [0054.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0055.029] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0055.029] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.029] ReadFile (in: hFile=0x27c, lpBuffer=0x2a4fda0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2a4e384, lpOverlapped=0x0 | out: lpBuffer=0x2a4fda0*, lpNumberOfBytesRead=0x2a4e384*=0xd, lpOverlapped=0x0) returned 1 [0055.029] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2a4fdb0 | out: pbBuffer=0x2a4fdb0) returned 1 [0055.029] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0055.029] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.029] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.029] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2a4e35c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2a4e35c*=0x85, lpOverlapped=0x0) returned 1 [0055.030] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.030] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2a4fda0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2a4fda0*=0x85, lpOverlapped=0x0) returned 1 [0055.030] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.030] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0055.030] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.030] WriteFile (in: hFile=0x27c, lpBuffer=0x2a4e364*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4e364*, lpNumberOfBytesWritten=0x2a4e368*=0x4, lpOverlapped=0x0) returned 1 [0055.030] WriteFile (in: hFile=0x27c, lpBuffer=0x2a4fdb0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x2a4fdb0*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0055.030] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2a4e368*=0x20, lpOverlapped=0x0) returned 1 [0055.030] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2a4e368, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2a4e368*=0xd, lpOverlapped=0x0) returned 1 [0055.030] CloseHandle (hObject=0x27c) returned 1 [0055.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0055.122] wsprintfW (in: param_1=0x3be0390, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.lolkek") returned 71 [0055.122] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.lolkek")) returned 1 [0055.868] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0055.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6129c0 | out: hHeap=0x5a0000) returned 1 [0055.873] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.873] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.873] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", dwFileAttributes=0x80) returned 0 [0055.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.873] RmStartSession () returned 0x0 [0055.876] RmRegisterResources () returned 0x0 [0055.878] RmGetList () returned 0x0 [0056.154] RmEndSession () returned 0x0 [0056.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6188f0 | out: hHeap=0x5a0000) returned 1 [0056.411] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.411] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.411] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", dwFileAttributes=0x80) returned 0 [0056.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.412] RmStartSession () returned 0x0 [0056.414] RmRegisterResources () returned 0x0 [0056.416] RmGetList () returned 0x0 [0057.086] RmEndSession () returned 0x0 [0057.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5f28 | out: hHeap=0x5a0000) returned 1 [0057.297] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.297] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.297] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", dwFileAttributes=0x80) returned 0 [0057.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.297] RmStartSession () returned 0x0 [0057.300] RmRegisterResources () returned 0x0 [0057.302] RmGetList () returned 0x0 [0057.698] RmEndSession () returned 0x0 [0057.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6db0 | out: hHeap=0x5a0000) returned 1 [0057.715] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.715] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.715] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", dwFileAttributes=0x80) returned 0 [0057.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.715] RmStartSession () returned 0x0 [0057.718] RmRegisterResources () returned 0x0 [0057.720] RmGetList () returned 0x0 [0058.174] RmEndSession () returned 0x0 [0058.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb78f0 | out: hHeap=0x5a0000) returned 1 [0058.396] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.396] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.396] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", dwFileAttributes=0x80) returned 0 [0058.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.397] RmStartSession () returned 0x0 [0058.399] RmRegisterResources () returned 0x0 [0058.403] RmGetList () returned 0x0 [0059.709] RmEndSession () returned 0x0 [0059.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da52b0 | out: hHeap=0x5a0000) returned 1 [0059.724] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.724] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.724] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif", dwFileAttributes=0x80) returned 0 [0059.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.724] RmStartSession () returned 0x0 [0059.727] RmRegisterResources () returned 0x0 [0059.730] RmGetList () returned 0x0 [0062.968] RmEndSession () returned 0x0 [0063.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.125] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadd20 | out: hHeap=0x5a0000) returned 1 [0063.125] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 5 os_tid = 0x8a8 [0035.506] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.843] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.843] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0035.844] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.846] RmStartSession () returned 0x0 [0036.255] RmRegisterResources () returned 0x0 [0036.256] RmGetList () returned 0x0 [0036.883] RmEndSession () returned 0x0 [0036.901] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0036.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d830 | out: hHeap=0x5a0000) returned 1 [0036.901] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0036.901] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.901] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf", dwFileAttributes=0x80) returned 0 [0036.901] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0036.901] RmStartSession () returned 0x0 [0036.903] RmRegisterResources () returned 0x0 [0036.905] RmGetList () returned 0x0 [0037.593] RmEndSession () returned 0x0 [0037.616] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fc98 | out: hHeap=0x5a0000) returned 1 [0037.616] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.616] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.616] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.616] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.616] RmStartSession () returned 0x0 [0037.618] RmRegisterResources () returned 0x0 [0037.620] RmGetList () returned 0x0 [0041.509] RmEndSession () returned 0x0 [0041.534] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6302d8 | out: hHeap=0x5a0000) returned 1 [0041.534] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.535] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.535] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", dwFileAttributes=0x80) returned 0 [0041.535] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.535] RmStartSession () returned 0x0 [0041.537] RmRegisterResources () returned 0x0 [0041.539] RmGetList () returned 0x0 [0042.629] RmEndSession () returned 0x0 [0042.648] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf568 | out: hHeap=0x5a0000) returned 1 [0042.648] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.648] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.648] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", dwFileAttributes=0x80) returned 0 [0042.648] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.648] RmStartSession () returned 0x0 [0042.650] RmRegisterResources () returned 0x0 [0042.652] RmGetList () returned 0x0 [0043.790] RmEndSession () returned 0x0 [0043.812] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.813] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66dc80 | out: hHeap=0x5a0000) returned 1 [0043.813] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.813] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.813] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat", dwFileAttributes=0x80) returned 1 [0043.813] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.813] RmStartSession () returned 0x0 [0043.815] RmRegisterResources () returned 0x0 [0043.817] RmGetList () returned 0x0 [0044.506] GetCurrentProcessId () returned 0x86c [0044.506] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0044.506] RmEndSession () returned 0x0 [0044.527] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676008 | out: hHeap=0x5a0000) returned 1 [0044.527] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.527] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.527] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", dwFileAttributes=0x80) returned 0 [0044.527] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.528] RmStartSession () returned 0x0 [0044.529] RmRegisterResources () returned 0x0 [0044.532] RmGetList () returned 0x0 [0045.200] RmEndSession () returned 0x0 [0045.220] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614100 | out: hHeap=0x5a0000) returned 1 [0045.220] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.220] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.220] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", dwFileAttributes=0x80) returned 0 [0045.220] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.220] RmStartSession () returned 0x0 [0045.222] RmRegisterResources () returned 0x0 [0045.224] RmGetList () returned 0x0 [0045.868] RmEndSession () returned 0x0 [0045.891] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615120 | out: hHeap=0x5a0000) returned 1 [0045.891] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.891] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.891] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", dwFileAttributes=0x80) returned 0 [0045.891] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.892] RmStartSession () returned 0x0 [0045.893] RmRegisterResources () returned 0x0 [0045.896] RmGetList () returned 0x0 [0047.112] RmEndSession () returned 0x0 [0047.135] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.135] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cade78 | out: hHeap=0x5a0000) returned 1 [0047.135] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.135] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.135] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin", dwFileAttributes=0x80) returned 1 [0050.464] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.474] CloseHandle (hObject=0x1e0) returned 1 [0050.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.492] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12ea5 [0050.492] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.492] ReadFile (in: hFile=0x1e0, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0050.500] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.500] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.500] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0050.507] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.507] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0050.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.507] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.507] WriteFile (in: hFile=0x1e0, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.507] WriteFile (in: hFile=0x1e0, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.507] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.507] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.507] CloseHandle (hObject=0x1e0) returned 1 [0050.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.507] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.lolkek") returned 87 [0050.508] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin.lolkek")) returned 1 [0050.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caeff0 | out: hHeap=0x5a0000) returned 1 [0050.508] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.508] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.508] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal", dwFileAttributes=0x80) returned 1 [0050.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.509] CloseHandle (hObject=0x1e0) returned 1 [0050.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.509] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.509] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.509] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.509] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x0, lpOverlapped=0x0) returned 1 [0050.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.509] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.509] WriteFile (in: hFile=0x1e0, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.510] WriteFile (in: hFile=0x1e0, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.510] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.510] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.510] CloseHandle (hObject=0x1e0) returned 1 [0050.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.510] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal.lolkek") returned 112 [0050.510] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal.lolkek")) returned 1 [0050.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cf10 | out: hHeap=0x5a0000) returned 1 [0050.511] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.511] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.511] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies", dwFileAttributes=0x80) returned 1 [0050.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.511] CloseHandle (hObject=0x1e0) returned 1 [0050.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.512] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c00 [0050.512] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.512] ReadFile (in: hFile=0x1e0, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0050.524] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.524] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.524] ReadFile (in: hFile=0x1e0, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x293e38c*=0x1c00, lpOverlapped=0x0) returned 1 [0050.537] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffe400, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.537] WriteFile (in: hFile=0x1e0, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1c00, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x293fdd0*=0x1c00, lpOverlapped=0x0) returned 1 [0050.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.537] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.537] WriteFile (in: hFile=0x1e0, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.537] WriteFile (in: hFile=0x1e0, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.537] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.537] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.537] CloseHandle (hObject=0x1e0) returned 1 [0050.537] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.537] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies.lolkek") returned 100 [0050.537] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies.lolkek")) returned 1 [0050.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d0c0 | out: hHeap=0x5a0000) returned 1 [0050.538] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.538] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.538] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms", dwFileAttributes=0x80) returned 1 [0050.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.615] CloseHandle (hObject=0x1b4) returned 1 [0050.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.622] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0050.622] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.622] ReadFile (in: hFile=0x1b4, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0050.625] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.625] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.625] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0050.628] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.628] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0050.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.628] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.628] WriteFile (in: hFile=0x1b4, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.628] WriteFile (in: hFile=0x1b4, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.628] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.628] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.628] CloseHandle (hObject=0x1b4) returned 1 [0050.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.629] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.lolkek") returned 114 [0050.629] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.lolkek")) returned 1 [0050.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66aa10 | out: hHeap=0x5a0000) returned 1 [0050.629] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.629] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.629] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini", dwFileAttributes=0x80) returned 1 [0050.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.630] CloseHandle (hObject=0x1b4) returned 1 [0050.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.630] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0050.630] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.630] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.630] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x43, lpOverlapped=0x0) returned 1 [0050.631] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.631] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x43, lpOverlapped=0x0) returned 1 [0050.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.631] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.631] WriteFile (in: hFile=0x1b4, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.631] WriteFile (in: hFile=0x1b4, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.631] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.632] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.632] CloseHandle (hObject=0x1b4) returned 1 [0050.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.632] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.lolkek") returned 88 [0050.632] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.lolkek")) returned 1 [0050.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae530 | out: hHeap=0x5a0000) returned 1 [0050.632] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.632] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.632] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat", dwFileAttributes=0x80) returned 1 [0050.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.640] CloseHandle (hObject=0x1b4) returned 1 [0050.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.640] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0050.640] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.640] ReadFile (in: hFile=0x1b4, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0050.647] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.647] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.647] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0050.656] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.656] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0050.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.656] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.656] WriteFile (in: hFile=0x1b4, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.656] WriteFile (in: hFile=0x1b4, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.656] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.657] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.657] CloseHandle (hObject=0x1b4) returned 1 [0050.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.657] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.lolkek") returned 86 [0050.657] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat.lolkek")) returned 1 [0050.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6178f8 | out: hHeap=0x5a0000) returned 1 [0050.658] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.658] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.658] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]", dwFileAttributes=0x80) returned 1 [0050.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.733] CloseHandle (hObject=0x1e0) returned 1 [0050.733] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.782] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.782] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.782] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.782] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.782] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.782] ReadFile (in: hFile=0x270, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x0, lpOverlapped=0x0) returned 1 [0050.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.782] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.782] WriteFile (in: hFile=0x270, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.783] WriteFile (in: hFile=0x270, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.783] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.783] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.783] CloseHandle (hObject=0x270) returned 1 [0050.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0050.795] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1].lolkek") returned 107 [0050.795] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1].lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1].lolkek")) returned 1 [0050.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0050.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf320 | out: hHeap=0x5a0000) returned 1 [0050.830] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.830] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.830] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl", dwFileAttributes=0x80) returned 1 [0050.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.885] CloseHandle (hObject=0x268) returned 1 [0050.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0050.913] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x249 [0050.913] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.913] ReadFile (in: hFile=0x224, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0050.913] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0050.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.913] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.913] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x249, lpOverlapped=0x0) returned 1 [0050.913] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffdb7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.913] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x249, lpOverlapped=0x0) returned 1 [0050.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.914] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.914] WriteFile (in: hFile=0x224, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0050.914] WriteFile (in: hFile=0x224, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.914] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0050.914] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0050.914] CloseHandle (hObject=0x224) returned 1 [0050.929] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ed7e40 [0050.929] wsprintfW (in: param_1=0x3ed7e40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.lolkek") returned 127 [0050.930] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl.lolkek")) returned 1 [0050.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ed7e40 | out: hHeap=0x5a0000) returned 1 [0051.001] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4ec0 | out: hHeap=0x5a0000) returned 1 [0051.001] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.001] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.001] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD", dwFileAttributes=0x80) returned 1 [0051.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0051.056] CloseHandle (hObject=0x1b4) returned 1 [0051.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.061] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20000 [0051.061] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.061] ReadFile (in: hFile=0x224, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.062] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.063] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.063] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0051.065] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.065] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0051.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.066] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.066] WriteFile (in: hFile=0x224, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.066] WriteFile (in: hFile=0x224, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.066] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.066] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.066] CloseHandle (hObject=0x224) returned 1 [0051.066] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.067] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.lolkek") returned 105 [0051.067] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd.lolkek")) returned 1 [0051.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddafb8 | out: hHeap=0x5a0000) returned 1 [0051.077] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.077] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.077] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi", dwFileAttributes=0x80) returned 1 [0051.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0051.105] CloseHandle (hObject=0x27c) returned 1 [0051.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.152] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb9 [0051.152] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.152] ReadFile (in: hFile=0x280, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.153] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.153] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.153] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0xb9, lpOverlapped=0x0) returned 1 [0051.153] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffff47, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.153] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xb9, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0xb9, lpOverlapped=0x0) returned 1 [0051.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.153] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.153] WriteFile (in: hFile=0x280, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.154] WriteFile (in: hFile=0x280, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.154] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.154] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.154] CloseHandle (hObject=0x280) returned 1 [0051.156] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0051.157] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.lolkek") returned 96 [0051.157] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi.lolkek")) returned 1 [0051.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0051.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf8b8 | out: hHeap=0x5a0000) returned 1 [0051.262] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.262] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.262] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm", dwFileAttributes=0x80) returned 1 [0051.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.303] CloseHandle (hObject=0x24c) returned 1 [0051.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.315] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0051.315] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.315] ReadFile (in: hFile=0x210, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.316] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.316] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.316] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0xed, lpOverlapped=0x0) returned 1 [0051.316] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.316] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0xed, lpOverlapped=0x0) returned 1 [0051.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.316] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.316] WriteFile (in: hFile=0x210, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.317] WriteFile (in: hFile=0x210, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.317] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.317] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.317] CloseHandle (hObject=0x210) returned 1 [0051.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0051.318] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.lolkek") returned 106 [0051.318] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.lolkek")) returned 1 [0051.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0051.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be08f0 | out: hHeap=0x5a0000) returned 1 [0051.350] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.350] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.350] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm", dwFileAttributes=0x80) returned 1 [0051.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.392] CloseHandle (hObject=0x268) returned 1 [0051.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.392] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0051.392] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.392] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.393] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.393] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.393] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0xed, lpOverlapped=0x0) returned 1 [0051.393] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.393] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0xed, lpOverlapped=0x0) returned 1 [0051.393] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.393] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.393] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.393] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.393] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.393] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.393] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.393] CloseHandle (hObject=0x268) returned 1 [0051.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.403] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.lolkek") returned 107 [0051.403] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.lolkek")) returned 1 [0051.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657448 | out: hHeap=0x5a0000) returned 1 [0051.653] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.653] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.653] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_", dwFileAttributes=0x80) returned 1 [0051.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.654] CloseHandle (hObject=0x268) returned 1 [0051.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.654] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1 [0051.654] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.654] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.654] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x1, lpOverlapped=0x0) returned 1 [0051.655] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffffff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.655] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x1, lpOverlapped=0x0) returned 1 [0051.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.655] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.655] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.655] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.655] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.655] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.655] CloseHandle (hObject=0x268) returned 1 [0051.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.656] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.lolkek") returned 110 [0051.656] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_.lolkek")) returned 1 [0051.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9640 | out: hHeap=0x5a0000) returned 1 [0051.656] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.656] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.656] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml", dwFileAttributes=0x80) returned 1 [0051.658] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.659] CloseHandle (hObject=0x268) returned 1 [0051.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.659] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x464 [0051.659] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.659] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.662] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.662] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.662] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x464, lpOverlapped=0x0) returned 1 [0051.662] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffb9c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.662] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x464, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x464, lpOverlapped=0x0) returned 1 [0051.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.662] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.662] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.662] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.662] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.662] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.662] CloseHandle (hObject=0x268) returned 1 [0051.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.662] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.lolkek") returned 105 [0051.663] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml.lolkek")) returned 1 [0051.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea97e8 | out: hHeap=0x5a0000) returned 1 [0051.663] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.663] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.663] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar", dwFileAttributes=0x80) returned 1 [0051.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.664] CloseHandle (hObject=0x268) returned 1 [0051.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.664] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x927c0 [0051.664] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.664] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.667] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.667] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.667] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0051.709] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.709] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0051.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.709] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.709] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.709] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.709] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.709] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.709] CloseHandle (hObject=0x268) returned 1 [0051.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.710] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.lolkek") returned 108 [0051.710] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar.lolkek")) returned 1 [0051.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9980 | out: hHeap=0x5a0000) returned 1 [0051.710] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.710] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.710] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3", dwFileAttributes=0x80) returned 1 [0051.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\d8eek3lhs.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.711] CloseHandle (hObject=0x268) returned 1 [0051.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\d8eek3lhs.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.711] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb023 [0051.711] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.711] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.711] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.711] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.712] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0051.712] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.712] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0051.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.712] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.712] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.712] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.712] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.712] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.712] CloseHandle (hObject=0x268) returned 1 [0051.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.712] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3.lolkek") returned 73 [0051.712] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\d8eek3lhs.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\d8eek3lhs.mp3.lolkek")) returned 1 [0051.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94c18 | out: hHeap=0x5a0000) returned 1 [0051.713] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.713] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.713] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp", dwFileAttributes=0x80) returned 1 [0051.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\e2tan4as0xn0qxrjt.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.713] CloseHandle (hObject=0x268) returned 1 [0051.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\e2tan4as0xn0qxrjt.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.714] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14106 [0051.714] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.714] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.714] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.714] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.714] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0051.714] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.714] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0051.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.715] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.715] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.715] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.715] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.715] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.715] CloseHandle (hObject=0x268) returned 1 [0051.715] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.715] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp.lolkek") returned 81 [0051.715] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\e2tan4as0xn0qxrjt.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\e2tan4as0xn0qxrjt.bmp.lolkek")) returned 1 [0051.716] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.716] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca68d8 | out: hHeap=0x5a0000) returned 1 [0051.716] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.716] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.716] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots", dwFileAttributes=0x80) returned 1 [0051.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f 2ng-qz.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.716] CloseHandle (hObject=0x268) returned 1 [0051.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f 2ng-qz.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.716] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xecea [0051.716] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.716] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.717] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.717] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.717] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0051.717] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.717] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0051.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.717] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.717] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.717] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.717] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.717] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.718] CloseHandle (hObject=0x268) returned 1 [0051.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.718] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots.lolkek") returned 72 [0051.718] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f 2ng-qz.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f 2ng-qz.ots.lolkek")) returned 1 [0051.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611610 | out: hHeap=0x5a0000) returned 1 [0051.718] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.718] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.718] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi", dwFileAttributes=0x80) returned 1 [0051.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f-omsbuiuz0zmu.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.719] CloseHandle (hObject=0x268) returned 1 [0051.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f-omsbuiuz0zmu.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.719] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa495 [0051.719] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.719] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.719] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.720] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.720] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0051.720] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.720] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0051.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.720] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.720] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.720] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.720] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.720] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.720] CloseHandle (hObject=0x268) returned 1 [0051.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.720] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi.lolkek") returned 78 [0051.720] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f-omsbuiuz0zmu.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\f-omsbuiuz0zmu.avi.lolkek")) returned 1 [0051.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3efa0 | out: hHeap=0x5a0000) returned 1 [0051.721] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.721] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.721] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots", dwFileAttributes=0x80) returned 1 [0051.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fuee5zqioyl4w5cptx0g.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.722] CloseHandle (hObject=0x268) returned 1 [0051.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fuee5zqioyl4w5cptx0g.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.722] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaeb1 [0051.722] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.722] ReadFile (in: hFile=0x268, lpBuffer=0x293fdd0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x293e3b4, lpOverlapped=0x0 | out: lpBuffer=0x293fdd0*, lpNumberOfBytesRead=0x293e3b4*=0xd, lpOverlapped=0x0) returned 1 [0051.722] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0051.722] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.722] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.722] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.722] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x4000, lpOverlapped=0x0) returned 1 [0051.722] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.722] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x293fdd0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x293fdd0*=0x4000, lpOverlapped=0x0) returned 1 [0051.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.723] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.723] WriteFile (in: hFile=0x268, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0051.723] WriteFile (in: hFile=0x268, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.723] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0051.723] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0051.723] CloseHandle (hObject=0x268) returned 1 [0051.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.723] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots.lolkek") returned 84 [0051.723] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fuee5zqioyl4w5cptx0g.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fuee5zqioyl4w5cptx0g.ots.lolkek")) returned 1 [0051.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617000 | out: hHeap=0x5a0000) returned 1 [0051.724] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.724] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.724] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt", dwFileAttributes=0x80) returned 1 [0051.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0051.724] RmStartSession () returned 0x0 [0051.725] RmRegisterResources () returned 0x0 [0051.728] RmGetList () returned 0x0 [0053.637] GetCurrentProcessId () returned 0x86c [0053.637] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x460) returned 0x214 [0053.637] TerminateProcess (hProcess=0x214, uExitCode=0x0) returned 1 [0053.638] WaitForSingleObject (hHandle=0x214, dwMilliseconds=0xffffffff) returned 0x0 [0063.230] RmEndSession () returned 0x0 [0063.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0063.249] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0063.249] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x293fde0 | out: pbBuffer=0x293fde0) returned 1 [0063.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0063.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0063.249] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0063.249] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x293e38c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x293e38c*=0x0, lpOverlapped=0x0) returned 1 [0063.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0063.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0063.249] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0063.249] WriteFile (in: hFile=0x290, lpBuffer=0x293e394*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293e394*, lpNumberOfBytesWritten=0x293e398*=0x4, lpOverlapped=0x0) returned 1 [0063.250] WriteFile (in: hFile=0x290, lpBuffer=0x293fde0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x293fde0*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0063.250] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x293e398*=0x20, lpOverlapped=0x0) returned 1 [0063.250] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x293e398, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x293e398*=0xd, lpOverlapped=0x0) returned 1 [0063.250] CloseHandle (hObject=0x290) returned 1 [0063.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0063.251] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt.lolkek") returned 82 [0063.251] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt.lolkek")) returned 1 [0063.252] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0063.252] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6a10 | out: hHeap=0x5a0000) returned 1 [0063.252] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0x8b8 [0035.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.518] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.518] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BCD", dwFileAttributes=0x80) returned 1 [0035.519] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.519] RmStartSession () returned 0x0 [0036.164] RmRegisterResources () returned 0x0 [0036.167] RmGetList () returned 0x0 [0036.836] GetCurrentProcessId () returned 0x86c [0036.836] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0036.836] RmEndSession () returned 0x0 [0036.856] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0036.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b8780 | out: hHeap=0x5a0000) returned 1 [0036.856] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0036.856] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.856] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf", dwFileAttributes=0x80) returned 0 [0036.856] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0036.856] RmStartSession () returned 0x0 [0036.857] RmRegisterResources () returned 0x0 [0036.860] RmGetList () returned 0x0 [0037.535] RmEndSession () returned 0x0 [0037.561] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fc10 | out: hHeap=0x5a0000) returned 1 [0037.561] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.561] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.561] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.561] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.561] RmStartSession () returned 0x0 [0037.563] RmRegisterResources () returned 0x0 [0037.565] RmGetList () returned 0x0 [0041.451] RmEndSession () returned 0x0 [0041.478] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x630248 | out: hHeap=0x5a0000) returned 1 [0041.478] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.478] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", dwFileAttributes=0x80) returned 0 [0041.482] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.482] RmStartSession () returned 0x0 [0041.483] RmRegisterResources () returned 0x0 [0041.486] RmGetList () returned 0x0 [0042.577] RmEndSession () returned 0x0 [0042.596] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf3c8 | out: hHeap=0x5a0000) returned 1 [0042.596] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.597] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.597] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", dwFileAttributes=0x80) returned 0 [0042.600] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.601] RmStartSession () returned 0x0 [0042.602] RmRegisterResources () returned 0x0 [0042.604] RmGetList () returned 0x0 [0043.256] RmEndSession () returned 0x0 [0043.279] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.279] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66daf8 | out: hHeap=0x5a0000) returned 1 [0043.279] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.279] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.279] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico", dwFileAttributes=0x80) returned 1 [0043.285] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.285] CloseHandle (hObject=0x234) returned 1 [0043.285] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.285] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x627e [0043.285] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.285] ReadFile (in: hFile=0x234, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.288] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.289] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.289] ReadFile (in: hFile=0x234, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.292] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.293] WriteFile (in: hFile=0x234, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.293] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.293] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.293] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.293] WriteFile (in: hFile=0x234, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.293] WriteFile (in: hFile=0x234, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.293] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.293] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.293] CloseHandle (hObject=0x234) returned 1 [0043.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.293] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.lolkek") returned 65 [0043.293] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\documentrepository.ico.lolkek")) returned 1 [0043.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67ce38 | out: hHeap=0x5a0000) returned 1 [0043.294] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.294] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.294] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico", dwFileAttributes=0x80) returned 1 [0043.297] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.297] CloseHandle (hObject=0x174) returned 1 [0043.297] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.297] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x627e [0043.297] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.297] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.303] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.303] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.303] ReadFile (in: hFile=0x174, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.305] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.305] WriteFile (in: hFile=0x174, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.305] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.305] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.305] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.305] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.305] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.305] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.305] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.305] CloseHandle (hObject=0x174) returned 1 [0043.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.305] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.lolkek") returned 53 [0043.306] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\mysite.ico.lolkek")) returned 1 [0043.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d010 | out: hHeap=0x5a0000) returned 1 [0043.306] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.306] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.306] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico", dwFileAttributes=0x80) returned 1 [0043.309] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.309] CloseHandle (hObject=0x190) returned 1 [0043.309] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.309] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x627e [0043.309] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.309] ReadFile (in: hFile=0x190, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.317] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.317] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.317] ReadFile (in: hFile=0x190, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.318] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.318] WriteFile (in: hFile=0x190, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.318] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.318] WriteFile (in: hFile=0x190, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.318] WriteFile (in: hFile=0x190, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.318] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.318] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.318] CloseHandle (hObject=0x190) returned 1 [0043.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.318] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.lolkek") returned 65 [0043.318] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\sharepointteamsite.ico.lolkek")) returned 1 [0043.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d1d8 | out: hHeap=0x5a0000) returned 1 [0043.319] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.319] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.319] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.326] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.326] CloseHandle (hObject=0x190) returned 1 [0043.326] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.326] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbf60 [0043.327] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.327] ReadFile (in: hFile=0x190, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.328] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.328] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.328] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.328] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.328] ReadFile (in: hFile=0x190, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.332] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.332] WriteFile (in: hFile=0x190, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.332] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.333] WriteFile (in: hFile=0x190, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.333] WriteFile (in: hFile=0x190, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.333] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.333] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.333] CloseHandle (hObject=0x190) returned 1 [0043.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.333] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.lolkek") returned 79 [0043.333] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.dll.trx_dll.lolkek")) returned 1 [0043.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6954b0 | out: hHeap=0x5a0000) returned 1 [0043.333] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.333] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.333] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.337] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.337] CloseHandle (hObject=0x174) returned 1 [0043.337] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.337] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x49f60 [0043.337] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.337] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.343] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.343] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.343] ReadFile (in: hFile=0x174, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.345] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.345] WriteFile (in: hFile=0x174, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.346] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.346] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.346] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.346] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.346] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.346] CloseHandle (hObject=0x174) returned 1 [0043.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.346] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.lolkek") returned 76 [0043.346] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mapir.dll.trx_dll.lolkek")) returned 1 [0043.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695710 | out: hHeap=0x5a0000) returned 1 [0043.347] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.347] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.347] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.347] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.347] CloseHandle (hObject=0x174) returned 1 [0043.347] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.347] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17960 [0043.347] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.347] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.351] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbcf0 [0043.351] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.351] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbcf0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbcf0*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.356] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.356] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbcf0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbcf0*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbcf0 | out: hHeap=0x5a0000) returned 1 [0043.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.357] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.357] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.357] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.357] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.357] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.357] CloseHandle (hObject=0x174) returned 1 [0043.357] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.357] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.lolkek") returned 78 [0043.357] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.dll.trx_dll.lolkek")) returned 1 [0043.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695960 | out: hHeap=0x5a0000) returned 1 [0043.360] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.360] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.360] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.363] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.363] CloseHandle (hObject=0x190) returned 1 [0043.363] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.363] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb360 [0043.363] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.363] ReadFile (in: hFile=0x190, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.369] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.369] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.369] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.371] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.371] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.371] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.371] WriteFile (in: hFile=0x190, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.372] WriteFile (in: hFile=0x190, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.372] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.372] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.372] CloseHandle (hObject=0x190) returned 1 [0043.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.372] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.lolkek") returned 78 [0043.372] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\omsintl.dll.trx_dll.lolkek")) returned 1 [0043.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695bb8 | out: hHeap=0x5a0000) returned 1 [0043.372] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.372] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.372] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.375] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.375] CloseHandle (hObject=0x234) returned 1 [0043.376] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.376] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fb60 [0043.376] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.376] ReadFile (in: hFile=0x234, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.381] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.381] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.381] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.383] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.383] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.383] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.383] WriteFile (in: hFile=0x234, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.383] WriteFile (in: hFile=0x234, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.384] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.384] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.384] CloseHandle (hObject=0x234) returned 1 [0043.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.384] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.lolkek") returned 78 [0043.384] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.rest.trx_dll.lolkek")) returned 1 [0043.384] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.384] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695e08 | out: hHeap=0x5a0000) returned 1 [0043.384] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.384] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.384] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.387] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.387] CloseHandle (hObject=0x174) returned 1 [0043.387] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.388] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa6560 [0043.388] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.388] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.396] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.396] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.396] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.398] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.398] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.398] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.398] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.398] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.398] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.398] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.398] CloseHandle (hObject=0x174) returned 1 [0043.398] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.398] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.lolkek") returned 80 [0043.398] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.rest.trx_dll.lolkek")) returned 1 [0043.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696060 | out: hHeap=0x5a0000) returned 1 [0043.399] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.399] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.399] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.404] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.404] CloseHandle (hObject=0x174) returned 1 [0043.404] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.404] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcd60 [0043.404] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.404] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.406] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.406] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.406] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.410] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.410] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.410] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.410] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.410] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.410] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.410] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.410] CloseHandle (hObject=0x174) returned 1 [0043.410] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.411] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.lolkek") returned 77 [0043.411] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.dll.trx_dll.lolkek")) returned 1 [0043.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6962b8 | out: hHeap=0x5a0000) returned 1 [0043.411] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.411] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.411] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.415] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.415] CloseHandle (hObject=0x234) returned 1 [0043.415] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.415] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a360 [0043.415] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.415] ReadFile (in: hFile=0x234, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.422] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.422] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.422] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.423] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.423] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.424] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.424] WriteFile (in: hFile=0x234, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.424] WriteFile (in: hFile=0x234, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.424] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.424] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.424] CloseHandle (hObject=0x234) returned 1 [0043.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.424] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.lolkek") returned 79 [0043.424] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.dll.trx_dll.lolkek")) returned 1 [0043.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696508 | out: hHeap=0x5a0000) returned 1 [0043.426] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.426] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.426] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.431] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.431] CloseHandle (hObject=0x234) returned 1 [0043.431] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.431] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ab60 [0043.431] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.431] ReadFile (in: hFile=0x234, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.433] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.433] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.433] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.438] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.438] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.438] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.438] WriteFile (in: hFile=0x234, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.438] WriteFile (in: hFile=0x234, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.438] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.438] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.438] CloseHandle (hObject=0x234) returned 1 [0043.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.439] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.lolkek") returned 80 [0043.439] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pubwzint.rest.trx_dll.lolkek")) returned 1 [0043.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696768 | out: hHeap=0x5a0000) returned 1 [0043.439] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.439] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.439] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.442] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.442] CloseHandle (hObject=0x174) returned 1 [0043.442] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.442] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4160 [0043.442] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.442] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.449] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.449] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.449] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.450] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.451] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.451] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.451] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.451] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.451] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.451] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.451] CloseHandle (hObject=0x174) returned 1 [0043.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.451] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.lolkek") returned 77 [0043.451] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\stintl.dll.trx_dll.lolkek")) returned 1 [0043.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6969b8 | out: hHeap=0x5a0000) returned 1 [0043.452] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.452] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.452] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.452] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.452] CloseHandle (hObject=0x174) returned 1 [0043.452] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.452] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x77560 [0043.452] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.452] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.458] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebfcf0 [0043.458] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.458] ReadFile (in: hFile=0x174, lpBuffer=0x3ebfcf0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.465] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.465] WriteFile (in: hFile=0x174, lpBuffer=0x3ebfcf0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.465] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfcf0 | out: hHeap=0x5a0000) returned 1 [0043.465] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.465] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.465] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.465] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.465] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.465] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.465] CloseHandle (hObject=0x174) returned 1 [0043.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.465] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.lolkek") returned 78 [0043.465] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visintl.dll.trx_dll.lolkek")) returned 1 [0043.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696c10 | out: hHeap=0x5a0000) returned 1 [0043.466] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.466] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.466] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.466] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.466] CloseHandle (hObject=0x174) returned 1 [0043.466] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.466] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x115b60 [0043.466] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.467] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.470] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.470] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.470] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebfcf0 [0043.470] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.470] ReadFile (in: hFile=0x174, lpBuffer=0x3ebfcf0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.475] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.475] WriteFile (in: hFile=0x174, lpBuffer=0x3ebfcf0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfcf0 | out: hHeap=0x5a0000) returned 1 [0043.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.476] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.476] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.476] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.476] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.476] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.476] CloseHandle (hObject=0x174) returned 1 [0043.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.476] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.lolkek") returned 78 [0043.476] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.rest.trx_dll.lolkek")) returned 1 [0043.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696e60 | out: hHeap=0x5a0000) returned 1 [0043.478] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.478] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.482] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.482] CloseHandle (hObject=0x190) returned 1 [0043.482] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.482] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x137960 [0043.482] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.482] ReadFile (in: hFile=0x190, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.484] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebfcf0 [0043.484] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.484] ReadFile (in: hFile=0x190, lpBuffer=0x3ebfcf0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.487] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.487] WriteFile (in: hFile=0x190, lpBuffer=0x3ebfcf0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfcf0 | out: hHeap=0x5a0000) returned 1 [0043.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.488] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.488] WriteFile (in: hFile=0x190, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.488] WriteFile (in: hFile=0x190, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.488] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.488] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.488] CloseHandle (hObject=0x190) returned 1 [0043.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.488] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.lolkek") returned 80 [0043.488] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.rest.trx_dll.lolkek")) returned 1 [0043.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6970b8 | out: hHeap=0x5a0000) returned 1 [0043.488] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.489] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.489] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.493] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0043.493] CloseHandle (hObject=0x23c) returned 1 [0043.493] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0043.493] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3760 [0043.493] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.493] ReadFile (in: hFile=0x23c, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.498] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.499] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.499] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x3760, lpOverlapped=0x0) returned 1 [0043.500] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc8a0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.500] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x3760, lpOverlapped=0x0) returned 1 [0043.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.501] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.501] WriteFile (in: hFile=0x23c, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.501] WriteFile (in: hFile=0x23c, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.501] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.501] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.501] CloseHandle (hObject=0x23c) returned 1 [0043.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.501] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.lolkek") returned 79 [0043.501] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\envelopr.dll.trx_dll.lolkek")) returned 1 [0043.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697318 | out: hHeap=0x5a0000) returned 1 [0043.501] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.502] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.502] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.502] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0043.502] CloseHandle (hObject=0x23c) returned 1 [0043.502] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0043.502] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x39960 [0043.502] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.502] ReadFile (in: hFile=0x23c, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.513] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.513] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.513] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.516] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.516] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.516] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.516] WriteFile (in: hFile=0x23c, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.516] WriteFile (in: hFile=0x23c, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.516] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.516] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.516] CloseHandle (hObject=0x23c) returned 1 [0043.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0043.517] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.lolkek") returned 80 [0043.517] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.rest.trx_dll.lolkek")) returned 1 [0043.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0043.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697578 | out: hHeap=0x5a0000) returned 1 [0043.517] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.517] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.517] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.529] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.530] CloseHandle (hObject=0x174) returned 1 [0043.530] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.533] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc160 [0043.533] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.533] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.535] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.535] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.535] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.536] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.536] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.536] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.536] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.536] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.536] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.536] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.536] CloseHandle (hObject=0x174) returned 1 [0043.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.537] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.lolkek") returned 79 [0043.537] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mor6int.rest.trx_dll.lolkek")) returned 1 [0043.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7668 | out: hHeap=0x5a0000) returned 1 [0043.537] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.537] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.537] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.538] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.538] CloseHandle (hObject=0x174) returned 1 [0043.538] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.538] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b2560 [0043.538] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.538] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.544] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.544] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.544] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.549] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.549] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.549] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.549] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.549] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.549] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.549] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.549] CloseHandle (hObject=0x174) returned 1 [0043.549] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.550] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.lolkek") returned 79 [0043.550] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.rest.trx_dll.lolkek")) returned 1 [0043.550] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.550] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca77a0 | out: hHeap=0x5a0000) returned 1 [0043.550] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.550] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.550] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.550] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.550] CloseHandle (hObject=0x174) returned 1 [0043.551] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.551] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7b60 [0043.551] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.551] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.557] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.557] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.557] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.561] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.561] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.561] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.561] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.562] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.562] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.562] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.562] CloseHandle (hObject=0x174) returned 1 [0043.562] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.562] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.lolkek") returned 77 [0043.562] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.dll.trx_dll.lolkek")) returned 1 [0043.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697a18 | out: hHeap=0x5a0000) returned 1 [0043.564] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.564] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.564] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.564] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.564] CloseHandle (hObject=0x174) returned 1 [0043.564] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.565] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x35960 [0043.565] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.565] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.570] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.570] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.570] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.575] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.575] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.576] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.576] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.576] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.576] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.576] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.576] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.576] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.576] CloseHandle (hObject=0x174) returned 1 [0043.576] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.576] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.lolkek") returned 79 [0043.576] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.dll.trx_dll.lolkek")) returned 1 [0043.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca78d8 | out: hHeap=0x5a0000) returned 1 [0043.577] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.577] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.577] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.577] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.577] CloseHandle (hObject=0x174) returned 1 [0043.577] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.578] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d60 [0043.578] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.578] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.586] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.586] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.586] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x2d60, lpOverlapped=0x0) returned 1 [0043.590] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffd2a0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.590] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2d60, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x2d60, lpOverlapped=0x0) returned 1 [0043.590] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.590] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.590] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.590] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.590] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.590] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.590] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.590] CloseHandle (hObject=0x174) returned 1 [0043.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.590] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.lolkek") returned 78 [0043.590] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outlwvw.dll.trx_dll.lolkek")) returned 1 [0043.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9668 | out: hHeap=0x5a0000) returned 1 [0043.591] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.591] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.591] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.591] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.591] CloseHandle (hObject=0x174) returned 1 [0043.591] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.591] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43560 [0043.591] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.592] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.597] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.597] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.597] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.601] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.602] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.602] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.602] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.602] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.602] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.602] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.602] CloseHandle (hObject=0x174) returned 1 [0043.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.602] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.lolkek") returned 78 [0043.602] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.rest.trx_dll.lolkek")) returned 1 [0043.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca98b8 | out: hHeap=0x5a0000) returned 1 [0043.603] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.603] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.603] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.603] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.603] CloseHandle (hObject=0x174) returned 1 [0043.603] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.603] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x87f60 [0043.603] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.603] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.609] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.609] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.609] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.614] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.614] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.614] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.614] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.614] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.614] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.614] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.614] CloseHandle (hObject=0x174) returned 1 [0043.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.614] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.lolkek") returned 80 [0043.614] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.rest.trx_dll.lolkek")) returned 1 [0043.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7c80 | out: hHeap=0x5a0000) returned 1 [0043.615] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.615] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.615] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.615] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.615] CloseHandle (hObject=0x174) returned 1 [0043.615] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.615] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3360 [0043.616] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.616] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.621] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.621] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.621] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x3360, lpOverlapped=0x0) returned 1 [0043.626] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffcca0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.626] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3360, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x3360, lpOverlapped=0x0) returned 1 [0043.626] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.626] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.626] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.626] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.626] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.626] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.626] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.626] CloseHandle (hObject=0x174) returned 1 [0043.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.626] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.lolkek") returned 76 [0043.626] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\sgres.dll.trx_dll.lolkek")) returned 1 [0043.627] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.627] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697c68 | out: hHeap=0x5a0000) returned 1 [0043.627] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.627] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.627] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.627] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.627] CloseHandle (hObject=0x174) returned 1 [0043.627] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.627] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6960 [0043.627] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.627] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.633] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.633] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.633] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.637] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.637] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.638] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.638] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.638] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.638] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.638] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.638] CloseHandle (hObject=0x174) returned 1 [0043.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.638] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.lolkek") returned 79 [0043.638] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visbrres.dll.trx_dll.lolkek")) returned 1 [0043.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7ef0 | out: hHeap=0x5a0000) returned 1 [0043.638] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.639] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.639] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.639] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.639] CloseHandle (hObject=0x174) returned 1 [0043.639] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.639] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x24360 [0043.639] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.639] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.644] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.644] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.644] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.649] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.649] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.650] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.650] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.650] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.650] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.650] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.650] CloseHandle (hObject=0x174) returned 1 [0043.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.650] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.lolkek") returned 77 [0043.650] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.dll.trx_dll.lolkek")) returned 1 [0043.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9c30 | out: hHeap=0x5a0000) returned 1 [0043.651] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.651] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.651] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.651] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.651] CloseHandle (hObject=0x174) returned 1 [0043.651] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.652] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23960 [0043.652] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.652] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.655] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.655] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.655] ReadFile (in: hFile=0x174, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.662] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.662] WriteFile (in: hFile=0x174, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.662] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.662] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.662] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.662] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.662] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.662] CloseHandle (hObject=0x174) returned 1 [0043.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.662] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.lolkek") returned 79 [0043.663] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.dll.trx_dll.lolkek")) returned 1 [0043.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8028 | out: hHeap=0x5a0000) returned 1 [0043.663] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.663] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.663] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.663] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.663] CloseHandle (hObject=0x174) returned 1 [0043.663] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.664] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3960 [0043.664] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.664] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.668] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.668] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.668] ReadFile (in: hFile=0x174, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x40e22c*=0x3960, lpOverlapped=0x0) returned 1 [0043.674] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc6a0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.674] WriteFile (in: hFile=0x174, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x3960, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x40fc70*=0x3960, lpOverlapped=0x0) returned 1 [0043.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.674] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.674] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.674] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.675] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.675] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.675] CloseHandle (hObject=0x174) returned 1 [0043.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.675] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.lolkek") returned 79 [0043.675] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlslicer.dll.trx_dll.lolkek")) returned 1 [0043.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8298 | out: hHeap=0x5a0000) returned 1 [0043.675] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.675] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.675] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", dwFileAttributes=0x80) returned 1 [0043.676] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.676] CloseHandle (hObject=0x174) returned 1 [0043.676] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.676] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x469bd5 [0043.676] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.676] ReadFile (in: hFile=0x174, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0043.680] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0043.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.680] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.680] ReadFile (in: hFile=0x174, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0043.721] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.721] WriteFile (in: hFile=0x174, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0043.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.721] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.721] WriteFile (in: hFile=0x174, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0043.721] WriteFile (in: hFile=0x174, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.721] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0043.722] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0043.722] CloseHandle (hObject=0x174) returned 1 [0043.722] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.722] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.lolkek") returned 79 [0043.722] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.lolkek" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.lolkek")) returned 1 [0043.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca83d0 | out: hHeap=0x5a0000) returned 1 [0043.722] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.722] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.722] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf", dwFileAttributes=0x80) returned 1 [0043.722] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.723] RmStartSession () returned 0x0 [0043.724] RmRegisterResources () returned 0x0 [0043.727] RmGetList () returned 0x0 [0044.389] GetCurrentProcessId () returned 0x86c [0044.389] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0044.389] RmEndSession () returned 0x0 [0044.410] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x675f10 | out: hHeap=0x5a0000) returned 1 [0044.410] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.410] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.410] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp", dwFileAttributes=0x80) returned 0 [0044.410] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.410] RmStartSession () returned 0x0 [0044.412] RmRegisterResources () returned 0x0 [0044.414] RmGetList () returned 0x0 [0045.097] RmEndSession () returned 0x0 [0045.118] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile17.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613e50 | out: hHeap=0x5a0000) returned 1 [0045.118] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.118] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.118] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", dwFileAttributes=0x80) returned 0 [0045.119] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.119] RmStartSession () returned 0x0 [0045.120] RmRegisterResources () returned 0x0 [0045.123] RmGetList () returned 0x0 [0045.760] RmEndSession () returned 0x0 [0045.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614e70 | out: hHeap=0x5a0000) returned 1 [0045.782] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.782] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.782] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", dwFileAttributes=0x80) returned 0 [0045.782] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.782] RmStartSession () returned 0x0 [0045.784] RmRegisterResources () returned 0x0 [0045.786] RmGetList () returned 0x0 [0047.060] RmEndSession () returned 0x0 [0047.089] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.089] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadbc8 | out: hHeap=0x5a0000) returned 1 [0047.089] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.089] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.089] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst", dwFileAttributes=0x80) returned 1 [0050.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.473] CloseHandle (hObject=0x25c) returned 1 [0050.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.491] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcfc4 [0050.491] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.491] ReadFile (in: hFile=0x1b4, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0050.493] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0050.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.494] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.494] ReadFile (in: hFile=0x1b4, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0050.500] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.501] WriteFile (in: hFile=0x1b4, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0050.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.501] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.501] WriteFile (in: hFile=0x1b4, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0050.501] WriteFile (in: hFile=0x1b4, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.501] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.501] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0050.501] CloseHandle (hObject=0x1b4) returned 1 [0050.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.501] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.lolkek") returned 93 [0050.501] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst.lolkek")) returned 1 [0050.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cf70 | out: hHeap=0x5a0000) returned 1 [0050.502] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.502] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.502] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs", dwFileAttributes=0x80) returned 1 [0050.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.503] CloseHandle (hObject=0x1b4) returned 1 [0050.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.503] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1400 [0050.503] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.503] ReadFile (in: hFile=0x1b4, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0050.513] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0050.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.513] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.513] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1400, lpOverlapped=0x0) returned 1 [0050.524] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffec00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.525] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1400, lpOverlapped=0x0) returned 1 [0050.525] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.525] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.525] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.525] WriteFile (in: hFile=0x1b4, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0050.525] WriteFile (in: hFile=0x1b4, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.525] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.525] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0050.525] CloseHandle (hObject=0x1b4) returned 1 [0050.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.525] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.lolkek") returned 104 [0050.525] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids.lolkek")) returned 1 [0050.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cd80 | out: hHeap=0x5a0000) returned 1 [0050.526] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.526] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.526] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms", dwFileAttributes=0x80) returned 1 [0050.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0050.616] CloseHandle (hObject=0x1ec) returned 1 [0050.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.624] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0050.624] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.624] ReadFile (in: hFile=0x1ec, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0050.626] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0050.627] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.627] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.627] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.627] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0050.634] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.634] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0050.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.634] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.634] WriteFile (in: hFile=0x1ec, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0050.634] WriteFile (in: hFile=0x1ec, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.634] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.634] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0050.634] CloseHandle (hObject=0x1ec) returned 1 [0050.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.634] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.lolkek") returned 114 [0050.634] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.lolkek")) returned 1 [0050.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d3e0 | out: hHeap=0x5a0000) returned 1 [0050.635] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.635] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.635] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini", dwFileAttributes=0x80) returned 1 [0050.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.728] CloseHandle (hObject=0x1e0) returned 1 [0050.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.780] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0050.780] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0050.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.780] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.780] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x43, lpOverlapped=0x0) returned 1 [0050.781] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.781] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x43, lpOverlapped=0x0) returned 1 [0050.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.781] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.781] WriteFile (in: hFile=0x268, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0050.781] WriteFile (in: hFile=0x268, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.781] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.781] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0050.781] CloseHandle (hObject=0x268) returned 1 [0050.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0050.788] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.lolkek") returned 97 [0050.788] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.lolkek")) returned 1 [0050.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0050.841] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf038 | out: hHeap=0x5a0000) returned 1 [0050.841] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.841] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.841] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl", dwFileAttributes=0x80) returned 1 [0050.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.884] CloseHandle (hObject=0x268) returned 1 [0050.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0050.908] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x437 [0050.908] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.908] ReadFile (in: hFile=0x224, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0050.912] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0050.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.912] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.912] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x437, lpOverlapped=0x0) returned 1 [0050.912] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffbc9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.912] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x437, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x437, lpOverlapped=0x0) returned 1 [0050.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.912] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.912] WriteFile (in: hFile=0x224, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0050.912] WriteFile (in: hFile=0x224, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.912] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0050.912] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0050.912] CloseHandle (hObject=0x224) returned 1 [0050.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ec7e38 [0050.923] wsprintfW (in: param_1=0x3ec7e38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.lolkek") returned 124 [0050.923] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl.lolkek")) returned 1 [0051.004] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec7e38 | out: hHeap=0x5a0000) returned 1 [0051.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd50b0 | out: hHeap=0x5a0000) returned 1 [0051.005] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.005] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.005] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", dwFileAttributes=0x80) returned 1 [0051.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0051.055] CloseHandle (hObject=0x1b4) returned 1 [0051.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.057] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20000 [0051.057] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.057] ReadFile (in: hFile=0x224, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.058] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.058] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.058] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.059] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.059] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.059] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.060] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.060] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.060] WriteFile (in: hFile=0x224, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.060] WriteFile (in: hFile=0x224, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.060] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.060] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.060] CloseHandle (hObject=0x224) returned 1 [0051.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.062] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.lolkek") returned 139 [0051.062] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd.lolkek")) returned 1 [0051.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb150 | out: hHeap=0x5a0000) returned 1 [0051.072] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.072] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.072] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml", dwFileAttributes=0x80) returned 1 [0051.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0051.098] CloseHandle (hObject=0x224) returned 1 [0051.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.103] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7ef [0051.103] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.103] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.114] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.114] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.114] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x7ef, lpOverlapped=0x0) returned 1 [0051.114] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff811, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.114] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x7ef, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x7ef, lpOverlapped=0x0) returned 1 [0051.114] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.115] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.115] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.115] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.115] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.115] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.115] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.115] CloseHandle (hObject=0x210) returned 1 [0051.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.115] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml.lolkek") returned 119 [0051.115] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml.lolkek")) returned 1 [0051.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e36530 | out: hHeap=0x5a0000) returned 1 [0051.116] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.116] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.116] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat", dwFileAttributes=0x80) returned 1 [0051.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0051.117] CloseHandle (hObject=0x210) returned 1 [0051.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.117] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f400 [0051.117] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.117] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.123] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.123] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.123] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.123] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.123] ReadFile (in: hFile=0x210, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.136] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.136] WriteFile (in: hFile=0x210, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.136] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.136] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.136] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.136] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.136] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.136] CloseHandle (hObject=0x210) returned 1 [0051.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.137] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat.lolkek") returned 81 [0051.137] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat.lolkek")) returned 1 [0051.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6668 | out: hHeap=0x5a0000) returned 1 [0051.137] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.137] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.137] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", dwFileAttributes=0x80) returned 1 [0051.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0051.138] CloseHandle (hObject=0x210) returned 1 [0051.138] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.138] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a0 [0051.138] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.138] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.147] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.147] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.147] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.147] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.147] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x2a0, lpOverlapped=0x0) returned 1 [0051.147] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffd60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.147] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x2a0, lpOverlapped=0x0) returned 1 [0051.148] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.148] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.148] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.148] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.148] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.148] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.148] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.148] CloseHandle (hObject=0x210) returned 1 [0051.148] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.148] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.lolkek") returned 133 [0051.148] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.lolkek")) returned 1 [0051.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0050 | out: hHeap=0x5a0000) returned 1 [0051.158] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.158] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.158] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log", dwFileAttributes=0x80) returned 1 [0051.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0051.159] CloseHandle (hObject=0x210) returned 1 [0051.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.159] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0051.159] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.159] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.162] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.162] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.162] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.167] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.167] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.167] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.167] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.169] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.169] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.169] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.169] CloseHandle (hObject=0x210) returned 1 [0051.169] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.169] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.lolkek") returned 101 [0051.169] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log.lolkek")) returned 1 [0051.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6989d0 | out: hHeap=0x5a0000) returned 1 [0051.170] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.170] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.170] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat", dwFileAttributes=0x80) returned 1 [0051.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0051.170] CloseHandle (hObject=0x210) returned 1 [0051.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.170] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0051.171] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.171] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.173] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.173] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.174] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.174] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.174] ReadFile (in: hFile=0x210, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.178] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.178] WriteFile (in: hFile=0x210, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.178] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.178] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.178] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.178] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.178] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.178] CloseHandle (hObject=0x210) returned 1 [0051.178] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.178] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.lolkek") returned 104 [0051.179] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat.lolkek")) returned 1 [0051.179] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.179] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0460 | out: hHeap=0x5a0000) returned 1 [0051.179] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.179] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.179] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log", dwFileAttributes=0x80) returned 1 [0051.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0051.180] CloseHandle (hObject=0x210) returned 1 [0051.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.180] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0051.180] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.180] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.184] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.185] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.185] ReadFile (in: hFile=0x210, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.191] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.191] WriteFile (in: hFile=0x210, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.191] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.191] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.191] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.191] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.193] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.193] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.193] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.193] CloseHandle (hObject=0x210) returned 1 [0051.193] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.194] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.lolkek") returned 85 [0051.194] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log.lolkek")) returned 1 [0051.194] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.194] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617148 | out: hHeap=0x5a0000) returned 1 [0051.194] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.194] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.194] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs", dwFileAttributes=0x80) returned 1 [0051.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0051.202] CloseHandle (hObject=0x25c) returned 1 [0051.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0051.202] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0051.203] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.203] ReadFile (in: hFile=0x25c, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.221] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.221] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.221] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.243] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.243] WriteFile (in: hFile=0x25c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.243] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.243] WriteFile (in: hFile=0x25c, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.244] WriteFile (in: hFile=0x25c, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.244] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.244] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.245] CloseHandle (hObject=0x25c) returned 1 [0051.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.245] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.lolkek") returned 93 [0051.245] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.lolkek")) returned 1 [0051.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb66a8 | out: hHeap=0x5a0000) returned 1 [0051.245] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.245] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.245] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm", dwFileAttributes=0x80) returned 1 [0051.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.303] CloseHandle (hObject=0x24c) returned 1 [0051.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.311] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe7 [0051.311] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.311] ReadFile (in: hFile=0x1e0, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.312] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.312] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.312] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.312] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.312] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0xe7, lpOverlapped=0x0) returned 1 [0051.312] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffff19, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.312] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0xe7, lpOverlapped=0x0) returned 1 [0051.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.312] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.312] WriteFile (in: hFile=0x1e0, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.312] WriteFile (in: hFile=0x1e0, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.312] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.312] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.313] CloseHandle (hObject=0x1e0) returned 1 [0051.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0051.313] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.lolkek") returned 99 [0051.313] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.lolkek")) returned 1 [0051.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0051.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be05f0 | out: hHeap=0x5a0000) returned 1 [0051.348] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.349] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.349] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", dwFileAttributes=0x80) returned 1 [0051.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.386] CloseHandle (hObject=0x214) returned 1 [0051.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.386] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x780 [0051.386] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.386] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.391] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.391] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.391] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.391] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.391] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x780, lpOverlapped=0x0) returned 1 [0051.391] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffff880, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.391] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x780, lpOverlapped=0x0) returned 1 [0051.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.391] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.391] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.391] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.391] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.391] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.391] CloseHandle (hObject=0x214) returned 1 [0051.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67cd08 [0051.403] wsprintfW (in: param_1=0x67cd08, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.lolkek") returned 98 [0051.404] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.lolkek")) returned 1 [0051.667] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd08 | out: hHeap=0x5a0000) returned 1 [0051.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6572d0 | out: hHeap=0x5a0000) returned 1 [0051.668] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.668] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.668] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status", dwFileAttributes=0x80) returned 1 [0051.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.669] CloseHandle (hObject=0x214) returned 1 [0051.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.669] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc [0051.669] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.670] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.670] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0xc, lpOverlapped=0x0) returned 1 [0051.670] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.670] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0xc, lpOverlapped=0x0) returned 1 [0051.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.670] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.670] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.671] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.671] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.671] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.671] CloseHandle (hObject=0x214) returned 1 [0051.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.671] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.lolkek") returned 111 [0051.671] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status.lolkek")) returned 1 [0051.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3dc70 | out: hHeap=0x5a0000) returned 1 [0051.672] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.672] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.672] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml", dwFileAttributes=0x80) returned 1 [0051.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.674] CloseHandle (hObject=0x214) returned 1 [0051.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.674] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x39 [0051.674] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.674] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.674] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x39, lpOverlapped=0x0) returned 1 [0051.675] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffffc7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.675] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x39, lpOverlapped=0x0) returned 1 [0051.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.675] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.675] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.675] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.675] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.675] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.675] CloseHandle (hObject=0x214) returned 1 [0051.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.675] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.lolkek") returned 99 [0051.675] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml.lolkek")) returned 1 [0051.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3de20 | out: hHeap=0x5a0000) returned 1 [0051.676] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.676] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.676] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png", dwFileAttributes=0x80) returned 1 [0051.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2hkl1glvmdflh43tpzn.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.677] CloseHandle (hObject=0x214) returned 1 [0051.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2hkl1glvmdflh43tpzn.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.677] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x156e7 [0051.677] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.677] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.677] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.677] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.677] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.677] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.677] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.678] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.678] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.679] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.679] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.679] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.679] CloseHandle (hObject=0x214) returned 1 [0051.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.679] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png.lolkek") returned 83 [0051.679] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2hkl1glvmdflh43tpzn.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2hkl1glvmdflh43tpzn.png.lolkek")) returned 1 [0051.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616ae0 | out: hHeap=0x5a0000) returned 1 [0051.680] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.680] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.680] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi", dwFileAttributes=0x80) returned 1 [0051.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2uff.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.681] CloseHandle (hObject=0x214) returned 1 [0051.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2uff.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.681] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16098 [0051.681] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.681] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.681] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.681] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.682] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.682] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.682] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.682] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.682] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.682] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.682] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.682] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.682] CloseHandle (hObject=0x214) returned 1 [0051.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.682] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi.lolkek") returned 68 [0051.682] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2uff.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2uff.avi.lolkek")) returned 1 [0051.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0160 | out: hHeap=0x5a0000) returned 1 [0051.683] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.683] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.683] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf", dwFileAttributes=0x80) returned 1 [0051.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3szs7b3frx.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.683] CloseHandle (hObject=0x214) returned 1 [0051.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3szs7b3frx.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.684] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4e40 [0051.684] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.684] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.684] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.684] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.684] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.685] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.685] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.685] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.685] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.685] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.685] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.685] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.685] CloseHandle (hObject=0x214) returned 1 [0051.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.685] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf.lolkek") returned 74 [0051.685] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3szs7b3frx.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3szs7b3frx.pdf.lolkek")) returned 1 [0051.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62e8c0 | out: hHeap=0x5a0000) returned 1 [0051.686] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.686] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.686] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a", dwFileAttributes=0x80) returned 1 [0051.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\4bezmj0.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.686] CloseHandle (hObject=0x214) returned 1 [0051.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\4bezmj0.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.686] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20c3 [0051.687] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.687] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.687] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.687] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.687] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x20c3, lpOverlapped=0x0) returned 1 [0051.687] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffdf3d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.687] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x20c3, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x20c3, lpOverlapped=0x0) returned 1 [0051.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.687] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.687] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.688] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.688] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.688] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.688] CloseHandle (hObject=0x214) returned 1 [0051.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.688] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a.lolkek") returned 71 [0051.688] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\4bezmj0.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\4bezmj0.m4a.lolkek")) returned 1 [0051.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6111b0 | out: hHeap=0x5a0000) returned 1 [0051.689] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.689] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.689] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif", dwFileAttributes=0x80) returned 1 [0051.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\74ho21z5ys6pqtasubs.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.689] CloseHandle (hObject=0x214) returned 1 [0051.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\74ho21z5ys6pqtasubs.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.689] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14b47 [0051.689] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.689] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.690] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.690] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.690] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.690] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.690] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.690] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.690] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.690] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.690] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.690] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.690] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.690] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.690] CloseHandle (hObject=0x214) returned 1 [0051.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.691] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif.lolkek") returned 83 [0051.691] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\74ho21z5ys6pqtasubs.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\74ho21z5ys6pqtasubs.gif.lolkek")) returned 1 [0051.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616708 | out: hHeap=0x5a0000) returned 1 [0051.691] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.691] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.692] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log", dwFileAttributes=0x80) returned 1 [0051.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.692] CloseHandle (hObject=0x214) returned 1 [0051.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.692] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5fe [0051.692] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.692] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.693] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.693] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.693] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x5fe, lpOverlapped=0x0) returned 1 [0051.693] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffa02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.693] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x5fe, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x5fe, lpOverlapped=0x0) returned 1 [0051.693] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.693] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.693] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.693] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.693] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.693] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.693] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.693] CloseHandle (hObject=0x214) returned 1 [0051.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.693] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log.lolkek") returned 72 [0051.693] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log.lolkek")) returned 1 [0051.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6112c8 | out: hHeap=0x5a0000) returned 1 [0051.694] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.694] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.694] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav", dwFileAttributes=0x80) returned 1 [0051.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\akmmamcw3hfnaeyn9.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.694] CloseHandle (hObject=0x214) returned 1 [0051.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\akmmamcw3hfnaeyn9.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.695] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa94a [0051.695] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.695] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.695] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.695] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.695] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.695] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.695] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.696] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.696] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.696] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.696] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.696] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.696] CloseHandle (hObject=0x214) returned 1 [0051.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.696] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav.lolkek") returned 81 [0051.696] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\akmmamcw3hfnaeyn9.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\akmmamcw3hfnaeyn9.wav.lolkek")) returned 1 [0051.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca67a0 | out: hHeap=0x5a0000) returned 1 [0051.697] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.697] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.697] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp", dwFileAttributes=0x80) returned 1 [0051.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.698] CloseHandle (hObject=0x214) returned 1 [0051.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.698] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0051.698] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.698] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.698] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.698] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.698] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x0, lpOverlapped=0x0) returned 1 [0051.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.698] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.698] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.699] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.699] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.699] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.699] CloseHandle (hObject=0x214) returned 1 [0051.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.699] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp.lolkek") returned 71 [0051.699] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp.lolkek")) returned 1 [0051.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6113e0 | out: hHeap=0x5a0000) returned 1 [0051.700] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.700] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.700] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv", dwFileAttributes=0x80) returned 1 [0051.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\c-4hwjuvmkp3ta9_9dnt.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.701] CloseHandle (hObject=0x214) returned 1 [0051.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\c-4hwjuvmkp3ta9_9dnt.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.701] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8156 [0051.701] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.701] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.701] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.701] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.701] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.701] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.702] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.702] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.702] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.702] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.702] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.702] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.702] CloseHandle (hObject=0x214) returned 1 [0051.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.702] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv.lolkek") returned 84 [0051.702] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\c-4hwjuvmkp3ta9_9dnt.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\c-4hwjuvmkp3ta9_9dnt.mkv.lolkek")) returned 1 [0051.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6165c0 | out: hHeap=0x5a0000) returned 1 [0051.703] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.703] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.703] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav", dwFileAttributes=0x80) returned 1 [0051.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cgptr0r.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.703] CloseHandle (hObject=0x214) returned 1 [0051.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cgptr0r.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.703] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12034 [0051.703] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.703] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.704] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.704] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.704] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.704] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.704] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.704] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.704] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.704] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.705] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.705] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.705] CloseHandle (hObject=0x214) returned 1 [0051.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.705] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav.lolkek") returned 71 [0051.705] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cgptr0r.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cgptr0r.wav.lolkek")) returned 1 [0051.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6114f8 | out: hHeap=0x5a0000) returned 1 [0051.705] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.706] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.706] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat", dwFileAttributes=0x80) returned 1 [0051.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.707] CloseHandle (hObject=0x214) returned 1 [0051.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.707] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0051.707] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.707] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.762] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.763] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.763] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.777] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.777] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.778] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.778] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.778] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.778] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.778] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.778] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.778] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.778] CloseHandle (hObject=0x214) returned 1 [0051.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.778] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat.lolkek") returned 77 [0051.778] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat.lolkek")) returned 1 [0051.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3ee78 | out: hHeap=0x5a0000) returned 1 [0051.779] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.779] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.779] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3", dwFileAttributes=0x80) returned 1 [0051.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\isvtwf ifekw6w2.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.780] CloseHandle (hObject=0x214) returned 1 [0051.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\isvtwf ifekw6w2.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.780] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18501 [0051.780] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.780] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.780] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.780] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.780] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.781] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.781] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.781] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.781] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.781] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.781] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.781] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.781] CloseHandle (hObject=0x214) returned 1 [0051.781] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.781] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3.lolkek") returned 79 [0051.781] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\isvtwf ifekw6w2.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\isvtwf ifekw6w2.mp3.lolkek")) returned 1 [0051.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6b48 | out: hHeap=0x5a0000) returned 1 [0051.782] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.782] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.782] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4", dwFileAttributes=0x80) returned 1 [0051.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jcxuiwr8al.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.783] CloseHandle (hObject=0x214) returned 1 [0051.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jcxuiwr8al.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.783] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcbbe [0051.783] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.783] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.783] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.783] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.783] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.783] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.783] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.783] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.783] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.784] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.784] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.784] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.784] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.784] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.784] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.784] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.784] CloseHandle (hObject=0x214) returned 1 [0051.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.784] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4.lolkek") returned 74 [0051.784] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jcxuiwr8al.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jcxuiwr8al.mp4.lolkek")) returned 1 [0051.785] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.785] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddeb0 | out: hHeap=0x5a0000) returned 1 [0051.785] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.785] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.785] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx", dwFileAttributes=0x80) returned 1 [0051.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jyhja9hogzrzjj.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.785] CloseHandle (hObject=0x214) returned 1 [0051.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jyhja9hogzrzjj.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.785] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2803 [0051.785] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.785] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.786] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.786] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.786] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.786] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.786] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x2803, lpOverlapped=0x0) returned 1 [0051.786] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffd7fd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.786] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2803, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x2803, lpOverlapped=0x0) returned 1 [0051.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.786] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.786] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.786] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.786] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.787] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.787] CloseHandle (hObject=0x214) returned 1 [0051.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.787] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx.lolkek") returned 79 [0051.787] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jyhja9hogzrzjj.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\jyhja9hogzrzjj.pptx.lolkek")) returned 1 [0051.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6c80 | out: hHeap=0x5a0000) returned 1 [0051.787] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.787] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.787] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps", dwFileAttributes=0x80) returned 1 [0051.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kftkris4ny07n5hs.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.788] CloseHandle (hObject=0x214) returned 1 [0051.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kftkris4ny07n5hs.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.788] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10777 [0051.788] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.788] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.789] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.789] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.789] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.789] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.789] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.789] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.789] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.789] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.789] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.789] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.789] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.789] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.789] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.789] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.789] CloseHandle (hObject=0x214) returned 1 [0051.789] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.789] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps.lolkek") returned 80 [0051.789] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kftkris4ny07n5hs.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kftkris4ny07n5hs.pps.lolkek")) returned 1 [0051.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6db8 | out: hHeap=0x5a0000) returned 1 [0051.790] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.790] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.790] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf", dwFileAttributes=0x80) returned 1 [0051.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kr97l-4ix cdani8ei.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.791] CloseHandle (hObject=0x214) returned 1 [0051.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kr97l-4ix cdani8ei.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.791] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcb72 [0051.791] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.791] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.791] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.791] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.791] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.791] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.792] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.792] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.792] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.792] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.792] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.792] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.792] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.792] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.792] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.792] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.792] CloseHandle (hObject=0x214) returned 1 [0051.792] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.792] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf.lolkek") returned 82 [0051.792] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kr97l-4ix cdani8ei.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\kr97l-4ix cdani8ei.pdf.lolkek")) returned 1 [0051.793] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.793] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6ef0 | out: hHeap=0x5a0000) returned 1 [0051.793] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.793] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.793] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif", dwFileAttributes=0x80) returned 1 [0051.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mjo76cfj_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.794] CloseHandle (hObject=0x214) returned 1 [0051.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mjo76cfj_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.794] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9cf9 [0051.794] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.794] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.794] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.794] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.795] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.795] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.795] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.795] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.795] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.795] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.795] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.795] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.795] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.795] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.795] CloseHandle (hObject=0x214) returned 1 [0051.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.795] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif.lolkek") returned 73 [0051.795] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mjo76cfj_.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mjo76cfj_.gif.lolkek")) returned 1 [0051.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf10d0 | out: hHeap=0x5a0000) returned 1 [0051.796] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.796] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.796] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf", dwFileAttributes=0x80) returned 1 [0051.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mryxi xzwsl-covfp4f.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.797] CloseHandle (hObject=0x214) returned 1 [0051.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mryxi xzwsl-covfp4f.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.797] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9e37 [0051.797] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.797] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.797] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.797] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.798] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.798] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.798] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.798] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.798] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.798] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.798] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.798] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.798] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.798] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.798] CloseHandle (hObject=0x214) returned 1 [0051.798] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.798] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf.lolkek") returned 83 [0051.798] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mryxi xzwsl-covfp4f.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mryxi xzwsl-covfp4f.rtf.lolkek")) returned 1 [0051.799] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.799] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617290 | out: hHeap=0x5a0000) returned 1 [0051.799] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.799] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.799] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3", dwFileAttributes=0x80) returned 1 [0051.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\o-ami7jpexyueet.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.799] CloseHandle (hObject=0x214) returned 1 [0051.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\o-ami7jpexyueet.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.800] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa300 [0051.800] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.800] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.800] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.800] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.800] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.800] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.800] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.801] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.801] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.801] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.801] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.801] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.801] CloseHandle (hObject=0x214) returned 1 [0051.801] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.801] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3.lolkek") returned 79 [0051.801] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\o-ami7jpexyueet.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\o-ami7jpexyueet.mp3.lolkek")) returned 1 [0051.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7028 | out: hHeap=0x5a0000) returned 1 [0051.806] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.806] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.806] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3", dwFileAttributes=0x80) returned 1 [0051.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\omihywnn.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.807] CloseHandle (hObject=0x214) returned 1 [0051.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\omihywnn.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.807] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6a23 [0051.807] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.807] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.807] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.807] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.807] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.808] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.808] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.808] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.808] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.808] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.808] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.808] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.808] CloseHandle (hObject=0x214) returned 1 [0051.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.808] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3.lolkek") returned 72 [0051.808] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\omihywnn.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\omihywnn.mp3.lolkek")) returned 1 [0051.809] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.809] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611728 | out: hHeap=0x5a0000) returned 1 [0051.809] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.809] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.809] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt", dwFileAttributes=0x80) returned 1 [0051.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\p2leki.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.810] CloseHandle (hObject=0x214) returned 1 [0051.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\p2leki.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.810] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8199 [0051.810] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.810] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.810] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.819] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.819] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.820] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.820] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.820] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.820] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.820] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.820] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.820] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.820] CloseHandle (hObject=0x214) returned 1 [0051.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.820] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt.lolkek") returned 70 [0051.820] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\p2leki.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\p2leki.ppt.lolkek")) returned 1 [0051.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669900 | out: hHeap=0x5a0000) returned 1 [0051.822] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.822] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.822] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf", dwFileAttributes=0x80) returned 1 [0051.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\q9zd.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.822] CloseHandle (hObject=0x214) returned 1 [0051.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\q9zd.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.822] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1043e [0051.822] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.822] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.823] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.823] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.823] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.823] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.823] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.823] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.823] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.823] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.823] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.823] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.823] CloseHandle (hObject=0x214) returned 1 [0051.824] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.824] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf.lolkek") returned 68 [0051.824] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\q9zd.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\q9zd.rtf.lolkek")) returned 1 [0051.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0260 | out: hHeap=0x5a0000) returned 1 [0051.824] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.825] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.825] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png", dwFileAttributes=0x80) returned 1 [0051.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qibmryci-jrjoajn.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.825] CloseHandle (hObject=0x214) returned 1 [0051.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qibmryci-jrjoajn.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.825] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15854 [0051.825] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.825] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.826] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.826] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.826] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.826] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.826] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.826] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.826] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.826] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.826] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.826] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.826] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.826] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.826] CloseHandle (hObject=0x214) returned 1 [0051.826] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.826] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png.lolkek") returned 80 [0051.826] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qibmryci-jrjoajn.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qibmryci-jrjoajn.png.lolkek")) returned 1 [0051.827] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.827] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7160 | out: hHeap=0x5a0000) returned 1 [0051.827] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.827] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.827] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3", dwFileAttributes=0x80) returned 1 [0051.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qupgytsrglpq1.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.828] CloseHandle (hObject=0x214) returned 1 [0051.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qupgytsrglpq1.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.828] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17750 [0051.828] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.828] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.829] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.829] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.829] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.829] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.829] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.829] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.829] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.829] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.829] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.829] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.829] CloseHandle (hObject=0x214) returned 1 [0051.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.829] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3.lolkek") returned 77 [0051.829] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qupgytsrglpq1.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qupgytsrglpq1.mp3.lolkek")) returned 1 [0051.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f0c8 | out: hHeap=0x5a0000) returned 1 [0051.830] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.830] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.830] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv", dwFileAttributes=0x80) returned 1 [0051.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\rlr0uvcj5nbz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.831] CloseHandle (hObject=0x214) returned 1 [0051.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\rlr0uvcj5nbz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.831] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xef7f [0051.831] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.831] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.831] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.831] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.831] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.831] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.831] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.832] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.832] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.832] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.832] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.832] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.832] CloseHandle (hObject=0x214) returned 1 [0051.832] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.832] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv.lolkek") returned 76 [0051.832] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\rlr0uvcj5nbz.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\rlr0uvcj5nbz.mkv.lolkek")) returned 1 [0051.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a1b0 | out: hHeap=0x5a0000) returned 1 [0051.833] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.833] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.833] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi", dwFileAttributes=0x80) returned 1 [0051.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\roxyekvjyn1selacyrp.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.833] CloseHandle (hObject=0x214) returned 1 [0051.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\roxyekvjyn1selacyrp.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.833] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1596d [0051.833] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.833] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.834] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.834] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.834] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.834] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.834] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.834] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.834] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.834] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.834] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.834] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.835] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.835] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.835] CloseHandle (hObject=0x214) returned 1 [0051.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.835] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi.lolkek") returned 83 [0051.835] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\roxyekvjyn1selacyrp.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\roxyekvjyn1selacyrp.avi.lolkek")) returned 1 [0051.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616c28 | out: hHeap=0x5a0000) returned 1 [0051.836] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.836] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.836] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv", dwFileAttributes=0x80) returned 1 [0051.836] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\s0lzj3w2ad0p7nc.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.836] CloseHandle (hObject=0x214) returned 1 [0051.836] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\s0lzj3w2ad0p7nc.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.836] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14bf7 [0051.836] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.836] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.837] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.837] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.837] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.837] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.837] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.837] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.837] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.837] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.837] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.837] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.838] CloseHandle (hObject=0x214) returned 1 [0051.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.838] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv.lolkek") returned 79 [0051.838] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\s0lzj3w2ad0p7nc.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\s0lzj3w2ad0p7nc.csv.lolkek")) returned 1 [0051.838] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.838] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7298 | out: hHeap=0x5a0000) returned 1 [0051.838] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.838] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.838] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3", dwFileAttributes=0x80) returned 1 [0051.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\skxryrtp79zgey9.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.839] CloseHandle (hObject=0x214) returned 1 [0051.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\skxryrtp79zgey9.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.839] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15f7b [0051.839] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.839] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.839] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.840] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.840] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.840] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.840] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.840] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.840] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.840] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.840] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.840] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.840] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.840] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.841] CloseHandle (hObject=0x214) returned 1 [0051.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.841] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3.lolkek") returned 79 [0051.841] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\skxryrtp79zgey9.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\skxryrtp79zgey9.mp3.lolkek")) returned 1 [0051.841] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.841] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca73d0 | out: hHeap=0x5a0000) returned 1 [0051.841] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.841] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.841] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini", dwFileAttributes=0x80) returned 1 [0051.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.842] CloseHandle (hObject=0x214) returned 1 [0051.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.842] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0051.842] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.842] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.842] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x43, lpOverlapped=0x0) returned 1 [0051.843] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.843] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x43, lpOverlapped=0x0) returned 1 [0051.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.843] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.843] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.843] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.843] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.844] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.844] CloseHandle (hObject=0x214) returned 1 [0051.844] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.844] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini.lolkek") returned 117 [0051.844] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini.lolkek")) returned 1 [0051.844] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.844] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698d80 | out: hHeap=0x5a0000) returned 1 [0051.844] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.844] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.844] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini", dwFileAttributes=0x80) returned 1 [0051.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.845] CloseHandle (hObject=0x214) returned 1 [0051.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.845] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0051.845] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.845] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.845] ReadFile (in: hFile=0x214, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x43, lpOverlapped=0x0) returned 1 [0051.846] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.846] WriteFile (in: hFile=0x214, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x43, lpOverlapped=0x0) returned 1 [0051.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.846] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.846] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.846] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.846] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.846] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.846] CloseHandle (hObject=0x214) returned 1 [0051.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.846] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini.lolkek") returned 108 [0051.847] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini.lolkek")) returned 1 [0051.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66b510 | out: hHeap=0x5a0000) returned 1 [0051.847] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.847] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.847] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat", dwFileAttributes=0x80) returned 1 [0051.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.848] CloseHandle (hObject=0x214) returned 1 [0051.848] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.848] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0051.848] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.848] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.897] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.897] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.897] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0051.901] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.901] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0051.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.901] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.901] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.902] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.902] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.902] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.902] CloseHandle (hObject=0x214) returned 1 [0051.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0051.902] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat.lolkek") returned 106 [0051.902] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat.lolkek")) returned 1 [0051.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0051.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f598 | out: hHeap=0x5a0000) returned 1 [0051.903] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.904] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.904] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", dwFileAttributes=0x80) returned 1 [0051.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0051.905] CloseHandle (hObject=0x214) returned 1 [0051.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.905] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d7 [0051.905] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.905] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0051.905] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0051.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.905] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.906] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1d7, lpOverlapped=0x0) returned 1 [0051.906] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffe29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.906] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1d7, lpOverlapped=0x0) returned 1 [0051.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.906] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.906] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0051.906] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.906] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0051.906] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0051.906] CloseHandle (hObject=0x214) returned 1 [0051.906] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0051.907] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.lolkek") returned 158 [0051.907] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.lolkek")) returned 1 [0051.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0051.908] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618490 | out: hHeap=0x5a0000) returned 1 [0051.908] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.908] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.908] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", dwFileAttributes=0x80) returned 1 [0051.933] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.001] CloseHandle (hObject=0x2bc) returned 1 [0052.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0052.005] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x561 [0052.005] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.005] ReadFile (in: hFile=0x2b8, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.009] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.009] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.009] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.009] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.009] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x561, lpOverlapped=0x0) returned 1 [0052.009] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffa9f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.009] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x561, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x561, lpOverlapped=0x0) returned 1 [0052.009] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.009] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.009] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.009] WriteFile (in: hFile=0x2b8, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.009] WriteFile (in: hFile=0x2b8, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.009] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.009] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.010] CloseHandle (hObject=0x2b8) returned 1 [0052.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.010] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.lolkek") returned 158 [0052.010] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.lolkek")) returned 1 [0052.034] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.034] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6186f8 | out: hHeap=0x5a0000) returned 1 [0052.034] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.034] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.034] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", dwFileAttributes=0x80) returned 1 [0052.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.060] CloseHandle (hObject=0x228) returned 1 [0052.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0052.067] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d7 [0052.067] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.067] ReadFile (in: hFile=0x228, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.068] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.068] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.068] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1d7, lpOverlapped=0x0) returned 1 [0052.068] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffe29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.068] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1d7, lpOverlapped=0x0) returned 1 [0052.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.069] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.069] WriteFile (in: hFile=0x228, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.069] WriteFile (in: hFile=0x228, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.069] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.069] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.069] CloseHandle (hObject=0x228) returned 1 [0052.070] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.070] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.lolkek") returned 158 [0052.070] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.lolkek")) returned 1 [0052.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635a30 | out: hHeap=0x5a0000) returned 1 [0052.099] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.099] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.099] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", dwFileAttributes=0x80) returned 1 [0052.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.121] CloseHandle (hObject=0x280) returned 1 [0052.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0052.126] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.127] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.127] ReadFile (in: hFile=0x228, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.127] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.128] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.128] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1cf, lpOverlapped=0x0) returned 1 [0052.128] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.128] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1cf, lpOverlapped=0x0) returned 1 [0052.128] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.128] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.128] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.128] WriteFile (in: hFile=0x228, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.128] WriteFile (in: hFile=0x228, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.128] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.128] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.128] CloseHandle (hObject=0x228) returned 1 [0052.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.129] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.lolkek") returned 158 [0052.129] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.lolkek")) returned 1 [0052.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613400 | out: hHeap=0x5a0000) returned 1 [0052.152] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.152] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.152] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", dwFileAttributes=0x80) returned 1 [0052.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.181] CloseHandle (hObject=0x258) returned 1 [0052.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0052.186] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e3 [0052.186] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.186] ReadFile (in: hFile=0x2bc, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.187] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.187] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.187] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.188] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.188] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x6e3, lpOverlapped=0x0) returned 1 [0052.188] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffff91d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.188] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x6e3, lpOverlapped=0x0) returned 1 [0052.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.188] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.188] WriteFile (in: hFile=0x2bc, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.188] WriteFile (in: hFile=0x2bc, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.188] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.188] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.188] CloseHandle (hObject=0x2bc) returned 1 [0052.189] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.189] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.lolkek") returned 158 [0052.189] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.lolkek")) returned 1 [0052.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9610 | out: hHeap=0x5a0000) returned 1 [0052.215] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.215] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.215] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", dwFileAttributes=0x80) returned 1 [0052.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.243] CloseHandle (hObject=0x224) returned 1 [0052.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.248] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x652 [0052.248] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.248] ReadFile (in: hFile=0x258, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.250] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.250] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.250] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x652, lpOverlapped=0x0) returned 1 [0052.250] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffff9ae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.250] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x652, lpOverlapped=0x0) returned 1 [0052.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.251] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.251] WriteFile (in: hFile=0x258, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.251] WriteFile (in: hFile=0x258, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.251] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.251] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.251] CloseHandle (hObject=0x258) returned 1 [0052.252] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.252] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.lolkek") returned 158 [0052.252] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.lolkek")) returned 1 [0052.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daabb8 | out: hHeap=0x5a0000) returned 1 [0052.280] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.280] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.281] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", dwFileAttributes=0x80) returned 1 [0052.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.370] CloseHandle (hObject=0x23c) returned 1 [0052.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.377] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x64b [0052.377] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.377] ReadFile (in: hFile=0x2a0, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.379] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.379] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.379] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x64b, lpOverlapped=0x0) returned 1 [0052.379] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffff9b5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.379] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x64b, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x64b, lpOverlapped=0x0) returned 1 [0052.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.379] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.379] WriteFile (in: hFile=0x2a0, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.380] WriteFile (in: hFile=0x2a0, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.380] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.380] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.380] CloseHandle (hObject=0x2a0) returned 1 [0052.380] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.380] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.lolkek") returned 158 [0052.380] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.lolkek")) returned 1 [0052.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec01d8 | out: hHeap=0x5a0000) returned 1 [0052.382] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.382] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.382] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", dwFileAttributes=0x80) returned 1 [0052.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.404] CloseHandle (hObject=0x210) returned 1 [0052.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.415] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x194 [0052.416] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.416] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.416] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.416] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.416] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.416] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.416] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x194, lpOverlapped=0x0) returned 1 [0052.416] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.416] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x194, lpOverlapped=0x0) returned 1 [0052.416] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.417] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.417] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.417] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.417] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.417] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.417] CloseHandle (hObject=0x210) returned 1 [0052.418] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.418] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.lolkek") returned 159 [0052.418] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.lolkek")) returned 1 [0052.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb228 | out: hHeap=0x5a0000) returned 1 [0052.437] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.438] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.438] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", dwFileAttributes=0x80) returned 1 [0052.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.454] CloseHandle (hObject=0x2a0) returned 1 [0052.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.468] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186 [0052.468] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.468] ReadFile (in: hFile=0x280, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.468] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.468] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.468] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x186, lpOverlapped=0x0) returned 1 [0052.468] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.468] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x186, lpOverlapped=0x0) returned 1 [0052.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.469] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.469] WriteFile (in: hFile=0x280, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.469] WriteFile (in: hFile=0x280, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.469] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.469] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.469] CloseHandle (hObject=0x280) returned 1 [0052.469] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.469] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.lolkek") returned 159 [0052.469] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.lolkek")) returned 1 [0052.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.487] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7d00 | out: hHeap=0x5a0000) returned 1 [0052.487] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.487] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.487] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", dwFileAttributes=0x80) returned 1 [0052.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.502] CloseHandle (hObject=0x2bc) returned 1 [0052.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.521] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1ae [0052.521] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.522] ReadFile (in: hFile=0x2a0, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.525] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.525] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.525] ReadFile (in: hFile=0x2a0, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x40e22c*=0x1ae, lpOverlapped=0x0) returned 1 [0052.526] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.526] WriteFile (in: hFile=0x2a0, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1ae, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x40fc70*=0x1ae, lpOverlapped=0x0) returned 1 [0052.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.527] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.527] WriteFile (in: hFile=0x2a0, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.527] WriteFile (in: hFile=0x2a0, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.527] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.527] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.528] CloseHandle (hObject=0x2a0) returned 1 [0052.528] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.529] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.lolkek") returned 159 [0052.529] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.lolkek")) returned 1 [0052.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebaa90 | out: hHeap=0x5a0000) returned 1 [0052.549] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.549] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.549] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", dwFileAttributes=0x80) returned 1 [0052.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.574] CloseHandle (hObject=0x210) returned 1 [0052.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.580] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x198 [0052.580] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.580] ReadFile (in: hFile=0x214, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.580] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.581] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.581] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x198, lpOverlapped=0x0) returned 1 [0052.581] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffe68, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.581] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x198, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x198, lpOverlapped=0x0) returned 1 [0052.581] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.581] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.581] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.581] WriteFile (in: hFile=0x214, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.581] WriteFile (in: hFile=0x214, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.581] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.581] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.581] CloseHandle (hObject=0x214) returned 1 [0052.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.582] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.lolkek") returned 159 [0052.582] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.lolkek")) returned 1 [0052.887] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa810 | out: hHeap=0x5a0000) returned 1 [0052.888] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.888] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.888] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs", dwFileAttributes=0x80) returned 1 [0052.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.889] CloseHandle (hObject=0x210) returned 1 [0052.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.889] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa00 [0052.889] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.889] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.891] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.891] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.891] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0xa00, lpOverlapped=0x0) returned 1 [0052.891] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff600, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.892] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0xa00, lpOverlapped=0x0) returned 1 [0052.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.892] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.892] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.892] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.892] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.892] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.892] CloseHandle (hObject=0x210) returned 1 [0052.892] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.892] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.lolkek") returned 86 [0052.892] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.lolkek")) returned 1 [0052.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6178f8 | out: hHeap=0x5a0000) returned 1 [0052.893] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.893] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.893] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", dwFileAttributes=0x80) returned 1 [0052.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.894] CloseHandle (hObject=0x210) returned 1 [0052.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.894] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9a2 [0052.894] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.894] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.900] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.900] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.900] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.900] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.900] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x9a2, lpOverlapped=0x0) returned 1 [0052.900] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff65e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.900] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x9a2, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x9a2, lpOverlapped=0x0) returned 1 [0052.900] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.900] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.900] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.900] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.900] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.900] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.900] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.901] CloseHandle (hObject=0x210) returned 1 [0052.901] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.901] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.lolkek") returned 86 [0052.901] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.lolkek")) returned 1 [0052.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6160a0 | out: hHeap=0x5a0000) returned 1 [0052.901] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.901] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.901] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST", dwFileAttributes=0x80) returned 1 [0052.902] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.903] CloseHandle (hObject=0x210) returned 1 [0052.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.903] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x138 [0052.903] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.903] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.904] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.904] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.904] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x138, lpOverlapped=0x0) returned 1 [0052.904] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffec8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.904] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x138, lpOverlapped=0x0) returned 1 [0052.904] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.904] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.904] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.904] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.904] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.904] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.904] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.904] CloseHandle (hObject=0x210) returned 1 [0052.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.904] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.lolkek") returned 83 [0052.904] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist.lolkek")) returned 1 [0052.905] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.905] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616eb8 | out: hHeap=0x5a0000) returned 1 [0052.905] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.905] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.905] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", dwFileAttributes=0x80) returned 1 [0052.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.906] CloseHandle (hObject=0x210) returned 1 [0052.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.906] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0052.906] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.906] ReadFile (in: hFile=0x210, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.907] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.907] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.907] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.907] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.907] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1d4, lpOverlapped=0x0) returned 1 [0052.907] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.907] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1d4, lpOverlapped=0x0) returned 1 [0052.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.907] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.907] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.907] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.907] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.908] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.908] CloseHandle (hObject=0x210) returned 1 [0052.908] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.908] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.lolkek") returned 157 [0052.908] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.lolkek")) returned 1 [0052.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec06a8 | out: hHeap=0x5a0000) returned 1 [0052.910] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.910] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.910] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred", dwFileAttributes=0x80) returned 1 [0052.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.911] CloseHandle (hObject=0x210) returned 1 [0052.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.911] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18 [0052.911] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.911] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.911] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x18, lpOverlapped=0x0) returned 1 [0052.912] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffffe8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.912] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x18, lpOverlapped=0x0) returned 1 [0052.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.912] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.912] WriteFile (in: hFile=0x210, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.912] WriteFile (in: hFile=0x210, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.912] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.912] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.913] CloseHandle (hObject=0x210) returned 1 [0052.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.913] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.lolkek") returned 130 [0052.913] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.lolkek")) returned 1 [0052.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6420 | out: hHeap=0x5a0000) returned 1 [0052.913] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.913] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.913] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c", dwFileAttributes=0x80) returned 1 [0052.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.919] CloseHandle (hObject=0x280) returned 1 [0052.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.919] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0052.919] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.919] ReadFile (in: hFile=0x280, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.920] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.920] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.920] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.920] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.920] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1d4, lpOverlapped=0x0) returned 1 [0052.920] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.920] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1d4, lpOverlapped=0x0) returned 1 [0052.920] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.920] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.920] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.920] WriteFile (in: hFile=0x280, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.920] WriteFile (in: hFile=0x280, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.920] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.920] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.920] CloseHandle (hObject=0x280) returned 1 [0052.920] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.921] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.lolkek") returned 158 [0052.921] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c.lolkek")) returned 1 [0052.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0910 | out: hHeap=0x5a0000) returned 1 [0052.923] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.924] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.924] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c", dwFileAttributes=0x80) returned 1 [0052.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.924] CloseHandle (hObject=0x280) returned 1 [0052.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.925] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0052.925] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.925] ReadFile (in: hFile=0x280, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.926] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.926] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.926] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.926] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.926] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1d4, lpOverlapped=0x0) returned 1 [0052.926] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.926] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1d4, lpOverlapped=0x0) returned 1 [0052.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.926] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.927] WriteFile (in: hFile=0x280, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.927] WriteFile (in: hFile=0x280, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.927] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.927] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.927] CloseHandle (hObject=0x280) returned 1 [0052.927] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.927] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.lolkek") returned 158 [0052.927] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c.lolkek")) returned 1 [0052.931] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.931] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0b78 | out: hHeap=0x5a0000) returned 1 [0052.931] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.931] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.931] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2", dwFileAttributes=0x80) returned 1 [0052.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.943] CloseHandle (hObject=0x280) returned 1 [0052.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.944] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0052.944] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.944] ReadFile (in: hFile=0x280, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0052.945] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0052.945] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.945] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.945] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.945] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x1d4, lpOverlapped=0x0) returned 1 [0052.945] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.945] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x1d4, lpOverlapped=0x0) returned 1 [0052.945] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.945] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.945] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.945] WriteFile (in: hFile=0x280, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0052.945] WriteFile (in: hFile=0x280, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.946] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0052.946] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0052.946] CloseHandle (hObject=0x280) returned 1 [0052.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.946] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.lolkek") returned 158 [0052.946] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2.lolkek")) returned 1 [0053.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0053.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0de0 | out: hHeap=0x5a0000) returned 1 [0053.708] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.708] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.708] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", dwFileAttributes=0x80) returned 1 [0053.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.729] CloseHandle (hObject=0x280) returned 1 [0053.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0053.758] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x70000 [0053.758] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.758] ReadFile (in: hFile=0x228, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0053.760] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0053.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.760] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.760] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0053.761] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.761] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0053.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.761] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.762] WriteFile (in: hFile=0x228, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0053.762] WriteFile (in: hFile=0x228, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0053.762] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0053.762] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0053.762] CloseHandle (hObject=0x228) returned 1 [0053.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.762] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.lolkek") returned 116 [0053.762] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite.lolkek")) returned 1 [0053.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f7d8 | out: hHeap=0x5a0000) returned 1 [0053.786] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.786] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.786] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", dwFileAttributes=0x80) returned 1 [0053.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0053.827] CloseHandle (hObject=0x1b4) returned 1 [0053.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.888] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4183 [0053.888] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.888] ReadFile (in: hFile=0x280, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0053.890] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0053.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.890] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.890] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0053.890] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.890] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0053.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.891] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.891] WriteFile (in: hFile=0x280, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0053.891] WriteFile (in: hFile=0x280, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0053.891] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0053.891] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0053.891] CloseHandle (hObject=0x280) returned 1 [0053.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0053.891] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.lolkek") returned 110 [0053.891] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json.lolkek")) returned 1 [0054.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0054.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde920 | out: hHeap=0x5a0000) returned 1 [0054.250] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.250] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.250] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3", dwFileAttributes=0x80) returned 1 [0054.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ug-1onehbic0y12aa_v.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0054.255] CloseHandle (hObject=0x224) returned 1 [0054.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ug-1onehbic0y12aa_v.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0054.255] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13760 [0054.255] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.255] ReadFile (in: hFile=0x224, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0054.255] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0054.255] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.255] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.255] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.255] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x4000, lpOverlapped=0x0) returned 1 [0054.256] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.256] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x4000, lpOverlapped=0x0) returned 1 [0054.256] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.256] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.256] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.256] WriteFile (in: hFile=0x224, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0054.256] WriteFile (in: hFile=0x224, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0054.256] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0054.256] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0054.256] CloseHandle (hObject=0x224) returned 1 [0054.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0054.258] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3.lolkek") returned 72 [0054.258] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ug-1onehbic0y12aa_v.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ug-1onehbic0y12aa_v.mp3.lolkek")) returned 1 [0054.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0054.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6113e0 | out: hHeap=0x5a0000) returned 1 [0054.665] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.665] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.665] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url", dwFileAttributes=0x80) returned 1 [0054.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0054.734] CloseHandle (hObject=0x210) returned 1 [0054.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0054.758] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.758] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.758] ReadFile (in: hFile=0x190, lpBuffer=0x40fc70, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x40e254, lpOverlapped=0x0 | out: lpBuffer=0x40fc70*, lpNumberOfBytesRead=0x40e254*=0xd, lpOverlapped=0x0) returned 1 [0054.759] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x40fc80 | out: pbBuffer=0x40fc80) returned 1 [0054.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.759] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.759] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x40e22c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x40e22c*=0x85, lpOverlapped=0x0) returned 1 [0054.759] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.759] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x40fc70, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x40fc70*=0x85, lpOverlapped=0x0) returned 1 [0054.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.759] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.759] WriteFile (in: hFile=0x190, lpBuffer=0x40e234*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40e234*, lpNumberOfBytesWritten=0x40e238*=0x4, lpOverlapped=0x0) returned 1 [0054.759] WriteFile (in: hFile=0x190, lpBuffer=0x40fc80*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x40fc80*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0054.759] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x40e238*=0x20, lpOverlapped=0x0) returned 1 [0054.759] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x40e238, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x40e238*=0xd, lpOverlapped=0x0) returned 1 [0054.760] CloseHandle (hObject=0x190) returned 1 [0054.768] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.768] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.lolkek") returned 77 [0054.768] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.lolkek")) returned 1 [0055.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0055.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3efa0 | out: hHeap=0x5a0000) returned 1 [0055.678] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.678] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.678] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", dwFileAttributes=0x80) returned 0 [0055.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.678] RmStartSession () returned 0x0 [0055.687] RmRegisterResources () returned 0x0 [0055.691] RmGetList () returned 0x0 [0055.929] RmEndSession () returned 0x0 [0055.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de0f28 | out: hHeap=0x5a0000) returned 1 [0055.948] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.948] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.948] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", dwFileAttributes=0x80) returned 0 [0055.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.948] RmStartSession () returned 0x0 [0055.950] RmRegisterResources () returned 0x0 [0055.952] RmGetList () returned 0x0 [0056.231] RmEndSession () returned 0x0 [0056.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x631ed0 | out: hHeap=0x5a0000) returned 1 [0056.245] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.245] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.245] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", dwFileAttributes=0x80) returned 0 [0056.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.245] RmStartSession () returned 0x0 [0056.247] RmRegisterResources () returned 0x0 [0056.250] RmGetList () returned 0x0 [0056.907] RmEndSession () returned 0x0 [0056.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.924] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f280 | out: hHeap=0x5a0000) returned 1 [0056.924] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.924] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.924] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", dwFileAttributes=0x80) returned 0 [0056.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.924] RmStartSession () returned 0x0 [0056.926] RmRegisterResources () returned 0x0 [0056.928] RmGetList () returned 0x0 [0057.087] RmEndSession () returned 0x0 [0057.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb63d8 | out: hHeap=0x5a0000) returned 1 [0057.907] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.907] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.907] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp", dwFileAttributes=0x80) returned 0 [0057.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.907] RmStartSession () returned 0x0 [0057.909] RmRegisterResources () returned 0x0 [0057.914] RmGetList () returned 0x0 [0058.127] RmEndSession () returned 0x0 [0058.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile29.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.200] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da44a0 | out: hHeap=0x5a0000) returned 1 [0058.200] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.200] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.200] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", dwFileAttributes=0x80) returned 0 [0058.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.200] RmStartSession () returned 0x0 [0058.202] RmRegisterResources () returned 0x0 [0058.207] RmGetList () returned 0x0 [0058.485] RmEndSession () returned 0x0 [0058.504] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4d10 | out: hHeap=0x5a0000) returned 1 [0058.504] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.504] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.505] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp", dwFileAttributes=0x80) returned 0 [0058.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.505] RmStartSession () returned 0x0 [0058.507] RmRegisterResources () returned 0x0 [0058.509] RmGetList () returned 0x0 [0059.667] RmEndSession () returned 0x0 [0059.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile41.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5580 | out: hHeap=0x5a0000) returned 1 [0059.682] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.682] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.682] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov", dwFileAttributes=0x80) returned 0 [0059.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.682] RmStartSession () returned 0x0 [0059.684] RmRegisterResources () returned 0x0 [0059.688] RmGetList () returned 0x0 [0062.961] RmEndSession () returned 0x0 [0063.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.114] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5df0 | out: hHeap=0x5a0000) returned 1 [0063.114] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 7 os_tid = 0x8c8 [0035.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.518] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.518] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG", dwFileAttributes=0x80) returned 1 [0035.825] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.825] RmStartSession () returned 0x0 [0036.196] RmRegisterResources () returned 0x0 [0036.198] RmGetList () returned 0x0 [0036.785] GetCurrentProcessId () returned 0x86c [0036.785] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0036.785] RmEndSession () returned 0x0 [0036.805] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0036.805] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0036.805] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0036.805] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.805] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf", dwFileAttributes=0x80) returned 0 [0036.805] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0036.805] RmStartSession () returned 0x0 [0036.807] RmRegisterResources () returned 0x0 [0036.809] RmGetList () returned 0x0 [0037.469] RmEndSession () returned 0x0 [0037.495] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fb88 | out: hHeap=0x5a0000) returned 1 [0037.495] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.495] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.495] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.495] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.495] RmStartSession () returned 0x0 [0037.497] RmRegisterResources () returned 0x0 [0037.499] RmGetList () returned 0x0 [0041.402] RmEndSession () returned 0x0 [0041.420] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6301b8 | out: hHeap=0x5a0000) returned 1 [0041.420] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.420] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.420] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", dwFileAttributes=0x80) returned 0 [0041.420] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.420] RmStartSession () returned 0x0 [0041.421] RmRegisterResources () returned 0x0 [0041.424] RmGetList () returned 0x0 [0042.523] RmEndSession () returned 0x0 [0042.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf230 | out: hHeap=0x5a0000) returned 1 [0042.545] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.545] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.545] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", dwFileAttributes=0x80) returned 0 [0042.546] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.546] RmStartSession () returned 0x0 [0042.547] RmRegisterResources () returned 0x0 [0042.550] RmGetList () returned 0x0 [0043.186] RmEndSession () returned 0x0 [0043.209] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.209] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d970 | out: hHeap=0x5a0000) returned 1 [0043.209] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.209] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.209] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll", dwFileAttributes=0x80) returned 1 [0043.209] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.209] CloseHandle (hObject=0x190) returned 1 [0043.209] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.209] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d00 [0043.209] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.209] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.212] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3f7adc8 [0043.213] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.213] ReadFile (in: hFile=0x190, lpBuffer=0x3f7adc8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesRead=0x2e1e1fc*=0x3d00, lpOverlapped=0x0) returned 1 [0043.214] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc300, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.214] WriteFile (in: hFile=0x190, lpBuffer=0x3f7adc8*, nNumberOfBytesToWrite=0x3d00, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesWritten=0x2e1fc40*=0x3d00, lpOverlapped=0x0) returned 1 [0043.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3f7adc8 | out: hHeap=0x5a0000) returned 1 [0043.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.214] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.214] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.214] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.214] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.215] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.215] CloseHandle (hObject=0x190) returned 1 [0043.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.215] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.lolkek") returned 63 [0043.215] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.lolkek" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlconfig.dll.lolkek")) returned 1 [0043.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94de8 | out: hHeap=0x5a0000) returned 1 [0043.215] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.215] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.215] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll", dwFileAttributes=0x80) returned 1 [0043.218] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.219] CloseHandle (hObject=0x190) returned 1 [0043.219] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.219] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3e108 [0043.219] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.219] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.220] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3f7adc8 [0043.220] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.220] ReadFile (in: hFile=0x190, lpBuffer=0x3f7adc8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.221] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.221] WriteFile (in: hFile=0x190, lpBuffer=0x3f7adc8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3f7adc8 | out: hHeap=0x5a0000) returned 1 [0043.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.221] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.221] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.221] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.221] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.222] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.222] CloseHandle (hObject=0x190) returned 1 [0043.222] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.222] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.lolkek") returned 59 [0043.222] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll.lolkek" (normalized: "c:\\programdata\\microsoft\\identitycrl\\ppcrlui.dll.lolkek")) returned 1 [0043.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67ca98 | out: hHeap=0x5a0000) returned 1 [0043.222] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.222] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.222] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL", dwFileAttributes=0x80) returned 1 [0043.222] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.222] CloseHandle (hObject=0x190) returned 1 [0043.222] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.223] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3a7c [0043.223] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.223] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.226] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3f7adc8 [0043.226] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.226] ReadFile (in: hFile=0x190, lpBuffer=0x3f7adc8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesRead=0x2e1e1fc*=0x3a7c, lpOverlapped=0x0) returned 1 [0043.228] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc584, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.228] WriteFile (in: hFile=0x190, lpBuffer=0x3f7adc8*, nNumberOfBytesToWrite=0x3a7c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesWritten=0x2e1fc40*=0x3a7c, lpOverlapped=0x0) returned 1 [0043.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3f7adc8 | out: hHeap=0x5a0000) returned 1 [0043.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.228] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.228] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.228] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.228] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.228] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.228] CloseHandle (hObject=0x190) returned 1 [0043.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.228] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL.lolkek") returned 49 [0043.229] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL.lolkek" (normalized: "c:\\programdata\\microsoft\\mf\\active.grl.lolkek")) returned 1 [0043.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b7d8 | out: hHeap=0x5a0000) returned 1 [0043.229] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.229] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.229] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL", dwFileAttributes=0x80) returned 1 [0043.229] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.230] CloseHandle (hObject=0x190) returned 1 [0043.230] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.230] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3a7c [0043.230] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.230] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.233] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3f7adc8 [0043.234] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.234] ReadFile (in: hFile=0x190, lpBuffer=0x3f7adc8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesRead=0x2e1e1fc*=0x3a7c, lpOverlapped=0x0) returned 1 [0043.234] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc584, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.234] WriteFile (in: hFile=0x190, lpBuffer=0x3f7adc8*, nNumberOfBytesToWrite=0x3a7c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesWritten=0x2e1fc40*=0x3a7c, lpOverlapped=0x0) returned 1 [0043.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3f7adc8 | out: hHeap=0x5a0000) returned 1 [0043.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.235] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.235] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.235] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.235] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.235] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.235] CloseHandle (hObject=0x190) returned 1 [0043.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.235] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL.lolkek") returned 50 [0043.235] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL.lolkek" (normalized: "c:\\programdata\\microsoft\\mf\\pending.grl.lolkek")) returned 1 [0043.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf1b80 | out: hHeap=0x5a0000) returned 1 [0043.236] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.236] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.236] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat", dwFileAttributes=0x80) returned 1 [0043.236] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.236] CloseHandle (hObject=0x190) returned 1 [0043.236] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.236] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x400000 [0043.236] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.236] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.239] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3f7adc8 [0043.239] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.239] ReadFile (in: hFile=0x190, lpBuffer=0x3f7adc8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.241] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.241] WriteFile (in: hFile=0x190, lpBuffer=0x3f7adc8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3f7adc8 | out: hHeap=0x5a0000) returned 1 [0043.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.241] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.241] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.242] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.243] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.243] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.243] CloseHandle (hObject=0x190) returned 1 [0043.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.243] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat.lolkek") returned 64 [0043.243] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat.lolkek" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr0.dat.lolkek")) returned 1 [0043.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cb78 | out: hHeap=0x5a0000) returned 1 [0043.243] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.243] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.243] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat", dwFileAttributes=0x80) returned 1 [0043.243] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.244] CloseHandle (hObject=0x190) returned 1 [0043.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.244] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x400000 [0043.244] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.244] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.247] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3f7adc8 [0043.247] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.247] ReadFile (in: hFile=0x190, lpBuffer=0x3f7adc8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.248] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.248] WriteFile (in: hFile=0x190, lpBuffer=0x3f7adc8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3f7adc8 | out: hHeap=0x5a0000) returned 1 [0043.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.249] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.249] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.250] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.250] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.250] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.250] CloseHandle (hObject=0x190) returned 1 [0043.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.250] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat.lolkek") returned 64 [0043.250] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat.lolkek" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\qmgr1.dat.lolkek")) returned 1 [0043.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cc68 | out: hHeap=0x5a0000) returned 1 [0043.251] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.251] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.251] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico", dwFileAttributes=0x80) returned 1 [0043.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.254] CloseHandle (hObject=0x190) returned 1 [0043.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.254] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1536 [0043.254] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.254] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.255] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3f7adc8 [0043.256] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.256] ReadFile (in: hFile=0x190, lpBuffer=0x3f7adc8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1536, lpOverlapped=0x0) returned 1 [0043.280] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffeaca, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.280] WriteFile (in: hFile=0x190, lpBuffer=0x3f7adc8*, nNumberOfBytesToWrite=0x1536, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3f7adc8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1536, lpOverlapped=0x0) returned 1 [0043.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3f7adc8 | out: hHeap=0x5a0000) returned 1 [0043.281] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.281] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.281] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.281] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.281] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.281] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.281] CloseHandle (hObject=0x190) returned 1 [0043.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.281] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.lolkek") returned 59 [0043.281] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\assetlibrary.ico.lolkek")) returned 1 [0043.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd58 | out: hHeap=0x5a0000) returned 1 [0043.288] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.288] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.288] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico", dwFileAttributes=0x80) returned 1 [0043.292] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.292] CloseHandle (hObject=0x190) returned 1 [0043.292] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.292] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5532e [0043.292] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.292] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.294] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.294] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.294] ReadFile (in: hFile=0x190, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.298] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.298] WriteFile (in: hFile=0x190, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.299] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.299] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.299] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.299] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.299] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.299] CloseHandle (hObject=0x190) returned 1 [0043.299] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.299] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.lolkek") returned 60 [0043.299] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\mysharepoints.ico.lolkek")) returned 1 [0043.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cf30 | out: hHeap=0x5a0000) returned 1 [0043.299] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.299] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.299] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico", dwFileAttributes=0x80) returned 1 [0043.304] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.304] CloseHandle (hObject=0x234) returned 1 [0043.304] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.304] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x627e [0043.304] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.304] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.306] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.306] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.306] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.306] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.307] ReadFile (in: hFile=0x234, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.310] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.311] WriteFile (in: hFile=0x234, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.311] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.311] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.311] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.311] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.311] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.311] CloseHandle (hObject=0x234) returned 1 [0043.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.311] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.lolkek") returned 67 [0043.311] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\sharepointportalsite.ico.lolkek")) returned 1 [0043.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d0d8 | out: hHeap=0x5a0000) returned 1 [0043.312] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.312] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.312] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.312] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.312] CloseHandle (hObject=0x234) returned 1 [0043.312] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.312] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3960 [0043.312] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.312] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.317] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbcf0 [0043.317] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.317] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbcf0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbcf0*, lpNumberOfBytesRead=0x2e1e1fc*=0x3960, lpOverlapped=0x0) returned 1 [0043.319] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc6a0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.320] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbcf0*, nNumberOfBytesToWrite=0x3960, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbcf0*, lpNumberOfBytesWritten=0x2e1fc40*=0x3960, lpOverlapped=0x0) returned 1 [0043.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbcf0 | out: hHeap=0x5a0000) returned 1 [0043.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.320] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.320] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.320] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.320] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.320] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.320] CloseHandle (hObject=0x234) returned 1 [0043.320] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.320] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.lolkek") returned 79 [0043.320] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\envelopr.dll.trx_dll.lolkek")) returned 1 [0043.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d2d0 | out: hHeap=0x5a0000) returned 1 [0043.328] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.328] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.328] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.331] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.331] CloseHandle (hObject=0x234) returned 1 [0043.331] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.331] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d960 [0043.331] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.331] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.334] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.334] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.334] ReadFile (in: hFile=0x234, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.338] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.338] WriteFile (in: hFile=0x234, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.338] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.338] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.338] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.338] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.338] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.338] CloseHandle (hObject=0x234) returned 1 [0043.339] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.339] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.lolkek") returned 80 [0043.339] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\grintl32.rest.trx_dll.lolkek")) returned 1 [0043.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6955e0 | out: hHeap=0x5a0000) returned 1 [0043.339] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.339] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.339] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.344] CloseHandle (hObject=0x190) returned 1 [0043.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.344] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc160 [0043.344] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.344] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.348] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.348] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.348] ReadFile (in: hFile=0x190, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.351] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.351] WriteFile (in: hFile=0x190, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.352] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.352] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.352] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.352] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.352] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.352] CloseHandle (hObject=0x190) returned 1 [0043.352] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.352] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.lolkek") returned 79 [0043.352] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\mor6int.rest.trx_dll.lolkek")) returned 1 [0043.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695830 | out: hHeap=0x5a0000) returned 1 [0043.353] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.353] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.353] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.358] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.358] CloseHandle (hObject=0x234) returned 1 [0043.358] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.358] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ced60 [0043.358] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.358] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.360] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb7ce8 [0043.360] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.360] ReadFile (in: hFile=0x234, lpBuffer=0x3eb7ce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.364] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.364] WriteFile (in: hFile=0x234, lpBuffer=0x3eb7ce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3eb7ce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.365] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7ce8 | out: hHeap=0x5a0000) returned 1 [0043.365] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.365] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.365] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.365] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.365] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.365] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.365] CloseHandle (hObject=0x234) returned 1 [0043.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.365] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.lolkek") returned 79 [0043.365] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\msointl.rest.trx_dll.lolkek")) returned 1 [0043.365] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.365] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695a88 | out: hHeap=0x5a0000) returned 1 [0043.365] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.365] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.365] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.370] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.370] CloseHandle (hObject=0x174) returned 1 [0043.370] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.370] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7b60 [0043.370] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.370] ReadFile (in: hFile=0x174, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.373] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.373] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.373] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.376] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.377] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.377] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.377] WriteFile (in: hFile=0x174, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.377] WriteFile (in: hFile=0x174, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.377] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.377] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.377] CloseHandle (hObject=0x174) returned 1 [0043.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.377] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.lolkek") returned 77 [0043.377] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\onintl.dll.trx_dll.lolkek")) returned 1 [0043.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695ce0 | out: hHeap=0x5a0000) returned 1 [0043.378] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.378] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.378] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.382] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.382] CloseHandle (hObject=0x190) returned 1 [0043.382] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.382] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x37560 [0043.382] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.382] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.385] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.385] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.385] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.390] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.390] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.390] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.390] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.391] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.391] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.391] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.391] CloseHandle (hObject=0x190) returned 1 [0043.391] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.391] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.lolkek") returned 79 [0043.391] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outllibr.dll.trx_dll.lolkek")) returned 1 [0043.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695f30 | out: hHeap=0x5a0000) returned 1 [0043.391] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.391] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.391] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.392] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.392] CloseHandle (hObject=0x190) returned 1 [0043.392] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.392] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b60 [0043.392] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.392] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.397] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.397] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.397] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebfcf0 [0043.397] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.397] ReadFile (in: hFile=0x190, lpBuffer=0x3ebfcf0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesRead=0x2e1e1fc*=0x2b60, lpOverlapped=0x0) returned 1 [0043.399] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffd4a0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.399] WriteFile (in: hFile=0x190, lpBuffer=0x3ebfcf0*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesWritten=0x2e1fc40*=0x2b60, lpOverlapped=0x0) returned 1 [0043.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfcf0 | out: hHeap=0x5a0000) returned 1 [0043.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.400] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.400] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.400] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.400] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.400] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.400] CloseHandle (hObject=0x190) returned 1 [0043.400] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.400] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.lolkek") returned 78 [0043.400] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\outlwvw.dll.trx_dll.lolkek")) returned 1 [0043.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696190 | out: hHeap=0x5a0000) returned 1 [0043.405] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.405] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.405] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.409] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.409] CloseHandle (hObject=0x190) returned 1 [0043.409] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.409] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x45f60 [0043.409] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.409] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.412] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.412] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.412] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.416] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.416] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.416] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.416] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.416] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.416] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.416] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.416] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.416] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.416] CloseHandle (hObject=0x190) returned 1 [0043.416] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.417] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.lolkek") returned 78 [0043.417] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\ppintl.rest.trx_dll.lolkek")) returned 1 [0043.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6963e0 | out: hHeap=0x5a0000) returned 1 [0043.417] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.417] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.417] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.417] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.417] CloseHandle (hObject=0x190) returned 1 [0043.417] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.418] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8e160 [0043.418] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.418] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.422] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebfcf0 [0043.422] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.422] ReadFile (in: hFile=0x190, lpBuffer=0x3ebfcf0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.427] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.427] WriteFile (in: hFile=0x190, lpBuffer=0x3ebfcf0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebfcf0*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfcf0 | out: hHeap=0x5a0000) returned 1 [0043.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.427] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.427] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.427] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.427] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.427] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.427] CloseHandle (hObject=0x190) returned 1 [0043.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.427] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.lolkek") returned 80 [0043.427] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\pub6intl.rest.trx_dll.lolkek")) returned 1 [0043.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696638 | out: hHeap=0x5a0000) returned 1 [0043.432] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.433] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.433] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.437] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.437] CloseHandle (hObject=0x190) returned 1 [0043.437] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.437] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3360 [0043.437] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.437] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.440] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.440] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.440] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.440] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.440] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x3360, lpOverlapped=0x0) returned 1 [0043.443] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffcca0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.443] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3360, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x3360, lpOverlapped=0x0) returned 1 [0043.444] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.444] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.444] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.444] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.444] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.444] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.444] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.444] CloseHandle (hObject=0x190) returned 1 [0043.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.444] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.lolkek") returned 76 [0043.444] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\sgres.dll.trx_dll.lolkek")) returned 1 [0043.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696898 | out: hHeap=0x5a0000) returned 1 [0043.445] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.445] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.445] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.449] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.449] CloseHandle (hObject=0x234) returned 1 [0043.449] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.449] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6960 [0043.449] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.450] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.455] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.455] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.455] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.459] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.459] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.459] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.459] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.459] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.459] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.459] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.459] CloseHandle (hObject=0x234) returned 1 [0043.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.459] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.lolkek") returned 79 [0043.460] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\visbrres.dll.trx_dll.lolkek")) returned 1 [0043.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696ae0 | out: hHeap=0x5a0000) returned 1 [0043.460] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.460] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.460] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.460] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.460] CloseHandle (hObject=0x234) returned 1 [0043.460] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.461] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x25b60 [0043.461] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.461] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.467] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.467] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.467] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.471] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.471] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.471] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.471] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.471] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.471] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.471] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.471] CloseHandle (hObject=0x234) returned 1 [0043.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.471] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.lolkek") returned 77 [0043.471] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\wwintl.dll.trx_dll.lolkek")) returned 1 [0043.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696d38 | out: hHeap=0x5a0000) returned 1 [0043.472] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.472] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.472] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.477] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.478] CloseHandle (hObject=0x174) returned 1 [0043.478] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.481] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x25360 [0043.481] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.481] ReadFile (in: hFile=0x174, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.483] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.483] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.483] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.485] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.485] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.485] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.485] WriteFile (in: hFile=0x174, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.485] WriteFile (in: hFile=0x174, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.485] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.485] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.485] CloseHandle (hObject=0x174) returned 1 [0043.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.485] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.lolkek") returned 79 [0043.485] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlintl32.dll.trx_dll.lolkek")) returned 1 [0043.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x696f88 | out: hHeap=0x5a0000) returned 1 [0043.486] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.486] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.486] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.486] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.486] CloseHandle (hObject=0x174) returned 1 [0043.486] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.486] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d60 [0043.486] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.487] ReadFile (in: hFile=0x174, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.492] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.492] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.492] ReadFile (in: hFile=0x174, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x3d60, lpOverlapped=0x0) returned 1 [0043.495] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc2a0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.495] WriteFile (in: hFile=0x174, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3d60, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x3d60, lpOverlapped=0x0) returned 1 [0043.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.495] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.496] WriteFile (in: hFile=0x174, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.496] WriteFile (in: hFile=0x174, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.496] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.496] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.496] CloseHandle (hObject=0x174) returned 1 [0043.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.496] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.lolkek") returned 79 [0043.496] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\xlslicer.dll.trx_dll.lolkek")) returned 1 [0043.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6971e8 | out: hHeap=0x5a0000) returned 1 [0043.497] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.497] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.497] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.497] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.497] CloseHandle (hObject=0x174) returned 1 [0043.498] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.498] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb960 [0043.498] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.498] ReadFile (in: hFile=0x174, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.500] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.500] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.500] ReadFile (in: hFile=0x174, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.510] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.510] WriteFile (in: hFile=0x174, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.510] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.511] WriteFile (in: hFile=0x174, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.511] WriteFile (in: hFile=0x174, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.511] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.511] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.511] CloseHandle (hObject=0x174) returned 1 [0043.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.511] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.lolkek") returned 79 [0043.511] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\grintl32.dll.trx_dll.lolkek")) returned 1 [0043.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697448 | out: hHeap=0x5a0000) returned 1 [0043.511] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.512] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.512] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.512] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174 [0043.512] CloseHandle (hObject=0x174) returned 1 [0043.512] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.512] GetFileSize (in: hFile=0x174, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x47d60 [0043.512] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.512] ReadFile (in: hFile=0x174, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.515] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.515] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.515] ReadFile (in: hFile=0x174, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.522] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.522] WriteFile (in: hFile=0x174, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.522] SetFilePointerEx (in: hFile=0x174, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.522] WriteFile (in: hFile=0x174, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.522] WriteFile (in: hFile=0x174, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.522] WriteFile (in: hFile=0x174, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.522] WriteFile (in: hFile=0x174, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.523] CloseHandle (hObject=0x174) returned 1 [0043.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.523] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.lolkek") returned 76 [0043.523] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\mapir.dll.trx_dll.lolkek")) returned 1 [0043.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6976a8 | out: hHeap=0x5a0000) returned 1 [0043.530] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.530] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.530] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.534] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.534] CloseHandle (hObject=0x190) returned 1 [0043.534] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.534] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16f60 [0043.534] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.534] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.535] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.535] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.536] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.539] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.539] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.539] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.539] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.539] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.539] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.539] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.539] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.539] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.540] CloseHandle (hObject=0x190) returned 1 [0043.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.540] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.lolkek") returned 78 [0043.540] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\msointl.dll.trx_dll.lolkek")) returned 1 [0043.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6977c8 | out: hHeap=0x5a0000) returned 1 [0043.540] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.540] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.540] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.540] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.541] CloseHandle (hObject=0x190) returned 1 [0043.541] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.541] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb360 [0043.541] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.541] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.545] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.545] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.545] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.551] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.552] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.552] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.552] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.552] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.552] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.552] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.552] CloseHandle (hObject=0x190) returned 1 [0043.552] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.552] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.lolkek") returned 78 [0043.553] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\omsintl.dll.trx_dll.lolkek")) returned 1 [0043.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6978f0 | out: hHeap=0x5a0000) returned 1 [0043.553] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.553] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.553] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.553] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.554] CloseHandle (hObject=0x190) returned 1 [0043.554] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.554] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d960 [0043.554] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.554] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.557] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.557] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.558] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.565] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.566] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.566] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.566] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.566] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.566] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.566] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.566] CloseHandle (hObject=0x190) returned 1 [0043.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.566] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.lolkek") returned 78 [0043.566] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\onintl.rest.trx_dll.lolkek")) returned 1 [0043.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697b40 | out: hHeap=0x5a0000) returned 1 [0043.567] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.567] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.567] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.567] CloseHandle (hObject=0x190) returned 1 [0043.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.567] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9f560 [0043.567] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.567] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.571] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.571] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.571] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.578] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.579] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.579] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.579] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.579] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.579] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.579] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.579] CloseHandle (hObject=0x190) returned 1 [0043.579] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.579] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.lolkek") returned 80 [0043.579] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\outllibr.rest.trx_dll.lolkek")) returned 1 [0043.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7a10 | out: hHeap=0x5a0000) returned 1 [0043.580] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.580] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.580] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.580] CloseHandle (hObject=0x190) returned 1 [0043.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.580] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd160 [0043.580] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.580] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.586] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.586] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.586] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.592] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.592] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.593] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.593] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.593] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.593] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.593] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.593] CloseHandle (hObject=0x190) returned 1 [0043.593] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.593] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.lolkek") returned 77 [0043.593] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\ppintl.dll.trx_dll.lolkek")) returned 1 [0043.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9790 | out: hHeap=0x5a0000) returned 1 [0043.593] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.594] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.594] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.594] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.594] CloseHandle (hObject=0x190) returned 1 [0043.594] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.594] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a560 [0043.594] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.594] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.598] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.598] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.598] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.604] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.604] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.604] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.605] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.605] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.605] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.605] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.605] CloseHandle (hObject=0x190) returned 1 [0043.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.605] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.lolkek") returned 79 [0043.605] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pub6intl.dll.trx_dll.lolkek")) returned 1 [0043.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7b48 | out: hHeap=0x5a0000) returned 1 [0043.605] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.605] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.605] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.606] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.606] CloseHandle (hObject=0x190) returned 1 [0043.606] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.606] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x57f60 [0043.606] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.606] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.610] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.610] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.610] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.616] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.616] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.617] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.617] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.617] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.617] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.617] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.617] CloseHandle (hObject=0x190) returned 1 [0043.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.617] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.lolkek") returned 80 [0043.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\pubwzint.rest.trx_dll.lolkek")) returned 1 [0043.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7db8 | out: hHeap=0x5a0000) returned 1 [0043.617] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.618] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.618] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.618] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.618] CloseHandle (hObject=0x190) returned 1 [0043.618] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.618] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4360 [0043.618] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.618] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.621] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.621] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.622] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.628] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.628] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.629] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.629] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.629] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.629] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.629] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.629] CloseHandle (hObject=0x190) returned 1 [0043.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.629] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.lolkek") returned 77 [0043.629] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\stintl.dll.trx_dll.lolkek")) returned 1 [0043.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca99e0 | out: hHeap=0x5a0000) returned 1 [0043.629] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.629] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.629] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll", dwFileAttributes=0x80) returned 1 [0043.630] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0043.630] CloseHandle (hObject=0x190) returned 1 [0043.630] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.630] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x73960 [0043.630] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.630] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.633] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0043.633] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.633] ReadFile (in: hFile=0x190, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.640] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.640] WriteFile (in: hFile=0x190, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.640] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.640] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.640] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.641] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.641] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.641] CloseHandle (hObject=0x190) returned 1 [0043.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.641] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.lolkek") returned 78 [0043.641] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\visintl.dll.trx_dll.lolkek")) returned 1 [0043.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9b08 | out: hHeap=0x5a0000) returned 1 [0043.641] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.641] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.641] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.644] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.644] CloseHandle (hObject=0x234) returned 1 [0043.644] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.645] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x110b60 [0043.645] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.645] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.652] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.653] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.653] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.656] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.656] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.656] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.656] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.656] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.657] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.657] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.657] CloseHandle (hObject=0x234) returned 1 [0043.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.657] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.lolkek") returned 78 [0043.657] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\wwintl.rest.trx_dll.lolkek")) returned 1 [0043.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9d58 | out: hHeap=0x5a0000) returned 1 [0043.657] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.657] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.657] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll", dwFileAttributes=0x80) returned 1 [0043.657] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.658] CloseHandle (hObject=0x234) returned 1 [0043.658] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.658] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x126760 [0043.658] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.658] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.664] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0043.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.665] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.665] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.668] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.668] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0043.668] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.668] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.668] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.669] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.669] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.669] CloseHandle (hObject=0x234) returned 1 [0043.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.669] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.lolkek") returned 80 [0043.669] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.lolkek" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\xlintl32.rest.trx_dll.lolkek")) returned 1 [0043.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8160 | out: hHeap=0x5a0000) returned 1 [0043.669] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.669] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.669] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat", dwFileAttributes=0x80) returned 1 [0043.670] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0043.670] CloseHandle (hObject=0x234) returned 1 [0043.670] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.670] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40270 [0043.670] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.670] ReadFile (in: hFile=0x234, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0043.677] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0043.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0043.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0043.677] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.677] ReadFile (in: hFile=0x234, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0043.681] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.682] WriteFile (in: hFile=0x234, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0043.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0043.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0043.682] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0043.682] WriteFile (in: hFile=0x234, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0043.682] WriteFile (in: hFile=0x234, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.682] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0043.682] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0043.682] CloseHandle (hObject=0x234) returned 1 [0043.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e76d90 [0043.682] wsprintfW (in: param_1=0x3e76d90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.lolkek") returned 84 [0043.683] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.lolkek" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.lolkek")) returned 1 [0043.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e76d90 | out: hHeap=0x5a0000) returned 1 [0043.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab668 | out: hHeap=0x5a0000) returned 1 [0043.683] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.683] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.683] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf", dwFileAttributes=0x80) returned 1 [0043.684] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.684] RmStartSession () returned 0x0 [0043.685] RmRegisterResources () returned 0x0 [0043.689] RmGetList () returned 0x0 [0044.447] GetCurrentProcessId () returned 0x86c [0044.447] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0044.447] RmEndSession () returned 0x0 [0044.469] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x675e00 | out: hHeap=0x5a0000) returned 1 [0044.469] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.469] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.469] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", dwFileAttributes=0x80) returned 0 [0044.473] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.473] RmStartSession () returned 0x0 [0044.474] RmRegisterResources () returned 0x0 [0044.477] RmGetList () returned 0x0 [0045.149] RmEndSession () returned 0x0 [0045.169] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.169] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613fa8 | out: hHeap=0x5a0000) returned 1 [0045.169] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.169] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.169] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", dwFileAttributes=0x80) returned 0 [0045.172] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.172] RmStartSession () returned 0x0 [0045.173] RmRegisterResources () returned 0x0 [0045.176] RmGetList () returned 0x0 [0045.814] RmEndSession () returned 0x0 [0045.837] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614fc8 | out: hHeap=0x5a0000) returned 1 [0045.837] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.838] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.838] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", dwFileAttributes=0x80) returned 0 [0045.838] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.838] RmStartSession () returned 0x0 [0045.839] RmRegisterResources () returned 0x0 [0045.842] RmGetList () returned 0x0 [0047.090] RmEndSession () returned 0x0 [0047.112] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadd20 | out: hHeap=0x5a0000) returned 1 [0047.112] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.112] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.112] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents", dwFileAttributes=0x80) returned 1 [0050.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.473] CloseHandle (hObject=0x25c) returned 1 [0050.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.489] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1400 [0050.489] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.489] ReadFile (in: hFile=0x268, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0050.492] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.492] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.492] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1400, lpOverlapped=0x0) returned 1 [0050.494] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffec00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.494] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1400, lpOverlapped=0x0) returned 1 [0050.494] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.494] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.494] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.494] WriteFile (in: hFile=0x268, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.494] WriteFile (in: hFile=0x268, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.494] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.495] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.495] CloseHandle (hObject=0x268) returned 1 [0050.495] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.495] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents.lolkek") returned 90 [0050.495] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents.lolkek")) returned 1 [0050.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caee98 | out: hHeap=0x5a0000) returned 1 [0050.495] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.495] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.496] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run", dwFileAttributes=0x80) returned 1 [0050.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.496] CloseHandle (hObject=0x268) returned 1 [0050.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.496] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.496] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.496] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.496] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0050.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.496] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.497] WriteFile (in: hFile=0x268, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.497] WriteFile (in: hFile=0x268, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.497] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.497] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.497] CloseHandle (hObject=0x268) returned 1 [0050.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.497] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run.lolkek") returned 88 [0050.497] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run.lolkek")) returned 1 [0050.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae280 | out: hHeap=0x5a0000) returned 1 [0050.498] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.498] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.498] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", dwFileAttributes=0x80) returned 1 [0050.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.499] CloseHandle (hObject=0x268) returned 1 [0050.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.499] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1082a [0050.499] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.499] ReadFile (in: hFile=0x268, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0050.505] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.505] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.505] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0050.513] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.513] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0050.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.513] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.514] WriteFile (in: hFile=0x268, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.514] WriteFile (in: hFile=0x268, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.514] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.514] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.514] CloseHandle (hObject=0x268) returned 1 [0050.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.514] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State.lolkek") returned 90 [0050.514] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state.lolkek")) returned 1 [0050.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cade78 | out: hHeap=0x5a0000) returned 1 [0050.515] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.515] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.515] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal", dwFileAttributes=0x80) returned 1 [0050.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.515] CloseHandle (hObject=0x268) returned 1 [0050.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.515] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.515] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.516] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.516] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0050.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.516] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.516] WriteFile (in: hFile=0x268, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.516] WriteFile (in: hFile=0x268, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.516] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.516] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.517] CloseHandle (hObject=0x268) returned 1 [0050.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.517] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal.lolkek") returned 108 [0050.517] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal.lolkek")) returned 1 [0050.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d240 | out: hHeap=0x5a0000) returned 1 [0050.517] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.517] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.517] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db", dwFileAttributes=0x80) returned 1 [0050.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.518] CloseHandle (hObject=0x268) returned 1 [0050.518] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.518] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x126da7 [0050.518] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.518] ReadFile (in: hFile=0x268, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0050.518] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.518] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.518] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0050.519] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.519] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0050.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.519] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.519] WriteFile (in: hFile=0x268, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.519] WriteFile (in: hFile=0x268, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.520] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.520] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.520] CloseHandle (hObject=0x268) returned 1 [0050.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.520] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.lolkek") returned 67 [0050.520] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db.lolkek")) returned 1 [0050.520] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.520] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0060 | out: hHeap=0x5a0000) returned 1 [0050.520] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.520] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.521] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms", dwFileAttributes=0x80) returned 1 [0050.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.527] CloseHandle (hObject=0x1b4) returned 1 [0050.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.527] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a00 [0050.527] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.527] ReadFile (in: hFile=0x1b4, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0050.538] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.538] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.538] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1a00, lpOverlapped=0x0) returned 1 [0050.543] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffe600, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.543] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1a00, lpOverlapped=0x0) returned 1 [0050.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.543] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.543] WriteFile (in: hFile=0x1b4, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.544] WriteFile (in: hFile=0x1b4, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.544] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.544] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.544] CloseHandle (hObject=0x1b4) returned 1 [0050.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.544] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.lolkek") returned 92 [0050.544] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.lolkek")) returned 1 [0050.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5fa0 | out: hHeap=0x5a0000) returned 1 [0050.545] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.545] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.545] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms", dwFileAttributes=0x80) returned 1 [0050.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0050.618] CloseHandle (hObject=0x1ec) returned 1 [0050.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.625] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0050.625] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.625] ReadFile (in: hFile=0x1e0, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0050.633] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.633] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.633] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0050.641] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.641] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0050.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.642] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.642] WriteFile (in: hFile=0x1e0, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.642] WriteFile (in: hFile=0x1e0, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.642] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.642] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.642] CloseHandle (hObject=0x1e0) returned 1 [0050.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.642] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.lolkek") returned 107 [0050.642] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.lolkek")) returned 1 [0050.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7dc0 | out: hHeap=0x5a0000) returned 1 [0050.643] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.643] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.643] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0050.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.676] CloseHandle (hObject=0x1b4) returned 1 [0050.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.754] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.754] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.754] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.754] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0050.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.754] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.754] WriteFile (in: hFile=0x2bc, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.755] CloseHandle (hObject=0x2bc) returned 1 [0050.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.779] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].lolkek") returned 95 [0050.779] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].lolkek")) returned 1 [0050.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf1b0 | out: hHeap=0x5a0000) returned 1 [0050.828] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.828] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.828] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl", dwFileAttributes=0x80) returned 1 [0050.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.882] CloseHandle (hObject=0x268) returned 1 [0050.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.896] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x401 [0050.896] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.896] ReadFile (in: hFile=0x1b4, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0050.901] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0050.901] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.901] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.901] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.901] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x401, lpOverlapped=0x0) returned 1 [0050.901] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffbff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.901] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x401, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x401, lpOverlapped=0x0) returned 1 [0050.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.901] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.901] WriteFile (in: hFile=0x1b4, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0050.901] WriteFile (in: hFile=0x1b4, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.902] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0050.902] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0050.902] CloseHandle (hObject=0x1b4) returned 1 [0050.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67cd08 [0050.904] wsprintfW (in: param_1=0x67cd08, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.lolkek") returned 136 [0050.904] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl.lolkek")) returned 1 [0050.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd08 | out: hHeap=0x5a0000) returned 1 [0050.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c6fe0 | out: hHeap=0x5a0000) returned 1 [0050.991] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.991] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.991] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl", dwFileAttributes=0x80) returned 1 [0051.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0051.069] CloseHandle (hObject=0x27c) returned 1 [0051.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.102] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x427 [0051.102] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.102] ReadFile (in: hFile=0x1b4, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0051.105] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0051.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.105] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.105] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x427, lpOverlapped=0x0) returned 1 [0051.105] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffbd9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.105] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x427, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x427, lpOverlapped=0x0) returned 1 [0051.105] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.105] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.105] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.106] WriteFile (in: hFile=0x1b4, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0051.106] WriteFile (in: hFile=0x1b4, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0051.106] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0051.106] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0051.106] CloseHandle (hObject=0x1b4) returned 1 [0051.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.121] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.lolkek") returned 124 [0051.121] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.lolkek")) returned 1 [0051.279] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.279] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5708 | out: hHeap=0x5a0000) returned 1 [0051.279] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.279] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.279] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm", dwFileAttributes=0x80) returned 1 [0051.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0051.307] CloseHandle (hObject=0x1b4) returned 1 [0051.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0051.331] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0051.331] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.331] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0051.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0051.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.332] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.332] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xed, lpOverlapped=0x0) returned 1 [0051.332] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.332] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xed, lpOverlapped=0x0) returned 1 [0051.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.332] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.332] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0051.332] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0051.332] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0051.333] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0051.333] CloseHandle (hObject=0x2b8) returned 1 [0051.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0051.333] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.lolkek") returned 107 [0051.333] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.lolkek")) returned 1 [0051.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0051.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddd10 | out: hHeap=0x5a0000) returned 1 [0051.362] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.362] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.362] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", dwFileAttributes=0x80) returned 1 [0051.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.594] CloseHandle (hObject=0x258) returned 1 [0051.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.900] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d51 [0051.900] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.900] ReadFile (in: hFile=0x23c, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0051.914] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0051.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.914] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.914] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1d51, lpOverlapped=0x0) returned 1 [0051.926] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffe2af, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.926] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d51, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1d51, lpOverlapped=0x0) returned 1 [0051.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.926] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.926] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0051.926] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0051.926] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0051.926] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0051.926] CloseHandle (hObject=0x23c) returned 1 [0051.927] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0051.927] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.lolkek") returned 98 [0051.927] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.lolkek")) returned 1 [0051.941] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0051.941] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657c08 | out: hHeap=0x5a0000) returned 1 [0051.941] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.941] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.941] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", dwFileAttributes=0x80) returned 1 [0052.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.009] CloseHandle (hObject=0x2bc) returned 1 [0052.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.022] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb68 [0052.022] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.022] ReadFile (in: hFile=0x23c, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.024] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.024] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.024] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xb68, lpOverlapped=0x0) returned 1 [0052.024] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffff498, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.024] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xb68, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xb68, lpOverlapped=0x0) returned 1 [0052.024] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.024] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.024] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.024] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.024] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.024] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.024] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.024] CloseHandle (hObject=0x23c) returned 1 [0052.027] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.027] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.lolkek") returned 158 [0052.027] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.lolkek")) returned 1 [0052.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc1658 | out: hHeap=0x5a0000) returned 1 [0052.047] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.047] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.048] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9", dwFileAttributes=0x80) returned 1 [0052.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.071] CloseHandle (hObject=0x228) returned 1 [0052.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.082] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fa [0052.082] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.082] ReadFile (in: hFile=0x23c, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.082] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.082] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.082] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1fa, lpOverlapped=0x0) returned 1 [0052.082] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe06, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.082] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1fa, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1fa, lpOverlapped=0x0) returned 1 [0052.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.082] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.083] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.083] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.083] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.083] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.083] CloseHandle (hObject=0x23c) returned 1 [0052.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.084] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek") returned 125 [0052.084] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.lolkek")) returned 1 [0052.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6194d8 | out: hHeap=0x5a0000) returned 1 [0052.111] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.111] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.111] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", dwFileAttributes=0x80) returned 1 [0052.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.129] CloseHandle (hObject=0x280) returned 1 [0052.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.141] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.141] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.141] ReadFile (in: hFile=0x224, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.141] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.141] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.141] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1cf, lpOverlapped=0x0) returned 1 [0052.141] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.142] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1cf, lpOverlapped=0x0) returned 1 [0052.142] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.142] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.142] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.142] WriteFile (in: hFile=0x224, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.142] WriteFile (in: hFile=0x224, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.142] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.142] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.142] CloseHandle (hObject=0x224) returned 1 [0052.142] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.143] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.lolkek") returned 158 [0052.143] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.lolkek")) returned 1 [0052.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8a08 | out: hHeap=0x5a0000) returned 1 [0052.170] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.171] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.171] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", dwFileAttributes=0x80) returned 1 [0052.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.187] CloseHandle (hObject=0x258) returned 1 [0052.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.203] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ab [0052.203] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.203] ReadFile (in: hFile=0x224, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.205] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.205] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.205] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.205] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.205] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x5ab, lpOverlapped=0x0) returned 1 [0052.205] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffa55, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.205] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5ab, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x5ab, lpOverlapped=0x0) returned 1 [0052.205] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.205] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.205] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.205] WriteFile (in: hFile=0x224, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.206] WriteFile (in: hFile=0x224, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.206] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.206] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.206] CloseHandle (hObject=0x224) returned 1 [0052.207] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.207] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.lolkek") returned 158 [0052.207] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.lolkek")) returned 1 [0052.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9fb0 | out: hHeap=0x5a0000) returned 1 [0052.232] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.232] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.233] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", dwFileAttributes=0x80) returned 1 [0052.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.250] CloseHandle (hObject=0x224) returned 1 [0052.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.268] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e3 [0052.268] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.268] ReadFile (in: hFile=0x210, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.270] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.270] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.270] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x6e3, lpOverlapped=0x0) returned 1 [0052.270] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff91d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.270] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x6e3, lpOverlapped=0x0) returned 1 [0052.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.270] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.270] WriteFile (in: hFile=0x210, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.270] WriteFile (in: hFile=0x210, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.270] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.270] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.270] CloseHandle (hObject=0x210) returned 1 [0052.272] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.272] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.lolkek") returned 158 [0052.272] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.lolkek")) returned 1 [0052.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dab7c0 | out: hHeap=0x5a0000) returned 1 [0052.358] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.358] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.358] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD", dwFileAttributes=0x80) returned 1 [0052.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.363] CloseHandle (hObject=0x23c) returned 1 [0052.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.363] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf4 [0052.363] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.363] ReadFile (in: hFile=0x23c, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.363] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.363] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.363] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.364] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.364] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xf4, lpOverlapped=0x0) returned 1 [0052.364] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffff0c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.364] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xf4, lpOverlapped=0x0) returned 1 [0052.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.364] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.364] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.364] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.364] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.364] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.364] CloseHandle (hObject=0x23c) returned 1 [0052.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.366] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.lolkek") returned 126 [0052.366] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad.lolkek")) returned 1 [0052.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc1b28 | out: hHeap=0x5a0000) returned 1 [0052.394] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.394] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.394] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", dwFileAttributes=0x80) returned 1 [0052.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.419] CloseHandle (hObject=0x228) returned 1 [0052.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.425] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182 [0052.425] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.425] ReadFile (in: hFile=0x2a0, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.426] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.426] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.426] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x182, lpOverlapped=0x0) returned 1 [0052.426] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.426] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x182, lpOverlapped=0x0) returned 1 [0052.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.426] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.426] WriteFile (in: hFile=0x2a0, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.426] WriteFile (in: hFile=0x2a0, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.426] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.426] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.427] CloseHandle (hObject=0x2a0) returned 1 [0052.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.427] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.lolkek") returned 159 [0052.427] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.lolkek")) returned 1 [0052.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8eb8 | out: hHeap=0x5a0000) returned 1 [0052.447] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.447] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.447] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", dwFileAttributes=0x80) returned 1 [0052.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.470] CloseHandle (hObject=0x228) returned 1 [0052.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0052.472] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x180 [0052.472] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.472] ReadFile (in: hFile=0x228, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.473] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.473] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.473] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x180, lpOverlapped=0x0) returned 1 [0052.473] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffe80, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.473] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x180, lpOverlapped=0x0) returned 1 [0052.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.474] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.474] WriteFile (in: hFile=0x228, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.474] WriteFile (in: hFile=0x228, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.474] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.474] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.474] CloseHandle (hObject=0x228) returned 1 [0052.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.474] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.lolkek") returned 159 [0052.474] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.lolkek")) returned 1 [0052.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8c30 | out: hHeap=0x5a0000) returned 1 [0052.497] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.497] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.497] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", dwFileAttributes=0x80) returned 1 [0052.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.522] CloseHandle (hObject=0x23c) returned 1 [0052.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.529] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1ec [0052.530] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.530] ReadFile (in: hFile=0x23c, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.530] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.530] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.530] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1ec, lpOverlapped=0x0) returned 1 [0052.530] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe14, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.530] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1ec, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1ec, lpOverlapped=0x0) returned 1 [0052.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.530] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.530] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.531] WriteFile (in: hFile=0x23c, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.531] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.531] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.531] CloseHandle (hObject=0x23c) returned 1 [0052.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.531] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.lolkek") returned 159 [0052.531] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.lolkek")) returned 1 [0052.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.555] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba808 | out: hHeap=0x5a0000) returned 1 [0052.555] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.555] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.555] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", dwFileAttributes=0x80) returned 1 [0052.567] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.576] CloseHandle (hObject=0x2bc) returned 1 [0052.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.582] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a4 [0052.582] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.582] ReadFile (in: hFile=0x214, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0052.583] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0052.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.583] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.583] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1a4, lpOverlapped=0x0) returned 1 [0052.583] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffe5c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.583] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1a4, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1a4, lpOverlapped=0x0) returned 1 [0052.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.583] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.583] WriteFile (in: hFile=0x214, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0052.584] WriteFile (in: hFile=0x214, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.584] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0052.584] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0052.584] CloseHandle (hObject=0x214) returned 1 [0052.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0052.585] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.lolkek") returned 159 [0052.585] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.lolkek")) returned 1 [0052.950] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0052.950] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaaa98 | out: hHeap=0x5a0000) returned 1 [0052.950] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.950] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.950] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d", dwFileAttributes=0x80) returned 1 [0053.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.715] CloseHandle (hObject=0x280) returned 1 [0053.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.738] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0053.738] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.738] ReadFile (in: hFile=0x280, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.739] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.739] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.739] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1d4, lpOverlapped=0x0) returned 1 [0053.739] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.739] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1d4, lpOverlapped=0x0) returned 1 [0053.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.739] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.739] WriteFile (in: hFile=0x280, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.739] WriteFile (in: hFile=0x280, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.739] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.739] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.739] CloseHandle (hObject=0x280) returned 1 [0053.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.741] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.lolkek") returned 158 [0053.741] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d.lolkek")) returned 1 [0053.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1048 | out: hHeap=0x5a0000) returned 1 [0053.765] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.765] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.765] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", dwFileAttributes=0x80) returned 1 [0053.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.786] CloseHandle (hObject=0x2b8) returned 1 [0053.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.793] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10000 [0053.793] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.793] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.794] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.794] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.794] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.796] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.796] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.797] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.797] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.797] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.797] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.797] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.797] CloseHandle (hObject=0x2b8) returned 1 [0053.801] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.801] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.lolkek") returned 117 [0053.801] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite.lolkek")) returned 1 [0053.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.896] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0a98 | out: hHeap=0x5a0000) returned 1 [0053.896] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.896] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.896] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", dwFileAttributes=0x80) returned 1 [0053.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.897] CloseHandle (hObject=0x2b8) returned 1 [0053.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.897] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f [0053.897] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.897] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.898] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.898] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.898] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x6f, lpOverlapped=0x0) returned 1 [0053.898] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff91, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.898] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6f, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x6f, lpOverlapped=0x0) returned 1 [0053.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.898] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.898] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.898] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.898] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.898] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.899] CloseHandle (hObject=0x2b8) returned 1 [0053.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.899] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.lolkek") returned 85 [0053.899] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.lolkek")) returned 1 [0053.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616850 | out: hHeap=0x5a0000) returned 1 [0053.900] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.900] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.900] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg", dwFileAttributes=0x80) returned 1 [0053.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nyjnimr19mfoct.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.900] CloseHandle (hObject=0x2b8) returned 1 [0053.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nyjnimr19mfoct.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.900] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5121 [0053.900] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.901] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.901] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.901] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.901] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.901] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.901] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.901] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.901] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.901] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.902] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.902] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.902] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.902] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.902] CloseHandle (hObject=0x2b8) returned 1 [0053.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.902] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg.lolkek") returned 75 [0053.902] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nyjnimr19mfoct.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\nyjnimr19mfoct.jpg.lolkek")) returned 1 [0053.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6300 | out: hHeap=0x5a0000) returned 1 [0053.903] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.903] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.903] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3", dwFileAttributes=0x80) returned 1 [0053.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qungt.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.904] CloseHandle (hObject=0x2b8) returned 1 [0053.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qungt.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.904] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x138a0 [0053.904] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.904] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.904] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.905] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.905] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.905] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.905] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.905] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.905] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.905] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.905] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.905] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.905] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.905] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.905] CloseHandle (hObject=0x2b8) returned 1 [0053.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.905] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3.lolkek") returned 66 [0053.905] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qungt.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\qungt.mp3.lolkek")) returned 1 [0053.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7950 | out: hHeap=0x5a0000) returned 1 [0053.907] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.907] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.907] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg", dwFileAttributes=0x80) returned 1 [0053.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tfo57svpad4k.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.909] CloseHandle (hObject=0x2b8) returned 1 [0053.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tfo57svpad4k.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.909] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d56 [0053.909] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.909] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.910] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.910] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.910] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x2d56, lpOverlapped=0x0) returned 1 [0053.910] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffd2aa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.910] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2d56, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x2d56, lpOverlapped=0x0) returned 1 [0053.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.910] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.910] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.910] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.910] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.910] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.910] CloseHandle (hObject=0x2b8) returned 1 [0053.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.910] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg.lolkek") returned 73 [0053.910] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tfo57svpad4k.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\tfo57svpad4k.jpg.lolkek")) returned 1 [0053.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0c60 | out: hHeap=0x5a0000) returned 1 [0053.911] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.911] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.911] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png", dwFileAttributes=0x80) returned 1 [0053.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v2twhyp-ib.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.912] CloseHandle (hObject=0x2b8) returned 1 [0053.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v2twhyp-ib.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.912] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xae6a [0053.912] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.912] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.913] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.913] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.913] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.913] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.913] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.913] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.913] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.913] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.913] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.913] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.913] CloseHandle (hObject=0x2b8) returned 1 [0053.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.913] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png.lolkek") returned 71 [0053.913] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v2twhyp-ib.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\v2twhyp-ib.png.lolkek")) returned 1 [0053.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611b88 | out: hHeap=0x5a0000) returned 1 [0053.914] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.914] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.914] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp", dwFileAttributes=0x80) returned 1 [0053.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vqazdjeqmu.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.915] CloseHandle (hObject=0x2b8) returned 1 [0053.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vqazdjeqmu.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.915] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfd0e [0053.915] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.915] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.916] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.916] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.916] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.916] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.916] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.916] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.916] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.916] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.916] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.916] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.916] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.916] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.916] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.916] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.916] CloseHandle (hObject=0x2b8) returned 1 [0053.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.917] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp.lolkek") returned 71 [0053.917] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vqazdjeqmu.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vqazdjeqmu.bmp.lolkek")) returned 1 [0053.917] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.917] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611ed0 | out: hHeap=0x5a0000) returned 1 [0053.917] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.917] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.917] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg", dwFileAttributes=0x80) returned 1 [0053.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1nwo.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.918] CloseHandle (hObject=0x2b8) returned 1 [0053.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1nwo.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.918] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6d5d [0053.918] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.918] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.919] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.919] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.919] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.919] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.919] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.919] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.919] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.919] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.919] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.919] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.919] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.919] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.919] CloseHandle (hObject=0x2b8) returned 1 [0053.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.919] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg.lolkek") returned 66 [0053.919] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1nwo.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w1nwo.jpg.lolkek")) returned 1 [0053.920] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.920] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7a48 | out: hHeap=0x5a0000) returned 1 [0053.920] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.920] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.920] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt", dwFileAttributes=0x80) returned 1 [0053.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w5dw.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.921] CloseHandle (hObject=0x2b8) returned 1 [0053.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w5dw.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.921] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x108a1 [0053.921] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.921] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.921] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.921] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.921] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.921] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.921] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.922] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.922] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.922] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.922] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.922] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.922] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.922] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.922] CloseHandle (hObject=0x2b8) returned 1 [0053.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.922] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt.lolkek") returned 65 [0053.922] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w5dw.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\w5dw.ppt.lolkek")) returned 1 [0053.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7858 | out: hHeap=0x5a0000) returned 1 [0053.923] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.923] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.923] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp", dwFileAttributes=0x80) returned 1 [0053.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wxlkyq4zhewf hoxb.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.923] CloseHandle (hObject=0x2b8) returned 1 [0053.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wxlkyq4zhewf hoxb.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.923] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4e56 [0053.923] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.923] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.924] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.924] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.924] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.924] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.924] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.924] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.924] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.924] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.924] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.924] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.924] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.925] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.925] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.925] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.925] CloseHandle (hObject=0x2b8) returned 1 [0053.925] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.925] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp.lolkek") returned 78 [0053.925] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wxlkyq4zhewf hoxb.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\wxlkyq4zhewf hoxb.bmp.lolkek")) returned 1 [0053.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3fb30 | out: hHeap=0x5a0000) returned 1 [0053.926] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.926] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.926] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif", dwFileAttributes=0x80) returned 1 [0053.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xfvvxiyqkiuvbgn.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.926] CloseHandle (hObject=0x2b8) returned 1 [0053.926] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xfvvxiyqkiuvbgn.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.926] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10bde [0053.926] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.926] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.927] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.927] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.927] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.927] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.927] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.927] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.927] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.927] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.927] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.928] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.928] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.928] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.928] CloseHandle (hObject=0x2b8) returned 1 [0053.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.928] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif.lolkek") returned 76 [0053.928] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xfvvxiyqkiuvbgn.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xfvvxiyqkiuvbgn.gif.lolkek")) returned 1 [0053.929] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.929] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94aa8 | out: hHeap=0x5a0000) returned 1 [0053.929] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.929] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.929] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp", dwFileAttributes=0x80) returned 1 [0053.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xikzdfud.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.929] CloseHandle (hObject=0x2b8) returned 1 [0053.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xikzdfud.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.929] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13bd5 [0053.929] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.929] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.930] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.930] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.930] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.930] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.930] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.930] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.930] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.945] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.945] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.945] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.945] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.945] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.945] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.946] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.946] CloseHandle (hObject=0x2b8) returned 1 [0053.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.946] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp.lolkek") returned 69 [0053.946] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xikzdfud.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xikzdfud.bmp.lolkek")) returned 1 [0053.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3ecf0 | out: hHeap=0x5a0000) returned 1 [0053.947] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.947] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.947] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a", dwFileAttributes=0x80) returned 1 [0053.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xpk6bu1j.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.947] CloseHandle (hObject=0x2b8) returned 1 [0053.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xpk6bu1j.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.948] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x63e5 [0053.948] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.948] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.948] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.948] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.948] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.948] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.948] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.949] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.949] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.949] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.949] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.949] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.949] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.949] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.949] CloseHandle (hObject=0x2b8) returned 1 [0053.949] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.949] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a.lolkek") returned 69 [0053.949] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xpk6bu1j.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xpk6bu1j.m4a.lolkek")) returned 1 [0053.950] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.950] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a030 | out: hHeap=0x5a0000) returned 1 [0053.950] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.950] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.950] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv", dwFileAttributes=0x80) returned 1 [0053.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xppxy-83xdouhjwnqsay.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.951] CloseHandle (hObject=0x2b8) returned 1 [0053.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xppxy-83xdouhjwnqsay.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.951] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15498 [0053.951] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.951] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.952] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.952] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.952] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.952] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.952] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.952] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.952] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.952] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.952] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.952] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.953] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.953] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.953] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.953] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.953] CloseHandle (hObject=0x2b8) returned 1 [0053.953] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.953] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv.lolkek") returned 81 [0053.953] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xppxy-83xdouhjwnqsay.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xppxy-83xdouhjwnqsay.flv.lolkek")) returned 1 [0053.954] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.954] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac028 | out: hHeap=0x5a0000) returned 1 [0053.954] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.954] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.954] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png", dwFileAttributes=0x80) returned 1 [0053.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yun8hxl ip.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.955] CloseHandle (hObject=0x2b8) returned 1 [0053.955] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yun8hxl ip.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.955] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x155f3 [0053.955] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.955] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.956] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.956] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.956] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.956] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.956] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.956] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.956] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.956] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.956] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.957] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.957] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.957] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.957] CloseHandle (hObject=0x2b8) returned 1 [0053.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.957] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png.lolkek") returned 72 [0053.957] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yun8hxl ip.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yun8hxl ip.png.lolkek")) returned 1 [0053.958] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.958] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611db8 | out: hHeap=0x5a0000) returned 1 [0053.958] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.958] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.958] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp", dwFileAttributes=0x80) returned 1 [0053.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yvpxr.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.959] CloseHandle (hObject=0x2b8) returned 1 [0053.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yvpxr.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.959] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8fe3 [0053.959] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.959] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.960] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.960] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.960] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0053.960] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.960] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0053.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.960] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.960] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.961] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.961] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.961] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.961] CloseHandle (hObject=0x2b8) returned 1 [0053.961] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.961] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp.lolkek") returned 66 [0053.961] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yvpxr.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yvpxr.odp.lolkek")) returned 1 [0053.962] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.962] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7b40 | out: hHeap=0x5a0000) returned 1 [0053.962] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.963] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.963] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact", dwFileAttributes=0x80) returned 1 [0053.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.963] CloseHandle (hObject=0x2b8) returned 1 [0053.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.964] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x49a [0053.964] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.964] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.971] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.971] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.971] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x49a, lpOverlapped=0x0) returned 1 [0053.971] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffb66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.971] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x49a, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x49a, lpOverlapped=0x0) returned 1 [0053.971] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.971] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.971] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.971] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.972] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.972] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.972] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.972] CloseHandle (hObject=0x2b8) returned 1 [0053.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.972] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.lolkek") returned 73 [0053.972] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.lolkek")) returned 1 [0053.973] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.973] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb4d0 | out: hHeap=0x5a0000) returned 1 [0053.973] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.973] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.973] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact", dwFileAttributes=0x80) returned 1 [0053.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.975] CloseHandle (hObject=0x2b8) returned 1 [0053.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.975] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x493 [0053.975] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.975] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.979] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.979] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.979] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3be0868 [0053.979] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.979] ReadFile (in: hFile=0x2b8, lpBuffer=0x3be0868, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3be0868*, lpNumberOfBytesRead=0x2e1e1fc*=0x493, lpOverlapped=0x0) returned 1 [0053.979] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffb6d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.979] WriteFile (in: hFile=0x2b8, lpBuffer=0x3be0868*, nNumberOfBytesToWrite=0x493, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3be0868*, lpNumberOfBytesWritten=0x2e1fc40*=0x493, lpOverlapped=0x0) returned 1 [0053.980] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.980] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.980] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.980] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.980] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.980] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.980] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.980] CloseHandle (hObject=0x2b8) returned 1 [0053.980] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.980] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.lolkek") returned 71 [0053.980] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.lolkek")) returned 1 [0053.981] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.981] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611fe8 | out: hHeap=0x5a0000) returned 1 [0053.981] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.981] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.981] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact", dwFileAttributes=0x80) returned 1 [0053.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.982] CloseHandle (hObject=0x2b8) returned 1 [0053.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.982] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x499 [0053.982] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.983] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0053.991] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0053.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.991] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.991] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x499, lpOverlapped=0x0) returned 1 [0053.991] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffb67, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.992] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x499, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x499, lpOverlapped=0x0) returned 1 [0053.992] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.992] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.992] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.992] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0053.992] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.992] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0053.992] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0053.992] CloseHandle (hObject=0x2b8) returned 1 [0053.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.992] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.lolkek") returned 70 [0053.992] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.lolkek")) returned 1 [0053.993] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.993] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0760 | out: hHeap=0x5a0000) returned 1 [0053.993] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.993] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.993] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact", dwFileAttributes=0x80) returned 1 [0053.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.994] CloseHandle (hObject=0x2b8) returned 1 [0053.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.994] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x494 [0053.994] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.994] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0054.117] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0054.117] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.117] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.118] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.118] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x494, lpOverlapped=0x0) returned 1 [0054.118] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffb6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.118] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x494, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x494, lpOverlapped=0x0) returned 1 [0054.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.118] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.118] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0054.118] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.118] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.118] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0054.118] CloseHandle (hObject=0x2b8) returned 1 [0054.118] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.118] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.lolkek") returned 71 [0054.118] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.lolkek")) returned 1 [0054.119] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.119] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612218 | out: hHeap=0x5a0000) returned 1 [0054.119] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.119] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.119] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav", dwFileAttributes=0x80) returned 1 [0054.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nugy9shnqn0xlnzxd 1.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.166] CloseHandle (hObject=0x2b8) returned 1 [0054.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nugy9shnqn0xlnzxd 1.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.166] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17a2f [0054.166] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.166] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0054.166] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0054.166] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.166] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.167] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.167] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0054.167] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.167] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0054.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.167] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.167] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0054.167] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.167] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.167] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0054.167] CloseHandle (hObject=0x2b8) returned 1 [0054.173] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.173] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav.lolkek") returned 72 [0054.173] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nugy9shnqn0xlnzxd 1.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nugy9shnqn0xlnzxd 1.wav.lolkek")) returned 1 [0054.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611728 | out: hHeap=0x5a0000) returned 1 [0054.214] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.214] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.214] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots", dwFileAttributes=0x80) returned 1 [0054.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\shtikjdvyz1k2vivh.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0054.217] CloseHandle (hObject=0x190) returned 1 [0054.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\shtikjdvyz1k2vivh.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0054.217] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1239d [0054.217] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.217] ReadFile (in: hFile=0x190, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0054.217] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0054.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.218] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.218] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0054.218] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.218] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0054.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.218] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.218] WriteFile (in: hFile=0x190, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0054.218] WriteFile (in: hFile=0x190, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.218] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.218] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0054.218] CloseHandle (hObject=0x190) returned 1 [0054.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.233] wsprintfW (in: param_1=0x3be0390, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots.lolkek") returned 70 [0054.233] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\shtikjdvyz1k2vivh.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\shtikjdvyz1k2vivh.ots.lolkek")) returned 1 [0054.269] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.269] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec3d08 | out: hHeap=0x5a0000) returned 1 [0054.269] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.269] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.269] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots", dwFileAttributes=0x80) returned 1 [0054.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0xr.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0054.271] CloseHandle (hObject=0x224) returned 1 [0054.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0xr.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0054.271] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23ca [0054.271] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.271] ReadFile (in: hFile=0x224, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0054.271] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0054.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.271] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.271] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x23ca, lpOverlapped=0x0) returned 1 [0054.271] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffdc36, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.271] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x23ca, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x23ca, lpOverlapped=0x0) returned 1 [0054.272] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.272] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.272] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.272] WriteFile (in: hFile=0x224, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0054.272] WriteFile (in: hFile=0x224, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.272] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0054.272] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0054.272] CloseHandle (hObject=0x224) returned 1 [0054.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3fa0048 [0054.273] wsprintfW (in: param_1=0x3fa0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots.lolkek") returned 57 [0054.273] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0xr.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\x0xr.ots.lolkek")) returned 1 [0054.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3fa0048 | out: hHeap=0x5a0000) returned 1 [0054.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe090 | out: hHeap=0x5a0000) returned 1 [0054.715] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.715] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.715] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url", dwFileAttributes=0x80) returned 1 [0054.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0054.744] CloseHandle (hObject=0x190) returned 1 [0054.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0055.022] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0055.022] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.022] ReadFile (in: hFile=0x27c, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0055.023] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0055.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0055.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.028] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.028] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0055.028] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.028] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0055.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0055.028] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.028] WriteFile (in: hFile=0x27c, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0055.028] WriteFile (in: hFile=0x27c, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0055.028] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0055.029] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0055.029] CloseHandle (hObject=0x27c) returned 1 [0055.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0055.043] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.lolkek") returned 78 [0055.043] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.lolkek")) returned 1 [0055.894] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0055.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3fc58 | out: hHeap=0x5a0000) returned 1 [0055.898] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.898] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.898] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", dwFileAttributes=0x80) returned 0 [0055.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.899] RmStartSession () returned 0x0 [0055.901] RmRegisterResources () returned 0x0 [0055.904] RmGetList () returned 0x0 [0056.154] RmEndSession () returned 0x0 [0056.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60e608 | out: hHeap=0x5a0000) returned 1 [0056.356] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.356] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.356] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", dwFileAttributes=0x80) returned 0 [0056.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.356] RmStartSession () returned 0x0 [0056.359] RmRegisterResources () returned 0x0 [0056.361] RmGetList () returned 0x0 [0056.591] RmEndSession () returned 0x0 [0056.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.792] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f610 | out: hHeap=0x5a0000) returned 1 [0056.792] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.792] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.792] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat", dwFileAttributes=0x80) returned 1 [0056.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.792] RmStartSession () returned 0x0 [0056.795] RmRegisterResources () returned 0x0 [0056.797] RmGetList () returned 0x0 [0057.417] GetCurrentProcessId () returned 0x86c [0057.417] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0057.417] RmEndSession () returned 0x0 [0057.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec52b0 | out: hHeap=0x5a0000) returned 1 [0057.438] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.438] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.438] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", dwFileAttributes=0x80) returned 0 [0057.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.439] RmStartSession () returned 0x0 [0057.442] RmRegisterResources () returned 0x0 [0057.444] RmGetList () returned 0x0 [0057.559] RmEndSession () returned 0x0 [0057.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb71e8 | out: hHeap=0x5a0000) returned 1 [0057.579] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.579] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.579] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", dwFileAttributes=0x80) returned 0 [0057.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.579] RmStartSession () returned 0x0 [0057.582] RmRegisterResources () returned 0x0 [0057.584] RmGetList () returned 0x0 [0058.017] RmEndSession () returned 0x0 [0058.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb74b8 | out: hHeap=0x5a0000) returned 1 [0058.106] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.106] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.106] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", dwFileAttributes=0x80) returned 0 [0058.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.106] RmStartSession () returned 0x0 [0058.109] RmRegisterResources () returned 0x0 [0058.111] RmGetList () returned 0x0 [0058.432] RmEndSession () returned 0x0 [0058.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4a40 | out: hHeap=0x5a0000) returned 1 [0058.451] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.451] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.451] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp", dwFileAttributes=0x80) returned 0 [0058.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.452] RmStartSession () returned 0x0 [0058.462] RmRegisterResources () returned 0x0 [0058.464] RmGetList () returned 0x0 [0059.793] RmEndSession () returned 0x0 [0059.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile40.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.809] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5418 | out: hHeap=0x5a0000) returned 1 [0059.809] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.809] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.809] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db", dwFileAttributes=0x80) returned 1 [0059.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.811] CloseHandle (hObject=0x2b8) returned 1 [0059.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.811] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbd7f0 [0059.811] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.811] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.813] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.813] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.813] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0059.814] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.814] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0059.815] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.815] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.815] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.815] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.815] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.815] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.815] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.815] CloseHandle (hObject=0x2b8) returned 1 [0059.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.816] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db.lolkek") returned 54 [0059.816] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db.lolkek")) returned 1 [0059.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc6008 | out: hHeap=0x5a0000) returned 1 [0059.817] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.817] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.817] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms", dwFileAttributes=0x80) returned 1 [0059.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.817] CloseHandle (hObject=0x2b8) returned 1 [0059.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.818] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a00 [0059.818] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.818] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.819] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.819] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.819] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1a00, lpOverlapped=0x0) returned 1 [0059.820] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffe600, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.820] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1a00, lpOverlapped=0x0) returned 1 [0059.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.820] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.820] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.820] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.820] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.820] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.820] CloseHandle (hObject=0x2b8) returned 1 [0059.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.820] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.lolkek") returned 79 [0059.820] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms.lolkek")) returned 1 [0059.821] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.821] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac028 | out: hHeap=0x5a0000) returned 1 [0059.821] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.821] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.821] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms", dwFileAttributes=0x80) returned 1 [0059.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.822] CloseHandle (hObject=0x2b8) returned 1 [0059.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.822] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0059.822] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.822] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.823] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.823] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.823] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0059.824] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.824] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0059.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.824] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.824] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.825] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.825] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.825] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.825] CloseHandle (hObject=0x2b8) returned 1 [0059.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.825] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.lolkek") returned 101 [0059.825] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms.lolkek")) returned 1 [0059.825] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.825] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde770 | out: hHeap=0x5a0000) returned 1 [0059.826] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.826] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.826] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms", dwFileAttributes=0x80) returned 1 [0059.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.826] CloseHandle (hObject=0x2b8) returned 1 [0059.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.826] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0059.826] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.826] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.827] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.827] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.827] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0059.828] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.828] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0059.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.828] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.828] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.828] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.829] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.829] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.829] CloseHandle (hObject=0x2b8) returned 1 [0059.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.829] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.lolkek") returned 101 [0059.829] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms.lolkek")) returned 1 [0059.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6270 | out: hHeap=0x5a0000) returned 1 [0059.829] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.829] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.829] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms", dwFileAttributes=0x80) returned 1 [0059.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.830] CloseHandle (hObject=0x2b8) returned 1 [0059.830] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.830] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0059.830] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.830] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.831] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.831] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.831] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0059.832] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.832] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0059.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.832] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.832] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.832] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.833] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.833] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.833] CloseHandle (hObject=0x2b8) returned 1 [0059.833] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.833] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.lolkek") returned 94 [0059.833] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms.lolkek")) returned 1 [0059.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6068 | out: hHeap=0x5a0000) returned 1 [0059.833] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.834] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.834] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms", dwFileAttributes=0x80) returned 1 [0059.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.834] CloseHandle (hObject=0x2b8) returned 1 [0059.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.834] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0059.834] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.834] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.835] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.835] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.835] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0059.836] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.836] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0059.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.836] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.836] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.837] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.837] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.837] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.837] CloseHandle (hObject=0x2b8) returned 1 [0059.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.837] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.lolkek") returned 135 [0059.837] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.lolkek")) returned 1 [0059.838] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.838] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7aa8 | out: hHeap=0x5a0000) returned 1 [0059.838] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.838] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.838] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini", dwFileAttributes=0x80) returned 1 [0059.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.838] CloseHandle (hObject=0x2b8) returned 1 [0059.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.839] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0059.839] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.839] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.839] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x43, lpOverlapped=0x0) returned 1 [0059.839] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.839] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x43, lpOverlapped=0x0) returned 1 [0059.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.839] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.839] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.840] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.840] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.840] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.840] CloseHandle (hObject=0x2b8) returned 1 [0059.840] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.840] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.lolkek") returned 84 [0059.840] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.lolkek")) returned 1 [0059.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617000 | out: hHeap=0x5a0000) returned 1 [0059.840] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.841] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.841] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0059.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.841] CloseHandle (hObject=0x2b8) returned 1 [0059.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.842] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0059.842] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.842] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.842] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0059.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.842] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.842] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.842] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.843] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.843] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.843] CloseHandle (hObject=0x2b8) returned 1 [0059.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.843] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].lolkek") returned 82 [0059.843] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].lolkek")) returned 1 [0059.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac160 | out: hHeap=0x5a0000) returned 1 [0059.843] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.843] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.844] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini", dwFileAttributes=0x80) returned 1 [0059.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.844] CloseHandle (hObject=0x2b8) returned 1 [0059.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.844] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0059.844] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.844] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.844] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.844] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.844] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x43, lpOverlapped=0x0) returned 1 [0059.845] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.845] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x43, lpOverlapped=0x0) returned 1 [0059.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.845] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.845] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.845] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.845] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.845] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.845] CloseHandle (hObject=0x2b8) returned 1 [0059.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.845] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.lolkek") returned 84 [0059.845] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.lolkek")) returned 1 [0059.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616850 | out: hHeap=0x5a0000) returned 1 [0059.846] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.846] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.846] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0059.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.846] CloseHandle (hObject=0x2b8) returned 1 [0059.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.847] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0059.847] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.847] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.847] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0059.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.847] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.847] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.847] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.848] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.848] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.848] CloseHandle (hObject=0x2b8) returned 1 [0059.848] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.848] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].lolkek") returned 82 [0059.848] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].lolkek")) returned 1 [0059.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac298 | out: hHeap=0x5a0000) returned 1 [0059.848] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.848] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.848] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini", dwFileAttributes=0x80) returned 1 [0059.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.849] CloseHandle (hObject=0x2b8) returned 1 [0059.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.849] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0059.850] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.850] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.850] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x43, lpOverlapped=0x0) returned 1 [0059.850] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.850] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x43, lpOverlapped=0x0) returned 1 [0059.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.850] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.850] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.850] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.851] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.851] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.851] CloseHandle (hObject=0x2b8) returned 1 [0059.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.851] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.lolkek") returned 84 [0059.851] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.lolkek")) returned 1 [0059.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616998 | out: hHeap=0x5a0000) returned 1 [0059.851] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.851] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.851] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0059.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.852] CloseHandle (hObject=0x2b8) returned 1 [0059.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.852] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0059.852] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.852] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.852] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0059.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.852] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.852] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.853] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.853] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.853] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.853] CloseHandle (hObject=0x2b8) returned 1 [0059.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.853] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].lolkek") returned 82 [0059.853] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].lolkek")) returned 1 [0059.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab8d8 | out: hHeap=0x5a0000) returned 1 [0059.854] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.854] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini", dwFileAttributes=0x80) returned 1 [0059.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.855] CloseHandle (hObject=0x2b8) returned 1 [0059.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.855] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0059.855] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.855] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.855] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x43, lpOverlapped=0x0) returned 1 [0059.855] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.855] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x43, lpOverlapped=0x0) returned 1 [0059.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.856] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.856] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.856] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.856] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.856] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.856] CloseHandle (hObject=0x2b8) returned 1 [0059.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.856] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.lolkek") returned 75 [0059.856] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\desktop.ini.lolkek")) returned 1 [0059.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657f38 | out: hHeap=0x5a0000) returned 1 [0059.857] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat", dwFileAttributes=0x80) returned 1 [0059.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.858] CloseHandle (hObject=0x2b8) returned 1 [0059.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.858] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0059.858] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.858] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.859] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.859] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.859] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0059.860] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.860] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0059.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.860] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.860] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.860] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.860] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.861] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.861] CloseHandle (hObject=0x2b8) returned 1 [0059.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.861] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.lolkek") returned 73 [0059.861] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\index.dat.lolkek")) returned 1 [0059.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6114f8 | out: hHeap=0x5a0000) returned 1 [0059.862] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.862] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.862] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini", dwFileAttributes=0x80) returned 1 [0059.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.863] CloseHandle (hObject=0x2b8) returned 1 [0059.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.863] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0059.863] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.863] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.863] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x43, lpOverlapped=0x0) returned 1 [0059.864] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.864] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x43, lpOverlapped=0x0) returned 1 [0059.864] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.864] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.864] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.864] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.864] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.864] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.864] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.864] CloseHandle (hObject=0x2b8) returned 1 [0059.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.864] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.lolkek") returned 84 [0059.864] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini.lolkek")) returned 1 [0059.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617148 | out: hHeap=0x5a0000) returned 1 [0059.865] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.865] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.865] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0059.865] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.866] CloseHandle (hObject=0x2b8) returned 1 [0059.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.866] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0059.866] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.866] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.866] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0059.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.866] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.866] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.867] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.867] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.867] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.867] CloseHandle (hObject=0x2b8) returned 1 [0059.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.867] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].lolkek") returned 82 [0059.867] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1].lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1].lolkek")) returned 1 [0059.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac3d0 | out: hHeap=0x5a0000) returned 1 [0059.867] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.867] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.868] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak", dwFileAttributes=0x80) returned 1 [0059.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.869] CloseHandle (hObject=0x2b8) returned 1 [0059.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.869] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fa9 [0059.869] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.869] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.870] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.870] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.870] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x2fa9, lpOverlapped=0x0) returned 1 [0059.871] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffd057, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.871] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2fa9, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x2fa9, lpOverlapped=0x0) returned 1 [0059.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.871] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.871] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.871] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.871] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.871] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.871] CloseHandle (hObject=0x2b8) returned 1 [0059.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.871] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.lolkek") returned 81 [0059.872] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.lolkek")) returned 1 [0059.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cabb48 | out: hHeap=0x5a0000) returned 1 [0059.872] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.872] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.872] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt", dwFileAttributes=0x80) returned 1 [0059.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.873] CloseHandle (hObject=0x2b8) returned 1 [0059.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.873] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fa9 [0059.873] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.873] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.874] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.874] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.874] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.874] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.874] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x2fa9, lpOverlapped=0x0) returned 1 [0059.875] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffd057, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.875] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2fa9, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x2fa9, lpOverlapped=0x0) returned 1 [0059.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0059.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0059.875] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.875] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0059.875] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.875] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0059.875] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0059.875] CloseHandle (hObject=0x2b8) returned 1 [0059.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0059.876] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.lolkek") returned 81 [0059.876] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.lolkek")) returned 1 [0059.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0059.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac508 | out: hHeap=0x5a0000) returned 1 [0059.877] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.877] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.877] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb", dwFileAttributes=0x80) returned 1 [0059.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0059.878] CloseHandle (hObject=0x2b8) returned 1 [0059.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0059.878] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x105000 [0059.878] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0059.878] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0059.879] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0059.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0059.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0059.879] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0059.879] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0061.607] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.607] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0061.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0061.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0061.607] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0061.607] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0061.607] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0061.607] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0061.608] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0061.608] CloseHandle (hObject=0x2b8) returned 1 [0061.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0061.608] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.lolkek") returned 89 [0061.608] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.lolkek")) returned 1 [0061.609] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0061.609] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cad7c0 | out: hHeap=0x5a0000) returned 1 [0061.609] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0061.609] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0061.609] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb", dwFileAttributes=0x80) returned 1 [0061.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2e8 [0061.633] CloseHandle (hObject=0x2e8) returned 1 [0061.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0061.633] GetFileSize (in: hFile=0x2e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1106c [0061.634] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.634] ReadFile (in: hFile=0x2e8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0061.635] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0061.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0061.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0061.635] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0061.635] ReadFile (in: hFile=0x2e8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.136] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.136] WriteFile (in: hFile=0x2e8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.137] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.137] WriteFile (in: hFile=0x2e8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.137] WriteFile (in: hFile=0x2e8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.137] WriteFile (in: hFile=0x2e8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.137] WriteFile (in: hFile=0x2e8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.137] CloseHandle (hObject=0x2e8) returned 1 [0062.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.137] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.lolkek") returned 80 [0062.137] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.lolkek")) returned 1 [0062.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac640 | out: hHeap=0x5a0000) returned 1 [0062.138] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.138] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.138] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0062.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2e8 [0062.139] CloseHandle (hObject=0x2e8) returned 1 [0062.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0062.139] GetFileSize (in: hFile=0x2e8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x414 [0062.139] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.139] ReadFile (in: hFile=0x2e8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.183] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.183] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.183] ReadFile (in: hFile=0x2e8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x414, lpOverlapped=0x0) returned 1 [0062.183] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0xfffffbec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.183] WriteFile (in: hFile=0x2e8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x414, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x414, lpOverlapped=0x0) returned 1 [0062.183] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.183] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.183] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.183] WriteFile (in: hFile=0x2e8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.184] WriteFile (in: hFile=0x2e8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.184] WriteFile (in: hFile=0x2e8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.184] WriteFile (in: hFile=0x2e8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.184] CloseHandle (hObject=0x2e8) returned 1 [0062.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.184] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.lolkek") returned 129 [0062.184] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.lolkek")) returned 1 [0062.185] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.185] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94aa8 | out: hHeap=0x5a0000) returned 1 [0062.185] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.185] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.185] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0062.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.205] CloseHandle (hObject=0x2a8) returned 1 [0062.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.205] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4ff [0062.205] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.205] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.207] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.207] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.207] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.207] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.207] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4ff, lpOverlapped=0x0) returned 1 [0062.208] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffb01, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.208] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4ff, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4ff, lpOverlapped=0x0) returned 1 [0062.208] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.208] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.208] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.208] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.208] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.208] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.208] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.208] CloseHandle (hObject=0x2a8) returned 1 [0062.208] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.208] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.lolkek") returned 131 [0062.208] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.lolkek")) returned 1 [0062.209] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.209] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde3d0 | out: hHeap=0x5a0000) returned 1 [0062.209] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.209] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.209] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0062.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.210] CloseHandle (hObject=0x2a8) returned 1 [0062.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.210] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4f3 [0062.210] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.210] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.211] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.211] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.211] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4f3, lpOverlapped=0x0) returned 1 [0062.211] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffb0d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.211] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4f3, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4f3, lpOverlapped=0x0) returned 1 [0062.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.211] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.211] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.211] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.212] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.212] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.212] CloseHandle (hObject=0x2a8) returned 1 [0062.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.212] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.lolkek") returned 129 [0062.212] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.lolkek")) returned 1 [0062.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde8f8 | out: hHeap=0x5a0000) returned 1 [0062.212] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.212] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.213] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0062.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.214] CloseHandle (hObject=0x2a8) returned 1 [0062.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.214] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x504 [0062.214] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.214] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.215] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.215] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.215] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x504, lpOverlapped=0x0) returned 1 [0062.215] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffafc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.215] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x504, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x504, lpOverlapped=0x0) returned 1 [0062.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.215] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.215] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.215] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.215] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.215] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.215] CloseHandle (hObject=0x2a8) returned 1 [0062.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.216] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.lolkek") returned 132 [0062.216] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.lolkek")) returned 1 [0062.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddeaf0 | out: hHeap=0x5a0000) returned 1 [0062.216] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.216] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.216] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0062.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.217] CloseHandle (hObject=0x2a8) returned 1 [0062.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.217] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x31d [0062.217] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.217] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.218] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.218] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.218] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x31d, lpOverlapped=0x0) returned 1 [0062.218] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffce3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.218] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x31d, lpOverlapped=0x0) returned 1 [0062.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.218] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.218] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.219] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.219] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.219] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.219] CloseHandle (hObject=0x2a8) returned 1 [0062.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.219] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.lolkek") returned 134 [0062.219] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.lolkek")) returned 1 [0062.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5040 | out: hHeap=0x5a0000) returned 1 [0062.220] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.220] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.220] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0062.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.220] CloseHandle (hObject=0x2a8) returned 1 [0062.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.220] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x311 [0062.220] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.220] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.221] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.222] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.222] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.222] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.222] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x311, lpOverlapped=0x0) returned 1 [0062.222] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffcef, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.222] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x311, lpOverlapped=0x0) returned 1 [0062.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.222] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.222] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.222] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.222] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.222] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.222] CloseHandle (hObject=0x2a8) returned 1 [0062.222] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.222] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.lolkek") returned 129 [0062.222] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.lolkek")) returned 1 [0062.223] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.223] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec5cf0 | out: hHeap=0x5a0000) returned 1 [0062.223] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.223] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.223] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl", dwFileAttributes=0x80) returned 1 [0062.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.224] CloseHandle (hObject=0x2a8) returned 1 [0062.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.224] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x410 [0062.224] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.224] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.225] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.225] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.225] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.225] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.225] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x410, lpOverlapped=0x0) returned 1 [0062.225] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffbf0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.225] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x410, lpOverlapped=0x0) returned 1 [0062.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.225] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.225] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.225] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.225] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.226] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.226] CloseHandle (hObject=0x2a8) returned 1 [0062.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.226] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.lolkek") returned 130 [0062.226] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.lolkek")) returned 1 [0062.226] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.226] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5788 | out: hHeap=0x5a0000) returned 1 [0062.226] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.226] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.226] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0062.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.227] CloseHandle (hObject=0x2a8) returned 1 [0062.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.227] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fc [0062.227] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.227] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.228] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.228] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.228] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x3fc, lpOverlapped=0x0) returned 1 [0062.228] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffc04, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.228] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x3fc, lpOverlapped=0x0) returned 1 [0062.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.229] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.229] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.229] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.229] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.229] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.229] CloseHandle (hObject=0x2a8) returned 1 [0062.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.229] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.lolkek") returned 129 [0062.229] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.lolkek")) returned 1 [0062.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698d80 | out: hHeap=0x5a0000) returned 1 [0062.230] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.230] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.230] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl", dwFileAttributes=0x80) returned 1 [0062.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.231] CloseHandle (hObject=0x2a8) returned 1 [0062.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.231] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x401 [0062.231] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.231] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.232] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.232] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.232] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x401, lpOverlapped=0x0) returned 1 [0062.232] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffbff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.232] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x401, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x401, lpOverlapped=0x0) returned 1 [0062.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.232] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.232] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.232] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.233] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.233] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.233] CloseHandle (hObject=0x2a8) returned 1 [0062.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.233] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.lolkek") returned 123 [0062.233] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.lolkek")) returned 1 [0062.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5248 | out: hHeap=0x5a0000) returned 1 [0062.233] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.233] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.233] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl", dwFileAttributes=0x80) returned 1 [0062.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.234] CloseHandle (hObject=0x2a8) returned 1 [0062.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.234] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x427 [0062.234] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.234] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.235] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.235] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.235] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x427, lpOverlapped=0x0) returned 1 [0062.235] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffbd9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.236] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x427, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x427, lpOverlapped=0x0) returned 1 [0062.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.236] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.236] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.236] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.236] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.236] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.236] CloseHandle (hObject=0x2a8) returned 1 [0062.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.236] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.lolkek") returned 111 [0062.236] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl.lolkek")) returned 1 [0062.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657598 | out: hHeap=0x5a0000) returned 1 [0062.237] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.237] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.237] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl", dwFileAttributes=0x80) returned 1 [0062.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.237] CloseHandle (hObject=0x2a8) returned 1 [0062.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.238] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x249 [0062.238] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.238] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.239] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.239] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.239] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x249, lpOverlapped=0x0) returned 1 [0062.239] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffdb7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.239] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x249, lpOverlapped=0x0) returned 1 [0062.239] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.239] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.239] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.239] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.239] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.239] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.239] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.240] CloseHandle (hObject=0x2a8) returned 1 [0062.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.240] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.lolkek") returned 114 [0062.240] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl.lolkek")) returned 1 [0062.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb4a0 | out: hHeap=0x5a0000) returned 1 [0062.240] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.240] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.240] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl", dwFileAttributes=0x80) returned 1 [0062.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.241] CloseHandle (hObject=0x2a8) returned 1 [0062.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.241] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x437 [0062.241] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.241] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.242] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.242] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.242] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x437, lpOverlapped=0x0) returned 1 [0062.242] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffbc9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.242] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x437, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x437, lpOverlapped=0x0) returned 1 [0062.242] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.242] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.242] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.242] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.242] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.243] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.243] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.243] CloseHandle (hObject=0x2a8) returned 1 [0062.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.243] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.lolkek") returned 111 [0062.243] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.lolkek")) returned 1 [0062.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5428 | out: hHeap=0x5a0000) returned 1 [0062.243] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.243] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.243] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", dwFileAttributes=0x80) returned 1 [0062.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.244] CloseHandle (hObject=0x2a8) returned 1 [0062.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.244] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5e4 [0062.244] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.244] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.245] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.245] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.245] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x5e4, lpOverlapped=0x0) returned 1 [0062.245] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffa1c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.245] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5e4, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x5e4, lpOverlapped=0x0) returned 1 [0062.246] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.246] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.246] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.246] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.246] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.246] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.246] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.246] CloseHandle (hObject=0x2a8) returned 1 [0062.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.246] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.lolkek") returned 120 [0062.246] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.lolkek")) returned 1 [0062.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e350e8 | out: hHeap=0x5a0000) returned 1 [0062.247] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.247] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.247] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", dwFileAttributes=0x80) returned 1 [0062.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.247] CloseHandle (hObject=0x2a8) returned 1 [0062.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.247] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a0 [0062.248] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.248] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.249] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.249] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.249] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x2a0, lpOverlapped=0x0) returned 1 [0062.249] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffd60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.249] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x2a0, lpOverlapped=0x0) returned 1 [0062.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.249] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.249] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.249] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.249] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.250] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.250] CloseHandle (hObject=0x2a8) returned 1 [0062.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.250] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.lolkek") returned 120 [0062.250] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount.lolkek")) returned 1 [0062.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e352c0 | out: hHeap=0x5a0000) returned 1 [0062.250] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.251] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.251] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", dwFileAttributes=0x80) returned 1 [0062.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.251] CloseHandle (hObject=0x2a8) returned 1 [0062.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.251] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6c8 [0062.251] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.251] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.252] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.252] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.252] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.252] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.253] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x6c8, lpOverlapped=0x0) returned 1 [0062.253] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffff938, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.253] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6c8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x6c8, lpOverlapped=0x0) returned 1 [0062.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.253] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.253] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.253] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.253] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.253] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.253] CloseHandle (hObject=0x2a8) returned 1 [0062.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.253] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.lolkek") returned 120 [0062.253] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.lolkek")) returned 1 [0062.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e35498 | out: hHeap=0x5a0000) returned 1 [0062.254] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.254] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.254] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log", dwFileAttributes=0x80) returned 1 [0062.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.254] CloseHandle (hObject=0x2a8) returned 1 [0062.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.255] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0062.255] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.255] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.256] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.256] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.256] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.257] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.257] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.257] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.257] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.258] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.258] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.259] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.259] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.259] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.259] CloseHandle (hObject=0x2a8) returned 1 [0062.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.259] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.lolkek") returned 88 [0062.259] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\edb00001.log.lolkek")) returned 1 [0062.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caeff0 | out: hHeap=0x5a0000) returned 1 [0062.260] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.260] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.260] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore", dwFileAttributes=0x80) returned 1 [0062.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.261] CloseHandle (hObject=0x2a8) returned 1 [0062.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.261] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x206000 [0062.261] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.261] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.264] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.264] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.264] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.266] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.266] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.266] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.266] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.266] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.266] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.266] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.266] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.266] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.266] CloseHandle (hObject=0x2a8) returned 1 [0062.266] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.266] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.lolkek") returned 102 [0062.266] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.msmessagestore.lolkek")) returned 1 [0062.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3bae0 | out: hHeap=0x5a0000) returned 1 [0062.267] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.267] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.267] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat", dwFileAttributes=0x80) returned 1 [0062.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.268] CloseHandle (hObject=0x2a8) returned 1 [0062.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.268] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0062.268] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.268] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.269] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.269] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.269] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.270] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.270] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.270] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.270] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.270] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.270] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.270] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.270] CloseHandle (hObject=0x2a8) returned 1 [0062.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.270] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.lolkek") returned 91 [0062.270] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\windowsmail.pat.lolkek")) returned 1 [0062.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6810 | out: hHeap=0x5a0000) returned 1 [0062.271] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.271] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.271] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk", dwFileAttributes=0x80) returned 1 [0062.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.272] CloseHandle (hObject=0x2a8) returned 1 [0062.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.272] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2000 [0062.272] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.272] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.273] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.273] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.273] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x2000, lpOverlapped=0x0) returned 1 [0062.274] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.274] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x2000, lpOverlapped=0x0) returned 1 [0062.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.274] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.274] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.274] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.274] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.274] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.274] CloseHandle (hObject=0x2a8) returned 1 [0062.274] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.274] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.lolkek") returned 72 [0062.274] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.chk.lolkek")) returned 1 [0062.275] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.275] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611840 | out: hHeap=0x5a0000) returned 1 [0062.275] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.275] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.275] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log", dwFileAttributes=0x80) returned 1 [0062.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.276] CloseHandle (hObject=0x2a8) returned 1 [0062.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.276] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0062.276] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.276] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.277] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.277] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.277] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.278] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.278] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.278] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.278] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.280] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.280] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.280] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.280] CloseHandle (hObject=0x2a8) returned 1 [0062.280] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.280] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.lolkek") returned 72 [0062.280] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb.log.lolkek")) returned 1 [0062.281] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.281] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6111b0 | out: hHeap=0x5a0000) returned 1 [0062.281] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.281] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.281] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log", dwFileAttributes=0x80) returned 1 [0062.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.282] CloseHandle (hObject=0x2a8) returned 1 [0062.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.282] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0062.282] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.282] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.283] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.283] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.283] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.283] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.283] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.284] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.284] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.284] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.284] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.285] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.286] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.286] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.286] CloseHandle (hObject=0x2a8) returned 1 [0062.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.286] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.lolkek") returned 77 [0062.286] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edb00001.log.lolkek")) returned 1 [0062.286] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.286] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3fb30 | out: hHeap=0x5a0000) returned 1 [0062.286] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.286] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.286] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs", dwFileAttributes=0x80) returned 1 [0062.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.287] CloseHandle (hObject=0x2a8) returned 1 [0062.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.287] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0062.287] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.287] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.288] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.288] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.288] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.289] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.289] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.290] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.290] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.290] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.291] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.291] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.291] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.291] CloseHandle (hObject=0x2a8) returned 1 [0062.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.291] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.lolkek") returned 80 [0062.291] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.lolkek")) returned 1 [0062.293] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.293] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca68d8 | out: hHeap=0x5a0000) returned 1 [0062.293] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.293] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.293] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs", dwFileAttributes=0x80) returned 1 [0062.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.294] CloseHandle (hObject=0x2a8) returned 1 [0062.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.294] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0062.294] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.294] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.296] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.296] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.296] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.297] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.297] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.297] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.297] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.299] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.299] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.299] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.299] CloseHandle (hObject=0x2a8) returned 1 [0062.299] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.299] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.lolkek") returned 80 [0062.299] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs.lolkek")) returned 1 [0062.300] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.300] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6b48 | out: hHeap=0x5a0000) returned 1 [0062.300] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.300] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.300] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml", dwFileAttributes=0x80) returned 1 [0062.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.300] CloseHandle (hObject=0x2a8) returned 1 [0062.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.301] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0062.301] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.301] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.301] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.301] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.301] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x104, lpOverlapped=0x0) returned 1 [0062.301] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.301] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x104, lpOverlapped=0x0) returned 1 [0062.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.302] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.302] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.302] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.302] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.302] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.302] CloseHandle (hObject=0x2a8) returned 1 [0062.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.302] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.lolkek") returned 74 [0062.302] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\oeold.xml.lolkek")) returned 1 [0062.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611728 | out: hHeap=0x5a0000) returned 1 [0062.303] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.303] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.303] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm", dwFileAttributes=0x80) returned 1 [0062.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.303] CloseHandle (hObject=0x2a8) returned 1 [0062.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.303] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xff [0062.303] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.303] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.304] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.304] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.304] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.304] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.304] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xff, lpOverlapped=0x0) returned 1 [0062.304] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff01, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.304] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xff, lpOverlapped=0x0) returned 1 [0062.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.304] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.304] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.304] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.304] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.304] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.305] CloseHandle (hObject=0x2a8) returned 1 [0062.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.305] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.lolkek") returned 85 [0062.305] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.lolkek")) returned 1 [0062.305] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.305] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616eb8 | out: hHeap=0x5a0000) returned 1 [0062.305] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.305] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.305] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", dwFileAttributes=0x80) returned 1 [0062.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.306] CloseHandle (hObject=0x2a8) returned 1 [0062.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.306] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x432 [0062.306] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.306] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.307] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.307] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.307] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x432, lpOverlapped=0x0) returned 1 [0062.307] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffbce, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.307] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x432, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x432, lpOverlapped=0x0) returned 1 [0062.307] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.307] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.307] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.307] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.307] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.308] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.308] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.308] CloseHandle (hObject=0x2a8) returned 1 [0062.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.308] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.lolkek") returned 85 [0062.308] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.lolkek")) returned 1 [0062.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616c28 | out: hHeap=0x5a0000) returned 1 [0062.308] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.308] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.309] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini", dwFileAttributes=0x80) returned 1 [0062.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.309] CloseHandle (hObject=0x2a8) returned 1 [0062.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.309] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x285 [0062.309] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.309] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.310] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.310] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.310] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x285, lpOverlapped=0x0) returned 1 [0062.310] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffd7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.310] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x285, lpOverlapped=0x0) returned 1 [0062.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.310] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.310] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.310] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.310] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.310] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.311] CloseHandle (hObject=0x2a8) returned 1 [0062.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.311] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.lolkek") returned 87 [0062.311] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.lolkek")) returned 1 [0062.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae530 | out: hHeap=0x5a0000) returned 1 [0062.312] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.312] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.312] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm", dwFileAttributes=0x80) returned 1 [0062.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.312] CloseHandle (hObject=0x2a8) returned 1 [0062.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.312] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe7 [0062.312] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.312] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.313] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.313] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.313] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xe7, lpOverlapped=0x0) returned 1 [0062.313] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff19, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.313] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe7, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xe7, lpOverlapped=0x0) returned 1 [0062.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.313] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.313] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.313] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.314] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.314] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.314] CloseHandle (hObject=0x2a8) returned 1 [0062.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.314] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.lolkek") returned 86 [0062.314] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm.lolkek")) returned 1 [0062.314] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.314] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617520 | out: hHeap=0x5a0000) returned 1 [0062.314] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.314] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.314] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", dwFileAttributes=0x80) returned 1 [0062.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.315] CloseHandle (hObject=0x2a8) returned 1 [0062.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.315] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5d3f [0062.315] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.315] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.316] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.316] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.316] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.317] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.317] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.317] CloseHandle (hObject=0x2a8) returned 1 [0062.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.317] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.lolkek") returned 86 [0062.317] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.lolkek")) returned 1 [0062.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617668 | out: hHeap=0x5a0000) returned 1 [0062.319] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.319] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.319] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm", dwFileAttributes=0x80) returned 1 [0062.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.319] CloseHandle (hObject=0x2a8) returned 1 [0062.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.320] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0062.320] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.320] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.320] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.320] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.320] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.320] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.320] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xed, lpOverlapped=0x0) returned 1 [0062.320] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.320] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xed, lpOverlapped=0x0) returned 1 [0062.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.321] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.321] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.321] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.321] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.321] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.321] CloseHandle (hObject=0x2a8) returned 1 [0062.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.321] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.lolkek") returned 93 [0062.321] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm.lolkek")) returned 1 [0062.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6c48 | out: hHeap=0x5a0000) returned 1 [0062.322] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.322] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.322] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", dwFileAttributes=0x80) returned 1 [0062.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.322] CloseHandle (hObject=0x2a8) returned 1 [0062.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.322] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1906 [0062.322] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.322] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.323] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.323] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.323] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1906, lpOverlapped=0x0) returned 1 [0062.324] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffe6fa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.324] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1906, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1906, lpOverlapped=0x0) returned 1 [0062.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.324] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.324] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.324] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.324] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.324] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.324] CloseHandle (hObject=0x2a8) returned 1 [0062.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.325] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.lolkek") returned 92 [0062.325] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.lolkek")) returned 1 [0062.325] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.325] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6ae0 | out: hHeap=0x5a0000) returned 1 [0062.325] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.325] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.325] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm", dwFileAttributes=0x80) returned 1 [0062.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.326] CloseHandle (hObject=0x2a8) returned 1 [0062.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.326] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xeb [0062.326] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.326] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.326] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.327] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.327] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xeb, lpOverlapped=0x0) returned 1 [0062.327] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff15, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.327] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xeb, lpOverlapped=0x0) returned 1 [0062.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.327] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.327] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.327] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.327] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.327] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.327] CloseHandle (hObject=0x2a8) returned 1 [0062.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.327] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.lolkek") returned 91 [0062.327] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.lolkek")) returned 1 [0062.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6978 | out: hHeap=0x5a0000) returned 1 [0062.328] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.328] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.328] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", dwFileAttributes=0x80) returned 1 [0062.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.329] CloseHandle (hObject=0x2a8) returned 1 [0062.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.329] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x107e [0062.329] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.329] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.330] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.330] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.330] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x107e, lpOverlapped=0x0) returned 1 [0062.330] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffef82, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.331] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x107e, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x107e, lpOverlapped=0x0) returned 1 [0062.331] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.331] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.331] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.331] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.331] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.331] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.331] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.331] CloseHandle (hObject=0x2a8) returned 1 [0062.331] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.331] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.lolkek") returned 90 [0062.331] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.lolkek")) returned 1 [0062.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cada70 | out: hHeap=0x5a0000) returned 1 [0062.332] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.332] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.332] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm", dwFileAttributes=0x80) returned 1 [0062.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.332] CloseHandle (hObject=0x2a8) returned 1 [0062.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.333] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0062.333] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.333] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.333] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.333] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.333] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xed, lpOverlapped=0x0) returned 1 [0062.333] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.333] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xed, lpOverlapped=0x0) returned 1 [0062.334] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.334] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.334] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.334] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.334] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.334] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.334] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.334] CloseHandle (hObject=0x2a8) returned 1 [0062.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.334] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.lolkek") returned 94 [0062.334] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm.lolkek")) returned 1 [0062.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da61d0 | out: hHeap=0x5a0000) returned 1 [0062.335] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.335] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.335] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg", dwFileAttributes=0x80) returned 1 [0062.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.335] CloseHandle (hObject=0x2a8) returned 1 [0062.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.336] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18ed [0062.336] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.336] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.337] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.337] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.337] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x18ed, lpOverlapped=0x0) returned 1 [0062.338] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffe713, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.343] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18ed, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x18ed, lpOverlapped=0x0) returned 1 [0062.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.343] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.343] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.343] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.343] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.343] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.344] CloseHandle (hObject=0x2a8) returned 1 [0062.344] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.344] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.lolkek") returned 93 [0062.344] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg.lolkek")) returned 1 [0062.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6338 | out: hHeap=0x5a0000) returned 1 [0062.344] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.345] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.345] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm", dwFileAttributes=0x80) returned 1 [0062.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.345] CloseHandle (hObject=0x2a8) returned 1 [0062.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.345] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0062.345] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.345] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.346] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.346] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.346] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xe8, lpOverlapped=0x0) returned 1 [0062.346] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.346] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xe8, lpOverlapped=0x0) returned 1 [0062.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.346] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.346] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.346] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.346] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.346] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.346] CloseHandle (hObject=0x2a8) returned 1 [0062.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.347] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.lolkek") returned 87 [0062.347] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.lolkek")) returned 1 [0062.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae280 | out: hHeap=0x5a0000) returned 1 [0062.347] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.347] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.347] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", dwFileAttributes=0x80) returned 1 [0062.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.348] CloseHandle (hObject=0x2a8) returned 1 [0062.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.348] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13fb [0062.348] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.348] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.349] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.349] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.349] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.349] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.349] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x13fb, lpOverlapped=0x0) returned 1 [0062.350] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffec05, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.350] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x13fb, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x13fb, lpOverlapped=0x0) returned 1 [0062.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.350] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.350] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.350] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.350] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.350] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.350] CloseHandle (hObject=0x2a8) returned 1 [0062.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.350] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.lolkek") returned 87 [0062.350] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.lolkek")) returned 1 [0062.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae7e0 | out: hHeap=0x5a0000) returned 1 [0062.351] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.351] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.351] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm", dwFileAttributes=0x80) returned 1 [0062.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.351] CloseHandle (hObject=0x2a8) returned 1 [0062.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.351] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe9 [0062.352] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.352] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.352] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.352] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.352] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.352] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.352] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xe9, lpOverlapped=0x0) returned 1 [0062.352] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff17, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.353] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe9, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xe9, lpOverlapped=0x0) returned 1 [0062.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.353] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.353] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.353] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.353] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.353] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.353] CloseHandle (hObject=0x2a8) returned 1 [0062.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.353] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.lolkek") returned 85 [0062.353] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.lolkek")) returned 1 [0062.354] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.354] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616330 | out: hHeap=0x5a0000) returned 1 [0062.354] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.354] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.354] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg", dwFileAttributes=0x80) returned 1 [0062.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.354] CloseHandle (hObject=0x2a8) returned 1 [0062.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.354] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x780 [0062.355] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.355] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.356] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.356] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.356] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x780, lpOverlapped=0x0) returned 1 [0062.356] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffff880, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.356] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x780, lpOverlapped=0x0) returned 1 [0062.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.356] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.356] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.356] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.356] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.356] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.356] CloseHandle (hObject=0x2a8) returned 1 [0062.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.356] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.lolkek") returned 85 [0062.356] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg.lolkek")) returned 1 [0062.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616d70 | out: hHeap=0x5a0000) returned 1 [0062.357] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.357] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.357] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm", dwFileAttributes=0x80) returned 1 [0062.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.357] CloseHandle (hObject=0x2a8) returned 1 [0062.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.358] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0062.358] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.358] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.358] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.358] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.358] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xed, lpOverlapped=0x0) returned 1 [0062.358] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.358] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xed, lpOverlapped=0x0) returned 1 [0062.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.359] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.359] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.359] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.359] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.359] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.359] CloseHandle (hObject=0x2a8) returned 1 [0062.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.359] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.lolkek") returned 94 [0062.359] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm.lolkek")) returned 1 [0062.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da64a0 | out: hHeap=0x5a0000) returned 1 [0062.360] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.360] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.360] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", dwFileAttributes=0x80) returned 1 [0062.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.360] CloseHandle (hObject=0x2a8) returned 1 [0062.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.360] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x127e [0062.360] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.360] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.362] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.362] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.362] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x127e, lpOverlapped=0x0) returned 1 [0062.362] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffed82, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.362] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x127e, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x127e, lpOverlapped=0x0) returned 1 [0062.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.362] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.362] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.362] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.362] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.363] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.363] CloseHandle (hObject=0x2a8) returned 1 [0062.363] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.363] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.lolkek") returned 92 [0062.363] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.lolkek")) returned 1 [0062.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6608 | out: hHeap=0x5a0000) returned 1 [0062.364] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.364] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.364] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm", dwFileAttributes=0x80) returned 1 [0062.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.365] CloseHandle (hObject=0x2a8) returned 1 [0062.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.365] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0062.365] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.365] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.366] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.366] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.366] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xe8, lpOverlapped=0x0) returned 1 [0062.366] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.366] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xe8, lpOverlapped=0x0) returned 1 [0062.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.366] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.366] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.366] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.366] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.366] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.366] CloseHandle (hObject=0x2a8) returned 1 [0062.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.366] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.lolkek") returned 89 [0062.366] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.lolkek")) returned 1 [0062.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caea90 | out: hHeap=0x5a0000) returned 1 [0062.367] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.367] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.367] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", dwFileAttributes=0x80) returned 1 [0062.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.367] CloseHandle (hObject=0x2a8) returned 1 [0062.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.368] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2949 [0062.368] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.368] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.369] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.369] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.369] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x2949, lpOverlapped=0x0) returned 1 [0062.370] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffd6b7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.370] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2949, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x2949, lpOverlapped=0x0) returned 1 [0062.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.370] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.370] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.370] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.370] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.370] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.370] CloseHandle (hObject=0x2a8) returned 1 [0062.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.370] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.lolkek") returned 88 [0062.370] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.lolkek")) returned 1 [0062.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae688 | out: hHeap=0x5a0000) returned 1 [0062.371] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.371] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.371] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm", dwFileAttributes=0x80) returned 1 [0062.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.371] CloseHandle (hObject=0x2a8) returned 1 [0062.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.372] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe6 [0062.372] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.372] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.372] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.372] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.372] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xe6, lpOverlapped=0x0) returned 1 [0062.372] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.372] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xe6, lpOverlapped=0x0) returned 1 [0062.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.373] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.373] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.373] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.373] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.373] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.373] CloseHandle (hObject=0x2a8) returned 1 [0062.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0062.373] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.lolkek") returned 85 [0062.373] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.lolkek")) returned 1 [0062.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0062.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6165c0 | out: hHeap=0x5a0000) returned 1 [0062.373] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.374] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.374] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg", dwFileAttributes=0x80) returned 1 [0062.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.374] CloseHandle (hObject=0x2a8) returned 1 [0062.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.374] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d51 [0062.374] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.374] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.381] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.381] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.381] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1d51, lpOverlapped=0x0) returned 1 [0062.388] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffe2af, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.388] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d51, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1d51, lpOverlapped=0x0) returned 1 [0062.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.388] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.388] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.389] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.389] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.389] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.389] CloseHandle (hObject=0x2a8) returned 1 [0062.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0062.389] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.lolkek") returned 85 [0062.389] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg.lolkek")) returned 1 [0062.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0062.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6160a0 | out: hHeap=0x5a0000) returned 1 [0062.390] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.390] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.390] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore", dwFileAttributes=0x80) returned 1 [0062.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.391] CloseHandle (hObject=0x2a8) returned 1 [0062.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.391] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x204000 [0062.391] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.391] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.394] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.394] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.394] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.395] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.395] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.395] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.395] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.395] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.395] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.395] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.395] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.395] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.395] CloseHandle (hObject=0x2a8) returned 1 [0062.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0062.395] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.lolkek") returned 91 [0062.396] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore.lolkek")) returned 1 [0062.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0062.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6770 | out: hHeap=0x5a0000) returned 1 [0062.396] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.396] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.396] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat", dwFileAttributes=0x80) returned 1 [0062.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.397] CloseHandle (hObject=0x2a8) returned 1 [0062.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.397] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0062.397] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.397] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.404] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.404] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.404] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.404] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.404] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.405] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.405] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.405] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.405] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.405] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.406] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.406] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.406] CloseHandle (hObject=0x2a8) returned 1 [0062.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.406] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.lolkek") returned 80 [0062.406] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat.lolkek")) returned 1 [0062.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7298 | out: hHeap=0x5a0000) returned 1 [0062.407] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.407] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.407] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD", dwFileAttributes=0x80) returned 1 [0062.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.407] CloseHandle (hObject=0x2a8) returned 1 [0062.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.408] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f2 [0062.408] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.408] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.408] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.408] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.408] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1f2, lpOverlapped=0x0) returned 1 [0062.408] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe0e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.408] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1f2, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1f2, lpOverlapped=0x0) returned 1 [0062.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.409] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.409] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.409] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.409] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.409] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.409] CloseHandle (hObject=0x2a8) returned 1 [0062.409] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.409] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.lolkek") returned 82 [0062.409] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.lolkek")) returned 1 [0062.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca67a0 | out: hHeap=0x5a0000) returned 1 [0062.410] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.410] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.410] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML", dwFileAttributes=0x80) returned 1 [0062.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.410] CloseHandle (hObject=0x2a8) returned 1 [0062.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.410] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x27cf [0062.410] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.410] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.411] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.411] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.412] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x27cf, lpOverlapped=0x0) returned 1 [0062.412] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffd831, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.412] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x27cf, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x27cf, lpOverlapped=0x0) returned 1 [0062.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.412] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.412] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.412] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.412] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.413] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.413] CloseHandle (hObject=0x2a8) returned 1 [0062.413] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.413] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.lolkek") returned 82 [0062.413] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml.lolkek")) returned 1 [0062.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac778 | out: hHeap=0x5a0000) returned 1 [0062.413] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.413] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.413] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini", dwFileAttributes=0x80) returned 1 [0062.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.414] CloseHandle (hObject=0x2a8) returned 1 [0062.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.414] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x54 [0062.414] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.414] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.414] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x54, lpOverlapped=0x0) returned 1 [0062.415] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffac, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.415] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x54, lpOverlapped=0x0) returned 1 [0062.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.415] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.415] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.415] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.415] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.415] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.415] CloseHandle (hObject=0x2a8) returned 1 [0062.415] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.415] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.lolkek") returned 80 [0062.415] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.lolkek")) returned 1 [0062.416] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.416] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cac8b0 | out: hHeap=0x5a0000) returned 1 [0062.416] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.416] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.416] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt", dwFileAttributes=0x80) returned 1 [0062.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.417] CloseHandle (hObject=0x2a8) returned 1 [0062.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.417] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0062.417] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.417] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.417] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0062.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.417] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.417] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.418] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.418] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.418] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.418] CloseHandle (hObject=0x2a8) returned 1 [0062.418] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.418] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt.lolkek") returned 69 [0062.418] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt.lolkek" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt.lolkek")) returned 1 [0062.419] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.419] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4968 | out: hHeap=0x5a0000) returned 1 [0062.419] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.419] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.419] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9", dwFileAttributes=0x80) returned 1 [0062.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.419] CloseHandle (hObject=0x2a8) returned 1 [0062.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.419] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x228 [0062.419] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.420] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.420] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.420] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.420] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x228, lpOverlapped=0x0) returned 1 [0062.420] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffdd8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.420] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x228, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x228, lpOverlapped=0x0) returned 1 [0062.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.420] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.420] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.421] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.421] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.421] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.421] CloseHandle (hObject=0x2a8) returned 1 [0062.421] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.421] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek") returned 112 [0062.421] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9.lolkek")) returned 1 [0062.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd55d8 | out: hHeap=0x5a0000) returned 1 [0062.422] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.422] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.422] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015", dwFileAttributes=0x80) returned 1 [0062.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.422] CloseHandle (hObject=0x2a8) returned 1 [0062.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.422] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0062.422] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.422] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.422] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0062.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.423] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.423] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.423] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.423] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.423] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.423] CloseHandle (hObject=0x2a8) returned 1 [0062.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.423] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.lolkek") returned 112 [0062.424] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.lolkek" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.lolkek")) returned 1 [0062.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f580 | out: hHeap=0x5a0000) returned 1 [0062.424] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.424] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.424] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9", dwFileAttributes=0x80) returned 1 [0062.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.425] CloseHandle (hObject=0x2a8) returned 1 [0062.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.425] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0062.425] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.425] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.425] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.425] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.425] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x104, lpOverlapped=0x0) returned 1 [0062.426] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.426] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x104, lpOverlapped=0x0) returned 1 [0062.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.426] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.426] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.426] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.426] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.426] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.426] CloseHandle (hObject=0x2a8) returned 1 [0062.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.426] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek") returned 113 [0062.426] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.lolkek")) returned 1 [0062.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618490 | out: hHeap=0x5a0000) returned 1 [0062.427] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.427] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.427] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015", dwFileAttributes=0x80) returned 1 [0062.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.427] CloseHandle (hObject=0x2a8) returned 1 [0062.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.427] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x130 [0062.428] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.428] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.428] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.428] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.428] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x130, lpOverlapped=0x0) returned 1 [0062.428] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffed0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.428] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x130, lpOverlapped=0x0) returned 1 [0062.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.428] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.429] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.429] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.429] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.429] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.429] CloseHandle (hObject=0x2a8) returned 1 [0062.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.429] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.lolkek") returned 113 [0062.429] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.lolkek" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.lolkek")) returned 1 [0062.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec5ee8 | out: hHeap=0x5a0000) returned 1 [0062.430] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.430] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.430] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.430] CloseHandle (hObject=0x2a8) returned 1 [0062.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.430] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x92 [0062.430] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.430] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.431] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.431] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.431] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.431] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.431] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x92, lpOverlapped=0x0) returned 1 [0062.431] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff6e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.431] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x92, lpOverlapped=0x0) returned 1 [0062.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.431] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.431] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.431] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.431] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.431] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.432] CloseHandle (hObject=0x2a8) returned 1 [0062.432] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.432] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.lolkek") returned 96 [0062.432] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.lolkek")) returned 1 [0062.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de05b0 | out: hHeap=0x5a0000) returned 1 [0062.432] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.433] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.433] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", dwFileAttributes=0x80) returned 1 [0062.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.433] CloseHandle (hObject=0x2a8) returned 1 [0062.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.433] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x122 [0062.433] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.433] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.434] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.434] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.434] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x122, lpOverlapped=0x0) returned 1 [0062.434] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffede, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.434] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x122, lpOverlapped=0x0) returned 1 [0062.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.434] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.434] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.434] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.434] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.434] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.434] CloseHandle (hObject=0x2a8) returned 1 [0062.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.435] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.lolkek") returned 102 [0062.435] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.lolkek")) returned 1 [0062.435] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.435] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde5d0 | out: hHeap=0x5a0000) returned 1 [0062.435] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.435] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.435] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.436] CloseHandle (hObject=0x2a8) returned 1 [0062.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.437] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd3 [0062.437] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.437] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.437] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.437] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.437] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xd3, lpOverlapped=0x0) returned 1 [0062.438] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff2d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.438] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xd3, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xd3, lpOverlapped=0x0) returned 1 [0062.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.438] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.438] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.438] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.438] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.438] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.438] CloseHandle (hObject=0x2a8) returned 1 [0062.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.439] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.lolkek") returned 116 [0062.439] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.lolkek")) returned 1 [0062.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eef0 | out: hHeap=0x5a0000) returned 1 [0062.440] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.440] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.440] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk", dwFileAttributes=0x80) returned 1 [0062.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.441] CloseHandle (hObject=0x2a8) returned 1 [0062.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.441] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5a9 [0062.441] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.441] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.443] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.443] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.443] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x5a9, lpOverlapped=0x0) returned 1 [0062.443] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffa57, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.443] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5a9, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x5a9, lpOverlapped=0x0) returned 1 [0062.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.443] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.443] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.443] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.443] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.443] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.444] CloseHandle (hObject=0x2a8) returned 1 [0062.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.444] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.lolkek") returned 126 [0062.444] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.lolkek")) returned 1 [0062.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3668 | out: hHeap=0x5a0000) returned 1 [0062.445] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.445] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.445] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk", dwFileAttributes=0x80) returned 1 [0062.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.446] CloseHandle (hObject=0x2a8) returned 1 [0062.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.446] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4cc [0062.446] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.446] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.448] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.449] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.449] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4cc, lpOverlapped=0x0) returned 1 [0062.449] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffb34, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.449] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4cc, lpOverlapped=0x0) returned 1 [0062.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.449] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.449] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.449] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.449] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.449] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.449] CloseHandle (hObject=0x2a8) returned 1 [0062.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.450] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.lolkek") returned 125 [0062.450] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.lolkek")) returned 1 [0062.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3850 | out: hHeap=0x5a0000) returned 1 [0062.451] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.451] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.451] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", dwFileAttributes=0x80) returned 1 [0062.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.451] CloseHandle (hObject=0x2a8) returned 1 [0062.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.451] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x60b [0062.452] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.452] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.453] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.453] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.453] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x60b, lpOverlapped=0x0) returned 1 [0062.453] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffff9f5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.453] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x60b, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x60b, lpOverlapped=0x0) returned 1 [0062.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.453] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.453] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.453] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.454] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.454] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.454] CloseHandle (hObject=0x2a8) returned 1 [0062.454] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.454] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.lolkek") returned 129 [0062.454] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.lolkek")) returned 1 [0062.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4e38 | out: hHeap=0x5a0000) returned 1 [0062.455] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.455] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.455] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", dwFileAttributes=0x80) returned 1 [0062.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.455] CloseHandle (hObject=0x2a8) returned 1 [0062.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.455] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x110 [0062.455] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.456] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.456] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.456] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.456] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x110, lpOverlapped=0x0) returned 1 [0062.456] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffef0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.456] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x110, lpOverlapped=0x0) returned 1 [0062.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.456] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.456] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.457] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.457] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.457] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.457] CloseHandle (hObject=0x2a8) returned 1 [0062.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.457] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.lolkek") returned 104 [0062.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.lolkek")) returned 1 [0062.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de02e8 | out: hHeap=0x5a0000) returned 1 [0062.457] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.458] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.458] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST", dwFileAttributes=0x80) returned 1 [0062.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.458] CloseHandle (hObject=0x2a8) returned 1 [0062.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.458] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18 [0062.458] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.458] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.458] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x18, lpOverlapped=0x0) returned 1 [0062.459] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffe8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.459] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x18, lpOverlapped=0x0) returned 1 [0062.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.459] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.459] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.459] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.459] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.459] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.459] CloseHandle (hObject=0x2a8) returned 1 [0062.460] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.460] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.lolkek") returned 70 [0062.460] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\credhist.lolkek")) returned 1 [0062.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4548 | out: hHeap=0x5a0000) returned 1 [0062.460] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.460] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.460] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", dwFileAttributes=0x80) returned 1 [0062.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.461] CloseHandle (hObject=0x2a8) returned 1 [0062.461] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.461] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0062.461] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.461] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.462] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.462] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.462] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1d4, lpOverlapped=0x0) returned 1 [0062.462] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.462] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1d4, lpOverlapped=0x0) returned 1 [0062.462] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.462] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.462] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.462] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.462] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.462] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.462] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.462] CloseHandle (hObject=0x2a8) returned 1 [0062.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.462] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.lolkek") returned 144 [0062.462] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9.lolkek")) returned 1 [0062.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7d00 | out: hHeap=0x5a0000) returned 1 [0062.464] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.464] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.464] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred", dwFileAttributes=0x80) returned 1 [0062.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.465] CloseHandle (hObject=0x2a8) returned 1 [0062.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.465] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18 [0062.465] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.465] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.465] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x18, lpOverlapped=0x0) returned 1 [0062.466] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffe8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.466] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x18, lpOverlapped=0x0) returned 1 [0062.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.466] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.466] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.466] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.466] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.466] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.467] CloseHandle (hObject=0x2a8) returned 1 [0062.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.467] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.lolkek") returned 117 [0062.467] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred.lolkek" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred.lolkek")) returned 1 [0062.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a030 | out: hHeap=0x5a0000) returned 1 [0062.467] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.467] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.467] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact", dwFileAttributes=0x80) returned 1 [0062.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.468] CloseHandle (hObject=0x2a8) returned 1 [0062.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.468] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10b1e [0062.468] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.468] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.470] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.470] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.470] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.470] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.470] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.471] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.471] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.471] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.471] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.471] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.471] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.471] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.471] CloseHandle (hObject=0x2a8) returned 1 [0062.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.471] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.lolkek") returned 58 [0062.471] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.lolkek" (normalized: "c:\\users\\default\\contacts\\administrator.contact.lolkek")) returned 1 [0062.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe900 | out: hHeap=0x5a0000) returned 1 [0062.472] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.472] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.472] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.473] CloseHandle (hObject=0x2a8) returned 1 [0062.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.473] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19c [0062.473] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.473] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.473] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.474] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.474] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x19c, lpOverlapped=0x0) returned 1 [0062.474] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe64, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.474] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x19c, lpOverlapped=0x0) returned 1 [0062.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.474] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.474] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.474] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.474] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.474] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.474] CloseHandle (hObject=0x2a8) returned 1 [0062.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.474] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini.lolkek") returned 48 [0062.474] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\contacts\\desktop.ini.lolkek")) returned 1 [0062.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1668 | out: hHeap=0x5a0000) returned 1 [0062.475] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.475] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.475] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.476] CloseHandle (hObject=0x2a8) returned 1 [0062.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.476] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a [0062.476] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.476] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.476] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.477] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.477] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x11a, lpOverlapped=0x0) returned 1 [0062.477] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffee6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.477] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x11a, lpOverlapped=0x0) returned 1 [0062.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.477] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.477] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.477] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.477] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.477] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.477] CloseHandle (hObject=0x2a8) returned 1 [0062.477] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.477] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini.lolkek") returned 47 [0062.477] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\desktop\\desktop.ini.lolkek")) returned 1 [0062.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1718 | out: hHeap=0x5a0000) returned 1 [0062.478] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.478] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.480] CloseHandle (hObject=0x2a8) returned 1 [0062.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.480] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x192 [0062.480] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.480] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.481] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.481] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.482] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x192, lpOverlapped=0x0) returned 1 [0062.482] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe6e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.482] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x192, lpOverlapped=0x0) returned 1 [0062.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.482] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.482] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.482] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.482] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.482] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.482] CloseHandle (hObject=0x2a8) returned 1 [0062.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.482] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini.lolkek") returned 49 [0062.482] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\documents\\desktop.ini.lolkek")) returned 1 [0062.487] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.487] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9668 | out: hHeap=0x5a0000) returned 1 [0062.487] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.487] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.487] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.488] CloseHandle (hObject=0x2a8) returned 1 [0062.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.489] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a [0062.489] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.489] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.489] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.489] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.489] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x11a, lpOverlapped=0x0) returned 1 [0062.489] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffee6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.490] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x11a, lpOverlapped=0x0) returned 1 [0062.490] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.490] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.490] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.490] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.490] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.490] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.490] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.490] CloseHandle (hObject=0x2a8) returned 1 [0062.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.490] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini.lolkek") returned 49 [0062.490] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\downloads\\desktop.ini.lolkek")) returned 1 [0062.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9720 | out: hHeap=0x5a0000) returned 1 [0062.491] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.491] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.491] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.492] CloseHandle (hObject=0x2a8) returned 1 [0062.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.492] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x192 [0062.492] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.492] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.492] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.492] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.492] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x192, lpOverlapped=0x0) returned 1 [0062.493] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe6e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.493] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x192, lpOverlapped=0x0) returned 1 [0062.493] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.493] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.493] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.493] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.493] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.493] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.493] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.493] CloseHandle (hObject=0x2a8) returned 1 [0062.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.493] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini.lolkek") returned 49 [0062.493] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\favorites\\desktop.ini.lolkek")) returned 1 [0062.494] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.494] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca97d8 | out: hHeap=0x5a0000) returned 1 [0062.494] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.494] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.494] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.494] CloseHandle (hObject=0x2a8) returned 1 [0062.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.495] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x50 [0062.495] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.495] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.495] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.495] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.495] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x50, lpOverlapped=0x0) returned 1 [0062.495] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffb0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.495] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x50, lpOverlapped=0x0) returned 1 [0062.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.495] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.496] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.496] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.496] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.496] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.496] CloseHandle (hObject=0x2a8) returned 1 [0062.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.496] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini.lolkek") returned 55 [0062.496] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini.lolkek")) returned 1 [0062.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3be28 | out: hHeap=0x5a0000) returned 1 [0062.497] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.497] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.497] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", dwFileAttributes=0x80) returned 1 [0062.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.497] CloseHandle (hObject=0x2a8) returned 1 [0062.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.497] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe2 [0062.497] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.498] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.498] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.498] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.498] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xe2, lpOverlapped=0x0) returned 1 [0062.498] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.498] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xe2, lpOverlapped=0x0) returned 1 [0062.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.498] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.498] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.499] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.499] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.499] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.499] CloseHandle (hObject=0x2a8) returned 1 [0062.499] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.499] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.lolkek") returned 65 [0062.499] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.lolkek" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.lolkek")) returned 1 [0062.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca86e0 | out: hHeap=0x5a0000) returned 1 [0062.500] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.500] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.500] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", dwFileAttributes=0x80) returned 1 [0062.500] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.500] CloseHandle (hObject=0x2a8) returned 1 [0062.500] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.500] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.500] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.500] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.501] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.501] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.501] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.501] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.501] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.501] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.501] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.502] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.502] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.502] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.502] CloseHandle (hObject=0x2a8) returned 1 [0062.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.502] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.lolkek") returned 75 [0062.502] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.lolkek" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.lolkek")) returned 1 [0062.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc230 | out: hHeap=0x5a0000) returned 1 [0062.502] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.503] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.503] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", dwFileAttributes=0x80) returned 1 [0062.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.503] CloseHandle (hObject=0x2a8) returned 1 [0062.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.503] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.503] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.503] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.504] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.504] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.504] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.504] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.504] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.504] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.504] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.504] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.505] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.505] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.505] CloseHandle (hObject=0x2a8) returned 1 [0062.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.505] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.lolkek") returned 85 [0062.505] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.lolkek" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.lolkek")) returned 1 [0062.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6178f8 | out: hHeap=0x5a0000) returned 1 [0062.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.506] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.506] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", dwFileAttributes=0x80) returned 1 [0062.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.506] CloseHandle (hObject=0x2a8) returned 1 [0062.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.506] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.506] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.506] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.507] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.507] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.507] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.507] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.507] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.507] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.507] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.507] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.507] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.508] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.508] CloseHandle (hObject=0x2a8) returned 1 [0062.508] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.508] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.lolkek") returned 78 [0062.508] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.lolkek" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.lolkek")) returned 1 [0062.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3ee78 | out: hHeap=0x5a0000) returned 1 [0062.508] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.508] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.508] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", dwFileAttributes=0x80) returned 1 [0062.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.509] CloseHandle (hObject=0x2a8) returned 1 [0062.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.509] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.509] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.509] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.510] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.510] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.510] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.510] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.510] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.510] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.510] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.510] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.510] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.511] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.511] CloseHandle (hObject=0x2a8) returned 1 [0062.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.511] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.lolkek") returned 78 [0062.511] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.lolkek" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.lolkek")) returned 1 [0062.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f0c8 | out: hHeap=0x5a0000) returned 1 [0062.511] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.511] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.511] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", dwFileAttributes=0x80) returned 1 [0062.512] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.512] CloseHandle (hObject=0x2a8) returned 1 [0062.512] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.512] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x86 [0062.512] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.512] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.513] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.513] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.513] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x86, lpOverlapped=0x0) returned 1 [0062.513] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.513] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x86, lpOverlapped=0x0) returned 1 [0062.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.513] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.513] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.513] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.513] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.513] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.513] CloseHandle (hObject=0x2a8) returned 1 [0062.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.513] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.lolkek") returned 76 [0062.513] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.lolkek" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.lolkek")) returned 1 [0062.514] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.514] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60e930 | out: hHeap=0x5a0000) returned 1 [0062.514] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.514] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.514] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", dwFileAttributes=0x80) returned 1 [0062.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.515] CloseHandle (hObject=0x2a8) returned 1 [0062.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.515] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.515] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.515] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.515] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.515] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.515] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.515] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.516] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.516] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.516] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.516] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.516] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.516] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.516] CloseHandle (hObject=0x2a8) returned 1 [0062.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.516] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.lolkek") returned 64 [0062.516] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.lolkek" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.lolkek")) returned 1 [0062.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e373b8 | out: hHeap=0x5a0000) returned 1 [0062.517] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.517] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.517] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", dwFileAttributes=0x80) returned 1 [0062.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.517] CloseHandle (hObject=0x2a8) returned 1 [0062.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.517] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.518] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.518] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.518] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.518] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.518] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.518] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.518] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.518] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.518] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.519] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.519] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.519] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.519] CloseHandle (hObject=0x2a8) returned 1 [0062.519] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.519] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.lolkek") returned 72 [0062.519] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.lolkek" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.lolkek")) returned 1 [0062.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.520] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6112c8 | out: hHeap=0x5a0000) returned 1 [0062.520] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.520] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.520] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", dwFileAttributes=0x80) returned 1 [0062.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.520] CloseHandle (hObject=0x2a8) returned 1 [0062.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.520] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.520] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.520] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.521] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.521] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.521] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.521] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.521] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.521] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.521] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.521] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.521] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.522] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.522] CloseHandle (hObject=0x2a8) returned 1 [0062.522] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.522] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.lolkek") returned 64 [0062.522] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.lolkek" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.lolkek")) returned 1 [0062.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e372c8 | out: hHeap=0x5a0000) returned 1 [0062.522] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.522] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.522] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", dwFileAttributes=0x80) returned 1 [0062.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.523] CloseHandle (hObject=0x2a8) returned 1 [0062.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.523] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.523] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.523] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.524] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.524] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.524] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.524] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.524] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.524] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.524] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.524] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.524] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.524] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.524] CloseHandle (hObject=0x2a8) returned 1 [0062.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.524] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.lolkek") returned 65 [0062.524] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.lolkek" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.lolkek")) returned 1 [0062.525] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.525] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8018 | out: hHeap=0x5a0000) returned 1 [0062.525] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.525] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.525] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", dwFileAttributes=0x80) returned 1 [0062.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.526] CloseHandle (hObject=0x2a8) returned 1 [0062.526] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.526] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.526] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.526] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.526] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.527] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.527] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.527] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.527] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.527] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.527] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.527] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.527] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.527] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.527] CloseHandle (hObject=0x2a8) returned 1 [0062.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.527] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.lolkek") returned 58 [0062.527] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.lolkek" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.lolkek")) returned 1 [0062.528] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.528] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe090 | out: hHeap=0x5a0000) returned 1 [0062.528] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.528] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.528] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", dwFileAttributes=0x80) returned 1 [0062.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.528] CloseHandle (hObject=0x2a8) returned 1 [0062.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.529] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.529] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.529] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.529] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.529] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.529] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.529] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.529] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.529] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.529] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.529] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.529] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.530] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.530] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.530] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.530] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.530] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.530] CloseHandle (hObject=0x2a8) returned 1 [0062.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.530] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.lolkek") returned 65 [0062.530] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.lolkek" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.lolkek")) returned 1 [0062.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8ac0 | out: hHeap=0x5a0000) returned 1 [0062.530] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.531] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.531] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", dwFileAttributes=0x80) returned 1 [0062.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.531] CloseHandle (hObject=0x2a8) returned 1 [0062.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.531] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.531] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.531] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.532] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.532] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.532] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.532] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.532] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.532] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.532] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.532] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.532] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.532] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.532] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.532] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.532] CloseHandle (hObject=0x2a8) returned 1 [0062.533] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.533] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.lolkek") returned 71 [0062.533] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.lolkek" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.lolkek")) returned 1 [0062.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612330 | out: hHeap=0x5a0000) returned 1 [0062.533] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.533] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.533] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", dwFileAttributes=0x80) returned 1 [0062.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.534] CloseHandle (hObject=0x2a8) returned 1 [0062.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.534] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.534] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.534] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.535] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.535] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.535] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.535] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.535] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.535] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.535] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.535] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.535] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.535] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.535] CloseHandle (hObject=0x2a8) returned 1 [0062.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.535] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.lolkek") returned 75 [0062.535] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.lolkek" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.lolkek")) returned 1 [0062.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f8a0 | out: hHeap=0x5a0000) returned 1 [0062.536] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.536] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.536] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", dwFileAttributes=0x80) returned 1 [0062.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.537] CloseHandle (hObject=0x2a8) returned 1 [0062.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.537] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.537] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.537] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.537] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.537] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.537] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.537] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.537] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.537] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.538] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.538] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.538] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.538] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.538] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.538] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.538] CloseHandle (hObject=0x2a8) returned 1 [0062.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.538] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.lolkek") returned 72 [0062.538] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.lolkek" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.lolkek")) returned 1 [0062.539] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.539] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612448 | out: hHeap=0x5a0000) returned 1 [0062.539] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.539] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.539] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", dwFileAttributes=0x80) returned 1 [0062.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.539] CloseHandle (hObject=0x2a8) returned 1 [0062.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.539] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0062.539] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.539] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.540] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.540] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.540] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x85, lpOverlapped=0x0) returned 1 [0062.540] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.540] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x85, lpOverlapped=0x0) returned 1 [0062.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.540] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.540] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.540] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.541] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.541] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.541] CloseHandle (hObject=0x2a8) returned 1 [0062.541] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.541] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.lolkek") returned 74 [0062.541] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.lolkek" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.lolkek")) returned 1 [0062.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6113e0 | out: hHeap=0x5a0000) returned 1 [0062.541] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.542] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.542] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.542] CloseHandle (hObject=0x2a8) returned 1 [0062.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.542] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x244 [0062.542] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.542] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.543] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.543] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.543] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x244, lpOverlapped=0x0) returned 1 [0062.543] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffdbc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.543] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x244, lpOverlapped=0x0) returned 1 [0062.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.543] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.543] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.543] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.543] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.543] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.544] CloseHandle (hObject=0x2a8) returned 1 [0062.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.544] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini.lolkek") returned 45 [0062.544] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\links\\desktop.ini.lolkek")) returned 1 [0062.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caf860 | out: hHeap=0x5a0000) returned 1 [0062.545] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.545] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.545] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk", dwFileAttributes=0x80) returned 1 [0062.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.546] CloseHandle (hObject=0x2a8) returned 1 [0062.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.546] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d3 [0062.546] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.546] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.546] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.546] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.546] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1d3, lpOverlapped=0x0) returned 1 [0062.546] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe2d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.547] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d3, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1d3, lpOverlapped=0x0) returned 1 [0062.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.547] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.547] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.547] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.547] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.547] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.547] CloseHandle (hObject=0x2a8) returned 1 [0062.547] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.547] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk.lolkek") returned 45 [0062.547] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk.lolkek" (normalized: "c:\\users\\default\\links\\desktop.lnk.lolkek")) returned 1 [0062.548] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.548] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caf908 | out: hHeap=0x5a0000) returned 1 [0062.548] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.548] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.548] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk", dwFileAttributes=0x80) returned 1 [0062.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.548] CloseHandle (hObject=0x2a8) returned 1 [0062.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.549] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x37e [0062.549] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.549] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.553] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.553] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.553] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x37e, lpOverlapped=0x0) returned 1 [0062.553] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffc82, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.553] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x37e, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x37e, lpOverlapped=0x0) returned 1 [0062.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.553] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.553] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.553] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.553] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.553] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.553] CloseHandle (hObject=0x2a8) returned 1 [0062.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.553] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk.lolkek") returned 47 [0062.553] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk.lolkek" (normalized: "c:\\users\\default\\links\\downloads.lnk.lolkek")) returned 1 [0062.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1928 | out: hHeap=0x5a0000) returned 1 [0062.554] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.554] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.554] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk", dwFileAttributes=0x80) returned 1 [0062.554] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.555] CloseHandle (hObject=0x2a8) returned 1 [0062.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.555] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16b [0062.555] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.555] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.556] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.556] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.556] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x16b, lpOverlapped=0x0) returned 1 [0062.556] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe95, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.556] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x16b, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x16b, lpOverlapped=0x0) returned 1 [0062.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.556] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.556] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.556] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.556] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.556] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.556] CloseHandle (hObject=0x2a8) returned 1 [0062.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.556] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk.lolkek") returned 50 [0062.557] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk.lolkek" (normalized: "c:\\users\\default\\links\\recentplaces.lnk.lolkek")) returned 1 [0062.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9ab8 | out: hHeap=0x5a0000) returned 1 [0062.557] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.557] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.557] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.558] CloseHandle (hObject=0x2a8) returned 1 [0062.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.558] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f8 [0062.558] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.558] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.559] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.559] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.559] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1f8, lpOverlapped=0x0) returned 1 [0062.559] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.559] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1f8, lpOverlapped=0x0) returned 1 [0062.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.559] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.559] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.559] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.560] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.560] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.560] CloseHandle (hObject=0x2a8) returned 1 [0062.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.560] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini.lolkek") returned 45 [0062.560] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\music\\desktop.ini.lolkek")) returned 1 [0062.560] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.560] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caf9b0 | out: hHeap=0x5a0000) returned 1 [0062.560] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.561] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.561] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT", dwFileAttributes=0x80) returned 1 [0062.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.561] CloseHandle (hObject=0x2a8) returned 1 [0062.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.562] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc0000 [0062.562] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.562] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.563] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.563] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.563] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.564] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.564] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.564] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.565] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.565] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.565] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.565] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.565] CloseHandle (hObject=0x2a8) returned 1 [0062.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.565] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.lolkek") returned 38 [0062.565] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.lolkek" (normalized: "c:\\users\\default\\ntuser.dat.lolkek")) returned 1 [0062.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613be0 | out: hHeap=0x5a0000) returned 1 [0062.566] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.566] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.566] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG", dwFileAttributes=0x80) returned 1 [0062.567] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.567] CloseHandle (hObject=0x2a8) returned 1 [0062.567] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.567] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x400 [0062.567] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.567] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.569] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0062.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.569] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.569] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x400, lpOverlapped=0x0) returned 1 [0062.569] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffc00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.569] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x400, lpOverlapped=0x0) returned 1 [0062.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0062.569] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.569] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.569] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.569] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.569] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.570] CloseHandle (hObject=0x2a8) returned 1 [0062.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.570] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.lolkek") returned 42 [0062.570] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.lolkek" (normalized: "c:\\users\\default\\ntuser.dat.log.lolkek")) returned 1 [0062.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.570] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.570] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.570] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1", dwFileAttributes=0x80) returned 1 [0062.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.571] CloseHandle (hObject=0x2a8) returned 1 [0062.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.572] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2e400 [0062.572] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.572] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.573] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.573] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.573] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.573] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.573] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.574] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.574] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.574] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.574] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.574] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.574] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.574] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.574] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.574] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.574] CloseHandle (hObject=0x2a8) returned 1 [0062.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.575] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.lolkek") returned 43 [0062.575] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.lolkek" (normalized: "c:\\users\\default\\ntuser.dat.log1.lolkek")) returned 1 [0062.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd8a80 | out: hHeap=0x5a0000) returned 1 [0062.575] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.575] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.575] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2", dwFileAttributes=0x80) returned 1 [0062.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.576] CloseHandle (hObject=0x2a8) returned 1 [0062.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.576] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0062.577] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.577] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.577] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x0, lpOverlapped=0x0) returned 1 [0062.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.577] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.577] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.577] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.577] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.578] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.578] CloseHandle (hObject=0x2a8) returned 1 [0062.579] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.579] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2.lolkek") returned 43 [0062.579] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2.lolkek" (normalized: "c:\\users\\default\\ntuser.dat.log2.lolkek")) returned 1 [0062.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd8d00 | out: hHeap=0x5a0000) returned 1 [0062.579] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.579] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.579] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x80) returned 1 [0062.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.580] CloseHandle (hObject=0x2a8) returned 1 [0062.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.580] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10000 [0062.580] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.580] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.582] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.582] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.582] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.582] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.582] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.583] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.583] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.583] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.583] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.583] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.583] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.583] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.583] CloseHandle (hObject=0x2a8) returned 1 [0062.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.584] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.lolkek") returned 83 [0062.584] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.lolkek" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.lolkek")) returned 1 [0062.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6177b0 | out: hHeap=0x5a0000) returned 1 [0062.584] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.584] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.584] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x80) returned 1 [0062.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.585] CloseHandle (hObject=0x2a8) returned 1 [0062.585] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.585] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x80000 [0062.585] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.586] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.589] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.589] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.589] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.591] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.591] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.591] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.591] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.592] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.592] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.592] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.592] CloseHandle (hObject=0x2a8) returned 1 [0062.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.592] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.lolkek") returned 120 [0062.592] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.lolkek" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.lolkek")) returned 1 [0062.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e35670 | out: hHeap=0x5a0000) returned 1 [0062.593] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.593] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.593] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x80) returned 1 [0062.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.594] CloseHandle (hObject=0x2a8) returned 1 [0062.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.594] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x80000 [0062.594] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.594] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.595] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.596] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.596] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.597] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.597] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.597] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.597] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.598] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.598] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.598] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.598] CloseHandle (hObject=0x2a8) returned 1 [0062.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.598] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.lolkek") returned 120 [0062.598] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.lolkek" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.lolkek")) returned 1 [0062.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e35848 | out: hHeap=0x5a0000) returned 1 [0062.599] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.599] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.599] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini", dwFileAttributes=0x80) returned 1 [0062.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.600] CloseHandle (hObject=0x2a8) returned 1 [0062.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.600] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14 [0062.600] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.600] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.600] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x14, lpOverlapped=0x0) returned 1 [0062.601] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.601] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x14, lpOverlapped=0x0) returned 1 [0062.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.601] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.601] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.601] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.601] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.601] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.601] CloseHandle (hObject=0x2a8) returned 1 [0062.601] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.601] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\ntuser.ini.lolkek") returned 38 [0062.601] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\ntuser.ini.lolkek" (normalized: "c:\\users\\default\\ntuser.ini.lolkek")) returned 1 [0062.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613c68 | out: hHeap=0x5a0000) returned 1 [0062.602] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.602] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.602] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.603] CloseHandle (hObject=0x2a8) returned 1 [0062.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.603] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f8 [0062.603] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.603] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.604] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.604] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.604] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1f8, lpOverlapped=0x0) returned 1 [0062.604] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.604] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1f8, lpOverlapped=0x0) returned 1 [0062.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.604] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.604] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.604] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.604] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.604] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.604] CloseHandle (hObject=0x2a8) returned 1 [0062.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.610] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini.lolkek") returned 48 [0062.610] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\pictures\\desktop.ini.lolkek")) returned 1 [0062.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb19d8 | out: hHeap=0x5a0000) returned 1 [0062.611] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.611] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.612] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.612] CloseHandle (hObject=0x2a8) returned 1 [0062.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.613] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a [0062.613] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.613] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.613] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.613] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.613] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x11a, lpOverlapped=0x0) returned 1 [0062.613] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffee6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.613] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x11a, lpOverlapped=0x0) returned 1 [0062.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.614] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.614] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.614] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.614] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.614] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.614] CloseHandle (hObject=0x2a8) returned 1 [0062.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.614] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini.lolkek") returned 51 [0062.614] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\saved games\\desktop.ini.lolkek")) returned 1 [0062.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb9198 | out: hHeap=0x5a0000) returned 1 [0062.615] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.615] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.615] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.615] CloseHandle (hObject=0x2a8) returned 1 [0062.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.615] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20c [0062.616] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.616] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.616] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.616] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.616] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x20c, lpOverlapped=0x0) returned 1 [0062.616] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffdf4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.616] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x20c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x20c, lpOverlapped=0x0) returned 1 [0062.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.616] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.617] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.617] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.617] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.617] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.617] CloseHandle (hObject=0x2a8) returned 1 [0062.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.617] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini.lolkek") returned 48 [0062.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\searches\\desktop.ini.lolkek")) returned 1 [0062.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1a88 | out: hHeap=0x5a0000) returned 1 [0062.618] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.618] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.619] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms", dwFileAttributes=0x80) returned 1 [0062.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.619] CloseHandle (hObject=0x2a8) returned 1 [0062.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.620] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf8 [0062.620] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.620] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.620] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.620] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.620] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xf8, lpOverlapped=0x0) returned 1 [0062.620] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.620] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xf8, lpOverlapped=0x0) returned 1 [0062.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.621] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.621] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.621] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.621] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.621] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.621] CloseHandle (hObject=0x2a8) returned 1 [0062.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.621] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.lolkek") returned 57 [0062.621] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.lolkek" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.lolkek")) returned 1 [0062.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe4c8 | out: hHeap=0x5a0000) returned 1 [0062.622] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.622] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.622] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x80) returned 1 [0062.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.622] CloseHandle (hObject=0x2a8) returned 1 [0062.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.622] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf8 [0062.622] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.623] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.623] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xf8, lpOverlapped=0x0) returned 1 [0062.623] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.623] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xf8, lpOverlapped=0x0) returned 1 [0062.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.623] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.623] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.624] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.624] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.624] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.624] CloseHandle (hObject=0x2a8) returned 1 [0062.624] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.624] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.lolkek") returned 64 [0062.624] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.lolkek" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.lolkek")) returned 1 [0062.624] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.624] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e370e8 | out: hHeap=0x5a0000) returned 1 [0062.624] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.625] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.625] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.625] CloseHandle (hObject=0x2a8) returned 1 [0062.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.626] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f8 [0062.626] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.626] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.626] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.626] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.626] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x1f8, lpOverlapped=0x0) returned 1 [0062.626] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.626] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x1f8, lpOverlapped=0x0) returned 1 [0062.627] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.627] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.627] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.627] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.627] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.627] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.627] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.627] CloseHandle (hObject=0x2a8) returned 1 [0062.627] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.627] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini.lolkek") returned 46 [0062.627] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini.lolkek" (normalized: "c:\\users\\default\\videos\\desktop.ini.lolkek")) returned 1 [0062.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cafb00 | out: hHeap=0x5a0000) returned 1 [0062.628] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.628] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.628] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.628] CloseHandle (hObject=0x2a8) returned 1 [0062.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.628] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xae [0062.628] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.629] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.629] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.629] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.629] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xae, lpOverlapped=0x0) returned 1 [0062.629] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.629] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xae, lpOverlapped=0x0) returned 1 [0062.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.629] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.629] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.629] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.629] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.630] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.630] CloseHandle (hObject=0x2a8) returned 1 [0062.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.630] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\desktop.ini.lolkek") returned 31 [0062.630] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\desktop.ini.lolkek" (normalized: "c:\\users\\desktop.ini.lolkek")) returned 1 [0062.630] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.630] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3a6b8 | out: hHeap=0x5a0000) returned 1 [0062.630] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.630] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.630] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", dwFileAttributes=0x80) returned 1 [0062.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.631] CloseHandle (hObject=0x2a8) returned 1 [0062.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.631] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7e9 [0062.631] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.631] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.632] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.632] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.632] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x7e9, lpOverlapped=0x0) returned 1 [0062.632] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffff817, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.632] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x7e9, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x7e9, lpOverlapped=0x0) returned 1 [0062.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.632] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.632] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.632] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.632] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.632] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.632] CloseHandle (hObject=0x2a8) returned 1 [0062.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.632] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.lolkek") returned 53 [0062.632] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.lolkek" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.lolkek")) returned 1 [0062.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc60d0 | out: hHeap=0x5a0000) returned 1 [0062.633] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.633] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.633] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.633] CloseHandle (hObject=0x2a8) returned 1 [0062.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.634] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xae [0062.634] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.634] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.634] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.634] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.634] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xae, lpOverlapped=0x0) returned 1 [0062.634] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.634] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xae, lpOverlapped=0x0) returned 1 [0062.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.634] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.634] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.635] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.635] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.635] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.635] CloseHandle (hObject=0x2a8) returned 1 [0062.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.635] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini.lolkek") returned 46 [0062.635] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\desktop\\desktop.ini.lolkek")) returned 1 [0062.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cafba8 | out: hHeap=0x5a0000) returned 1 [0062.644] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.644] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.644] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk", dwFileAttributes=0x80) returned 1 [0062.644] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.645] CloseHandle (hObject=0x2a8) returned 1 [0062.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.645] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8d1 [0062.645] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.645] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.645] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.645] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.645] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.645] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.645] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x8d1, lpOverlapped=0x0) returned 1 [0062.645] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffff72f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.645] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x8d1, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x8d1, lpOverlapped=0x0) returned 1 [0062.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.646] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.646] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.646] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.646] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.646] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.646] CloseHandle (hObject=0x2a8) returned 1 [0062.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.646] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk.lolkek") returned 52 [0062.646] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk.lolkek" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.lolkek")) returned 1 [0062.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb9018 | out: hHeap=0x5a0000) returned 1 [0062.647] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.647] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.647] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", dwFileAttributes=0x80) returned 1 [0062.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.647] CloseHandle (hObject=0x2a8) returned 1 [0062.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.647] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x485 [0062.647] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.647] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.648] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.648] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.648] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x485, lpOverlapped=0x0) returned 1 [0062.648] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffb7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.648] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x485, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x485, lpOverlapped=0x0) returned 1 [0062.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.648] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.648] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.648] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.648] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.648] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.649] CloseHandle (hObject=0x2a8) returned 1 [0062.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.649] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.lolkek") returned 54 [0062.649] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.lolkek" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.lolkek")) returned 1 [0062.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc5db0 | out: hHeap=0x5a0000) returned 1 [0062.649] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.649] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.650] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.650] CloseHandle (hObject=0x2a8) returned 1 [0062.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.650] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xae [0062.650] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.650] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.651] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.651] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.651] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.651] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.651] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xae, lpOverlapped=0x0) returned 1 [0062.651] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xae, lpOverlapped=0x0) returned 1 [0062.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.651] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.652] CloseHandle (hObject=0x2a8) returned 1 [0062.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.652] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\desktop.ini.lolkek") returned 38 [0062.652] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\desktop.ini.lolkek")) returned 1 [0062.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613a48 | out: hHeap=0x5a0000) returned 1 [0062.653] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.653] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.653] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.653] CloseHandle (hObject=0x2a8) returned 1 [0062.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.653] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x116 [0062.653] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.654] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.654] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.654] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.654] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x116, lpOverlapped=0x0) returned 1 [0062.654] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffeea, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.654] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x116, lpOverlapped=0x0) returned 1 [0062.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.655] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.655] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.655] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.655] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.655] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.655] CloseHandle (hObject=0x2a8) returned 1 [0062.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.655] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini.lolkek") returned 48 [0062.655] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\documents\\desktop.ini.lolkek")) returned 1 [0062.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1b38 | out: hHeap=0x5a0000) returned 1 [0062.656] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.656] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.656] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.657] CloseHandle (hObject=0x2a8) returned 1 [0062.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.657] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xae [0062.657] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.657] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.658] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.658] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.658] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xae, lpOverlapped=0x0) returned 1 [0062.658] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.658] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xae, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xae, lpOverlapped=0x0) returned 1 [0062.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.658] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.658] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.658] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.658] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.658] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.658] CloseHandle (hObject=0x2a8) returned 1 [0062.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.658] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini.lolkek") returned 48 [0062.658] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\downloads\\desktop.ini.lolkek")) returned 1 [0062.659] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.659] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1be8 | out: hHeap=0x5a0000) returned 1 [0062.659] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.659] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.659] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.660] CloseHandle (hObject=0x2a8) returned 1 [0062.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.660] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x58 [0062.660] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.660] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.660] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x58, lpOverlapped=0x0) returned 1 [0062.661] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffa8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.661] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x58, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x58, lpOverlapped=0x0) returned 1 [0062.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.661] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.661] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.661] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.661] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.661] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.661] CloseHandle (hObject=0x2a8) returned 1 [0062.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.661] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini.lolkek") returned 48 [0062.661] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\libraries\\desktop.ini.lolkek")) returned 1 [0062.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1c98 | out: hHeap=0x5a0000) returned 1 [0062.662] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.662] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.662] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", dwFileAttributes=0x80) returned 1 [0062.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.662] CloseHandle (hObject=0x2a8) returned 1 [0062.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.663] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x36c [0062.663] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.663] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.665] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.665] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.665] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x36c, lpOverlapped=0x0) returned 1 [0062.665] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffc94, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.665] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x36c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x36c, lpOverlapped=0x0) returned 1 [0062.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.665] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.665] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.665] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.665] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.665] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.665] CloseHandle (hObject=0x2a8) returned 1 [0062.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.665] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.lolkek") returned 58 [0062.666] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.lolkek" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.lolkek")) returned 1 [0062.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe3f0 | out: hHeap=0x5a0000) returned 1 [0062.666] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.666] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.666] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.667] CloseHandle (hObject=0x2a8) returned 1 [0062.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.667] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17c [0062.667] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.667] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.667] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.667] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.667] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x17c, lpOverlapped=0x0) returned 1 [0062.668] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe84, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.668] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x17c, lpOverlapped=0x0) returned 1 [0062.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.668] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.668] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.668] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.668] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.668] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.668] CloseHandle (hObject=0x2a8) returned 1 [0062.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.668] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini.lolkek") returned 44 [0062.668] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\music\\desktop.ini.lolkek")) returned 1 [0062.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd8c60 | out: hHeap=0x5a0000) returned 1 [0062.669] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.669] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.669] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.670] CloseHandle (hObject=0x2a8) returned 1 [0062.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.670] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x24a [0062.670] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.670] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.671] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.671] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.671] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x24a, lpOverlapped=0x0) returned 1 [0062.671] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffdb6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.671] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x24a, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x24a, lpOverlapped=0x0) returned 1 [0062.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.671] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.671] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.671] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.671] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.671] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.671] CloseHandle (hObject=0x2a8) returned 1 [0062.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.671] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.lolkek") returned 57 [0062.671] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.lolkek")) returned 1 [0062.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe318 | out: hHeap=0x5a0000) returned 1 [0062.672] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.672] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.672] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", dwFileAttributes=0x80) returned 1 [0062.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.673] CloseHandle (hObject=0x2a8) returned 1 [0062.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.673] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8064f1 [0062.673] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.673] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.674] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.674] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.674] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.676] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.676] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.676] CloseHandle (hObject=0x2a8) returned 1 [0062.676] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.676] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.lolkek") returned 57 [0062.676] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.lolkek" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.lolkek")) returned 1 [0062.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe240 | out: hHeap=0x5a0000) returned 1 [0062.677] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.677] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.677] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", dwFileAttributes=0x80) returned 1 [0062.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.678] CloseHandle (hObject=0x2a8) returned 1 [0062.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.678] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ec5d2 [0062.678] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.678] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.679] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.679] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.679] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.681] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.681] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.681] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.681] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.681] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.681] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.681] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.681] CloseHandle (hObject=0x2a8) returned 1 [0062.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.681] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.lolkek") returned 75 [0062.681] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.lolkek" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.lolkek")) returned 1 [0062.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc018 | out: hHeap=0x5a0000) returned 1 [0062.682] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.682] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.682] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", dwFileAttributes=0x80) returned 1 [0062.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.683] CloseHandle (hObject=0x2a8) returned 1 [0062.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.683] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x49e459 [0062.683] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.683] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.684] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.684] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.684] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.686] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.686] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.686] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.686] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.686] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.686] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.686] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.686] CloseHandle (hObject=0x2a8) returned 1 [0062.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.686] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.lolkek") returned 60 [0062.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.lolkek" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.lolkek")) returned 1 [0062.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc0010 | out: hHeap=0x5a0000) returned 1 [0062.687] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.687] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.687] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.687] CloseHandle (hObject=0x2a8) returned 1 [0062.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.688] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17c [0062.688] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.688] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.688] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.688] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.688] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x17c, lpOverlapped=0x0) returned 1 [0062.688] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe84, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.688] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x17c, lpOverlapped=0x0) returned 1 [0062.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.688] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.688] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.689] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.689] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.689] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.689] CloseHandle (hObject=0x2a8) returned 1 [0062.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.689] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini.lolkek") returned 47 [0062.689] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\pictures\\desktop.ini.lolkek")) returned 1 [0062.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb17c8 | out: hHeap=0x5a0000) returned 1 [0062.689] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.690] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.690] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", dwFileAttributes=0x80) returned 1 [0062.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.691] CloseHandle (hObject=0x2a8) returned 1 [0062.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.691] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6b22 [0062.691] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.691] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.692] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.692] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.692] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.692] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.692] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.694] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.694] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.694] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.694] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.694] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.694] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.694] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.694] CloseHandle (hObject=0x2a8) returned 1 [0062.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.694] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.lolkek") returned 69 [0062.694] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.lolkek")) returned 1 [0062.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4758 | out: hHeap=0x5a0000) returned 1 [0062.695] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.695] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.695] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", dwFileAttributes=0x80) returned 1 [0062.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.696] CloseHandle (hObject=0x2a8) returned 1 [0062.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.696] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce875 [0062.696] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.696] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.697] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.697] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.697] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.699] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.699] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.699] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.699] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.699] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.699] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.699] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.699] CloseHandle (hObject=0x2a8) returned 1 [0062.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.699] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.lolkek") returned 62 [0062.699] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.lolkek")) returned 1 [0062.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc408 | out: hHeap=0x5a0000) returned 1 [0062.700] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.700] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.700] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.701] CloseHandle (hObject=0x2a8) returned 1 [0062.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.702] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x460 [0062.702] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.702] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.703] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.703] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.703] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x460, lpOverlapped=0x0) returned 1 [0062.703] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffba0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.703] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x460, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x460, lpOverlapped=0x0) returned 1 [0062.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.704] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.704] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.704] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.704] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.704] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.704] CloseHandle (hObject=0x2a8) returned 1 [0062.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.704] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.lolkek") returned 63 [0062.704] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.lolkek")) returned 1 [0062.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e371d8 | out: hHeap=0x5a0000) returned 1 [0062.705] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.705] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.705] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", dwFileAttributes=0x80) returned 1 [0062.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.705] CloseHandle (hObject=0x2a8) returned 1 [0062.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.705] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x91554 [0062.705] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.705] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.707] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.707] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.707] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.708] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.708] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.708] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.708] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.708] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.708] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.708] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.708] CloseHandle (hObject=0x2a8) returned 1 [0062.708] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.709] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.lolkek") returned 66 [0062.709] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.lolkek")) returned 1 [0062.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7668 | out: hHeap=0x5a0000) returned 1 [0062.709] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.709] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.709] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", dwFileAttributes=0x80) returned 1 [0062.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.710] CloseHandle (hObject=0x2a8) returned 1 [0062.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.710] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbd616 [0062.710] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.710] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.711] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.712] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.712] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.713] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.713] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.713] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.713] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.713] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.713] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.713] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.713] CloseHandle (hObject=0x2a8) returned 1 [0062.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.713] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.lolkek") returned 65 [0062.714] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.lolkek")) returned 1 [0062.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7760 | out: hHeap=0x5a0000) returned 1 [0062.714] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.714] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.714] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", dwFileAttributes=0x80) returned 1 [0062.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.715] CloseHandle (hObject=0x2a8) returned 1 [0062.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.715] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbea1f [0062.715] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.715] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.716] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.716] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.716] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.719] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.719] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.720] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.720] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.720] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.720] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.720] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.720] CloseHandle (hObject=0x2a8) returned 1 [0062.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.720] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.lolkek") returned 61 [0062.720] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.lolkek")) returned 1 [0062.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc7a8 | out: hHeap=0x5a0000) returned 1 [0062.721] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.721] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.721] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", dwFileAttributes=0x80) returned 1 [0062.721] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.722] CloseHandle (hObject=0x2a8) returned 1 [0062.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.722] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8907c [0062.722] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.722] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.723] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.724] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.724] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.725] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.725] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.725] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.725] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.725] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.725] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.725] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.725] CloseHandle (hObject=0x2a8) returned 1 [0062.725] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.726] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.lolkek") returned 66 [0062.726] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.lolkek")) returned 1 [0062.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca83f8 | out: hHeap=0x5a0000) returned 1 [0062.726] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.726] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.726] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", dwFileAttributes=0x80) returned 1 [0062.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.727] CloseHandle (hObject=0x2a8) returned 1 [0062.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.727] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbde6b [0062.727] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.727] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.728] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.728] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.728] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.730] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.730] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.730] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.730] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.730] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.730] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.731] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.731] CloseHandle (hObject=0x2a8) returned 1 [0062.731] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.731] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.lolkek") returned 64 [0062.731] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.lolkek")) returned 1 [0062.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e374a8 | out: hHeap=0x5a0000) returned 1 [0062.731] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.731] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.731] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", dwFileAttributes=0x80) returned 1 [0062.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.732] CloseHandle (hObject=0x2a8) returned 1 [0062.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.732] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x97958 [0062.732] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.732] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.733] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.733] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.733] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.733] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.733] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.735] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.735] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.735] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.735] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.735] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.735] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.735] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.735] CloseHandle (hObject=0x2a8) returned 1 [0062.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.735] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.lolkek") returned 62 [0062.735] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.lolkek" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.lolkek")) returned 1 [0062.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc6c0 | out: hHeap=0x5a0000) returned 1 [0062.736] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.736] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.736] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.737] CloseHandle (hObject=0x2a8) returned 1 [0062.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.737] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x50 [0062.737] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.737] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.737] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x50, lpOverlapped=0x0) returned 1 [0062.738] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffb0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.738] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x50, lpOverlapped=0x0) returned 1 [0062.738] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.738] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.738] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.738] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.738] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.738] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.738] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.738] CloseHandle (hObject=0x2a8) returned 1 [0062.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.738] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini.lolkek") returned 50 [0062.739] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.lolkek")) returned 1 [0062.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9c28 | out: hHeap=0x5a0000) returned 1 [0062.739] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.739] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.739] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.740] CloseHandle (hObject=0x2a8) returned 1 [0062.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.740] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xab [0062.740] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.740] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.741] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.741] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.741] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0xab, lpOverlapped=0x0) returned 1 [0062.741] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffff55, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.741] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xab, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0xab, lpOverlapped=0x0) returned 1 [0062.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.741] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.741] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.741] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.741] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.741] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.741] CloseHandle (hObject=0x2a8) returned 1 [0062.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.741] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.lolkek") returned 63 [0062.741] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.lolkek")) returned 1 [0062.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e37598 | out: hHeap=0x5a0000) returned 1 [0062.742] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.742] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.742] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", dwFileAttributes=0x80) returned 1 [0062.742] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.743] CloseHandle (hObject=0x2a8) returned 1 [0062.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.743] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x940000 [0062.743] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.743] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.744] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.745] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.745] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.746] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.746] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.746] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.746] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.747] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.747] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.747] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.747] CloseHandle (hObject=0x2a8) returned 1 [0062.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.747] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.lolkek") returned 81 [0062.747] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.lolkek" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.lolkek")) returned 1 [0062.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca73d0 | out: hHeap=0x5a0000) returned 1 [0062.748] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.748] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.748] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.748] CloseHandle (hObject=0x2a8) returned 1 [0062.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.748] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17c [0062.748] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.748] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.749] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.749] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.749] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x17c, lpOverlapped=0x0) returned 1 [0062.749] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe84, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.749] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x17c, lpOverlapped=0x0) returned 1 [0062.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.749] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.749] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.749] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.749] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.750] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.750] CloseHandle (hObject=0x2a8) returned 1 [0062.750] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.750] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini.lolkek") returned 45 [0062.750] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\videos\\desktop.ini.lolkek")) returned 1 [0062.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cafa58 | out: hHeap=0x5a0000) returned 1 [0062.750] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.750] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.750] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0062.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.751] CloseHandle (hObject=0x2a8) returned 1 [0062.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.751] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x146 [0062.751] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.751] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.752] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.752] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.752] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x146, lpOverlapped=0x0) returned 1 [0062.752] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffeba, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.752] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x146, lpOverlapped=0x0) returned 1 [0062.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.752] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.752] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.752] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.752] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.752] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.752] CloseHandle (hObject=0x2a8) returned 1 [0062.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.752] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.lolkek") returned 59 [0062.753] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.lolkek" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.lolkek")) returned 1 [0062.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc00f0 | out: hHeap=0x5a0000) returned 1 [0062.753] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0062.753] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0062.753] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", dwFileAttributes=0x80) returned 1 [0062.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0062.754] CloseHandle (hObject=0x2a8) returned 1 [0062.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0062.754] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1907b8a [0062.754] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.754] ReadFile (in: hFile=0x2a8, lpBuffer=0x2e1fc40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2e1e224, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc40*, lpNumberOfBytesRead=0x2e1e224*=0xd, lpOverlapped=0x0) returned 1 [0062.756] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2e1fc50 | out: pbBuffer=0x2e1fc50) returned 1 [0062.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0062.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0062.756] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.756] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2e1e1fc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2e1e1fc*=0x4000, lpOverlapped=0x0) returned 1 [0062.757] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.757] WriteFile (in: hFile=0x2a8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2e1fc40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2e1fc40*=0x4000, lpOverlapped=0x0) returned 1 [0062.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0062.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0062.757] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0062.757] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1e204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1e204*, lpNumberOfBytesWritten=0x2e1e208*=0x4, lpOverlapped=0x0) returned 1 [0062.758] WriteFile (in: hFile=0x2a8, lpBuffer=0x2e1fc50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x2e1fc50*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.758] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2e1e208*=0x20, lpOverlapped=0x0) returned 1 [0062.758] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2e1e208, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2e1e208*=0xd, lpOverlapped=0x0) returned 1 [0062.758] CloseHandle (hObject=0x2a8) returned 1 [0062.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0062.758] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.lolkek") returned 60 [0062.758] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.lolkek" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.lolkek")) returned 1 [0062.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0062.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbff30 | out: hHeap=0x5a0000) returned 1 [0062.758] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 8 os_tid = 0x8d8 [0035.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.518] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.518] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1", dwFileAttributes=0x80) returned 1 [0035.833] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0035.833] CloseHandle (hObject=0x15c) returned 1 [0035.833] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.833] GetFileSize (in: hFile=0x15c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0035.833] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0035.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x5fc600 [0035.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5fc698 [0035.834] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0035.834] ReadFile (in: hFile=0x15c, lpBuffer=0x5fc698, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x5fc698*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0035.834] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc698 | out: hHeap=0x5a0000) returned 1 [0035.834] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0035.834] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0035.834] WriteFile (in: hFile=0x15c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0035.834] WriteFile (in: hFile=0x15c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0035.834] WriteFile (in: hFile=0x15c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0035.834] WriteFile (in: hFile=0x15c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0035.835] CloseHandle (hObject=0x15c) returned 1 [0035.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0035.835] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Boot\\BCD.LOG1.lolkek") returned 27 [0035.835] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), lpNewFileName="\\\\?\\C:\\Boot\\BCD.LOG1.lolkek" (normalized: "c:\\boot\\bcd.log1.lolkek")) returned 1 [0035.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0035.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.846] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.863] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.863] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0035.863] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.863] RmStartSession () returned 0x0 [0036.440] RmRegisterResources () returned 0x0 [0036.442] RmGetList () returned 0x0 [0037.239] RmEndSession () returned 0x0 [0037.262] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f9e8 | out: hHeap=0x5a0000) returned 1 [0037.262] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.262] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.262] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe", dwFileAttributes=0x80) returned 0 [0037.262] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.262] RmStartSession () returned 0x0 [0037.265] RmRegisterResources () returned 0x0 [0037.267] RmGetList () returned 0x0 [0037.939] RmEndSession () returned 0x0 [0037.964] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.964] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62e8c0 | out: hHeap=0x5a0000) returned 1 [0037.964] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.964] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.964] SetFileAttributesW (lpFileName="\\\\?\\C:\\bootmgr", dwFileAttributes=0x80) returned 0 [0037.964] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.965] RmStartSession () returned 0x0 [0037.967] RmRegisterResources () returned 0x0 [0037.969] RmGetList () returned 0x0 [0042.044] RmEndSession () returned 0x0 [0042.178] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b8858 | out: hHeap=0x5a0000) returned 1 [0042.178] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.178] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.178] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico", dwFileAttributes=0x80) returned 0 [0042.178] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.178] RmStartSession () returned 0x0 [0042.180] RmRegisterResources () returned 0x0 [0042.182] RmGetList () returned 0x0 [0042.897] RmEndSession () returned 0x0 [0042.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.918] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d310 | out: hHeap=0x5a0000) returned 1 [0042.918] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.918] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.918] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico", dwFileAttributes=0x80) returned 0 [0042.919] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.919] RmStartSession () returned 0x0 [0042.922] RmRegisterResources () returned 0x0 [0042.924] RmGetList () returned 0x0 [0044.107] RmEndSession () returned 0x0 [0044.128] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.128] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x677158 | out: hHeap=0x5a0000) returned 1 [0044.128] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.128] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.128] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", dwFileAttributes=0x80) returned 0 [0044.128] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.128] RmStartSession () returned 0x0 [0044.131] RmRegisterResources () returned 0x0 [0044.133] RmGetList () returned 0x0 [0044.806] RmEndSession () returned 0x0 [0044.827] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.827] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676688 | out: hHeap=0x5a0000) returned 1 [0044.827] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.827] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.827] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", dwFileAttributes=0x80) returned 0 [0044.828] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.828] RmStartSession () returned 0x0 [0044.830] RmRegisterResources () returned 0x0 [0044.834] RmGetList () returned 0x0 [0045.466] RmEndSession () returned 0x0 [0045.488] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6147b8 | out: hHeap=0x5a0000) returned 1 [0045.489] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.489] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.489] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", dwFileAttributes=0x80) returned 0 [0045.489] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.489] RmStartSession () returned 0x0 [0045.492] RmRegisterResources () returned 0x0 [0045.494] RmGetList () returned 0x0 [0046.264] RmEndSession () returned 0x0 [0046.287] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6157d8 | out: hHeap=0x5a0000) returned 1 [0046.288] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.288] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.288] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov", dwFileAttributes=0x80) returned 0 [0046.288] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0046.288] RmStartSession () returned 0x0 [0046.291] RmRegisterResources () returned 0x0 [0046.293] RmGetList () returned 0x0 [0047.222] RmEndSession () returned 0x0 [0047.247] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\urgent.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae530 | out: hHeap=0x5a0000) returned 1 [0047.247] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.247] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.247] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe", dwFileAttributes=0x80) returned 1 [0047.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.248] CloseHandle (hObject=0x258) returned 1 [0047.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.248] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3c50 [0047.248] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.248] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.277] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd4050 [0047.277] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.277] ReadFile (in: hFile=0x258, lpBuffer=0x3bd4050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3bd4050*, lpNumberOfBytesRead=0x2c7dffc*=0x3c50, lpOverlapped=0x0) returned 1 [0047.279] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc3b0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.279] WriteFile (in: hFile=0x258, lpBuffer=0x3bd4050*, nNumberOfBytesToWrite=0x3c50, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3bd4050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3c50, lpOverlapped=0x0) returned 1 [0047.283] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd4050 | out: hHeap=0x5a0000) returned 1 [0047.283] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.283] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.283] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.284] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.284] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.284] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.285] CloseHandle (hObject=0x258) returned 1 [0047.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.286] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.lolkek") returned 168 [0047.286] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.lolkek")) returned 1 [0047.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d590 | out: hHeap=0x5a0000) returned 1 [0047.288] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.288] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.289] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest", dwFileAttributes=0x80) returned 1 [0047.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.311] CloseHandle (hObject=0x25c) returned 1 [0047.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.311] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x354b [0047.311] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.311] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.313] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.314] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.314] ReadFile (in: hFile=0x25c, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x354b, lpOverlapped=0x0) returned 1 [0047.321] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffcab5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.321] WriteFile (in: hFile=0x25c, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x354b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x354b, lpOverlapped=0x0) returned 1 [0047.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.322] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.322] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.322] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.322] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.322] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.322] CloseHandle (hObject=0x25c) returned 1 [0047.322] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3da0048 [0047.322] wsprintfW (in: param_1=0x3da0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.lolkek") returned 177 [0047.322] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest.lolkek")) returned 1 [0047.323] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.323] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60dad0 | out: hHeap=0x5a0000) returned 1 [0047.323] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.323] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.323] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe", dwFileAttributes=0x80) returned 1 [0047.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.323] CloseHandle (hObject=0x25c) returned 1 [0047.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.323] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x113f58 [0047.323] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.323] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.332] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.332] ReadFile (in: hFile=0x25c, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0047.339] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.340] WriteFile (in: hFile=0x25c, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0047.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.340] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.340] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.340] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.340] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.340] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.340] CloseHandle (hObject=0x25c) returned 1 [0047.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.340] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.lolkek") returned 166 [0047.340] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe.lolkek")) returned 1 [0047.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb170 | out: hHeap=0x5a0000) returned 1 [0047.341] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.341] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.341] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", dwFileAttributes=0x80) returned 1 [0047.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.341] CloseHandle (hObject=0x25c) returned 1 [0047.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.341] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2e30 [0047.341] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.341] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.347] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.348] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.348] ReadFile (in: hFile=0x25c, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x2e30, lpOverlapped=0x0) returned 1 [0047.352] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffd1d0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.352] WriteFile (in: hFile=0x25c, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x2e30, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2e30, lpOverlapped=0x0) returned 1 [0047.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.352] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.352] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.352] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.352] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.352] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.352] CloseHandle (hObject=0x25c) returned 1 [0047.352] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.352] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.lolkek") returned 168 [0047.353] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest.lolkek")) returned 1 [0047.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657830 | out: hHeap=0x5a0000) returned 1 [0047.353] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.353] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.353] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata", dwFileAttributes=0x80) returned 1 [0047.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.358] CloseHandle (hObject=0x258) returned 1 [0047.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.359] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0047.359] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.359] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.359] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0047.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.359] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.359] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.359] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.360] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.360] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.360] CloseHandle (hObject=0x258) returned 1 [0047.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.360] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata.lolkek") returned 96 [0047.360] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata.lolkek")) returned 1 [0047.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0047.360] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.360] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.360] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", dwFileAttributes=0x80) returned 1 [0047.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.361] CloseHandle (hObject=0x258) returned 1 [0047.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.361] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x28 [0047.361] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.361] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.361] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x28, lpOverlapped=0x0) returned 1 [0047.361] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffd8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.361] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x28, lpOverlapped=0x0) returned 1 [0047.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.362] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.362] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.362] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.362] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.362] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.362] CloseHandle (hObject=0x258) returned 1 [0047.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.362] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.lolkek") returned 100 [0047.362] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat.lolkek")) returned 1 [0047.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d0d8 | out: hHeap=0x5a0000) returned 1 [0047.362] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.363] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0", dwFileAttributes=0x80) returned 1 [0047.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.373] CloseHandle (hObject=0x25c) returned 1 [0047.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.373] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb000 [0047.373] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.373] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.374] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.374] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.374] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.374] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.374] ReadFile (in: hFile=0x25c, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0047.377] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.377] WriteFile (in: hFile=0x25c, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0047.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.377] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.377] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.377] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.377] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.377] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.377] CloseHandle (hObject=0x25c) returned 1 [0047.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.377] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.lolkek") returned 99 [0047.377] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0.lolkek")) returned 1 [0047.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eb70 | out: hHeap=0x5a0000) returned 1 [0047.390] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.390] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.390] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2", dwFileAttributes=0x80) returned 1 [0047.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.391] CloseHandle (hObject=0x25c) returned 1 [0047.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.391] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2000 [0047.391] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.391] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.395] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.395] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.395] ReadFile (in: hFile=0x25c, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x2000, lpOverlapped=0x0) returned 1 [0047.399] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.400] WriteFile (in: hFile=0x25c, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x2000, lpOverlapped=0x0) returned 1 [0047.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.400] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.400] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.400] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.400] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.400] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.400] CloseHandle (hObject=0x25c) returned 1 [0047.400] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.400] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.lolkek") returned 99 [0047.400] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2.lolkek")) returned 1 [0047.404] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.404] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613728 | out: hHeap=0x5a0000) returned 1 [0047.404] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.404] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.404] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index", dwFileAttributes=0x80) returned 1 [0047.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.405] CloseHandle (hObject=0x25c) returned 1 [0047.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.405] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x80170 [0047.405] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.405] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.406] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.406] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.406] ReadFile (in: hFile=0x25c, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0047.413] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.413] WriteFile (in: hFile=0x25c, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0047.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.413] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.413] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.414] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.414] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.414] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.414] CloseHandle (hObject=0x25c) returned 1 [0047.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.414] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index.lolkek") returned 98 [0047.414] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index.lolkek")) returned 1 [0047.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657ac0 | out: hHeap=0x5a0000) returned 1 [0047.414] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.415] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.415] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", dwFileAttributes=0x80) returned 1 [0047.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.415] CloseHandle (hObject=0x25c) returned 1 [0047.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.415] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c00 [0047.415] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.415] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.421] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.421] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.421] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.421] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.421] ReadFile (in: hFile=0x25c, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x1c00, lpOverlapped=0x0) returned 1 [0047.422] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffe400, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.422] WriteFile (in: hFile=0x25c, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x1c00, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x1c00, lpOverlapped=0x0) returned 1 [0047.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.422] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.422] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.422] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.422] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.422] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.422] CloseHandle (hObject=0x25c) returned 1 [0047.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.422] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies.lolkek") returned 94 [0047.422] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies.lolkek")) returned 1 [0047.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657c38 | out: hHeap=0x5a0000) returned 1 [0047.423] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.423] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.423] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal", dwFileAttributes=0x80) returned 1 [0047.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.423] CloseHandle (hObject=0x25c) returned 1 [0047.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.423] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0047.423] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.423] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.423] ReadFile (in: hFile=0x25c, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0047.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.424] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.424] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.424] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.424] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.424] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.424] CloseHandle (hObject=0x25c) returned 1 [0047.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.424] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal.lolkek") returned 102 [0047.425] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal.lolkek")) returned 1 [0047.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657da0 | out: hHeap=0x5a0000) returned 1 [0047.425] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.425] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.425] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session", dwFileAttributes=0x80) returned 1 [0047.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.429] CloseHandle (hObject=0x258) returned 1 [0047.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.429] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d6 [0047.429] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.429] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.430] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.430] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.430] ReadFile (in: hFile=0x258, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x1d6, lpOverlapped=0x0) returned 1 [0047.430] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffe2a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.430] WriteFile (in: hFile=0x258, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x1d6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x1d6, lpOverlapped=0x0) returned 1 [0047.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.430] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.430] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.430] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.430] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.430] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.430] CloseHandle (hObject=0x258) returned 1 [0047.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.431] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session.lolkek") returned 102 [0047.431] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session.lolkek")) returned 1 [0047.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc1658 | out: hHeap=0x5a0000) returned 1 [0047.431] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.431] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.431] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs", dwFileAttributes=0x80) returned 1 [0047.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.431] CloseHandle (hObject=0x258) returned 1 [0047.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.431] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x126 [0047.432] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.432] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.432] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.432] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.432] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.432] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.432] ReadFile (in: hFile=0x258, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x126, lpOverlapped=0x0) returned 1 [0047.432] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeda, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.432] WriteFile (in: hFile=0x258, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x126, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x126, lpOverlapped=0x0) returned 1 [0047.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.432] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.432] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.433] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.433] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.433] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.433] CloseHandle (hObject=0x258) returned 1 [0047.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.433] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs.lolkek") returned 99 [0047.433] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs.lolkek")) returned 1 [0047.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc17e0 | out: hHeap=0x5a0000) returned 1 [0047.433] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.433] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.433] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", dwFileAttributes=0x80) returned 1 [0047.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.434] CloseHandle (hObject=0x258) returned 1 [0047.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.434] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0047.434] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.434] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.434] ReadFile (in: hFile=0x258, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0047.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.434] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.434] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.435] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.435] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.435] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.435] CloseHandle (hObject=0x258) returned 1 [0047.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.435] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.lolkek") returned 126 [0047.435] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log.lolkek")) returned 1 [0047.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc1960 | out: hHeap=0x5a0000) returned 1 [0047.436] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.436] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.436] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT", dwFileAttributes=0x80) returned 1 [0047.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.447] CloseHandle (hObject=0x258) returned 1 [0047.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.447] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0047.447] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.447] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.447] ReadFile (in: hFile=0x258, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x10, lpOverlapped=0x0) returned 1 [0047.448] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.448] WriteFile (in: hFile=0x258, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x10, lpOverlapped=0x0) returned 1 [0047.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.448] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.448] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.448] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.448] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.449] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.449] CloseHandle (hObject=0x258) returned 1 [0047.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.449] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.lolkek") returned 123 [0047.449] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current.lolkek")) returned 1 [0047.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc1b48 | out: hHeap=0x5a0000) returned 1 [0047.449] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.449] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.449] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK", dwFileAttributes=0x80) returned 1 [0047.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.450] CloseHandle (hObject=0x258) returned 1 [0047.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.450] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0047.450] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.450] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.450] ReadFile (in: hFile=0x258, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0047.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.450] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.450] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.451] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.451] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.451] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.451] CloseHandle (hObject=0x258) returned 1 [0047.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.451] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK.lolkek") returned 120 [0047.451] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock.lolkek")) returned 1 [0047.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde258 | out: hHeap=0x5a0000) returned 1 [0047.452] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.452] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.452] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG", dwFileAttributes=0x80) returned 1 [0047.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.453] CloseHandle (hObject=0x258) returned 1 [0047.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.453] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa7 [0047.453] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.453] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.454] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.454] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.454] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.454] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.454] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0xa7, lpOverlapped=0x0) returned 1 [0047.454] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff59, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.454] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0xa7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0xa7, lpOverlapped=0x0) returned 1 [0047.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.454] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.454] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.454] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.454] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.454] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.454] CloseHandle (hObject=0x258) returned 1 [0047.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.455] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.lolkek") returned 119 [0047.455] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log.lolkek")) returned 1 [0047.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde428 | out: hHeap=0x5a0000) returned 1 [0047.455] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.455] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.455] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001", dwFileAttributes=0x80) returned 1 [0047.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.456] CloseHandle (hObject=0x258) returned 1 [0047.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.456] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29 [0047.456] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.456] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.456] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x29, lpOverlapped=0x0) returned 1 [0047.457] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffd7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.457] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x29, lpOverlapped=0x0) returned 1 [0047.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.457] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.457] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.457] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.457] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.457] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.457] CloseHandle (hObject=0x258) returned 1 [0047.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.457] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.lolkek") returned 131 [0047.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001.lolkek")) returned 1 [0047.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde5f8 | out: hHeap=0x5a0000) returned 1 [0047.458] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.458] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.458] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", dwFileAttributes=0x80) returned 1 [0047.464] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.464] CloseHandle (hObject=0x258) returned 1 [0047.464] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.464] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x156 [0047.464] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.464] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.465] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.465] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.465] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x156, lpOverlapped=0x0) returned 1 [0047.465] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeaa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.465] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x156, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x156, lpOverlapped=0x0) returned 1 [0047.465] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.465] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.465] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.465] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.465] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.466] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.466] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.466] CloseHandle (hObject=0x258) returned 1 [0047.466] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.466] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.lolkek") returned 113 [0047.466] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log.lolkek")) returned 1 [0047.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde7f8 | out: hHeap=0x5a0000) returned 1 [0047.466] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.466] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.466] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT", dwFileAttributes=0x80) returned 1 [0047.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.467] CloseHandle (hObject=0x258) returned 1 [0047.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.467] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0047.467] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.467] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.467] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x10, lpOverlapped=0x0) returned 1 [0047.468] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.468] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x10, lpOverlapped=0x0) returned 1 [0047.468] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.468] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.468] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.468] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.468] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.468] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.468] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.468] CloseHandle (hObject=0x258) returned 1 [0047.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.468] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.lolkek") returned 110 [0047.468] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current.lolkek")) returned 1 [0047.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde9b0 | out: hHeap=0x5a0000) returned 1 [0047.469] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.469] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.469] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK", dwFileAttributes=0x80) returned 1 [0047.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.476] CloseHandle (hObject=0x258) returned 1 [0047.476] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.476] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0047.476] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.477] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.477] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.477] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0047.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.477] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.477] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.477] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.477] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.477] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.478] CloseHandle (hObject=0x258) returned 1 [0047.478] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.478] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK.lolkek") returned 107 [0047.478] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock.lolkek")) returned 1 [0047.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddeb58 | out: hHeap=0x5a0000) returned 1 [0047.478] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.478] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG", dwFileAttributes=0x80) returned 1 [0047.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.486] CloseHandle (hObject=0x258) returned 1 [0047.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.487] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9a [0047.487] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.487] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.487] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.487] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.488] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x9a, lpOverlapped=0x0) returned 1 [0047.488] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.488] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x9a, lpOverlapped=0x0) returned 1 [0047.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.488] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.488] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.488] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.488] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.488] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.488] CloseHandle (hObject=0x258) returned 1 [0047.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.488] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.lolkek") returned 106 [0047.488] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log.lolkek")) returned 1 [0047.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634958 | out: hHeap=0x5a0000) returned 1 [0047.489] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.489] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.489] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001", dwFileAttributes=0x80) returned 1 [0047.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.490] CloseHandle (hObject=0x258) returned 1 [0047.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.490] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29 [0047.490] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.490] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.490] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x29, lpOverlapped=0x0) returned 1 [0047.491] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffd7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.491] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x29, lpOverlapped=0x0) returned 1 [0047.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.491] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.491] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.491] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.491] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.491] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.491] CloseHandle (hObject=0x258) returned 1 [0047.491] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.491] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.lolkek") returned 118 [0047.491] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001.lolkek")) returned 1 [0047.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634af0 | out: hHeap=0x5a0000) returned 1 [0047.492] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.492] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.492] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", dwFileAttributes=0x80) returned 1 [0047.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.492] CloseHandle (hObject=0x258) returned 1 [0047.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.493] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4ad [0047.493] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.493] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.501] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.501] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.501] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x4ad, lpOverlapped=0x0) returned 1 [0047.501] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffb53, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.501] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x4ad, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4ad, lpOverlapped=0x0) returned 1 [0047.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.501] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.501] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.501] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.502] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.502] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.502] CloseHandle (hObject=0x258) returned 1 [0047.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.502] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.lolkek") returned 113 [0047.502] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log.lolkek")) returned 1 [0047.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634cb8 | out: hHeap=0x5a0000) returned 1 [0047.502] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.502] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.502] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT", dwFileAttributes=0x80) returned 1 [0047.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.503] CloseHandle (hObject=0x258) returned 1 [0047.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.503] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0047.503] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.503] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.503] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x10, lpOverlapped=0x0) returned 1 [0047.504] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.504] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x10, lpOverlapped=0x0) returned 1 [0047.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.504] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.504] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.504] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.504] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.504] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.504] CloseHandle (hObject=0x258) returned 1 [0047.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.505] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.lolkek") returned 110 [0047.505] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current.lolkek")) returned 1 [0047.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634e70 | out: hHeap=0x5a0000) returned 1 [0047.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.505] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.505] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK", dwFileAttributes=0x80) returned 1 [0047.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.506] CloseHandle (hObject=0x258) returned 1 [0047.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.506] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0047.506] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.506] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.506] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0047.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.506] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.506] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.507] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.507] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.507] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.507] CloseHandle (hObject=0x258) returned 1 [0047.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.507] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK.lolkek") returned 107 [0047.507] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock.lolkek")) returned 1 [0047.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635018 | out: hHeap=0x5a0000) returned 1 [0047.508] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.508] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.508] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG", dwFileAttributes=0x80) returned 1 [0047.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.508] CloseHandle (hObject=0x258) returned 1 [0047.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.508] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9a [0047.509] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.509] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.509] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.509] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.509] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x9a, lpOverlapped=0x0) returned 1 [0047.509] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.509] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x9a, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x9a, lpOverlapped=0x0) returned 1 [0047.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.509] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.510] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.510] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.510] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.510] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.510] CloseHandle (hObject=0x258) returned 1 [0047.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.510] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.lolkek") returned 106 [0047.510] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log.lolkek")) returned 1 [0047.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6351b8 | out: hHeap=0x5a0000) returned 1 [0047.510] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.511] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.511] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001", dwFileAttributes=0x80) returned 1 [0047.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.511] CloseHandle (hObject=0x258) returned 1 [0047.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.511] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29 [0047.511] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.511] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.511] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x2c7dffc*=0x29, lpOverlapped=0x0) returned 1 [0047.512] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffd7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.512] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x2c7fa40*=0x29, lpOverlapped=0x0) returned 1 [0047.512] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.512] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.512] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.512] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.512] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.512] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.512] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.513] CloseHandle (hObject=0x258) returned 1 [0047.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.513] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.lolkek") returned 118 [0047.513] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001.lolkek")) returned 1 [0047.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635350 | out: hHeap=0x5a0000) returned 1 [0047.513] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.513] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.513] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", dwFileAttributes=0x80) returned 1 [0047.513] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.514] CloseHandle (hObject=0x258) returned 1 [0047.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.514] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2c [0047.514] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.514] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.522] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.522] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.522] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.522] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.522] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd2c, lpOverlapped=0x0) returned 1 [0047.522] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffff2d4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.522] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd2c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd2c, lpOverlapped=0x0) returned 1 [0047.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.522] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.522] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.522] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.522] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.523] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.523] CloseHandle (hObject=0x258) returned 1 [0047.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.523] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.lolkek") returned 149 [0047.523] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.lolkek")) returned 1 [0047.529] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.529] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635518 | out: hHeap=0x5a0000) returned 1 [0047.529] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.529] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.529] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", dwFileAttributes=0x80) returned 1 [0047.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.530] CloseHandle (hObject=0x258) returned 1 [0047.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.530] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0047.530] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.530] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.530] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.530] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.531] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xa0, lpOverlapped=0x0) returned 1 [0047.531] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.531] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xa0, lpOverlapped=0x0) returned 1 [0047.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.531] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.531] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.531] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.531] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.531] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.531] CloseHandle (hObject=0x258) returned 1 [0047.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.531] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.lolkek") returned 148 [0047.531] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.lolkek")) returned 1 [0047.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68d408 | out: hHeap=0x5a0000) returned 1 [0047.532] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.532] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.532] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", dwFileAttributes=0x80) returned 1 [0047.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.532] CloseHandle (hObject=0x258) returned 1 [0047.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.533] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5c [0047.533] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.533] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.533] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.533] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.533] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x5c, lpOverlapped=0x0) returned 1 [0047.533] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffa4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.533] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x5c, lpOverlapped=0x0) returned 1 [0047.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.534] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.534] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.534] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.534] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.534] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.534] CloseHandle (hObject=0x258) returned 1 [0047.534] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.534] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.lolkek") returned 146 [0047.534] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.lolkek")) returned 1 [0047.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613198 | out: hHeap=0x5a0000) returned 1 [0047.535] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.535] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.535] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", dwFileAttributes=0x80) returned 1 [0047.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.535] CloseHandle (hObject=0x258) returned 1 [0047.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.535] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5f [0047.536] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.536] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.536] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.536] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.536] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x5f, lpOverlapped=0x0) returned 1 [0047.536] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffa1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.536] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x5f, lpOverlapped=0x0) returned 1 [0047.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.537] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.537] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.537] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.537] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.537] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.537] CloseHandle (hObject=0x258) returned 1 [0047.537] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.537] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.lolkek") returned 144 [0047.537] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.lolkek")) returned 1 [0047.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68d648 | out: hHeap=0x5a0000) returned 1 [0047.538] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.538] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.538] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0047.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.538] CloseHandle (hObject=0x258) returned 1 [0047.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.538] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d5 [0047.538] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.538] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.547] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.547] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.547] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.547] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.547] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2d5, lpOverlapped=0x0) returned 1 [0047.547] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffd2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.547] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2d5, lpOverlapped=0x0) returned 1 [0047.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.547] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.547] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.548] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.548] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.548] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.548] CloseHandle (hObject=0x258) returned 1 [0047.548] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.548] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.lolkek") returned 150 [0047.548] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.lolkek")) returned 1 [0047.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68d878 | out: hHeap=0x5a0000) returned 1 [0047.549] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.549] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.549] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0047.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.549] CloseHandle (hObject=0x258) returned 1 [0047.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.550] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x101 [0047.550] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.550] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.550] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.550] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.550] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x101, lpOverlapped=0x0) returned 1 [0047.550] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.551] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x101, lpOverlapped=0x0) returned 1 [0047.551] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.551] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.551] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.551] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.551] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.551] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.551] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.551] CloseHandle (hObject=0x258) returned 1 [0047.551] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.551] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.lolkek") returned 162 [0047.551] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0047.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68dac0 | out: hHeap=0x5a0000) returned 1 [0047.552] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.552] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.552] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0047.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.553] CloseHandle (hObject=0x258) returned 1 [0047.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.553] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x110 [0047.553] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.553] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.553] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.553] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.554] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x110, lpOverlapped=0x0) returned 1 [0047.554] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffef0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.554] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x110, lpOverlapped=0x0) returned 1 [0047.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.554] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.554] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.554] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.554] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.554] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.554] CloseHandle (hObject=0x258) returned 1 [0047.554] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.554] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.lolkek") returned 162 [0047.554] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0047.555] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.555] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68dd38 | out: hHeap=0x5a0000) returned 1 [0047.555] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.555] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.555] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0047.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.556] CloseHandle (hObject=0x258) returned 1 [0047.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.556] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0047.556] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.556] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.556] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.557] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.557] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe0, lpOverlapped=0x0) returned 1 [0047.557] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.557] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe0, lpOverlapped=0x0) returned 1 [0047.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.557] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.557] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.557] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.557] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.557] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.557] CloseHandle (hObject=0x258) returned 1 [0047.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.557] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.lolkek") returned 162 [0047.557] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0047.558] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.558] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68dfb0 | out: hHeap=0x5a0000) returned 1 [0047.558] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.558] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.558] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0047.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.559] CloseHandle (hObject=0x258) returned 1 [0047.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.559] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0047.559] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.559] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.560] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.560] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.560] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe0, lpOverlapped=0x0) returned 1 [0047.560] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.560] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe0, lpOverlapped=0x0) returned 1 [0047.560] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.560] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.560] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.560] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.560] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.560] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.560] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.560] CloseHandle (hObject=0x258) returned 1 [0047.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.560] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.lolkek") returned 162 [0047.561] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0047.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x668b28 | out: hHeap=0x5a0000) returned 1 [0047.561] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.561] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.561] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0047.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.562] CloseHandle (hObject=0x258) returned 1 [0047.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.562] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0047.562] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.562] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.563] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.563] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.563] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe0, lpOverlapped=0x0) returned 1 [0047.563] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.563] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe0, lpOverlapped=0x0) returned 1 [0047.563] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.563] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.563] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.563] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.563] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.563] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.563] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.563] CloseHandle (hObject=0x258) returned 1 [0047.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.563] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.lolkek") returned 162 [0047.563] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0047.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x668da0 | out: hHeap=0x5a0000) returned 1 [0047.564] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.564] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.564] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0047.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.565] CloseHandle (hObject=0x258) returned 1 [0047.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.565] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xea [0047.565] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.565] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.566] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.566] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.566] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xea, lpOverlapped=0x0) returned 1 [0047.566] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff16, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.566] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xea, lpOverlapped=0x0) returned 1 [0047.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.566] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.566] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.566] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.566] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.566] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.566] CloseHandle (hObject=0x258) returned 1 [0047.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.566] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.lolkek") returned 162 [0047.566] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0047.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669018 | out: hHeap=0x5a0000) returned 1 [0047.567] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.567] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.567] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0047.567] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.568] CloseHandle (hObject=0x258) returned 1 [0047.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.568] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x112 [0047.568] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.568] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.569] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.569] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.569] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x112, lpOverlapped=0x0) returned 1 [0047.569] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeee, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.569] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x112, lpOverlapped=0x0) returned 1 [0047.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.569] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.569] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.569] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.569] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.569] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.569] CloseHandle (hObject=0x258) returned 1 [0047.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.570] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.lolkek") returned 162 [0047.570] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0047.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669290 | out: hHeap=0x5a0000) returned 1 [0047.570] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.570] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.570] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json", dwFileAttributes=0x80) returned 1 [0047.570] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.571] CloseHandle (hObject=0x258) returned 1 [0047.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.571] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6 [0047.571] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.571] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.572] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.572] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.572] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd6, lpOverlapped=0x0) returned 1 [0047.572] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff2a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.572] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd6, lpOverlapped=0x0) returned 1 [0047.572] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.572] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.572] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.572] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.572] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.572] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.572] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.572] CloseHandle (hObject=0x258) returned 1 [0047.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.573] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.lolkek") returned 165 [0047.573] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json.lolkek")) returned 1 [0047.573] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.573] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669508 | out: hHeap=0x5a0000) returned 1 [0047.573] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.573] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.573] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json", dwFileAttributes=0x80) returned 1 [0047.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.574] CloseHandle (hObject=0x258) returned 1 [0047.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.574] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd7 [0047.574] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.574] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.575] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.575] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.575] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd7, lpOverlapped=0x0) returned 1 [0047.575] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.575] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd7, lpOverlapped=0x0) returned 1 [0047.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.575] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.575] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.575] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.575] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.575] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.575] CloseHandle (hObject=0x258) returned 1 [0047.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.576] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.lolkek") returned 165 [0047.576] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json.lolkek")) returned 1 [0047.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5768 | out: hHeap=0x5a0000) returned 1 [0047.577] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.577] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.577] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0047.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.578] CloseHandle (hObject=0x258) returned 1 [0047.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.578] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdf [0047.578] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.578] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.579] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.579] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.579] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.579] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.579] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdf, lpOverlapped=0x0) returned 1 [0047.579] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff21, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.579] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdf, lpOverlapped=0x0) returned 1 [0047.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.579] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.579] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.579] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.579] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.579] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.580] CloseHandle (hObject=0x258) returned 1 [0047.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.580] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.lolkek") returned 162 [0047.580] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0047.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669790 | out: hHeap=0x5a0000) returned 1 [0047.580] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.580] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.580] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json", dwFileAttributes=0x80) returned 1 [0047.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.581] CloseHandle (hObject=0x258) returned 1 [0047.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.588] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0047.588] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.588] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.589] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.589] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.589] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdd, lpOverlapped=0x0) returned 1 [0047.589] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.589] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdd, lpOverlapped=0x0) returned 1 [0047.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.589] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.589] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.589] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.589] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.589] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.589] CloseHandle (hObject=0x258) returned 1 [0047.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.589] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.lolkek") returned 166 [0047.590] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.lolkek")) returned 1 [0047.590] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.590] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca59f0 | out: hHeap=0x5a0000) returned 1 [0047.590] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.590] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.590] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json", dwFileAttributes=0x80) returned 1 [0047.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.591] CloseHandle (hObject=0x258) returned 1 [0047.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.591] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6 [0047.591] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.591] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.592] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.592] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.592] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd6, lpOverlapped=0x0) returned 1 [0047.592] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff2a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.592] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd6, lpOverlapped=0x0) returned 1 [0047.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.592] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.592] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.592] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.592] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.592] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.592] CloseHandle (hObject=0x258) returned 1 [0047.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.593] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.lolkek") returned 162 [0047.593] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.lolkek")) returned 1 [0047.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6310 | out: hHeap=0x5a0000) returned 1 [0047.593] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.593] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.593] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0047.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.594] CloseHandle (hObject=0x258) returned 1 [0047.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.594] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd9 [0047.594] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.594] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.595] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.595] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.595] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd9, lpOverlapped=0x0) returned 1 [0047.595] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff27, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.595] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd9, lpOverlapped=0x0) returned 1 [0047.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.595] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.595] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.595] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.595] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.595] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.596] CloseHandle (hObject=0x258) returned 1 [0047.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.596] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.lolkek") returned 162 [0047.596] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0047.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x632310 | out: hHeap=0x5a0000) returned 1 [0047.596] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.596] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.596] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0047.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.597] CloseHandle (hObject=0x258) returned 1 [0047.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.597] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0047.597] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.597] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.598] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.598] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.598] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe0, lpOverlapped=0x0) returned 1 [0047.598] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.598] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe0, lpOverlapped=0x0) returned 1 [0047.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.598] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.598] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.598] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.598] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.599] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.599] CloseHandle (hObject=0x258) returned 1 [0047.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.599] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.lolkek") returned 163 [0047.599] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0047.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x631ed0 | out: hHeap=0x5a0000) returned 1 [0047.599] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.599] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.599] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0047.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.600] CloseHandle (hObject=0x258) returned 1 [0047.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.600] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xde [0047.600] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.600] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.601] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.601] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.601] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.601] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.601] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xde, lpOverlapped=0x0) returned 1 [0047.601] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff22, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.601] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xde, lpOverlapped=0x0) returned 1 [0047.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.601] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.601] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.601] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.602] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.602] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.602] CloseHandle (hObject=0x258) returned 1 [0047.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.602] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.lolkek") returned 162 [0047.602] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0047.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5c78 | out: hHeap=0x5a0000) returned 1 [0047.602] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.602] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.602] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json", dwFileAttributes=0x80) returned 1 [0047.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.603] CloseHandle (hObject=0x258) returned 1 [0047.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.603] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe1 [0047.603] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.603] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.604] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.604] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.604] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe1, lpOverlapped=0x0) returned 1 [0047.604] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff1f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.604] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe1, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe1, lpOverlapped=0x0) returned 1 [0047.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.604] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.604] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.604] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.604] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.605] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.605] CloseHandle (hObject=0x258) returned 1 [0047.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.605] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.lolkek") returned 162 [0047.605] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.lolkek")) returned 1 [0047.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5ef0 | out: hHeap=0x5a0000) returned 1 [0047.605] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.605] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.605] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0047.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.606] CloseHandle (hObject=0x258) returned 1 [0047.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.606] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x123 [0047.606] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.606] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.607] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.607] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.607] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x123, lpOverlapped=0x0) returned 1 [0047.607] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffedd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.607] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x123, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x123, lpOverlapped=0x0) returned 1 [0047.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.607] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.607] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.607] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.607] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.607] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.608] CloseHandle (hObject=0x258) returned 1 [0047.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.608] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.lolkek") returned 162 [0047.608] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0047.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x632588 | out: hHeap=0x5a0000) returned 1 [0047.608] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.608] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.608] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0047.609] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.609] CloseHandle (hObject=0x258) returned 1 [0047.609] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.609] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe6 [0047.609] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.609] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.610] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.610] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.610] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe6, lpOverlapped=0x0) returned 1 [0047.610] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.610] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe6, lpOverlapped=0x0) returned 1 [0047.610] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.610] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.610] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.610] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.610] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.610] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.610] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.611] CloseHandle (hObject=0x258) returned 1 [0047.611] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.611] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.lolkek") returned 162 [0047.611] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0047.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618c88 | out: hHeap=0x5a0000) returned 1 [0047.611] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.611] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.611] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0047.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.612] CloseHandle (hObject=0x258) returned 1 [0047.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.612] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd0 [0047.612] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.613] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.613] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.613] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.613] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd0, lpOverlapped=0x0) returned 1 [0047.613] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff30, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.613] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd0, lpOverlapped=0x0) returned 1 [0047.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.613] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.613] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.614] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.614] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.614] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.614] CloseHandle (hObject=0x258) returned 1 [0047.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.614] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.lolkek") returned 162 [0047.614] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0047.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x632800 | out: hHeap=0x5a0000) returned 1 [0047.615] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.615] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.615] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0047.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.615] CloseHandle (hObject=0x258) returned 1 [0047.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.615] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0047.616] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.616] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.616] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.616] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.616] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdd, lpOverlapped=0x0) returned 1 [0047.616] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.616] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdd, lpOverlapped=0x0) returned 1 [0047.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.616] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.617] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.617] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.617] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.617] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.617] CloseHandle (hObject=0x258) returned 1 [0047.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.617] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.lolkek") returned 162 [0047.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0047.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x632a78 | out: hHeap=0x5a0000) returned 1 [0047.618] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.618] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.618] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0047.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.618] CloseHandle (hObject=0x258) returned 1 [0047.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.618] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xec [0047.618] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.619] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.619] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.619] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.619] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xec, lpOverlapped=0x0) returned 1 [0047.619] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff14, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.619] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xec, lpOverlapped=0x0) returned 1 [0047.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.620] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.620] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.620] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.620] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.620] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.620] CloseHandle (hObject=0x258) returned 1 [0047.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.620] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.lolkek") returned 162 [0047.620] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0047.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697d88 | out: hHeap=0x5a0000) returned 1 [0047.621] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.621] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.621] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0047.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.621] CloseHandle (hObject=0x258) returned 1 [0047.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.621] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe6 [0047.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.622] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.622] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.622] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe6, lpOverlapped=0x0) returned 1 [0047.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.622] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe6, lpOverlapped=0x0) returned 1 [0047.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.623] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.623] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.623] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.623] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.623] CloseHandle (hObject=0x258) returned 1 [0047.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.623] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.lolkek") returned 162 [0047.623] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0047.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eef0 | out: hHeap=0x5a0000) returned 1 [0047.625] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.625] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.625] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0047.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.626] CloseHandle (hObject=0x258) returned 1 [0047.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.626] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe4 [0047.626] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.626] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.627] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.627] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.627] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.627] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.627] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe4, lpOverlapped=0x0) returned 1 [0047.627] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff1c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.627] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe4, lpOverlapped=0x0) returned 1 [0047.627] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.627] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.627] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.627] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.627] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.627] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.627] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.627] CloseHandle (hObject=0x258) returned 1 [0047.627] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.627] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.lolkek") returned 162 [0047.628] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0047.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f178 | out: hHeap=0x5a0000) returned 1 [0047.634] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.635] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.635] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0047.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.635] CloseHandle (hObject=0x258) returned 1 [0047.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.635] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe9 [0047.635] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.635] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.636] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.636] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.636] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe9, lpOverlapped=0x0) returned 1 [0047.636] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff17, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.636] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe9, lpOverlapped=0x0) returned 1 [0047.636] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.636] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.636] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.636] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.636] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.637] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.637] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.637] CloseHandle (hObject=0x258) returned 1 [0047.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.637] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.lolkek") returned 162 [0047.637] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0047.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f400 | out: hHeap=0x5a0000) returned 1 [0047.637] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.638] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.638] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json", dwFileAttributes=0x80) returned 1 [0047.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.638] CloseHandle (hObject=0x258) returned 1 [0047.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.638] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2 [0047.638] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.638] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.639] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.639] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.639] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd2, lpOverlapped=0x0) returned 1 [0047.639] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff2e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.639] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd2, lpOverlapped=0x0) returned 1 [0047.639] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.639] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.639] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.639] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.639] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.640] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.640] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.640] CloseHandle (hObject=0x258) returned 1 [0047.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.640] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.lolkek") returned 162 [0047.640] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.lolkek")) returned 1 [0047.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f688 | out: hHeap=0x5a0000) returned 1 [0047.640] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.640] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.640] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0047.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.641] CloseHandle (hObject=0x258) returned 1 [0047.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.641] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0047.641] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.642] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.642] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.643] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.643] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdd, lpOverlapped=0x0) returned 1 [0047.643] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.643] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdd, lpOverlapped=0x0) returned 1 [0047.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.643] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.643] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.643] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.643] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.643] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.644] CloseHandle (hObject=0x258) returned 1 [0047.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.644] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.lolkek") returned 162 [0047.644] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0047.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f910 | out: hHeap=0x5a0000) returned 1 [0047.644] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.645] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.645] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json", dwFileAttributes=0x80) returned 1 [0047.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.645] CloseHandle (hObject=0x258) returned 1 [0047.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.645] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcb [0047.645] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.645] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.646] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.646] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.646] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xcb, lpOverlapped=0x0) returned 1 [0047.646] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff35, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.646] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcb, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xcb, lpOverlapped=0x0) returned 1 [0047.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.646] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.646] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.646] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.647] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.647] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.647] CloseHandle (hObject=0x258) returned 1 [0047.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.647] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.lolkek") returned 162 [0047.647] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.lolkek")) returned 1 [0047.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60fb98 | out: hHeap=0x5a0000) returned 1 [0047.647] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.647] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.647] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0047.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.648] CloseHandle (hObject=0x258) returned 1 [0047.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.648] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd9 [0047.648] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.648] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.649] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.649] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.649] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd9, lpOverlapped=0x0) returned 1 [0047.649] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff27, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.649] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd9, lpOverlapped=0x0) returned 1 [0047.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.649] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.649] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.649] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.649] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.649] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.650] CloseHandle (hObject=0x258) returned 1 [0047.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.650] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.lolkek") returned 162 [0047.650] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0047.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60fe20 | out: hHeap=0x5a0000) returned 1 [0047.650] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.650] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.650] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0047.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.651] CloseHandle (hObject=0x258) returned 1 [0047.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.651] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xde [0047.651] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.651] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.652] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.652] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.652] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xde, lpOverlapped=0x0) returned 1 [0047.652] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff22, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.652] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xde, lpOverlapped=0x0) returned 1 [0047.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.652] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.652] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.652] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.652] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.652] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.652] CloseHandle (hObject=0x258) returned 1 [0047.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.652] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.lolkek") returned 165 [0047.652] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0047.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c030 | out: hHeap=0x5a0000) returned 1 [0047.653] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.653] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.653] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0047.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.653] CloseHandle (hObject=0x258) returned 1 [0047.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.654] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0047.654] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.654] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.654] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.654] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.654] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe0, lpOverlapped=0x0) returned 1 [0047.654] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.654] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe0, lpOverlapped=0x0) returned 1 [0047.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.654] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.655] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.655] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.655] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.655] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.655] CloseHandle (hObject=0x258) returned 1 [0047.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.655] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.lolkek") returned 165 [0047.655] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0047.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698a98 | out: hHeap=0x5a0000) returned 1 [0047.656] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.656] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.656] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0047.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.656] CloseHandle (hObject=0x258) returned 1 [0047.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.656] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xde [0047.656] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.656] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.657] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.657] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.657] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xde, lpOverlapped=0x0) returned 1 [0047.657] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff22, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.657] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xde, lpOverlapped=0x0) returned 1 [0047.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.657] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.657] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.657] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.658] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.658] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.658] CloseHandle (hObject=0x258) returned 1 [0047.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.658] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.lolkek") returned 162 [0047.658] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0047.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6100a8 | out: hHeap=0x5a0000) returned 1 [0047.658] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.658] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.658] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0047.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.659] CloseHandle (hObject=0x258) returned 1 [0047.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.659] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x110 [0047.659] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.659] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.660] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.660] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.660] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x110, lpOverlapped=0x0) returned 1 [0047.660] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffef0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.660] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x110, lpOverlapped=0x0) returned 1 [0047.660] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.660] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.660] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.660] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.660] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.660] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.660] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.660] CloseHandle (hObject=0x258) returned 1 [0047.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.661] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.lolkek") returned 162 [0047.661] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0047.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610330 | out: hHeap=0x5a0000) returned 1 [0047.661] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.661] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.661] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0047.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.662] CloseHandle (hObject=0x258) returned 1 [0047.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.662] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe3 [0047.662] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.662] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.662] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.662] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.662] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe3, lpOverlapped=0x0) returned 1 [0047.662] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff1d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.663] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe3, lpOverlapped=0x0) returned 1 [0047.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.663] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.663] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.663] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.663] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.663] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.663] CloseHandle (hObject=0x258) returned 1 [0047.663] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.663] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.lolkek") returned 162 [0047.663] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0047.664] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.664] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6105b8 | out: hHeap=0x5a0000) returned 1 [0047.664] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.664] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.664] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0047.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.664] CloseHandle (hObject=0x258) returned 1 [0047.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.664] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdf [0047.664] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.664] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.665] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.665] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.665] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdf, lpOverlapped=0x0) returned 1 [0047.665] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff21, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.665] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdf, lpOverlapped=0x0) returned 1 [0047.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.665] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.666] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.666] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.666] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.666] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.666] CloseHandle (hObject=0x258) returned 1 [0047.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.666] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.lolkek") returned 162 [0047.666] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0047.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610840 | out: hHeap=0x5a0000) returned 1 [0047.666] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.667] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.667] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0047.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.667] CloseHandle (hObject=0x258) returned 1 [0047.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.667] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0047.667] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.667] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.668] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.668] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.668] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x104, lpOverlapped=0x0) returned 1 [0047.668] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.668] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x104, lpOverlapped=0x0) returned 1 [0047.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.668] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.668] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.668] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.668] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.668] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.669] CloseHandle (hObject=0x258) returned 1 [0047.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.669] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.lolkek") returned 162 [0047.669] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0047.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610ac8 | out: hHeap=0x5a0000) returned 1 [0047.669] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.669] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.669] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0047.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.670] CloseHandle (hObject=0x258) returned 1 [0047.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.670] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe2 [0047.670] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.670] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.671] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.671] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.671] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe2, lpOverlapped=0x0) returned 1 [0047.671] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.671] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe2, lpOverlapped=0x0) returned 1 [0047.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.671] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.671] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.671] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.671] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.671] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.671] CloseHandle (hObject=0x258) returned 1 [0047.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.671] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.lolkek") returned 162 [0047.671] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0047.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3668 | out: hHeap=0x5a0000) returned 1 [0047.672] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.672] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.672] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0047.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.672] CloseHandle (hObject=0x258) returned 1 [0047.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.673] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0047.673] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.673] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.673] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.673] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.673] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.673] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.673] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x104, lpOverlapped=0x0) returned 1 [0047.673] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.673] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x104, lpOverlapped=0x0) returned 1 [0047.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.674] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.674] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.674] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.674] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.674] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.674] CloseHandle (hObject=0x258) returned 1 [0047.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.674] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.lolkek") returned 162 [0047.674] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0047.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb38f0 | out: hHeap=0x5a0000) returned 1 [0047.699] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.699] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.699] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", dwFileAttributes=0x80) returned 1 [0047.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.700] CloseHandle (hObject=0x258) returned 1 [0047.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.700] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc8d [0047.700] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.700] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.709] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0047.709] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.709] ReadFile (in: hFile=0x258, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0xc8d, lpOverlapped=0x0) returned 1 [0047.709] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffff373, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.709] WriteFile (in: hFile=0x258, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0xc8d, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0xc8d, lpOverlapped=0x0) returned 1 [0047.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.709] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.709] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.709] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.709] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.709] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.710] CloseHandle (hObject=0x258) returned 1 [0047.710] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.710] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.lolkek") returned 149 [0047.710] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.lolkek")) returned 1 [0047.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fc60 | out: hHeap=0x5a0000) returned 1 [0047.710] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.710] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.710] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", dwFileAttributes=0x80) returned 1 [0047.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.711] CloseHandle (hObject=0x258) returned 1 [0047.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.711] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8f [0047.711] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.711] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.712] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0047.712] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.712] ReadFile (in: hFile=0x258, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x8f, lpOverlapped=0x0) returned 1 [0047.712] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff71, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.712] WriteFile (in: hFile=0x258, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x8f, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x8f, lpOverlapped=0x0) returned 1 [0047.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.712] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.712] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.712] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.712] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.712] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.713] CloseHandle (hObject=0x258) returned 1 [0047.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.713] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.lolkek") returned 148 [0047.713] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.lolkek")) returned 1 [0047.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf2b58 | out: hHeap=0x5a0000) returned 1 [0047.713] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.713] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.713] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", dwFileAttributes=0x80) returned 1 [0047.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.714] CloseHandle (hObject=0x258) returned 1 [0047.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.714] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5c [0047.714] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0047.714] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.714] ReadFile (in: hFile=0x258, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x5c, lpOverlapped=0x0) returned 1 [0047.715] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffa4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.715] WriteFile (in: hFile=0x258, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x5c, lpOverlapped=0x0) returned 1 [0047.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.715] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.715] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.715] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.715] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.715] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.715] CloseHandle (hObject=0x258) returned 1 [0047.715] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.715] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.lolkek") returned 146 [0047.715] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.lolkek")) returned 1 [0047.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf6b8 | out: hHeap=0x5a0000) returned 1 [0047.717] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.717] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.717] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", dwFileAttributes=0x80) returned 1 [0047.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.718] CloseHandle (hObject=0x258) returned 1 [0047.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.718] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5b [0047.718] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0047.718] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.718] ReadFile (in: hFile=0x258, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x5b, lpOverlapped=0x0) returned 1 [0047.719] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffa5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.719] WriteFile (in: hFile=0x258, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x5b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x5b, lpOverlapped=0x0) returned 1 [0047.719] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.719] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.719] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.719] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.719] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.719] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.719] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.719] CloseHandle (hObject=0x258) returned 1 [0047.719] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.719] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.lolkek") returned 144 [0047.719] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.lolkek")) returned 1 [0047.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db0f88 | out: hHeap=0x5a0000) returned 1 [0047.720] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.720] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.720] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0047.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.720] CloseHandle (hObject=0x258) returned 1 [0047.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.720] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d5 [0047.721] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.721] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.769] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.769] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.770] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2d5, lpOverlapped=0x0) returned 1 [0047.770] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffd2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.770] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2d5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2d5, lpOverlapped=0x0) returned 1 [0047.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.771] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.771] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.772] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.773] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.773] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.773] CloseHandle (hObject=0x258) returned 1 [0047.775] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.775] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.lolkek") returned 150 [0047.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.lolkek")) returned 1 [0047.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db11b8 | out: hHeap=0x5a0000) returned 1 [0047.777] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.777] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.777] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0047.781] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.781] CloseHandle (hObject=0x2bc) returned 1 [0047.781] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.781] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd1 [0047.781] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.781] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.782] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.782] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.782] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.782] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.782] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd1, lpOverlapped=0x0) returned 1 [0047.782] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff2f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.782] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd1, lpOverlapped=0x0) returned 1 [0047.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.783] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.783] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.785] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.785] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.785] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.785] CloseHandle (hObject=0x2bc) returned 1 [0047.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.788] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.lolkek") returned 162 [0047.788] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0047.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6680 | out: hHeap=0x5a0000) returned 1 [0047.791] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.791] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.791] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0047.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.797] CloseHandle (hObject=0x258) returned 1 [0047.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.798] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0047.798] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.798] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.799] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.799] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.799] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.799] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.799] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdd, lpOverlapped=0x0) returned 1 [0047.799] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.799] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdd, lpOverlapped=0x0) returned 1 [0047.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.801] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.801] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.802] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.802] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.803] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.803] CloseHandle (hObject=0x258) returned 1 [0047.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.805] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.lolkek") returned 162 [0047.805] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0047.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6b90 | out: hHeap=0x5a0000) returned 1 [0047.808] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.808] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.808] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0047.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.811] CloseHandle (hObject=0x258) returned 1 [0047.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.811] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe4 [0047.811] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.811] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.812] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.812] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.812] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.812] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.812] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe4, lpOverlapped=0x0) returned 1 [0047.812] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff1c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.812] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe4, lpOverlapped=0x0) returned 1 [0047.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.814] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.815] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.818] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.818] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.818] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.818] CloseHandle (hObject=0x258) returned 1 [0047.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.821] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.lolkek") returned 162 [0047.821] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0047.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb70a0 | out: hHeap=0x5a0000) returned 1 [0047.823] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.824] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.824] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json", dwFileAttributes=0x80) returned 1 [0047.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0047.827] CloseHandle (hObject=0x270) returned 1 [0047.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0047.827] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcf [0047.827] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.827] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.828] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.828] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.828] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xcf, lpOverlapped=0x0) returned 1 [0047.828] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.828] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xcf, lpOverlapped=0x0) returned 1 [0047.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.829] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.829] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.829] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.830] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.830] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.830] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.830] CloseHandle (hObject=0x270) returned 1 [0047.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0047.831] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.lolkek") returned 162 [0047.831] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.lolkek")) returned 1 [0047.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0047.834] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7d00 | out: hHeap=0x5a0000) returned 1 [0047.834] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.834] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.834] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json", dwFileAttributes=0x80) returned 1 [0047.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.840] CloseHandle (hObject=0x2bc) returned 1 [0047.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.841] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc3 [0047.841] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.841] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.841] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.841] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.841] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xc3, lpOverlapped=0x0) returned 1 [0047.841] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff3d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.841] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xc3, lpOverlapped=0x0) returned 1 [0047.844] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.844] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.844] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.844] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.846] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.846] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.847] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.847] CloseHandle (hObject=0x2bc) returned 1 [0047.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.848] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.lolkek") returned 162 [0047.848] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.lolkek")) returned 1 [0047.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8210 | out: hHeap=0x5a0000) returned 1 [0047.851] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.851] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.851] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0047.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.855] CloseHandle (hObject=0x1ec) returned 1 [0047.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.855] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce [0047.855] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.855] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.856] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.856] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.856] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xce, lpOverlapped=0x0) returned 1 [0047.856] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff32, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.856] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xce, lpOverlapped=0x0) returned 1 [0047.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.857] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.857] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.859] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.859] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.859] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.859] CloseHandle (hObject=0x1ec) returned 1 [0047.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.865] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.lolkek") returned 165 [0047.865] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0047.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cfa0 | out: hHeap=0x5a0000) returned 1 [0047.867] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.867] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.867] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0047.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.871] CloseHandle (hObject=0x1ec) returned 1 [0047.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.871] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5 [0047.871] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.871] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.872] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.872] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.872] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.872] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.872] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd5, lpOverlapped=0x0) returned 1 [0047.872] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.872] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd5, lpOverlapped=0x0) returned 1 [0047.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.875] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.875] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.875] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.875] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.876] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.876] CloseHandle (hObject=0x1ec) returned 1 [0047.877] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.877] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.lolkek") returned 162 [0047.877] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0047.881] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.881] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8720 | out: hHeap=0x5a0000) returned 1 [0047.881] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.881] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.881] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0047.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.886] CloseHandle (hObject=0x25c) returned 1 [0047.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.886] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0047.886] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.886] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.887] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.887] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.887] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdd, lpOverlapped=0x0) returned 1 [0047.887] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.887] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdd, lpOverlapped=0x0) returned 1 [0047.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.888] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.888] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.889] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.889] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.889] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.889] CloseHandle (hObject=0x25c) returned 1 [0047.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.890] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.lolkek") returned 162 [0047.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0047.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8c30 | out: hHeap=0x5a0000) returned 1 [0047.893] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.893] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.893] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0047.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.897] CloseHandle (hObject=0x2bc) returned 1 [0047.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.898] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf8 [0047.898] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.898] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.898] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.898] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.898] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xf8, lpOverlapped=0x0) returned 1 [0047.898] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.899] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xf8, lpOverlapped=0x0) returned 1 [0047.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.900] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.900] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.900] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.901] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.901] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.901] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.901] CloseHandle (hObject=0x2bc) returned 1 [0047.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.904] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.lolkek") returned 162 [0047.904] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0047.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9140 | out: hHeap=0x5a0000) returned 1 [0047.907] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.907] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.907] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0047.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.913] CloseHandle (hObject=0x2bc) returned 1 [0047.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.913] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfe [0047.913] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.913] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.914] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.914] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.914] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xfe, lpOverlapped=0x0) returned 1 [0047.914] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.914] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xfe, lpOverlapped=0x0) returned 1 [0047.915] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.915] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.915] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.915] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.916] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.916] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.916] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.916] CloseHandle (hObject=0x2bc) returned 1 [0047.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.917] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.lolkek") returned 162 [0047.917] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0047.919] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.919] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9650 | out: hHeap=0x5a0000) returned 1 [0047.919] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.919] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.920] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0047.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.924] CloseHandle (hObject=0x2bc) returned 1 [0047.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.930] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x108 [0047.930] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.930] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.930] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.931] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.931] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.931] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.931] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x108, lpOverlapped=0x0) returned 1 [0047.931] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.931] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x108, lpOverlapped=0x0) returned 1 [0047.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.932] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.932] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.933] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.933] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.933] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.933] CloseHandle (hObject=0x2bc) returned 1 [0047.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.935] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.lolkek") returned 162 [0047.935] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0047.937] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.937] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9b60 | out: hHeap=0x5a0000) returned 1 [0047.937] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.937] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.937] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0047.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.941] CloseHandle (hObject=0x25c) returned 1 [0047.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.941] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce [0047.942] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.942] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.942] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.942] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.942] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.942] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.942] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xce, lpOverlapped=0x0) returned 1 [0047.942] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff32, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.942] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xce, lpOverlapped=0x0) returned 1 [0047.943] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.943] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.943] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.944] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.945] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.945] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.945] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.945] CloseHandle (hObject=0x25c) returned 1 [0047.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.946] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.lolkek") returned 165 [0047.946] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0047.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618490 | out: hHeap=0x5a0000) returned 1 [0047.948] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.948] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.948] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json", dwFileAttributes=0x80) returned 1 [0047.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.955] CloseHandle (hObject=0x1ec) returned 1 [0047.955] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.955] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x160 [0047.955] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.955] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0047.956] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0047.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.956] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.956] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x160, lpOverlapped=0x0) returned 1 [0047.956] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffea0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.956] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x160, lpOverlapped=0x0) returned 1 [0047.957] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.957] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.957] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.957] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0047.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0047.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0047.959] CloseHandle (hObject=0x1ec) returned 1 [0047.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.960] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.lolkek") returned 167 [0047.960] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.lolkek")) returned 1 [0048.000] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.000] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618718 | out: hHeap=0x5a0000) returned 1 [0048.000] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.001] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.001] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", dwFileAttributes=0x80) returned 1 [0048.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.001] CloseHandle (hObject=0x1ec) returned 1 [0048.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.001] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a33 [0048.001] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.001] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.011] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.011] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.011] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.011] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.011] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x1a33, lpOverlapped=0x0) returned 1 [0048.018] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffe5cd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.018] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1a33, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x1a33, lpOverlapped=0x0) returned 1 [0048.018] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.018] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.018] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.018] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.019] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.019] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.019] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.019] CloseHandle (hObject=0x1ec) returned 1 [0048.019] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.019] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.lolkek") returned 145 [0048.019] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.lolkek")) returned 1 [0048.019] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.019] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d1d8 | out: hHeap=0x5a0000) returned 1 [0048.020] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.020] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.020] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0048.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.020] CloseHandle (hObject=0x1ec) returned 1 [0048.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.020] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ec [0048.020] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.020] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.065] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.065] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.065] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x3ec, lpOverlapped=0x0) returned 1 [0048.065] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffc14, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x3ec, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x3ec, lpOverlapped=0x0) returned 1 [0048.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.065] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.066] CloseHandle (hObject=0x1ec) returned 1 [0048.066] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.066] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.lolkek") returned 151 [0048.066] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.lolkek")) returned 1 [0048.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d410 | out: hHeap=0x5a0000) returned 1 [0048.066] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.066] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.066] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.067] CloseHandle (hObject=0x1ec) returned 1 [0048.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.067] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf3 [0048.067] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.067] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.068] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.068] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.068] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0xf3, lpOverlapped=0x0) returned 1 [0048.068] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff0d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0xf3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0xf3, lpOverlapped=0x0) returned 1 [0048.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.068] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.068] CloseHandle (hObject=0x1ec) returned 1 [0048.069] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.069] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.lolkek") returned 163 [0048.069] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.lolkek")) returned 1 [0048.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb9d8 | out: hHeap=0x5a0000) returned 1 [0048.069] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.069] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.069] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.070] CloseHandle (hObject=0x1ec) returned 1 [0048.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.070] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x101 [0048.070] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.070] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.071] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.071] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.071] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.071] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.071] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x101, lpOverlapped=0x0) returned 1 [0048.071] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffeff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x101, lpOverlapped=0x0) returned 1 [0048.071] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.071] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.071] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.071] CloseHandle (hObject=0x1ec) returned 1 [0048.071] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.071] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.lolkek") returned 163 [0048.071] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0048.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd3cc8 | out: hHeap=0x5a0000) returned 1 [0048.072] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.072] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.072] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0048.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.073] CloseHandle (hObject=0x1ec) returned 1 [0048.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.073] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0048.073] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.073] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.074] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.074] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.074] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.074] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.074] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x104, lpOverlapped=0x0) returned 1 [0048.074] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x104, lpOverlapped=0x0) returned 1 [0048.074] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.074] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.074] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.074] CloseHandle (hObject=0x1ec) returned 1 [0048.075] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.075] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.lolkek") returned 164 [0048.075] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0048.075] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.075] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd3f48 | out: hHeap=0x5a0000) returned 1 [0048.075] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.075] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.075] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.076] CloseHandle (hObject=0x1ec) returned 1 [0048.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.076] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfc [0048.076] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.076] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.077] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.077] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.077] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0xfc, lpOverlapped=0x0) returned 1 [0048.077] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff04, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.077] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0xfc, lpOverlapped=0x0) returned 1 [0048.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.077] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.077] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.079] CloseHandle (hObject=0x1ec) returned 1 [0048.079] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.079] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.lolkek") returned 163 [0048.079] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0048.079] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd41c8 | out: hHeap=0x5a0000) returned 1 [0048.080] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.080] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.080] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json", dwFileAttributes=0x80) returned 1 [0048.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.080] CloseHandle (hObject=0x1ec) returned 1 [0048.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.081] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x116 [0048.081] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.081] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.081] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.081] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.081] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x116, lpOverlapped=0x0) returned 1 [0048.081] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffeea, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.081] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x116, lpOverlapped=0x0) returned 1 [0048.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.082] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.082] CloseHandle (hObject=0x1ec) returned 1 [0048.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.082] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.lolkek") returned 163 [0048.082] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.lolkek")) returned 1 [0048.088] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.088] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4448 | out: hHeap=0x5a0000) returned 1 [0048.088] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.089] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.089] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.089] CloseHandle (hObject=0x1ec) returned 1 [0048.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.090] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x159 [0048.090] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.090] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.090] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.090] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.090] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.090] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.090] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x159, lpOverlapped=0x0) returned 1 [0048.090] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffea7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.090] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x159, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x159, lpOverlapped=0x0) returned 1 [0048.091] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.091] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.091] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.091] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.091] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.091] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.091] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.091] CloseHandle (hObject=0x1ec) returned 1 [0048.091] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.091] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.lolkek") returned 163 [0048.091] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0048.092] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.092] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd46c8 | out: hHeap=0x5a0000) returned 1 [0048.092] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.092] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.092] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.092] CloseHandle (hObject=0x1ec) returned 1 [0048.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.093] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x107 [0048.093] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.093] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.093] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.093] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.093] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.093] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.093] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x107, lpOverlapped=0x0) returned 1 [0048.093] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffef9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.093] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x107, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x107, lpOverlapped=0x0) returned 1 [0048.094] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.094] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.094] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.094] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.094] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.094] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.094] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.094] CloseHandle (hObject=0x1ec) returned 1 [0048.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.094] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.lolkek") returned 163 [0048.094] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.lolkek")) returned 1 [0048.095] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.095] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba808 | out: hHeap=0x5a0000) returned 1 [0048.095] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.095] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.095] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.095] CloseHandle (hObject=0x1ec) returned 1 [0048.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.096] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x108 [0048.096] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.096] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.096] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.096] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.097] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x108, lpOverlapped=0x0) returned 1 [0048.097] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.097] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x108, lpOverlapped=0x0) returned 1 [0048.097] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.097] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.097] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.097] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.097] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.097] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.097] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.097] CloseHandle (hObject=0x1ec) returned 1 [0048.097] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.097] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.lolkek") returned 163 [0048.097] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0048.098] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.098] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebaa90 | out: hHeap=0x5a0000) returned 1 [0048.098] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.098] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.098] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0048.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.099] CloseHandle (hObject=0x1ec) returned 1 [0048.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.099] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x105 [0048.099] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.099] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.099] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.099] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.100] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.100] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x105, lpOverlapped=0x0) returned 1 [0048.100] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffefb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.100] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x105, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x105, lpOverlapped=0x0) returned 1 [0048.100] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.100] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.100] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.100] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.100] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.100] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.100] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.100] CloseHandle (hObject=0x1ec) returned 1 [0048.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.100] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.lolkek") returned 163 [0048.100] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0048.101] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.101] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebad18 | out: hHeap=0x5a0000) returned 1 [0048.101] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.101] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.101] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0048.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.102] CloseHandle (hObject=0x1ec) returned 1 [0048.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.102] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x102 [0048.102] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.102] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.103] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.103] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.103] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x102, lpOverlapped=0x0) returned 1 [0048.103] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffefe, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.103] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x102, lpOverlapped=0x0) returned 1 [0048.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.103] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.103] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.103] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.103] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.103] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.103] CloseHandle (hObject=0x1ec) returned 1 [0048.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.103] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.lolkek") returned 163 [0048.104] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0048.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebafa0 | out: hHeap=0x5a0000) returned 1 [0048.104] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.104] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.104] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0048.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.105] CloseHandle (hObject=0x1ec) returned 1 [0048.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.105] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x125 [0048.105] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.105] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.106] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.106] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.106] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x125, lpOverlapped=0x0) returned 1 [0048.106] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffedb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.106] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x125, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x125, lpOverlapped=0x0) returned 1 [0048.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.106] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.106] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.106] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.106] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.106] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.107] CloseHandle (hObject=0x1ec) returned 1 [0048.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.107] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.lolkek") returned 163 [0048.107] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0048.107] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.107] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb228 | out: hHeap=0x5a0000) returned 1 [0048.107] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.107] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.107] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0048.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.108] CloseHandle (hObject=0x1ec) returned 1 [0048.108] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.108] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x119 [0048.108] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.108] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.109] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.109] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.109] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x2c7dffc*=0x119, lpOverlapped=0x0) returned 1 [0048.109] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffee7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.109] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x2c7fa40*=0x119, lpOverlapped=0x0) returned 1 [0048.109] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.109] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.109] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.109] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.109] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.109] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.109] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.109] CloseHandle (hObject=0x1ec) returned 1 [0048.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.110] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.lolkek") returned 163 [0048.110] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0048.110] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.110] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb4b0 | out: hHeap=0x5a0000) returned 1 [0048.110] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.110] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.110] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0048.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.111] CloseHandle (hObject=0x1ec) returned 1 [0048.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.111] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11d [0048.111] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.111] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.158] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.158] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.158] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.158] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.158] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x11d, lpOverlapped=0x0) returned 1 [0048.159] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffee3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.159] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x11d, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x11d, lpOverlapped=0x0) returned 1 [0048.159] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.159] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.159] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.159] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.159] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.159] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.159] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.159] CloseHandle (hObject=0x1ec) returned 1 [0048.159] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.159] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.lolkek") returned 163 [0048.159] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0048.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb738 | out: hHeap=0x5a0000) returned 1 [0048.160] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.160] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.160] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.160] CloseHandle (hObject=0x1ec) returned 1 [0048.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.161] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10e [0048.161] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.161] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.161] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.161] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.161] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.161] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.161] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x10e, lpOverlapped=0x0) returned 1 [0048.161] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffef2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.161] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10e, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x10e, lpOverlapped=0x0) returned 1 [0048.162] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.162] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.162] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.162] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.162] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.162] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.162] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.162] CloseHandle (hObject=0x1ec) returned 1 [0048.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.162] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.lolkek") returned 163 [0048.162] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0048.163] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.163] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbf88 | out: hHeap=0x5a0000) returned 1 [0048.163] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.163] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.163] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.163] CloseHandle (hObject=0x1ec) returned 1 [0048.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.163] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x161 [0048.163] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.164] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.164] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.164] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.164] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x161, lpOverlapped=0x0) returned 1 [0048.164] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffe9f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.164] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x161, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x161, lpOverlapped=0x0) returned 1 [0048.164] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.164] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.164] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.164] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.165] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.165] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.165] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.165] CloseHandle (hObject=0x1ec) returned 1 [0048.165] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.165] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.lolkek") returned 163 [0048.165] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0048.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc210 | out: hHeap=0x5a0000) returned 1 [0048.165] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.166] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.166] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.166] CloseHandle (hObject=0x1ec) returned 1 [0048.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.166] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x117 [0048.166] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.166] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.167] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.167] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.167] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.167] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.167] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x117, lpOverlapped=0x0) returned 1 [0048.167] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffee9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.167] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x117, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x117, lpOverlapped=0x0) returned 1 [0048.169] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.169] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.169] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.169] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.169] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.169] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.169] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.169] CloseHandle (hObject=0x1ec) returned 1 [0048.169] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.169] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.lolkek") returned 163 [0048.169] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0048.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc498 | out: hHeap=0x5a0000) returned 1 [0048.170] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.170] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.170] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0048.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.170] CloseHandle (hObject=0x1ec) returned 1 [0048.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.170] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x111 [0048.170] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.170] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.171] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.171] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.171] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.171] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.171] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x111, lpOverlapped=0x0) returned 1 [0048.171] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffeef, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.171] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x111, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x111, lpOverlapped=0x0) returned 1 [0048.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.172] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.172] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.172] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.172] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.172] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.172] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.172] CloseHandle (hObject=0x1ec) returned 1 [0048.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.172] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.lolkek") returned 166 [0048.172] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0048.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc720 | out: hHeap=0x5a0000) returned 1 [0048.173] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.173] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.173] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0048.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.173] CloseHandle (hObject=0x1ec) returned 1 [0048.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.173] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10b [0048.173] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.173] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.174] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.174] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.174] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.174] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.174] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x10b, lpOverlapped=0x0) returned 1 [0048.174] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffef5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.174] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x10b, lpOverlapped=0x0) returned 1 [0048.174] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.174] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.174] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.174] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.175] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.175] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.175] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.175] CloseHandle (hObject=0x1ec) returned 1 [0048.175] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.175] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.lolkek") returned 166 [0048.175] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0048.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc9a8 | out: hHeap=0x5a0000) returned 1 [0048.176] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.176] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.176] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0048.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.184] CloseHandle (hObject=0x25c) returned 1 [0048.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.184] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2bd5 [0048.184] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.184] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.195] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.195] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.195] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.195] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.195] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2bd5, lpOverlapped=0x0) returned 1 [0048.236] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffd42b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.236] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2bd5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2bd5, lpOverlapped=0x0) returned 1 [0048.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.237] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.237] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.237] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.237] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.237] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.237] CloseHandle (hObject=0x25c) returned 1 [0048.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.237] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.lolkek") returned 170 [0048.237] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0048.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebffb0 | out: hHeap=0x5a0000) returned 1 [0048.238] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.238] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.238] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.239] CloseHandle (hObject=0x25c) returned 1 [0048.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.239] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.239] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.239] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.239] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.239] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.239] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.240] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.240] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.240] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.240] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.240] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.240] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.240] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.240] CloseHandle (hObject=0x25c) returned 1 [0048.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.240] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.lolkek") returned 164 [0048.240] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0048.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe808 | out: hHeap=0x5a0000) returned 1 [0048.241] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.241] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.241] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json", dwFileAttributes=0x80) returned 1 [0048.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.241] CloseHandle (hObject=0x25c) returned 1 [0048.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.241] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.242] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.242] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.242] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.242] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.242] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.242] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.242] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.243] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.243] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.243] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.243] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.243] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.243] CloseHandle (hObject=0x25c) returned 1 [0048.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.243] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.lolkek") returned 164 [0048.243] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.lolkek")) returned 1 [0048.244] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.244] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebea90 | out: hHeap=0x5a0000) returned 1 [0048.244] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.244] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.244] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.244] CloseHandle (hObject=0x25c) returned 1 [0048.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.244] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.244] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.244] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.245] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.245] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.245] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.245] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.245] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.245] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.245] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.246] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.246] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.246] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.246] CloseHandle (hObject=0x25c) returned 1 [0048.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.246] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.lolkek") returned 164 [0048.246] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0048.246] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.246] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebed18 | out: hHeap=0x5a0000) returned 1 [0048.246] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.246] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.247] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.247] CloseHandle (hObject=0x25c) returned 1 [0048.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.247] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.247] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.247] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.248] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.248] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.248] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.248] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.248] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.248] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.248] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.248] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.248] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.248] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.248] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.248] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.249] CloseHandle (hObject=0x25c) returned 1 [0048.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.249] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.lolkek") returned 164 [0048.249] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.lolkek")) returned 1 [0048.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebefa0 | out: hHeap=0x5a0000) returned 1 [0048.249] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.249] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.249] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.250] CloseHandle (hObject=0x25c) returned 1 [0048.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.250] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.250] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.250] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.251] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.251] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.251] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.251] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.251] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.251] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.251] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.251] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.251] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.251] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.251] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.251] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.251] CloseHandle (hObject=0x25c) returned 1 [0048.251] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.251] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.lolkek") returned 164 [0048.251] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0048.252] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.252] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf228 | out: hHeap=0x5a0000) returned 1 [0048.252] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.252] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.252] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0048.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.253] CloseHandle (hObject=0x25c) returned 1 [0048.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.253] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.253] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.253] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.253] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.254] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.254] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.254] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.254] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.254] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.254] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.254] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.254] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.254] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.254] CloseHandle (hObject=0x25c) returned 1 [0048.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.254] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.lolkek") returned 164 [0048.254] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0048.255] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.255] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf4b0 | out: hHeap=0x5a0000) returned 1 [0048.255] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.255] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.255] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0048.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.255] CloseHandle (hObject=0x25c) returned 1 [0048.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.256] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.256] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.256] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.256] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.256] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.256] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.256] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.256] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.257] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.257] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.257] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.257] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.257] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.257] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.257] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.257] CloseHandle (hObject=0x25c) returned 1 [0048.257] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.257] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.lolkek") returned 164 [0048.257] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0048.258] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.258] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf738 | out: hHeap=0x5a0000) returned 1 [0048.258] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.258] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.258] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0048.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.258] CloseHandle (hObject=0x25c) returned 1 [0048.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.258] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.258] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.258] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.259] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.259] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.259] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.259] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.259] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.259] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.259] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.259] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.260] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.260] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.260] CloseHandle (hObject=0x25c) returned 1 [0048.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.261] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.lolkek") returned 164 [0048.261] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0048.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf9c0 | out: hHeap=0x5a0000) returned 1 [0048.262] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.262] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.262] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0048.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.262] CloseHandle (hObject=0x25c) returned 1 [0048.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.263] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.263] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.263] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.264] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.264] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.264] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.264] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.264] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.264] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.264] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.264] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.264] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.264] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.264] CloseHandle (hObject=0x25c) returned 1 [0048.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.264] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.lolkek") returned 164 [0048.264] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0048.265] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.265] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9b68 | out: hHeap=0x5a0000) returned 1 [0048.265] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.265] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.265] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0048.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.266] CloseHandle (hObject=0x25c) returned 1 [0048.266] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.266] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.266] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.266] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.266] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.266] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.266] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.266] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.267] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.267] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.267] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.267] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.267] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.267] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.267] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.267] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.267] CloseHandle (hObject=0x25c) returned 1 [0048.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.267] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.lolkek") returned 164 [0048.268] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0048.268] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.268] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9df0 | out: hHeap=0x5a0000) returned 1 [0048.268] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.268] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.268] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.269] CloseHandle (hObject=0x25c) returned 1 [0048.269] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.269] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.269] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.269] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.270] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.270] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.270] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.270] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.270] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.270] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.270] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.270] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.270] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.270] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.271] CloseHandle (hObject=0x25c) returned 1 [0048.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.271] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.lolkek") returned 164 [0048.271] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0048.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa078 | out: hHeap=0x5a0000) returned 1 [0048.271] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.271] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.271] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.272] CloseHandle (hObject=0x25c) returned 1 [0048.272] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.272] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.272] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.272] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.273] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.273] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.273] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.273] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.273] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.273] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.273] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.273] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.273] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.273] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.273] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.273] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.273] CloseHandle (hObject=0x25c) returned 1 [0048.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.273] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.lolkek") returned 164 [0048.274] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0048.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa300 | out: hHeap=0x5a0000) returned 1 [0048.274] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.274] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.274] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json", dwFileAttributes=0x80) returned 1 [0048.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.275] CloseHandle (hObject=0x25c) returned 1 [0048.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.275] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9f [0048.275] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.275] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.276] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.276] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.276] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x9f, lpOverlapped=0x0) returned 1 [0048.277] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff61, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.277] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x9f, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x9f, lpOverlapped=0x0) returned 1 [0048.277] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.277] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.277] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.277] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.277] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.277] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.277] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.278] CloseHandle (hObject=0x25c) returned 1 [0048.278] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.278] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.lolkek") returned 164 [0048.278] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.lolkek")) returned 1 [0048.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa588 | out: hHeap=0x5a0000) returned 1 [0048.278] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.279] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.279] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.279] CloseHandle (hObject=0x25c) returned 1 [0048.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.279] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.280] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.280] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.280] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.280] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.280] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.280] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.280] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.280] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.280] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.281] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.281] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.281] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.281] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.281] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.281] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.281] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.281] CloseHandle (hObject=0x25c) returned 1 [0048.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.281] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.lolkek") returned 164 [0048.281] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0048.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa810 | out: hHeap=0x5a0000) returned 1 [0048.282] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.282] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.282] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0048.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.283] CloseHandle (hObject=0x25c) returned 1 [0048.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.325] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.325] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.325] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.326] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.326] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.326] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.326] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.326] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.326] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.327] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.327] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.327] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.327] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.327] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.327] CloseHandle (hObject=0x270) returned 1 [0048.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.327] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.lolkek") returned 167 [0048.327] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0048.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66db60 | out: hHeap=0x5a0000) returned 1 [0048.328] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.328] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.328] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", dwFileAttributes=0x80) returned 1 [0048.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.328] CloseHandle (hObject=0x270) returned 1 [0048.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.329] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd47 [0048.329] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.329] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0048.332] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.332] ReadFile (in: hFile=0x270, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2c7dffc*=0xd47, lpOverlapped=0x0) returned 1 [0048.332] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffff2b9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.332] WriteFile (in: hFile=0x270, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0xd47, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2c7fa40*=0xd47, lpOverlapped=0x0) returned 1 [0048.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.332] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.333] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.333] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.333] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.333] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.333] CloseHandle (hObject=0x270) returned 1 [0048.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.333] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.lolkek") returned 149 [0048.333] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.lolkek")) returned 1 [0048.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698d80 | out: hHeap=0x5a0000) returned 1 [0048.333] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.333] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.334] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png", dwFileAttributes=0x80) returned 1 [0048.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.334] CloseHandle (hObject=0x270) returned 1 [0048.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.334] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9d [0048.334] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.334] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.335] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0048.335] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.335] ReadFile (in: hFile=0x270, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2c7dffc*=0x9d, lpOverlapped=0x0) returned 1 [0048.335] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff63, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.335] WriteFile (in: hFile=0x270, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x9d, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x9d, lpOverlapped=0x0) returned 1 [0048.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.335] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.335] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.335] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.336] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.336] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.336] CloseHandle (hObject=0x270) returned 1 [0048.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.336] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.lolkek") returned 148 [0048.336] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.lolkek")) returned 1 [0048.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b308 | out: hHeap=0x5a0000) returned 1 [0048.336] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.336] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.336] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html", dwFileAttributes=0x80) returned 1 [0048.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.337] CloseHandle (hObject=0x270) returned 1 [0048.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.337] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5c [0048.337] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0048.337] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.337] ReadFile (in: hFile=0x270, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2c7dffc*=0x5c, lpOverlapped=0x0) returned 1 [0048.338] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffffa4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.338] WriteFile (in: hFile=0x270, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x5c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x5c, lpOverlapped=0x0) returned 1 [0048.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.338] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.338] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.338] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.338] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.339] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.339] CloseHandle (hObject=0x270) returned 1 [0048.339] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.339] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.lolkek") returned 146 [0048.339] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.lolkek")) returned 1 [0048.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f8a0 | out: hHeap=0x5a0000) returned 1 [0048.339] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.339] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.339] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js", dwFileAttributes=0x80) returned 1 [0048.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.340] CloseHandle (hObject=0x270) returned 1 [0048.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.340] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5f [0048.340] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.340] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.341] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.341] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.341] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0048.341] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.341] ReadFile (in: hFile=0x270, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x2c7dffc*=0x5f, lpOverlapped=0x0) returned 1 [0048.341] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffffa1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.341] WriteFile (in: hFile=0x270, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x2c7fa40*=0x5f, lpOverlapped=0x0) returned 1 [0048.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.341] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.341] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.341] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.341] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.341] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.342] CloseHandle (hObject=0x270) returned 1 [0048.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.342] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.lolkek") returned 144 [0048.342] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.lolkek")) returned 1 [0048.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb68 | out: hHeap=0x5a0000) returned 1 [0048.342] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.342] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.342] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0048.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.343] CloseHandle (hObject=0x270) returned 1 [0048.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.343] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d6 [0048.343] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.343] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.377] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.377] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.377] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2d6, lpOverlapped=0x0) returned 1 [0048.377] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffd2a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.377] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2d6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2d6, lpOverlapped=0x0) returned 1 [0048.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.378] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.378] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.378] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.378] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.378] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.378] CloseHandle (hObject=0x270) returned 1 [0048.378] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.378] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.lolkek") returned 150 [0048.378] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.lolkek")) returned 1 [0048.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6986a0 | out: hHeap=0x5a0000) returned 1 [0048.379] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.379] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.379] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json", dwFileAttributes=0x80) returned 1 [0048.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.379] CloseHandle (hObject=0x270) returned 1 [0048.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.379] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe5 [0048.379] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.380] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.380] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.380] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.380] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.380] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.380] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe5, lpOverlapped=0x0) returned 1 [0048.380] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff1b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.380] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe5, lpOverlapped=0x0) returned 1 [0048.380] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.380] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.380] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.381] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.381] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.381] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.381] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.381] CloseHandle (hObject=0x270) returned 1 [0048.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.381] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.lolkek") returned 166 [0048.381] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.lolkek")) returned 1 [0048.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1df0 | out: hHeap=0x5a0000) returned 1 [0048.382] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.382] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.382] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json", dwFileAttributes=0x80) returned 1 [0048.382] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.382] CloseHandle (hObject=0x270) returned 1 [0048.382] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.382] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe2 [0048.382] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.383] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.383] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.383] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.383] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.383] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.383] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe2, lpOverlapped=0x0) returned 1 [0048.383] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.383] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe2, lpOverlapped=0x0) returned 1 [0048.384] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.384] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.384] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.384] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.384] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.384] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.384] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.384] CloseHandle (hObject=0x270) returned 1 [0048.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.384] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.lolkek") returned 162 [0048.384] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.lolkek")) returned 1 [0048.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2078 | out: hHeap=0x5a0000) returned 1 [0048.385] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.385] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.385] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.385] CloseHandle (hObject=0x270) returned 1 [0048.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.386] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdc [0048.386] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.386] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.386] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.386] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.386] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdc, lpOverlapped=0x0) returned 1 [0048.386] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff24, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.386] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdc, lpOverlapped=0x0) returned 1 [0048.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.387] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.387] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.387] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.387] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.387] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.387] CloseHandle (hObject=0x270) returned 1 [0048.387] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.387] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.lolkek") returned 162 [0048.387] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0048.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2300 | out: hHeap=0x5a0000) returned 1 [0048.388] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.388] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.388] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0048.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.389] CloseHandle (hObject=0x270) returned 1 [0048.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.389] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdf [0048.389] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.389] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.390] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.390] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.390] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdf, lpOverlapped=0x0) returned 1 [0048.390] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff21, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.390] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdf, lpOverlapped=0x0) returned 1 [0048.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.390] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.390] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.390] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.390] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.390] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.390] CloseHandle (hObject=0x270) returned 1 [0048.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.390] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.lolkek") returned 163 [0048.391] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0048.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2588 | out: hHeap=0x5a0000) returned 1 [0048.391] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.391] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.391] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.392] CloseHandle (hObject=0x270) returned 1 [0048.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.393] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe2 [0048.393] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.393] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.393] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.393] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.393] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe2, lpOverlapped=0x0) returned 1 [0048.393] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.394] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe2, lpOverlapped=0x0) returned 1 [0048.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.394] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.394] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.394] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.394] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.394] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.394] CloseHandle (hObject=0x270) returned 1 [0048.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.394] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.lolkek") returned 162 [0048.394] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0048.395] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.395] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2810 | out: hHeap=0x5a0000) returned 1 [0048.395] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.395] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.395] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json", dwFileAttributes=0x80) returned 1 [0048.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.396] CloseHandle (hObject=0x270) returned 1 [0048.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.396] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xee [0048.396] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.396] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.396] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.397] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.397] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.397] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xee, lpOverlapped=0x0) returned 1 [0048.397] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff12, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.397] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xee, lpOverlapped=0x0) returned 1 [0048.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.397] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.397] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.397] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.397] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.397] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.397] CloseHandle (hObject=0x270) returned 1 [0048.397] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.397] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.lolkek") returned 162 [0048.397] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.lolkek")) returned 1 [0048.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2a98 | out: hHeap=0x5a0000) returned 1 [0048.398] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.398] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.398] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.399] CloseHandle (hObject=0x270) returned 1 [0048.399] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.399] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a [0048.399] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.399] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.399] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.399] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.399] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x11a, lpOverlapped=0x0) returned 1 [0048.400] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffee6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.400] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x11a, lpOverlapped=0x0) returned 1 [0048.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.400] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.400] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.400] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.400] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.400] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.400] CloseHandle (hObject=0x270) returned 1 [0048.400] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.400] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.lolkek") returned 162 [0048.400] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0048.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2d20 | out: hHeap=0x5a0000) returned 1 [0048.401] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.401] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.401] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.401] CloseHandle (hObject=0x270) returned 1 [0048.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.402] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xeb [0048.402] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.402] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.402] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.402] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.402] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xeb, lpOverlapped=0x0) returned 1 [0048.402] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff15, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.402] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xeb, lpOverlapped=0x0) returned 1 [0048.403] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.403] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.403] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.403] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.403] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.403] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.403] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.403] CloseHandle (hObject=0x270) returned 1 [0048.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.403] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.lolkek") returned 162 [0048.403] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0048.404] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.404] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2fa8 | out: hHeap=0x5a0000) returned 1 [0048.404] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.404] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.404] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0048.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.404] CloseHandle (hObject=0x270) returned 1 [0048.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.404] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd8 [0048.404] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.405] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.405] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.405] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.405] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd8, lpOverlapped=0x0) returned 1 [0048.405] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.405] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd8, lpOverlapped=0x0) returned 1 [0048.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.405] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.405] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.406] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.406] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.406] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.406] CloseHandle (hObject=0x270) returned 1 [0048.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.406] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.lolkek") returned 162 [0048.406] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0048.406] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.406] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb3230 | out: hHeap=0x5a0000) returned 1 [0048.406] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.406] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.407] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0048.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.407] CloseHandle (hObject=0x270) returned 1 [0048.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.407] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd7 [0048.407] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.407] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.408] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.408] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.408] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd7, lpOverlapped=0x0) returned 1 [0048.408] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.408] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd7, lpOverlapped=0x0) returned 1 [0048.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.408] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.408] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.409] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.409] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.409] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.409] CloseHandle (hObject=0x270) returned 1 [0048.409] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.409] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.lolkek") returned 162 [0048.409] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0048.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb34b8 | out: hHeap=0x5a0000) returned 1 [0048.410] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.410] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.410] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0048.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.410] CloseHandle (hObject=0x270) returned 1 [0048.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.410] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf5 [0048.410] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.410] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.411] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.411] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.411] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xf5, lpOverlapped=0x0) returned 1 [0048.411] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff0b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.411] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xf5, lpOverlapped=0x0) returned 1 [0048.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.411] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.411] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.412] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.412] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.412] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.412] CloseHandle (hObject=0x270) returned 1 [0048.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.412] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.lolkek") returned 162 [0048.412] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0048.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb3740 | out: hHeap=0x5a0000) returned 1 [0048.413] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.413] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.413] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0048.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.413] CloseHandle (hObject=0x270) returned 1 [0048.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.413] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0048.413] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.413] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.414] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.414] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.414] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe0, lpOverlapped=0x0) returned 1 [0048.414] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.414] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe0, lpOverlapped=0x0) returned 1 [0048.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.414] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.414] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.414] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.415] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.415] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.415] CloseHandle (hObject=0x270) returned 1 [0048.415] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.415] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.lolkek") returned 162 [0048.415] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0048.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb39c8 | out: hHeap=0x5a0000) returned 1 [0048.415] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.415] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.415] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0048.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.416] CloseHandle (hObject=0x270) returned 1 [0048.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.416] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xeb [0048.416] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.416] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.417] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.417] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.417] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xeb, lpOverlapped=0x0) returned 1 [0048.417] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff15, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.417] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xeb, lpOverlapped=0x0) returned 1 [0048.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.417] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.417] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.417] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.417] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.417] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.418] CloseHandle (hObject=0x270) returned 1 [0048.418] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.418] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.lolkek") returned 162 [0048.418] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0048.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb3c50 | out: hHeap=0x5a0000) returned 1 [0048.418] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.418] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.418] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.419] CloseHandle (hObject=0x270) returned 1 [0048.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.419] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe5 [0048.419] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.419] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.420] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.420] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.420] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe5, lpOverlapped=0x0) returned 1 [0048.420] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff1b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.420] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe5, lpOverlapped=0x0) returned 1 [0048.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.420] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.420] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.420] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.420] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.420] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.420] CloseHandle (hObject=0x270) returned 1 [0048.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.421] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.lolkek") returned 162 [0048.421] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0048.421] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.421] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb3ed8 | out: hHeap=0x5a0000) returned 1 [0048.421] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.421] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.421] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json", dwFileAttributes=0x80) returned 1 [0048.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.422] CloseHandle (hObject=0x270) returned 1 [0048.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.422] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd0 [0048.422] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.422] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.423] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.423] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.423] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd0, lpOverlapped=0x0) returned 1 [0048.423] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff30, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.423] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd0, lpOverlapped=0x0) returned 1 [0048.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.423] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.423] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.423] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.423] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.423] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.423] CloseHandle (hObject=0x270) returned 1 [0048.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.423] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.lolkek") returned 162 [0048.423] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.lolkek")) returned 1 [0048.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4160 | out: hHeap=0x5a0000) returned 1 [0048.470] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.471] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.471] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0048.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.471] CloseHandle (hObject=0x270) returned 1 [0048.471] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.471] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4 [0048.471] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.471] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.472] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.472] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.472] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd4, lpOverlapped=0x0) returned 1 [0048.472] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.472] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd4, lpOverlapped=0x0) returned 1 [0048.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.472] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.472] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.472] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.472] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.473] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.473] CloseHandle (hObject=0x270) returned 1 [0048.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.473] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.lolkek") returned 165 [0048.473] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0048.473] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.473] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6b028 | out: hHeap=0x5a0000) returned 1 [0048.473] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.473] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.473] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json", dwFileAttributes=0x80) returned 1 [0048.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.474] CloseHandle (hObject=0x270) returned 1 [0048.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.474] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x160 [0048.474] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.474] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.475] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.475] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.475] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x160, lpOverlapped=0x0) returned 1 [0048.475] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffea0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.475] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x160, lpOverlapped=0x0) returned 1 [0048.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.475] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.475] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.475] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.475] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.475] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.475] CloseHandle (hObject=0x270) returned 1 [0048.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.475] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.lolkek") returned 167 [0048.476] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.lolkek")) returned 1 [0048.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f598 | out: hHeap=0x5a0000) returned 1 [0048.476] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.476] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.476] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0048.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.489] CloseHandle (hObject=0x1ec) returned 1 [0048.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.490] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b56 [0048.490] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.490] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.494] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc1dd8 [0048.494] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.495] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dc1dd8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dc1dd8*, lpNumberOfBytesRead=0x2c7dffc*=0x2b56, lpOverlapped=0x0) returned 1 [0048.500] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffd4aa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dc1dd8*, nNumberOfBytesToWrite=0x2b56, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dc1dd8*, lpNumberOfBytesWritten=0x2c7fa40*=0x2b56, lpOverlapped=0x0) returned 1 [0048.500] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.500] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.500] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.501] CloseHandle (hObject=0x1ec) returned 1 [0048.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.501] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.lolkek") returned 169 [0048.501] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0048.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0258 | out: hHeap=0x5a0000) returned 1 [0048.501] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.501] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.501] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json", dwFileAttributes=0x80) returned 1 [0048.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.599] CloseHandle (hObject=0x258) returned 1 [0048.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.600] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x356 [0048.600] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.600] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.602] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.602] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.602] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x356, lpOverlapped=0x0) returned 1 [0048.603] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffcaa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.603] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x356, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x356, lpOverlapped=0x0) returned 1 [0048.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.603] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.603] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.603] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.603] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.603] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.603] CloseHandle (hObject=0x258) returned 1 [0048.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.604] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.lolkek") returned 161 [0048.604] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json.lolkek")) returned 1 [0048.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6b538 | out: hHeap=0x5a0000) returned 1 [0048.604] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.604] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.604] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js", dwFileAttributes=0x80) returned 1 [0048.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.605] CloseHandle (hObject=0x258) returned 1 [0048.605] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.605] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5b6c [0048.605] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.605] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.609] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0048.610] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.610] ReadFile (in: hFile=0x258, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0048.614] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.615] WriteFile (in: hFile=0x258, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0048.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.615] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.615] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.615] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.615] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.615] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.615] CloseHandle (hObject=0x258) returned 1 [0048.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.615] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.lolkek") returned 158 [0048.615] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.lolkek")) returned 1 [0048.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1b60 | out: hHeap=0x5a0000) returned 1 [0048.616] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.616] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.616] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js", dwFileAttributes=0x80) returned 1 [0048.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.616] CloseHandle (hObject=0x258) returned 1 [0048.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.617] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0048.617] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.617] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.617] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.619] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.619] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe0, lpOverlapped=0x0) returned 1 [0048.619] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.619] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe0, lpOverlapped=0x0) returned 1 [0048.619] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.619] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.619] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.619] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.619] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.619] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.620] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.620] CloseHandle (hObject=0x258) returned 1 [0048.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.620] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.lolkek") returned 157 [0048.620] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.lolkek")) returned 1 [0048.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c2b8 | out: hHeap=0x5a0000) returned 1 [0048.620] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.620] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.620] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json", dwFileAttributes=0x80) returned 1 [0048.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.621] CloseHandle (hObject=0x258) returned 1 [0048.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.621] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x84 [0048.621] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.621] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.622] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.622] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x84, lpOverlapped=0x0) returned 1 [0048.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff7c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.622] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x84, lpOverlapped=0x0) returned 1 [0048.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.622] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.622] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.623] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.623] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.623] CloseHandle (hObject=0x258) returned 1 [0048.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.623] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.lolkek") returned 162 [0048.623] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.lolkek")) returned 1 [0048.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6b7c0 | out: hHeap=0x5a0000) returned 1 [0048.623] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.623] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.623] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json", dwFileAttributes=0x80) returned 1 [0048.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.624] CloseHandle (hObject=0x258) returned 1 [0048.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.624] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x103 [0048.624] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.624] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.625] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.625] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.625] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x103, lpOverlapped=0x0) returned 1 [0048.625] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffefd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.625] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x103, lpOverlapped=0x0) returned 1 [0048.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.625] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.625] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.625] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.625] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.626] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.626] CloseHandle (hObject=0x258) returned 1 [0048.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.626] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.lolkek") returned 162 [0048.626] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.lolkek")) returned 1 [0048.626] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.626] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6ba48 | out: hHeap=0x5a0000) returned 1 [0048.626] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.626] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.626] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0048.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.627] CloseHandle (hObject=0x258) returned 1 [0048.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.627] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0048.627] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.627] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.628] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.628] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.628] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xed, lpOverlapped=0x0) returned 1 [0048.628] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.628] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xed, lpOverlapped=0x0) returned 1 [0048.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.628] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.628] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.628] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.628] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.628] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.629] CloseHandle (hObject=0x258) returned 1 [0048.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.629] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.lolkek") returned 162 [0048.629] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0048.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6bcd0 | out: hHeap=0x5a0000) returned 1 [0048.629] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.629] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.629] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json", dwFileAttributes=0x80) returned 1 [0048.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.630] CloseHandle (hObject=0x258) returned 1 [0048.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.630] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa7 [0048.630] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.630] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.631] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.631] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.631] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xa7, lpOverlapped=0x0) returned 1 [0048.631] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff59, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.631] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xa7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xa7, lpOverlapped=0x0) returned 1 [0048.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.631] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.631] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.631] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.631] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.632] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.632] CloseHandle (hObject=0x258) returned 1 [0048.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.632] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.lolkek") returned 162 [0048.632] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.lolkek")) returned 1 [0048.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6bf58 | out: hHeap=0x5a0000) returned 1 [0048.632] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.632] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.632] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0048.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.633] CloseHandle (hObject=0x258) returned 1 [0048.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.633] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x114 [0048.633] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.633] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.634] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.634] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.634] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x114, lpOverlapped=0x0) returned 1 [0048.634] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.634] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x114, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x114, lpOverlapped=0x0) returned 1 [0048.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.634] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.634] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.634] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.634] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.634] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.634] CloseHandle (hObject=0x258) returned 1 [0048.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.635] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.lolkek") returned 162 [0048.635] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0048.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6c1e0 | out: hHeap=0x5a0000) returned 1 [0048.635] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.635] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.635] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json", dwFileAttributes=0x80) returned 1 [0048.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.636] CloseHandle (hObject=0x258) returned 1 [0048.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.636] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14b [0048.636] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.636] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.637] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.637] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.637] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x14b, lpOverlapped=0x0) returned 1 [0048.637] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeb5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.637] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x14b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x14b, lpOverlapped=0x0) returned 1 [0048.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.637] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.637] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.637] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.637] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.637] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.637] CloseHandle (hObject=0x258) returned 1 [0048.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.637] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.lolkek") returned 162 [0048.637] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.lolkek")) returned 1 [0048.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6c468 | out: hHeap=0x5a0000) returned 1 [0048.638] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.638] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.638] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0048.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.639] CloseHandle (hObject=0x258) returned 1 [0048.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.639] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcf [0048.639] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.639] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.640] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.640] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.640] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xcf, lpOverlapped=0x0) returned 1 [0048.640] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.640] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xcf, lpOverlapped=0x0) returned 1 [0048.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.640] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.640] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.640] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.640] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.640] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.640] CloseHandle (hObject=0x258) returned 1 [0048.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.640] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.lolkek") returned 162 [0048.640] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0048.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6c6f0 | out: hHeap=0x5a0000) returned 1 [0048.641] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.641] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.641] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0048.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.642] CloseHandle (hObject=0x258) returned 1 [0048.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.642] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xad [0048.642] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.642] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.643] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.643] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.643] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xad, lpOverlapped=0x0) returned 1 [0048.643] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff53, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.643] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xad, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xad, lpOverlapped=0x0) returned 1 [0048.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.643] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.643] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.643] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.643] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.643] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.643] CloseHandle (hObject=0x258) returned 1 [0048.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.644] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.lolkek") returned 162 [0048.644] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0048.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6c978 | out: hHeap=0x5a0000) returned 1 [0048.644] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.644] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.644] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0048.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.645] CloseHandle (hObject=0x258) returned 1 [0048.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.645] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xac [0048.645] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.645] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.646] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.646] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.646] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xac, lpOverlapped=0x0) returned 1 [0048.646] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff54, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.646] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xac, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xac, lpOverlapped=0x0) returned 1 [0048.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.646] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.646] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.646] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.646] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.646] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.646] CloseHandle (hObject=0x258) returned 1 [0048.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.647] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.lolkek") returned 162 [0048.647] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0048.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6cc00 | out: hHeap=0x5a0000) returned 1 [0048.647] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.647] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.647] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0048.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.648] CloseHandle (hObject=0x258) returned 1 [0048.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.648] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc1 [0048.648] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.648] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.649] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.649] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.649] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xc1, lpOverlapped=0x0) returned 1 [0048.649] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff3f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.649] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc1, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xc1, lpOverlapped=0x0) returned 1 [0048.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.649] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.649] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.649] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.649] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.649] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.649] CloseHandle (hObject=0x258) returned 1 [0048.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.649] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.lolkek") returned 162 [0048.649] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0048.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6ce88 | out: hHeap=0x5a0000) returned 1 [0048.650] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.650] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.650] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0048.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.651] CloseHandle (hObject=0x258) returned 1 [0048.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.651] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12a [0048.651] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.651] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.695] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.695] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.695] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x12a, lpOverlapped=0x0) returned 1 [0048.695] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffed6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.696] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x12a, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x12a, lpOverlapped=0x0) returned 1 [0048.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.696] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.696] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.696] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.696] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.696] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.696] CloseHandle (hObject=0x258) returned 1 [0048.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.696] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.lolkek") returned 162 [0048.696] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0048.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6d110 | out: hHeap=0x5a0000) returned 1 [0048.697] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.697] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.697] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.697] CloseHandle (hObject=0x258) returned 1 [0048.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.698] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11e [0048.698] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.698] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.698] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.698] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.698] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.698] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.698] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x11e, lpOverlapped=0x0) returned 1 [0048.698] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffee2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.698] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x11e, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x11e, lpOverlapped=0x0) returned 1 [0048.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.699] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.699] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.699] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.699] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.699] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.699] CloseHandle (hObject=0x258) returned 1 [0048.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.699] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.lolkek") returned 162 [0048.699] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json.lolkek")) returned 1 [0048.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8aa8 | out: hHeap=0x5a0000) returned 1 [0048.700] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.700] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.700] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.700] CloseHandle (hObject=0x258) returned 1 [0048.700] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.700] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13e [0048.700] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.700] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.701] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.701] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.701] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x13e, lpOverlapped=0x0) returned 1 [0048.701] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffec2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.701] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x13e, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x13e, lpOverlapped=0x0) returned 1 [0048.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.701] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.701] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.701] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.701] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.702] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.702] CloseHandle (hObject=0x258) returned 1 [0048.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.702] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.lolkek") returned 162 [0048.702] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0048.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8d30 | out: hHeap=0x5a0000) returned 1 [0048.702] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.702] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.702] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.703] CloseHandle (hObject=0x258) returned 1 [0048.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.703] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc8 [0048.703] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.703] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.704] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.704] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.704] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xc8, lpOverlapped=0x0) returned 1 [0048.704] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff38, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.704] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xc8, lpOverlapped=0x0) returned 1 [0048.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.704] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.704] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.704] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.704] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.705] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.705] CloseHandle (hObject=0x258) returned 1 [0048.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.705] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.lolkek") returned 162 [0048.705] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json.lolkek")) returned 1 [0048.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8fb8 | out: hHeap=0x5a0000) returned 1 [0048.705] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.705] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.705] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.706] CloseHandle (hObject=0x258) returned 1 [0048.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.706] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc6 [0048.706] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.706] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.707] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.707] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.707] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xc6, lpOverlapped=0x0) returned 1 [0048.707] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff3a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.707] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xc6, lpOverlapped=0x0) returned 1 [0048.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.707] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.707] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.707] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.707] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.707] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.707] CloseHandle (hObject=0x258) returned 1 [0048.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.707] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.lolkek") returned 162 [0048.707] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0048.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9240 | out: hHeap=0x5a0000) returned 1 [0048.708] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.708] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.708] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json", dwFileAttributes=0x80) returned 1 [0048.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.708] CloseHandle (hObject=0x258) returned 1 [0048.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.709] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x299 [0048.709] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.709] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.746] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.746] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.746] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x299, lpOverlapped=0x0) returned 1 [0048.746] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffd67, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.746] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x299, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x299, lpOverlapped=0x0) returned 1 [0048.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.746] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.746] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.746] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.747] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.747] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.747] CloseHandle (hObject=0x258) returned 1 [0048.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.747] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.lolkek") returned 162 [0048.747] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json.lolkek")) returned 1 [0048.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4068 | out: hHeap=0x5a0000) returned 1 [0048.747] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.748] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.748] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json", dwFileAttributes=0x80) returned 1 [0048.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.748] CloseHandle (hObject=0x258) returned 1 [0048.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.748] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x147 [0048.748] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.748] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.749] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.749] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.749] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x147, lpOverlapped=0x0) returned 1 [0048.749] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeb9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.749] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x147, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x147, lpOverlapped=0x0) returned 1 [0048.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.749] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.749] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.750] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.750] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.750] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.750] CloseHandle (hObject=0x258) returned 1 [0048.750] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.750] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.lolkek") returned 162 [0048.750] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json.lolkek")) returned 1 [0048.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da54a8 | out: hHeap=0x5a0000) returned 1 [0048.750] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.751] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.751] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0048.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.751] CloseHandle (hObject=0x258) returned 1 [0048.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.751] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd9 [0048.751] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.751] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.752] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.752] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.752] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd9, lpOverlapped=0x0) returned 1 [0048.752] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff27, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.752] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd9, lpOverlapped=0x0) returned 1 [0048.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.752] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.752] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.752] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.753] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.753] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.753] CloseHandle (hObject=0x258) returned 1 [0048.753] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.753] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.lolkek") returned 162 [0048.753] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0048.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5730 | out: hHeap=0x5a0000) returned 1 [0048.753] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.753] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.753] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json", dwFileAttributes=0x80) returned 1 [0048.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.754] CloseHandle (hObject=0x258) returned 1 [0048.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.754] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c2 [0048.754] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.754] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.755] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.755] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.755] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x1c2, lpOverlapped=0x0) returned 1 [0048.755] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffe3e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.755] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1c2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x1c2, lpOverlapped=0x0) returned 1 [0048.755] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.755] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.755] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.755] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.755] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.755] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.755] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.756] CloseHandle (hObject=0x258) returned 1 [0048.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.756] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.lolkek") returned 162 [0048.756] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json.lolkek")) returned 1 [0048.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da59b8 | out: hHeap=0x5a0000) returned 1 [0048.756] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.756] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.756] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0048.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.757] CloseHandle (hObject=0x258) returned 1 [0048.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.757] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5 [0048.757] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.757] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.758] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.758] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.758] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd5, lpOverlapped=0x0) returned 1 [0048.758] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.758] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd5, lpOverlapped=0x0) returned 1 [0048.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.758] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.758] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.758] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.758] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.759] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.759] CloseHandle (hObject=0x258) returned 1 [0048.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.759] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.lolkek") returned 162 [0048.759] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0048.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5c40 | out: hHeap=0x5a0000) returned 1 [0048.759] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.759] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.759] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.760] CloseHandle (hObject=0x258) returned 1 [0048.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.760] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc6 [0048.760] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.760] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.761] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.761] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.761] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xc6, lpOverlapped=0x0) returned 1 [0048.761] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff3a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.761] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xc6, lpOverlapped=0x0) returned 1 [0048.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.761] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.761] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.762] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.762] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.762] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.762] CloseHandle (hObject=0x258) returned 1 [0048.763] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.763] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.lolkek") returned 162 [0048.763] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0048.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5ec8 | out: hHeap=0x5a0000) returned 1 [0048.764] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.764] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.764] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json", dwFileAttributes=0x80) returned 1 [0048.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.765] CloseHandle (hObject=0x258) returned 1 [0048.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.765] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x183 [0048.765] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.765] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.818] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.819] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.819] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x183, lpOverlapped=0x0) returned 1 [0048.819] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffe7d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.819] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x183, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x183, lpOverlapped=0x0) returned 1 [0048.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.822] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.822] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.823] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.823] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.823] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.823] CloseHandle (hObject=0x258) returned 1 [0048.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.825] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.lolkek") returned 162 [0048.825] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json.lolkek")) returned 1 [0048.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6150 | out: hHeap=0x5a0000) returned 1 [0048.830] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.830] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.830] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0048.833] CloseHandle (hObject=0x2bc) returned 1 [0048.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.833] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.833] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.833] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.834] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.834] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.834] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xb3, lpOverlapped=0x0) returned 1 [0048.834] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.834] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xb3, lpOverlapped=0x0) returned 1 [0048.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.836] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.836] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.837] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.837] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.837] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.837] CloseHandle (hObject=0x2bc) returned 1 [0048.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.838] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.lolkek") returned 162 [0048.838] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0048.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8a88 | out: hHeap=0x5a0000) returned 1 [0048.842] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.842] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.842] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json", dwFileAttributes=0x80) returned 1 [0048.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.844] CloseHandle (hObject=0x258) returned 1 [0048.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.845] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x150 [0048.845] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.845] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.845] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.845] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.845] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x150, lpOverlapped=0x0) returned 1 [0048.845] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeb0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.845] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x150, lpOverlapped=0x0) returned 1 [0048.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.847] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.847] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.848] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.848] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.848] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.849] CloseHandle (hObject=0x258) returned 1 [0048.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.850] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.lolkek") returned 162 [0048.850] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json.lolkek")) returned 1 [0048.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8d10 | out: hHeap=0x5a0000) returned 1 [0048.854] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.854] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0048.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0048.856] CloseHandle (hObject=0x2bc) returned 1 [0048.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.857] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x125 [0048.857] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.857] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.857] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.858] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.858] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x125, lpOverlapped=0x0) returned 1 [0048.858] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffedb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.858] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x125, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x125, lpOverlapped=0x0) returned 1 [0048.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.860] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.860] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.861] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.861] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.861] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.861] CloseHandle (hObject=0x2bc) returned 1 [0048.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.862] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.lolkek") returned 162 [0048.862] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0048.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3e00 | out: hHeap=0x5a0000) returned 1 [0048.866] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.866] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.866] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.869] CloseHandle (hObject=0x258) returned 1 [0048.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.869] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x115 [0048.869] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.869] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.870] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.870] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.870] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x115, lpOverlapped=0x0) returned 1 [0048.870] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffeeb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.870] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x115, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x115, lpOverlapped=0x0) returned 1 [0048.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.872] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.872] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.873] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.873] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.873] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.873] CloseHandle (hObject=0x258) returned 1 [0048.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.876] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.lolkek") returned 162 [0048.876] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0048.882] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.882] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3b78 | out: hHeap=0x5a0000) returned 1 [0048.882] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.882] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.882] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0048.884] CloseHandle (hObject=0x2bc) returned 1 [0048.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.884] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0048.884] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.884] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.885] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.885] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.885] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdd, lpOverlapped=0x0) returned 1 [0048.885] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.885] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdd, lpOverlapped=0x0) returned 1 [0048.887] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.887] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.887] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.887] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.888] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.888] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.888] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.888] CloseHandle (hObject=0x2bc) returned 1 [0048.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.889] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.lolkek") returned 162 [0048.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0048.894] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.894] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb5c60 | out: hHeap=0x5a0000) returned 1 [0048.894] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.894] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.894] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json", dwFileAttributes=0x80) returned 1 [0048.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.896] CloseHandle (hObject=0x258) returned 1 [0048.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.896] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2 [0048.896] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.896] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.897] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.897] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.897] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd2, lpOverlapped=0x0) returned 1 [0048.897] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff2e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.897] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd2, lpOverlapped=0x0) returned 1 [0048.900] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.900] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.900] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.900] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.900] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.901] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.901] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.901] CloseHandle (hObject=0x258) returned 1 [0048.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.902] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.lolkek") returned 165 [0048.902] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json.lolkek")) returned 1 [0048.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb59d8 | out: hHeap=0x5a0000) returned 1 [0048.906] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.906] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.906] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0048.909] CloseHandle (hObject=0x2bc) returned 1 [0048.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.909] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc2 [0048.909] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.909] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.909] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.910] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.910] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xc2, lpOverlapped=0x0) returned 1 [0048.910] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff3e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.910] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xc2, lpOverlapped=0x0) returned 1 [0048.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.912] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.912] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.913] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.913] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.913] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.913] CloseHandle (hObject=0x2bc) returned 1 [0048.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.914] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.lolkek") returned 162 [0048.914] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json.lolkek")) returned 1 [0048.919] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.919] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb63f8 | out: hHeap=0x5a0000) returned 1 [0048.919] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.919] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.919] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0048.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.922] CloseHandle (hObject=0x258) returned 1 [0048.927] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.928] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4454 [0048.928] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.928] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.931] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.931] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.931] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.931] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.931] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0048.932] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.932] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0048.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.933] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.933] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.935] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.935] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.935] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.935] CloseHandle (hObject=0x258) returned 1 [0048.936] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.936] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.lolkek") returned 169 [0048.936] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0048.940] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.940] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0500 | out: hHeap=0x5a0000) returned 1 [0048.940] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.940] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.940] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js", dwFileAttributes=0x80) returned 1 [0048.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0048.943] CloseHandle (hObject=0x2bc) returned 1 [0048.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.943] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3b059 [0048.943] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.943] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.947] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.947] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.947] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0048.951] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.951] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0048.951] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.951] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.951] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.951] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.951] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.951] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.951] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.951] CloseHandle (hObject=0x2bc) returned 1 [0048.951] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.951] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.lolkek") returned 155 [0048.951] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.lolkek")) returned 1 [0048.952] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.952] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618c88 | out: hHeap=0x5a0000) returned 1 [0048.952] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.952] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.952] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html", dwFileAttributes=0x80) returned 1 [0048.952] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0048.952] CloseHandle (hObject=0x2bc) returned 1 [0048.953] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.953] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x32a [0048.953] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.953] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.962] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.963] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.963] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.963] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.963] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x32a, lpOverlapped=0x0) returned 1 [0048.963] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffcd6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.963] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x32a, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x32a, lpOverlapped=0x0) returned 1 [0048.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.963] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.963] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.963] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.963] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.963] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.963] CloseHandle (hObject=0x2bc) returned 1 [0048.963] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.963] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.lolkek") returned 162 [0048.963] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html.lolkek")) returned 1 [0048.964] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.964] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7f88 | out: hHeap=0x5a0000) returned 1 [0048.964] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.964] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.964] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png", dwFileAttributes=0x80) returned 1 [0048.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0048.965] CloseHandle (hObject=0x2bc) returned 1 [0048.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.965] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1109 [0048.965] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.965] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0048.971] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0048.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e7de60 [0048.971] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.971] ReadFile (in: hFile=0x2bc, lpBuffer=0x3e7de60, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3e7de60*, lpNumberOfBytesRead=0x2c7dffc*=0x1109, lpOverlapped=0x0) returned 1 [0048.979] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffeef7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.979] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e7de60*, nNumberOfBytesToWrite=0x1109, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3e7de60*, lpNumberOfBytesWritten=0x2c7fa40*=0x1109, lpOverlapped=0x0) returned 1 [0048.979] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e7de60 | out: hHeap=0x5a0000) returned 1 [0048.979] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.979] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.979] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0048.979] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.979] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0048.980] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0048.980] CloseHandle (hObject=0x2bc) returned 1 [0048.980] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.980] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.lolkek") returned 160 [0048.980] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png.lolkek")) returned 1 [0049.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0049.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x645fb8 | out: hHeap=0x5a0000) returned 1 [0049.045] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.045] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.045] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png", dwFileAttributes=0x80) returned 1 [0049.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0049.067] CloseHandle (hObject=0x270) returned 1 [0049.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.111] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0049.111] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.111] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.112] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.112] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.112] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xa0, lpOverlapped=0x0) returned 1 [0049.112] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.112] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xa0, lpOverlapped=0x0) returned 1 [0049.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.112] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.112] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.113] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.113] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.113] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.113] CloseHandle (hObject=0x270) returned 1 [0049.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.123] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.lolkek") returned 174 [0049.123] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png.lolkek")) returned 1 [0049.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fad8 | out: hHeap=0x5a0000) returned 1 [0049.203] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.203] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.203] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png", dwFileAttributes=0x80) returned 1 [0049.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.225] CloseHandle (hObject=0x27c) returned 1 [0049.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.252] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0049.252] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.252] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.253] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.253] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.253] ReadFile (in: hFile=0x1b4, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xa0, lpOverlapped=0x0) returned 1 [0049.253] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffff60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.253] WriteFile (in: hFile=0x1b4, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xa0, lpOverlapped=0x0) returned 1 [0049.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.253] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.253] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.253] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.253] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.253] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.253] CloseHandle (hObject=0x1b4) returned 1 [0049.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.271] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.lolkek") returned 180 [0049.271] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png.lolkek")) returned 1 [0049.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a030 | out: hHeap=0x5a0000) returned 1 [0049.327] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.327] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.327] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png", dwFileAttributes=0x80) returned 1 [0049.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.335] CloseHandle (hObject=0x290) returned 1 [0049.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.335] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0 [0049.335] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.336] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.336] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.336] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.336] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xa0, lpOverlapped=0x0) returned 1 [0049.336] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.336] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xa0, lpOverlapped=0x0) returned 1 [0049.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.337] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.337] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.337] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.337] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.337] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.337] CloseHandle (hObject=0x290) returned 1 [0049.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.337] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.lolkek") returned 182 [0049.337] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png.lolkek")) returned 1 [0049.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf0f40 | out: hHeap=0x5a0000) returned 1 [0049.340] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.340] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.340] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0049.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.341] CloseHandle (hObject=0x290) returned 1 [0049.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.341] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x376 [0049.341] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.341] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.346] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.346] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.346] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x376, lpOverlapped=0x0) returned 1 [0049.346] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffc8a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.346] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x376, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x376, lpOverlapped=0x0) returned 1 [0049.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.346] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.347] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.347] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.347] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.347] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.347] CloseHandle (hObject=0x290) returned 1 [0049.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.347] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.lolkek") returned 166 [0049.347] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0049.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8498 | out: hHeap=0x5a0000) returned 1 [0049.348] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.348] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.348] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0049.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.348] CloseHandle (hObject=0x290) returned 1 [0049.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.349] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x297 [0049.349] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.349] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.353] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.354] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.354] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x297, lpOverlapped=0x0) returned 1 [0049.354] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd69, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.354] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x297, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x297, lpOverlapped=0x0) returned 1 [0049.354] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.354] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.354] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.354] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.354] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.354] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.354] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.354] CloseHandle (hObject=0x290) returned 1 [0049.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.354] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.lolkek") returned 166 [0049.354] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0049.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8720 | out: hHeap=0x5a0000) returned 1 [0049.355] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.355] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.355] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0049.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.356] CloseHandle (hObject=0x290) returned 1 [0049.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.356] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2bd [0049.356] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.356] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.361] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.361] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.361] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2bd, lpOverlapped=0x0) returned 1 [0049.361] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd43, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.361] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2bd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2bd, lpOverlapped=0x0) returned 1 [0049.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.362] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.362] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.362] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.362] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.362] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.362] CloseHandle (hObject=0x290) returned 1 [0049.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.362] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.lolkek") returned 166 [0049.362] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0049.363] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.363] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8c30 | out: hHeap=0x5a0000) returned 1 [0049.363] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.363] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json", dwFileAttributes=0x80) returned 1 [0049.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.363] CloseHandle (hObject=0x290) returned 1 [0049.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.364] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x269 [0049.364] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.364] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.369] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.369] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.369] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x269, lpOverlapped=0x0) returned 1 [0049.369] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd97, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.369] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x269, lpOverlapped=0x0) returned 1 [0049.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.369] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.369] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.369] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.370] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.370] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.370] CloseHandle (hObject=0x290) returned 1 [0049.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.370] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.lolkek") returned 166 [0049.370] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json.lolkek")) returned 1 [0049.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9140 | out: hHeap=0x5a0000) returned 1 [0049.371] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.371] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.371] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0049.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.371] CloseHandle (hObject=0x290) returned 1 [0049.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.371] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b8 [0049.371] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.372] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.377] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.377] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.377] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2b8, lpOverlapped=0x0) returned 1 [0049.377] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd48, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.377] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2b8, lpOverlapped=0x0) returned 1 [0049.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.378] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.378] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.378] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.378] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.378] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.378] CloseHandle (hObject=0x290) returned 1 [0049.378] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.378] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.lolkek") returned 166 [0049.378] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0049.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9650 | out: hHeap=0x5a0000) returned 1 [0049.379] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.379] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.379] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json", dwFileAttributes=0x80) returned 1 [0049.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.379] CloseHandle (hObject=0x290) returned 1 [0049.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.380] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x261 [0049.380] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.380] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.385] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.385] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.385] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x261, lpOverlapped=0x0) returned 1 [0049.385] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd9f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.385] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x261, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x261, lpOverlapped=0x0) returned 1 [0049.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.385] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.386] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.386] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.386] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.386] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.386] CloseHandle (hObject=0x290) returned 1 [0049.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.386] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.lolkek") returned 166 [0049.386] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json.lolkek")) returned 1 [0049.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9b60 | out: hHeap=0x5a0000) returned 1 [0049.387] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.387] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.387] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0049.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.387] CloseHandle (hObject=0x290) returned 1 [0049.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.388] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b4 [0049.388] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.388] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.395] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.396] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.396] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2b4, lpOverlapped=0x0) returned 1 [0049.396] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd4c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.396] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2b4, lpOverlapped=0x0) returned 1 [0049.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.396] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.396] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.396] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.396] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.396] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.396] CloseHandle (hObject=0x290) returned 1 [0049.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.396] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.lolkek") returned 167 [0049.397] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0049.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94aa8 | out: hHeap=0x5a0000) returned 1 [0049.397] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.397] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.397] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0049.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.398] CloseHandle (hObject=0x290) returned 1 [0049.399] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.399] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ad [0049.399] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.399] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.411] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.411] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.411] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3ad, lpOverlapped=0x0) returned 1 [0049.411] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffc53, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.411] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3ad, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3ad, lpOverlapped=0x0) returned 1 [0049.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.412] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.412] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.412] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.412] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.412] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.412] CloseHandle (hObject=0x290) returned 1 [0049.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.412] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.lolkek") returned 166 [0049.412] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0049.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba070 | out: hHeap=0x5a0000) returned 1 [0049.413] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.413] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.413] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0049.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.415] CloseHandle (hObject=0x290) returned 1 [0049.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.415] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c6 [0049.415] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.415] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.426] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.426] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.426] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2c6, lpOverlapped=0x0) returned 1 [0049.426] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd3a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.426] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2c6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2c6, lpOverlapped=0x0) returned 1 [0049.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.426] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.426] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.427] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.427] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.427] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.427] CloseHandle (hObject=0x290) returned 1 [0049.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.427] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.lolkek") returned 166 [0049.427] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0049.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8eb8 | out: hHeap=0x5a0000) returned 1 [0049.428] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.428] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.428] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0049.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.428] CloseHandle (hObject=0x290) returned 1 [0049.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.428] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x26e [0049.428] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.429] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.441] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.442] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.442] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x26e, lpOverlapped=0x0) returned 1 [0049.442] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd92, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.442] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x26e, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x26e, lpOverlapped=0x0) returned 1 [0049.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.442] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.442] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.442] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.442] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.442] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.442] CloseHandle (hObject=0x290) returned 1 [0049.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.442] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.lolkek") returned 166 [0049.442] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0049.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9220 | out: hHeap=0x5a0000) returned 1 [0049.443] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.443] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.443] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0049.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.444] CloseHandle (hObject=0x290) returned 1 [0049.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.444] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29d [0049.444] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.444] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.451] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.451] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.451] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x29d, lpOverlapped=0x0) returned 1 [0049.451] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd63, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.451] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x29d, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x29d, lpOverlapped=0x0) returned 1 [0049.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.452] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.452] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.452] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.452] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.452] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.452] CloseHandle (hObject=0x290) returned 1 [0049.452] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.452] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.lolkek") returned 166 [0049.452] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0049.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9730 | out: hHeap=0x5a0000) returned 1 [0049.453] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.453] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.453] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0049.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.454] CloseHandle (hObject=0x290) returned 1 [0049.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.454] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2bb [0049.454] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.454] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.460] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.460] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.460] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.460] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.460] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2bb, lpOverlapped=0x0) returned 1 [0049.460] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd45, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.460] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2bb, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2bb, lpOverlapped=0x0) returned 1 [0049.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.460] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.460] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.460] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.460] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.460] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.461] CloseHandle (hObject=0x290) returned 1 [0049.461] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.461] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.lolkek") returned 166 [0049.461] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0049.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9c40 | out: hHeap=0x5a0000) returned 1 [0049.462] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.462] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.462] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0049.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.462] CloseHandle (hObject=0x290) returned 1 [0049.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.462] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x282 [0049.462] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.462] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.471] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.471] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.471] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x282, lpOverlapped=0x0) returned 1 [0049.471] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.471] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x282, lpOverlapped=0x0) returned 1 [0049.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.472] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.472] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.472] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.472] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.472] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.472] CloseHandle (hObject=0x290) returned 1 [0049.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.472] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.lolkek") returned 166 [0049.472] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0049.473] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.473] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa150 | out: hHeap=0x5a0000) returned 1 [0049.473] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.473] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.473] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0049.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.474] CloseHandle (hObject=0x290) returned 1 [0049.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.474] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29b [0049.474] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.474] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.479] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.480] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.480] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.480] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.480] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x29b, lpOverlapped=0x0) returned 1 [0049.480] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd65, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.480] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x29b, lpOverlapped=0x0) returned 1 [0049.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.480] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.480] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.480] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.480] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.480] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.480] CloseHandle (hObject=0x290) returned 1 [0049.480] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.480] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.lolkek") returned 169 [0049.480] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0049.481] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.481] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0cf8 | out: hHeap=0x5a0000) returned 1 [0049.481] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.481] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.481] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0049.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.482] CloseHandle (hObject=0x290) returned 1 [0049.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.482] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29c [0049.482] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.482] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.488] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.488] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.488] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x29c, lpOverlapped=0x0) returned 1 [0049.488] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd64, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.488] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x29c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x29c, lpOverlapped=0x0) returned 1 [0049.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.489] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.489] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.489] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.489] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.489] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.489] CloseHandle (hObject=0x290) returned 1 [0049.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.489] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.lolkek") returned 166 [0049.489] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0049.490] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.490] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa660 | out: hHeap=0x5a0000) returned 1 [0049.490] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.490] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.490] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0049.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.490] CloseHandle (hObject=0x290) returned 1 [0049.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.491] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29f [0049.491] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.491] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.497] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.497] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.497] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x29f, lpOverlapped=0x0) returned 1 [0049.497] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffd61, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.497] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x29f, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x29f, lpOverlapped=0x0) returned 1 [0049.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.497] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.497] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.497] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.497] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.497] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.497] CloseHandle (hObject=0x290) returned 1 [0049.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.498] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.lolkek") returned 166 [0049.498] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0049.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daab70 | out: hHeap=0x5a0000) returned 1 [0049.498] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.498] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.498] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.499] CloseHandle (hObject=0x290) returned 1 [0049.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.499] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x32c [0049.499] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.499] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.506] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.506] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.506] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x32c, lpOverlapped=0x0) returned 1 [0049.506] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffcd4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.507] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x32c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x32c, lpOverlapped=0x0) returned 1 [0049.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.507] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.507] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.507] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.507] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.507] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.507] CloseHandle (hObject=0x290) returned 1 [0049.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.507] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.lolkek") returned 166 [0049.507] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0049.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dab080 | out: hHeap=0x5a0000) returned 1 [0049.508] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.508] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.508] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0049.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.509] CloseHandle (hObject=0x290) returned 1 [0049.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.509] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x44b [0049.509] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.509] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.521] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.521] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.521] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x44b, lpOverlapped=0x0) returned 1 [0049.521] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffbb5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.521] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x44b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x44b, lpOverlapped=0x0) returned 1 [0049.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.521] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.521] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.521] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.521] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.521] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.521] CloseHandle (hObject=0x290) returned 1 [0049.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.521] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.lolkek") returned 166 [0049.521] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0049.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dab590 | out: hHeap=0x5a0000) returned 1 [0049.522] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.522] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.522] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0049.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.523] CloseHandle (hObject=0x290) returned 1 [0049.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.523] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x315 [0049.523] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.523] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.534] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.534] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.535] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.535] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x315, lpOverlapped=0x0) returned 1 [0049.535] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffceb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.535] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x315, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x315, lpOverlapped=0x0) returned 1 [0049.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.535] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.535] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.535] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.535] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.535] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.535] CloseHandle (hObject=0x290) returned 1 [0049.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.535] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.lolkek") returned 166 [0049.535] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0049.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb228 | out: hHeap=0x5a0000) returned 1 [0049.536] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.536] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.536] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0049.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.537] CloseHandle (hObject=0x290) returned 1 [0049.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.537] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x253 [0049.537] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.537] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.545] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.546] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.546] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x253, lpOverlapped=0x0) returned 1 [0049.546] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffdad, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.546] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x253, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x253, lpOverlapped=0x0) returned 1 [0049.546] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.546] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.546] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.546] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.546] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.546] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.546] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.546] CloseHandle (hObject=0x290) returned 1 [0049.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.546] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.lolkek") returned 169 [0049.546] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0049.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfd08 | out: hHeap=0x5a0000) returned 1 [0049.547] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.547] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.547] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0049.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.548] CloseHandle (hObject=0x290) returned 1 [0049.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.548] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2dfa [0049.548] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.548] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.553] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.554] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.554] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.554] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2dfa, lpOverlapped=0x0) returned 1 [0049.560] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffd206, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.560] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2dfa, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2dfa, lpOverlapped=0x0) returned 1 [0049.560] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.561] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.561] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.561] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.561] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.561] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.561] CloseHandle (hObject=0x290) returned 1 [0049.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.561] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.lolkek") returned 173 [0049.561] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0049.562] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.562] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b548 | out: hHeap=0x5a0000) returned 1 [0049.562] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.562] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.562] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0049.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.562] CloseHandle (hObject=0x290) returned 1 [0049.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.563] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x310 [0049.563] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.563] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.570] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.570] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.570] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x310, lpOverlapped=0x0) returned 1 [0049.570] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffcf0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.570] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x310, lpOverlapped=0x0) returned 1 [0049.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.570] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.570] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.570] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.570] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.570] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.571] CloseHandle (hObject=0x290) returned 1 [0049.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.571] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.lolkek") returned 150 [0049.571] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.lolkek")) returned 1 [0049.571] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.571] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b7f0 | out: hHeap=0x5a0000) returned 1 [0049.571] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.571] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.571] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0049.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.580] CloseHandle (hObject=0x290) returned 1 [0049.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.580] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x124 [0049.580] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.580] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.581] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.581] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.581] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x124, lpOverlapped=0x0) returned 1 [0049.581] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffedc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.581] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x124, lpOverlapped=0x0) returned 1 [0049.581] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.581] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.581] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.581] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.581] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.582] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.582] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.582] CloseHandle (hObject=0x290) returned 1 [0049.582] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.582] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.lolkek") returned 162 [0049.582] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0049.582] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.582] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6ab18 | out: hHeap=0x5a0000) returned 1 [0049.582] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.583] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.583] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0049.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.583] CloseHandle (hObject=0x290) returned 1 [0049.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.583] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf9 [0049.583] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.583] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.584] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.584] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.584] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xf9, lpOverlapped=0x0) returned 1 [0049.584] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff07, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.584] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xf9, lpOverlapped=0x0) returned 1 [0049.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.584] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.584] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.584] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.585] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.585] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.585] CloseHandle (hObject=0x290) returned 1 [0049.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.585] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.lolkek") returned 162 [0049.585] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0049.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a890 | out: hHeap=0x5a0000) returned 1 [0049.586] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.586] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.586] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0049.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.603] CloseHandle (hObject=0x27c) returned 1 [0049.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.603] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xec [0049.603] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.603] ReadFile (in: hFile=0x27c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.604] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.604] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.604] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xec, lpOverlapped=0x0) returned 1 [0049.604] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff14, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.604] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xec, lpOverlapped=0x0) returned 1 [0049.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.604] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.604] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.604] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.604] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.604] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.604] CloseHandle (hObject=0x27c) returned 1 [0049.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.605] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.lolkek") returned 162 [0049.605] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0049.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a608 | out: hHeap=0x5a0000) returned 1 [0049.605] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.605] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.605] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json", dwFileAttributes=0x80) returned 1 [0049.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.606] CloseHandle (hObject=0x27c) returned 1 [0049.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.606] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd7 [0049.606] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.606] ReadFile (in: hFile=0x27c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.607] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.607] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.607] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xd7, lpOverlapped=0x0) returned 1 [0049.607] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.607] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xd7, lpOverlapped=0x0) returned 1 [0049.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.607] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.607] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.607] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.607] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.607] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.607] CloseHandle (hObject=0x27c) returned 1 [0049.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.608] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.lolkek") returned 162 [0049.608] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json.lolkek")) returned 1 [0049.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e69e70 | out: hHeap=0x5a0000) returned 1 [0049.608] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.608] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.608] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0049.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.619] CloseHandle (hObject=0x290) returned 1 [0049.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.619] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10d [0049.619] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.619] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.620] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.620] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.620] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x10d, lpOverlapped=0x0) returned 1 [0049.620] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffef3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.620] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10d, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x10d, lpOverlapped=0x0) returned 1 [0049.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.620] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.620] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.621] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.621] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.621] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.621] CloseHandle (hObject=0x290) returned 1 [0049.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.621] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.lolkek") returned 162 [0049.621] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0049.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe580 | out: hHeap=0x5a0000) returned 1 [0049.621] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.622] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.622] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0049.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.669] CloseHandle (hObject=0x290) returned 1 [0049.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.669] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xea [0049.669] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.669] ReadFile (in: hFile=0x290, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.670] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.670] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.670] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xea, lpOverlapped=0x0) returned 1 [0049.670] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff16, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.670] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xea, lpOverlapped=0x0) returned 1 [0049.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.670] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.670] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.670] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.670] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.670] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.670] CloseHandle (hObject=0x290) returned 1 [0049.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.670] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.lolkek") returned 163 [0049.671] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0049.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf738 | out: hHeap=0x5a0000) returned 1 [0049.671] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.671] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.671] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0049.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.719] CloseHandle (hObject=0x27c) returned 1 [0049.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.719] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xee [0049.719] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.719] ReadFile (in: hFile=0x27c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.720] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.720] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.720] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xee, lpOverlapped=0x0) returned 1 [0049.720] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff12, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.720] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xee, lpOverlapped=0x0) returned 1 [0049.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.720] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.720] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.721] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.721] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.721] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.721] CloseHandle (hObject=0x27c) returned 1 [0049.721] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.721] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.lolkek") returned 162 [0049.721] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0049.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebdb60 | out: hHeap=0x5a0000) returned 1 [0049.722] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.722] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.722] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0049.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.722] CloseHandle (hObject=0x27c) returned 1 [0049.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.723] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0049.723] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.723] ReadFile (in: hFile=0x27c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.723] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.723] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.723] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xe8, lpOverlapped=0x0) returned 1 [0049.723] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.723] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xe8, lpOverlapped=0x0) returned 1 [0049.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.724] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.724] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.724] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.724] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.724] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.724] CloseHandle (hObject=0x27c) returned 1 [0049.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.724] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.lolkek") returned 162 [0049.724] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0049.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6b90 | out: hHeap=0x5a0000) returned 1 [0049.725] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.725] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.725] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0049.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.725] CloseHandle (hObject=0x27c) returned 1 [0049.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.726] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x102 [0049.726] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.726] ReadFile (in: hFile=0x27c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.726] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.726] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.726] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x102, lpOverlapped=0x0) returned 1 [0049.726] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffefe, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.727] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x102, lpOverlapped=0x0) returned 1 [0049.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.727] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.727] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.727] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.727] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.727] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.727] CloseHandle (hObject=0x27c) returned 1 [0049.727] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.727] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.lolkek") returned 165 [0049.727] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0049.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6908 | out: hHeap=0x5a0000) returned 1 [0049.728] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.728] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.728] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0049.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.729] CloseHandle (hObject=0x27c) returned 1 [0049.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.729] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf9 [0049.729] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.729] ReadFile (in: hFile=0x27c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.730] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.730] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.730] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xf9, lpOverlapped=0x0) returned 1 [0049.730] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff07, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.730] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xf9, lpOverlapped=0x0) returned 1 [0049.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.730] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.730] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.730] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.730] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.730] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.730] CloseHandle (hObject=0x27c) returned 1 [0049.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.730] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.lolkek") returned 165 [0049.731] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0049.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb5750 | out: hHeap=0x5a0000) returned 1 [0049.731] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.731] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.731] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0049.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.732] CloseHandle (hObject=0x27c) returned 1 [0049.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.732] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2686 [0049.732] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.732] ReadFile (in: hFile=0x27c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.746] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.746] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.746] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2686, lpOverlapped=0x0) returned 1 [0049.752] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffd97a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.752] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2686, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2686, lpOverlapped=0x0) returned 1 [0049.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.752] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.752] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.752] WriteFile (in: hFile=0x27c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.752] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.752] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.753] CloseHandle (hObject=0x27c) returned 1 [0049.753] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0049.753] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.lolkek") returned 169 [0049.753] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0049.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0049.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0258 | out: hHeap=0x5a0000) returned 1 [0049.754] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.754] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.754] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js", dwFileAttributes=0x80) returned 1 [0049.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.816] CloseHandle (hObject=0x25c) returned 1 [0049.816] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.826] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa89c [0049.826] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.826] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.829] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.829] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.829] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0049.830] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.830] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0049.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.830] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.830] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.831] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.831] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.831] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.831] CloseHandle (hObject=0x25c) returned 1 [0049.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.831] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.lolkek") returned 166 [0049.831] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js.lolkek")) returned 1 [0049.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6b538 | out: hHeap=0x5a0000) returned 1 [0049.832] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.832] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.832] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html", dwFileAttributes=0x80) returned 1 [0049.832] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.833] CloseHandle (hObject=0x25c) returned 1 [0049.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.833] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x111e1 [0049.833] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.833] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.842] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.842] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.842] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0049.843] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.843] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0049.844] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.846] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.846] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.846] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.846] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.846] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.846] CloseHandle (hObject=0x25c) returned 1 [0049.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.847] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.lolkek") returned 169 [0049.847] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html.lolkek")) returned 1 [0049.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebffb0 | out: hHeap=0x5a0000) returned 1 [0049.848] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.848] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.848] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js", dwFileAttributes=0x80) returned 1 [0049.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.849] CloseHandle (hObject=0x25c) returned 1 [0049.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.849] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce17 [0049.850] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.850] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.858] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.858] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.858] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0049.860] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.860] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0049.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.860] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.860] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.860] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.860] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.860] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.861] CloseHandle (hObject=0x25c) returned 1 [0049.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.861] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.lolkek") returned 160 [0049.861] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js.lolkek")) returned 1 [0049.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66b510 | out: hHeap=0x5a0000) returned 1 [0049.862] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.862] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.862] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js", dwFileAttributes=0x80) returned 1 [0049.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.863] CloseHandle (hObject=0x25c) returned 1 [0049.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.863] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x221da [0049.863] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.863] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.867] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.867] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.867] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0049.875] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.875] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0049.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.875] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.875] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.875] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.875] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.876] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.876] CloseHandle (hObject=0x25c) returned 1 [0049.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.876] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.lolkek") returned 168 [0049.876] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js.lolkek")) returned 1 [0049.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1b60 | out: hHeap=0x5a0000) returned 1 [0049.877] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.877] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.877] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html", dwFileAttributes=0x80) returned 1 [0049.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.877] CloseHandle (hObject=0x25c) returned 1 [0049.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.878] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3b [0049.878] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.878] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.878] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3b, lpOverlapped=0x0) returned 1 [0049.879] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffffc5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.879] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3b, lpOverlapped=0x0) returned 1 [0049.879] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.879] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.879] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.879] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.879] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.879] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.879] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.879] CloseHandle (hObject=0x25c) returned 1 [0049.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.879] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.lolkek") returned 169 [0049.879] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html.lolkek")) returned 1 [0049.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1798 | out: hHeap=0x5a0000) returned 1 [0049.880] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.880] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.880] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html", dwFileAttributes=0x80) returned 1 [0049.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.880] CloseHandle (hObject=0x25c) returned 1 [0049.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.881] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x828 [0049.881] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.881] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.889] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0049.889] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.889] ReadFile (in: hFile=0x25c, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x2c7dffc*=0x828, lpOverlapped=0x0) returned 1 [0049.889] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffff7d8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.889] WriteFile (in: hFile=0x25c, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x828, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x2c7fa40*=0x828, lpOverlapped=0x0) returned 1 [0049.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.889] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.889] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.889] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.890] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.890] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.890] CloseHandle (hObject=0x25c) returned 1 [0049.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.890] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.lolkek") returned 167 [0049.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html.lolkek")) returned 1 [0049.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3b6a0 | out: hHeap=0x5a0000) returned 1 [0049.891] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.891] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.891] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html", dwFileAttributes=0x80) returned 1 [0049.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.891] CloseHandle (hObject=0x25c) returned 1 [0049.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.891] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3b [0049.891] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0049.891] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.892] ReadFile (in: hFile=0x25c, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x2c7dffc*=0x3b, lpOverlapped=0x0) returned 1 [0049.892] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffffc5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.892] WriteFile (in: hFile=0x25c, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x2c7fa40*=0x3b, lpOverlapped=0x0) returned 1 [0049.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.892] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.892] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.892] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.893] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.893] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.893] CloseHandle (hObject=0x25c) returned 1 [0049.893] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.893] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.lolkek") returned 168 [0049.893] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html.lolkek")) returned 1 [0049.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.893] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3b930 | out: hHeap=0x5a0000) returned 1 [0049.893] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.893] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.893] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html", dwFileAttributes=0x80) returned 1 [0049.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.894] CloseHandle (hObject=0x25c) returned 1 [0049.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.894] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3b [0049.894] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.894] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.894] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0049.894] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.894] ReadFile (in: hFile=0x25c, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x2c7dffc*=0x3b, lpOverlapped=0x0) returned 1 [0049.895] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffffc5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.895] WriteFile (in: hFile=0x25c, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x3b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x2c7fa40*=0x3b, lpOverlapped=0x0) returned 1 [0049.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.895] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.895] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.895] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.895] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.895] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.896] CloseHandle (hObject=0x25c) returned 1 [0049.896] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.896] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.lolkek") returned 167 [0049.896] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html.lolkek")) returned 1 [0049.896] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.896] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c0b8 | out: hHeap=0x5a0000) returned 1 [0049.896] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.896] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.896] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html", dwFileAttributes=0x80) returned 1 [0049.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.897] CloseHandle (hObject=0x25c) returned 1 [0049.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.897] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x174c [0049.897] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.897] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.902] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.902] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.902] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x174c, lpOverlapped=0x0) returned 1 [0049.907] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffe8b4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.907] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x174c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x174c, lpOverlapped=0x0) returned 1 [0049.908] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.908] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.908] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.908] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.908] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.908] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.908] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.908] CloseHandle (hObject=0x25c) returned 1 [0049.908] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.908] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.lolkek") returned 175 [0049.909] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html.lolkek")) returned 1 [0049.909] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.909] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c348 | out: hHeap=0x5a0000) returned 1 [0049.909] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.909] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.909] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js", dwFileAttributes=0x80) returned 1 [0049.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.910] CloseHandle (hObject=0x25c) returned 1 [0049.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.910] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc878 [0049.910] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.910] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.921] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.921] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.921] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0049.926] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.926] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0049.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.926] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.926] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.926] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.926] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.927] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.927] CloseHandle (hObject=0x25c) returned 1 [0049.927] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.927] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.lolkek") returned 155 [0049.927] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.lolkek")) returned 1 [0049.928] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.928] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb2a8 | out: hHeap=0x5a0000) returned 1 [0049.928] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.928] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.928] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html", dwFileAttributes=0x80) returned 1 [0049.928] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.929] CloseHandle (hObject=0x25c) returned 1 [0049.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.929] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x38a8 [0049.929] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.929] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.947] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.948] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.948] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x38a8, lpOverlapped=0x0) returned 1 [0049.953] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc758, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.953] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x38a8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x38a8, lpOverlapped=0x0) returned 1 [0049.953] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.953] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.953] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.953] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.953] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.953] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.953] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.953] CloseHandle (hObject=0x25c) returned 1 [0049.953] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.954] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.lolkek") returned 159 [0049.954] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.lolkek")) returned 1 [0049.954] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.955] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6186f8 | out: hHeap=0x5a0000) returned 1 [0049.955] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.955] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.955] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0049.955] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.955] CloseHandle (hObject=0x25c) returned 1 [0049.955] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.955] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8f8 [0049.955] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.955] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.959] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0049.959] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.959] ReadFile (in: hFile=0x25c, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x2c7dffc*=0x8f8, lpOverlapped=0x0) returned 1 [0049.959] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffff708, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.959] WriteFile (in: hFile=0x25c, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x8f8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x2c7fa40*=0x8f8, lpOverlapped=0x0) returned 1 [0049.959] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.959] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.960] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.960] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.960] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.960] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.960] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.960] CloseHandle (hObject=0x25c) returned 1 [0049.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.960] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.lolkek") returned 159 [0049.960] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.lolkek")) returned 1 [0049.962] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.962] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec70d0 | out: hHeap=0x5a0000) returned 1 [0049.962] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.962] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.962] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css", dwFileAttributes=0x80) returned 1 [0049.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.962] CloseHandle (hObject=0x25c) returned 1 [0049.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.963] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x46039 [0049.963] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.963] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.974] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.974] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.975] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.975] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.975] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0049.978] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.978] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0049.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.978] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.978] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.978] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.979] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.979] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.979] CloseHandle (hObject=0x25c) returned 1 [0049.979] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.979] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.lolkek") returned 166 [0049.979] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css.lolkek")) returned 1 [0049.980] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.980] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4d10 | out: hHeap=0x5a0000) returned 1 [0049.980] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.980] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.980] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js", dwFileAttributes=0x80) returned 1 [0049.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.980] CloseHandle (hObject=0x25c) returned 1 [0049.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.981] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2adeb [0049.981] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.981] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0049.990] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0049.990] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.990] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.990] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.990] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0049.994] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.994] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0049.994] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.994] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.994] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.994] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0049.994] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.994] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0049.995] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0049.995] CloseHandle (hObject=0x25c) returned 1 [0049.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.995] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.lolkek") returned 165 [0049.995] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js.lolkek")) returned 1 [0049.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4a88 | out: hHeap=0x5a0000) returned 1 [0049.996] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.996] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.996] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js", dwFileAttributes=0x80) returned 1 [0049.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0049.996] CloseHandle (hObject=0x25c) returned 1 [0049.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.997] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x941 [0049.997] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.997] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.030] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.031] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.031] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x941, lpOverlapped=0x0) returned 1 [0050.031] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffff6bf, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.031] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x941, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x941, lpOverlapped=0x0) returned 1 [0050.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.031] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.031] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.032] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.032] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.032] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.032] CloseHandle (hObject=0x25c) returned 1 [0050.032] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.032] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.lolkek") returned 165 [0050.032] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js.lolkek")) returned 1 [0050.033] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.033] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4800 | out: hHeap=0x5a0000) returned 1 [0050.033] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.033] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.033] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0050.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.033] CloseHandle (hObject=0x25c) returned 1 [0050.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.034] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x45bf [0050.034] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.034] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.036] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.036] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.036] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.036] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.036] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.040] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.040] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.040] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.040] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.040] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.040] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.040] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.040] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.041] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.041] CloseHandle (hObject=0x25c) returned 1 [0050.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.041] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.lolkek") returned 171 [0050.041] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0050.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6357c8 | out: hHeap=0x5a0000) returned 1 [0050.042] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.042] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.042] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json", dwFileAttributes=0x80) returned 1 [0050.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.042] CloseHandle (hObject=0x25c) returned 1 [0050.042] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.043] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x52cb [0050.043] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.043] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.045] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.045] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.046] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.052] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.052] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.052] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.052] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.052] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.052] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.053] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.053] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.053] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.053] CloseHandle (hObject=0x25c) returned 1 [0050.053] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.053] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.lolkek") returned 171 [0050.053] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json.lolkek")) returned 1 [0050.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd270 | out: hHeap=0x5a0000) returned 1 [0050.054] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.054] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.054] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0050.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.055] CloseHandle (hObject=0x25c) returned 1 [0050.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.055] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4029 [0050.055] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.055] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.057] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.058] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.058] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.063] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.063] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.064] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.064] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.064] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.064] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.064] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.064] CloseHandle (hObject=0x25c) returned 1 [0050.064] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.064] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.lolkek") returned 171 [0050.065] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0050.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x619008 | out: hHeap=0x5a0000) returned 1 [0050.066] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.066] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.066] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0050.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.067] CloseHandle (hObject=0x25c) returned 1 [0050.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.067] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x406f [0050.067] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.067] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.070] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.070] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.070] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.070] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.070] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.076] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.076] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.076] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.076] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.076] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.076] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.076] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.076] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.076] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.076] CloseHandle (hObject=0x25c) returned 1 [0050.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.077] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.lolkek") returned 171 [0050.077] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0050.078] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.078] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x619548 | out: hHeap=0x5a0000) returned 1 [0050.078] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.078] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.078] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json", dwFileAttributes=0x80) returned 1 [0050.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.079] CloseHandle (hObject=0x25c) returned 1 [0050.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.079] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d7a [0050.079] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.079] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.082] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.082] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.082] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3d7a, lpOverlapped=0x0) returned 1 [0050.099] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc286, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.099] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3d7a, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3d7a, lpOverlapped=0x0) returned 1 [0050.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.099] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.099] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.099] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.099] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.100] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.100] CloseHandle (hObject=0x25c) returned 1 [0050.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.100] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.lolkek") returned 171 [0050.100] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json.lolkek")) returned 1 [0050.101] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.101] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1538 | out: hHeap=0x5a0000) returned 1 [0050.101] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.101] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.101] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json", dwFileAttributes=0x80) returned 1 [0050.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.102] CloseHandle (hObject=0x25c) returned 1 [0050.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.102] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3e85 [0050.102] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.102] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.105] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.105] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.105] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3e85, lpOverlapped=0x0) returned 1 [0050.110] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc17b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.110] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3e85, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3e85, lpOverlapped=0x0) returned 1 [0050.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.111] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.111] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.111] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.111] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.111] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.111] CloseHandle (hObject=0x25c) returned 1 [0050.111] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.111] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.lolkek") returned 171 [0050.111] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json.lolkek")) returned 1 [0050.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613198 | out: hHeap=0x5a0000) returned 1 [0050.112] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.112] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.112] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0050.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.113] CloseHandle (hObject=0x25c) returned 1 [0050.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.113] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3f4c [0050.113] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.113] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.116] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.116] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.117] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.117] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.117] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3f4c, lpOverlapped=0x0) returned 1 [0050.122] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc0b4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.122] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3f4c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3f4c, lpOverlapped=0x0) returned 1 [0050.123] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.123] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.123] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.123] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.123] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.123] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.123] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.123] CloseHandle (hObject=0x25c) returned 1 [0050.123] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.123] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.lolkek") returned 171 [0050.123] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0050.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6136d8 | out: hHeap=0x5a0000) returned 1 [0050.124] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.124] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.124] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0050.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.125] CloseHandle (hObject=0x25c) returned 1 [0050.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.125] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x419f [0050.125] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.125] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.127] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.127] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.128] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.132] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.132] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.132] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.132] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.132] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.132] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.132] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.132] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.132] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.132] CloseHandle (hObject=0x25c) returned 1 [0050.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.132] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.lolkek") returned 171 [0050.132] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0050.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61af10 | out: hHeap=0x5a0000) returned 1 [0050.133] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.133] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.133] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0050.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.134] CloseHandle (hObject=0x25c) returned 1 [0050.134] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.134] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x50f7 [0050.134] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.134] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.136] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.136] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.136] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.140] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.140] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.140] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.141] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.141] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.141] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.141] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.141] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.141] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.141] CloseHandle (hObject=0x25c) returned 1 [0050.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.141] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.lolkek") returned 171 [0050.141] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0050.142] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.142] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1ce8 | out: hHeap=0x5a0000) returned 1 [0050.142] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.142] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.142] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0050.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.142] CloseHandle (hObject=0x25c) returned 1 [0050.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.143] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40d4 [0050.143] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.143] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.145] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.145] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.145] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.149] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.149] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.149] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.149] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.150] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.150] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.150] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.150] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.150] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.150] CloseHandle (hObject=0x25c) returned 1 [0050.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.150] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.lolkek") returned 171 [0050.150] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0050.151] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.151] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1f90 | out: hHeap=0x5a0000) returned 1 [0050.151] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.151] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.151] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0050.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.152] CloseHandle (hObject=0x25c) returned 1 [0050.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.152] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3f0c [0050.152] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.152] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.154] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.154] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.154] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3f0c, lpOverlapped=0x0) returned 1 [0050.158] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc0f4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.158] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3f0c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3f0c, lpOverlapped=0x0) returned 1 [0050.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.158] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.158] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.159] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.159] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.159] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.159] CloseHandle (hObject=0x25c) returned 1 [0050.159] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.159] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.lolkek") returned 171 [0050.159] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0050.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec24e0 | out: hHeap=0x5a0000) returned 1 [0050.160] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.160] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.160] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0050.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.160] CloseHandle (hObject=0x25c) returned 1 [0050.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.161] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x447a [0050.161] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.161] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.163] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.163] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.163] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.163] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.163] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.167] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.167] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.167] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.167] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.168] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.168] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.168] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.168] CloseHandle (hObject=0x25c) returned 1 [0050.168] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.168] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.lolkek") returned 171 [0050.168] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0050.169] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.169] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec2a30 | out: hHeap=0x5a0000) returned 1 [0050.169] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.169] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.169] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0050.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.169] CloseHandle (hObject=0x25c) returned 1 [0050.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.170] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x403a [0050.170] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.170] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.172] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.172] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.172] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.177] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.177] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.177] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.177] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.177] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.177] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.177] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.177] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.177] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.177] CloseHandle (hObject=0x25c) returned 1 [0050.178] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.178] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.lolkek") returned 171 [0050.178] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0050.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec2f80 | out: hHeap=0x5a0000) returned 1 [0050.178] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.178] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.178] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0050.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.179] CloseHandle (hObject=0x25c) returned 1 [0050.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.179] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x41bf [0050.179] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.179] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.183] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.183] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.183] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.187] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.187] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.187] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.187] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.187] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.187] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.188] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.188] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.188] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.188] CloseHandle (hObject=0x25c) returned 1 [0050.188] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.188] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.lolkek") returned 171 [0050.188] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0050.189] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.189] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec34d0 | out: hHeap=0x5a0000) returned 1 [0050.189] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.189] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.189] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json", dwFileAttributes=0x80) returned 1 [0050.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.189] CloseHandle (hObject=0x25c) returned 1 [0050.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.190] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5224 [0050.190] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.190] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.192] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.192] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.192] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.192] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.192] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.196] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.196] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.196] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.196] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.196] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.196] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.196] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.196] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.197] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.197] CloseHandle (hObject=0x25c) returned 1 [0050.197] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.197] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.lolkek") returned 171 [0050.197] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json.lolkek")) returned 1 [0050.197] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.197] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec3a20 | out: hHeap=0x5a0000) returned 1 [0050.198] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.198] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.198] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json", dwFileAttributes=0x80) returned 1 [0050.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.198] CloseHandle (hObject=0x25c) returned 1 [0050.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.198] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ebc [0050.198] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.198] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.200] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.201] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.201] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.201] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3ebc, lpOverlapped=0x0) returned 1 [0050.205] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc144, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.205] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3ebc, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3ebc, lpOverlapped=0x0) returned 1 [0050.205] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.205] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.205] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.205] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.205] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.205] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.205] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.205] CloseHandle (hObject=0x25c) returned 1 [0050.205] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.205] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.lolkek") returned 171 [0050.205] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json.lolkek")) returned 1 [0050.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1e10 | out: hHeap=0x5a0000) returned 1 [0050.206] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.206] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.206] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0050.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.207] CloseHandle (hObject=0x25c) returned 1 [0050.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.207] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fd7 [0050.207] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.207] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.209] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.209] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.209] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3fd7, lpOverlapped=0x0) returned 1 [0050.213] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc029, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.213] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3fd7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3fd7, lpOverlapped=0x0) returned 1 [0050.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.213] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.214] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.214] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.214] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.214] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.214] CloseHandle (hObject=0x25c) returned 1 [0050.214] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.214] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.lolkek") returned 171 [0050.214] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0050.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2360 | out: hHeap=0x5a0000) returned 1 [0050.215] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.215] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.215] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0050.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.216] CloseHandle (hObject=0x25c) returned 1 [0050.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.216] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fdc [0050.216] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.216] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.218] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.218] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.218] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3fdc, lpOverlapped=0x0) returned 1 [0050.222] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc024, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.222] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3fdc, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3fdc, lpOverlapped=0x0) returned 1 [0050.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.222] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.222] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.223] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.223] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.223] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.223] CloseHandle (hObject=0x25c) returned 1 [0050.223] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.223] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.lolkek") returned 174 [0050.223] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0050.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610ed8 | out: hHeap=0x5a0000) returned 1 [0050.224] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.224] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.224] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0050.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.225] CloseHandle (hObject=0x25c) returned 1 [0050.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.225] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40db [0050.225] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.225] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.228] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.228] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.228] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.232] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.232] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.233] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.233] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.233] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.233] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.233] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.233] CloseHandle (hObject=0x25c) returned 1 [0050.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.233] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.lolkek") returned 171 [0050.233] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0050.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb28b0 | out: hHeap=0x5a0000) returned 1 [0050.234] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.234] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.234] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0050.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.235] CloseHandle (hObject=0x25c) returned 1 [0050.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.235] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40fd [0050.235] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.235] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.237] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.237] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.237] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.241] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.241] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.241] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.241] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.241] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.242] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.242] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.242] CloseHandle (hObject=0x25c) returned 1 [0050.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.242] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.lolkek") returned 171 [0050.242] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0050.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2e00 | out: hHeap=0x5a0000) returned 1 [0050.243] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.243] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.243] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0050.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.243] CloseHandle (hObject=0x25c) returned 1 [0050.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.244] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x49c1 [0050.244] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.244] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.248] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.248] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.248] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.254] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.254] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.254] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.254] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.254] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.254] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.254] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.254] CloseHandle (hObject=0x25c) returned 1 [0050.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.254] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.lolkek") returned 171 [0050.254] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0050.255] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.255] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb3350 | out: hHeap=0x5a0000) returned 1 [0050.255] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.255] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.255] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json", dwFileAttributes=0x80) returned 1 [0050.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.256] CloseHandle (hObject=0x25c) returned 1 [0050.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.256] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3e8b [0050.256] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.256] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.258] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.258] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.258] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3e8b, lpOverlapped=0x0) returned 1 [0050.263] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc175, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.263] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3e8b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3e8b, lpOverlapped=0x0) returned 1 [0050.263] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.263] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.263] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.263] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.263] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.263] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.263] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.264] CloseHandle (hObject=0x25c) returned 1 [0050.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.264] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.lolkek") returned 171 [0050.264] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json.lolkek")) returned 1 [0050.265] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.265] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb38a0 | out: hHeap=0x5a0000) returned 1 [0050.265] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.265] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.265] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json", dwFileAttributes=0x80) returned 1 [0050.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.265] CloseHandle (hObject=0x25c) returned 1 [0050.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.266] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5593 [0050.266] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.266] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.267] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.268] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.268] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.272] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.272] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.272] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.272] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.272] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.272] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.272] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.272] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.272] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.272] CloseHandle (hObject=0x25c) returned 1 [0050.272] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.272] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.lolkek") returned 171 [0050.272] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json.lolkek")) returned 1 [0050.273] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.273] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb3df0 | out: hHeap=0x5a0000) returned 1 [0050.273] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.273] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.273] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0050.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.274] CloseHandle (hObject=0x25c) returned 1 [0050.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.274] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x404e [0050.274] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.274] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.276] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.276] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.276] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.280] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.280] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.280] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.280] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.281] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.281] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.281] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.281] CloseHandle (hObject=0x25c) returned 1 [0050.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.281] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.lolkek") returned 171 [0050.281] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0050.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4340 | out: hHeap=0x5a0000) returned 1 [0050.282] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.282] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.282] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0050.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.282] CloseHandle (hObject=0x25c) returned 1 [0050.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.283] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x426b [0050.283] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.283] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.287] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.287] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.287] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.291] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.291] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.291] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.291] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.291] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.291] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.291] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.291] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.291] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.292] CloseHandle (hObject=0x25c) returned 1 [0050.292] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.292] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.lolkek") returned 171 [0050.292] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0050.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4890 | out: hHeap=0x5a0000) returned 1 [0050.292] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.292] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.292] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0050.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.293] CloseHandle (hObject=0x25c) returned 1 [0050.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.293] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d72 [0050.293] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.293] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.296] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.296] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.296] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3d72, lpOverlapped=0x0) returned 1 [0050.301] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc28e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.301] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3d72, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3d72, lpOverlapped=0x0) returned 1 [0050.301] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.301] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.301] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.301] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.301] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.302] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.302] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.302] CloseHandle (hObject=0x25c) returned 1 [0050.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.302] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.lolkek") returned 174 [0050.302] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0050.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x645fb8 | out: hHeap=0x5a0000) returned 1 [0050.303] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.303] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.303] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0050.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.304] CloseHandle (hObject=0x25c) returned 1 [0050.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.305] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3e39 [0050.305] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.305] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.307] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.308] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.308] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3e39, lpOverlapped=0x0) returned 1 [0050.315] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc1c7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.316] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3e39, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3e39, lpOverlapped=0x0) returned 1 [0050.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.316] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.316] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.316] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.316] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.316] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.316] CloseHandle (hObject=0x25c) returned 1 [0050.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.316] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.lolkek") returned 178 [0050.316] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0050.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67ca98 | out: hHeap=0x5a0000) returned 1 [0050.317] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.317] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.317] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal", dwFileAttributes=0x80) returned 1 [0050.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.318] CloseHandle (hObject=0x25c) returned 1 [0050.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.318] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.318] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.318] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.318] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0050.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.318] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.318] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.319] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.319] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.319] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.319] CloseHandle (hObject=0x25c) returned 1 [0050.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.319] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal.lolkek") returned 103 [0050.319] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal.lolkek")) returned 1 [0050.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7b50 | out: hHeap=0x5a0000) returned 1 [0050.320] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.320] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.320] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico", dwFileAttributes=0x80) returned 1 [0050.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.320] CloseHandle (hObject=0x25c) returned 1 [0050.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.321] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b2e9 [0050.321] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.321] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.323] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.324] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.324] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.328] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.328] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.328] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.328] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.328] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.328] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.329] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.329] CloseHandle (hObject=0x25c) returned 1 [0050.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.329] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.lolkek") returned 105 [0050.329] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico.lolkek")) returned 1 [0050.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc1b88 | out: hHeap=0x5a0000) returned 1 [0050.329] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.329] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.329] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache", dwFileAttributes=0x80) returned 1 [0050.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.330] CloseHandle (hObject=0x25c) returned 1 [0050.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.330] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x142f [0050.330] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.330] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.332] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.333] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x142f, lpOverlapped=0x0) returned 1 [0050.343] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffebd1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.343] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x142f, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x142f, lpOverlapped=0x0) returned 1 [0050.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.343] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.343] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.343] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.343] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.343] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.344] CloseHandle (hObject=0x25c) returned 1 [0050.344] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.344] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache.lolkek") returned 109 [0050.344] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache.lolkek")) returned 1 [0050.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618968 | out: hHeap=0x5a0000) returned 1 [0050.344] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.344] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.344] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp", dwFileAttributes=0x80) returned 1 [0050.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.348] CloseHandle (hObject=0x25c) returned 1 [0050.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.348] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.348] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.348] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.348] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0050.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.349] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.349] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.349] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.349] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.349] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.349] CloseHandle (hObject=0x25c) returned 1 [0050.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.351] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp.lolkek") returned 112 [0050.351] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp.lolkek")) returned 1 [0050.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.434] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.434] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.434] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts", dwFileAttributes=0x80) returned 1 [0050.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0050.434] CloseHandle (hObject=0x1ec) returned 1 [0050.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.435] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3000 [0050.435] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.435] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.459] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.460] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.460] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x3000, lpOverlapped=0x0) returned 1 [0050.461] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffd000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.461] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x3000, lpOverlapped=0x0) returned 1 [0050.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.461] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.461] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.461] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.461] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.462] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.462] CloseHandle (hObject=0x1ec) returned 1 [0050.463] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0050.463] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts.lolkek") returned 96 [0050.463] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts.lolkek")) returned 1 [0050.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c948d8 | out: hHeap=0x5a0000) returned 1 [0050.583] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.583] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.583] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms", dwFileAttributes=0x80) returned 1 [0050.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.593] CloseHandle (hObject=0x1e0) returned 1 [0050.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.593] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7000 [0050.593] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.593] ReadFile (in: hFile=0x1e0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.595] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.595] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.595] ReadFile (in: hFile=0x1e0, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.607] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.607] WriteFile (in: hFile=0x1e0, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.607] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.607] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.608] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.608] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.608] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.608] CloseHandle (hObject=0x1e0) returned 1 [0050.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.608] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.lolkek") returned 148 [0050.608] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms.lolkek")) returned 1 [0050.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd8198 | out: hHeap=0x5a0000) returned 1 [0050.608] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.609] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.609] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini", dwFileAttributes=0x80) returned 1 [0050.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0050.627] CloseHandle (hObject=0x2bc) returned 1 [0050.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0050.660] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0050.660] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.660] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.660] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x43, lpOverlapped=0x0) returned 1 [0050.661] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.661] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x43, lpOverlapped=0x0) returned 1 [0050.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.661] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.661] WriteFile (in: hFile=0x290, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.661] WriteFile (in: hFile=0x290, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.662] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.662] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.662] CloseHandle (hObject=0x290) returned 1 [0050.663] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0050.663] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.lolkek") returned 97 [0050.663] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini.lolkek")) returned 1 [0050.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dded50 | out: hHeap=0x5a0000) returned 1 [0050.673] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.673] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.673] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak", dwFileAttributes=0x80) returned 1 [0050.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.674] CloseHandle (hObject=0x268) returned 1 [0050.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.674] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fa9 [0050.674] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.674] ReadFile (in: hFile=0x268, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.678] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.678] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.678] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x2fa9, lpOverlapped=0x0) returned 1 [0050.690] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffd057, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.690] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2fa9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x2fa9, lpOverlapped=0x0) returned 1 [0050.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.691] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.691] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.691] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.691] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.691] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.691] CloseHandle (hObject=0x268) returned 1 [0050.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.691] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.lolkek") returned 94 [0050.691] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak.lolkek")) returned 1 [0050.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6270 | out: hHeap=0x5a0000) returned 1 [0050.692] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.692] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.692] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml", dwFileAttributes=0x80) returned 1 [0050.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.692] CloseHandle (hObject=0x268) returned 1 [0050.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.692] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd [0050.693] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.693] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.693] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0xd, lpOverlapped=0x0) returned 1 [0050.693] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.693] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0xd, lpOverlapped=0x0) returned 1 [0050.693] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.693] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.693] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.693] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.694] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.694] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.694] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.694] CloseHandle (hObject=0x268) returned 1 [0050.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.694] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml.lolkek") returned 117 [0050.694] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml.lolkek")) returned 1 [0050.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fa38 | out: hHeap=0x5a0000) returned 1 [0050.695] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.695] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.695] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat", dwFileAttributes=0x80) returned 1 [0050.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.695] CloseHandle (hObject=0x268) returned 1 [0050.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.695] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0050.695] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.695] ReadFile (in: hFile=0x268, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.700] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.700] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.700] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.719] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.719] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.720] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.720] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.720] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.720] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.720] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.720] CloseHandle (hObject=0x268) returned 1 [0050.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.720] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.lolkek") returned 101 [0050.720] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat.lolkek")) returned 1 [0050.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fc00 | out: hHeap=0x5a0000) returned 1 [0050.724] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.724] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.724] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT", dwFileAttributes=0x80) returned 1 [0050.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.727] CloseHandle (hObject=0x268) returned 1 [0050.727] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.727] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0050.727] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.727] ReadFile (in: hFile=0x268, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.731] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.731] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.732] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.732] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.738] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.738] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.738] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.738] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.738] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.738] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.738] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.738] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.738] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.738] CloseHandle (hObject=0x268) returned 1 [0050.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.739] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.lolkek") returned 95 [0050.739] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat.lolkek")) returned 1 [0050.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617b68 | out: hHeap=0x5a0000) returned 1 [0050.739] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.739] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.739] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", dwFileAttributes=0x80) returned 1 [0050.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.743] CloseHandle (hObject=0x268) returned 1 [0050.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.744] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1200 [0050.744] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.744] ReadFile (in: hFile=0x268, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.748] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.748] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.748] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1200, lpOverlapped=0x0) returned 1 [0050.751] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffee00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.751] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1200, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1200, lpOverlapped=0x0) returned 1 [0050.751] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.751] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.751] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.751] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.751] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.751] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.751] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.751] CloseHandle (hObject=0x268) returned 1 [0050.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.752] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.lolkek") returned 146 [0050.752] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat.lolkek")) returned 1 [0050.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca59d8 | out: hHeap=0x5a0000) returned 1 [0050.752] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.752] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.753] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb", dwFileAttributes=0x80) returned 1 [0050.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.753] CloseHandle (hObject=0x268) returned 1 [0050.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.753] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x105000 [0050.753] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.753] ReadFile (in: hFile=0x268, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.762] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.762] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.762] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0050.770] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.770] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0050.770] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.770] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.770] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.770] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.770] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.770] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.770] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.770] CloseHandle (hObject=0x268) returned 1 [0050.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.770] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.lolkek") returned 102 [0050.770] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb.lolkek")) returned 1 [0050.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5fc8 | out: hHeap=0x5a0000) returned 1 [0050.771] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.771] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.771] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0050.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.772] CloseHandle (hObject=0x268) returned 1 [0050.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.772] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x414 [0050.772] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.772] ReadFile (in: hFile=0x268, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.774] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.774] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.774] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x414, lpOverlapped=0x0) returned 1 [0050.774] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffbec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.775] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x414, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x414, lpOverlapped=0x0) returned 1 [0050.775] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.775] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.775] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.775] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.775] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.775] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.775] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.775] CloseHandle (hObject=0x268) returned 1 [0050.775] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.775] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.lolkek") returned 142 [0050.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl.lolkek")) returned 1 [0050.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c6740 | out: hHeap=0x5a0000) returned 1 [0050.776] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.776] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.776] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0050.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.801] CloseHandle (hObject=0x27c) returned 1 [0050.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.864] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4ff [0050.864] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.864] ReadFile (in: hFile=0x268, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.866] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.866] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.866] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4ff, lpOverlapped=0x0) returned 1 [0050.866] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffb01, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.866] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4ff, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4ff, lpOverlapped=0x0) returned 1 [0050.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.867] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.867] WriteFile (in: hFile=0x268, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.867] WriteFile (in: hFile=0x268, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.867] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.867] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.867] CloseHandle (hObject=0x268) returned 1 [0050.868] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.868] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.lolkek") returned 144 [0050.868] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl.lolkek")) returned 1 [0050.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaddb0 | out: hHeap=0x5a0000) returned 1 [0050.906] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.906] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.906] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0050.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.907] CloseHandle (hObject=0x1b4) returned 1 [0050.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.907] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x414 [0050.907] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.907] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.910] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.910] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.910] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x414, lpOverlapped=0x0) returned 1 [0050.910] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffbec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.910] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x414, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x414, lpOverlapped=0x0) returned 1 [0050.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.910] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.910] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.910] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.910] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.910] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.910] CloseHandle (hObject=0x1b4) returned 1 [0050.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.910] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.lolkek") returned 142 [0050.911] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl.lolkek")) returned 1 [0050.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7208 | out: hHeap=0x5a0000) returned 1 [0050.911] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.911] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.911] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0050.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0050.921] CloseHandle (hObject=0x2bc) returned 1 [0050.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.921] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4ff [0050.921] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.921] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.925] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.925] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.925] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.925] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.925] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4ff, lpOverlapped=0x0) returned 1 [0050.926] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffb01, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.926] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4ff, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4ff, lpOverlapped=0x0) returned 1 [0050.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.926] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.926] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.926] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.926] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.926] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.926] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.926] CloseHandle (hObject=0x2bc) returned 1 [0050.926] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.926] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.lolkek") returned 144 [0050.926] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl.lolkek")) returned 1 [0050.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eae240 | out: hHeap=0x5a0000) returned 1 [0050.927] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.927] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.927] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0050.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0050.933] CloseHandle (hObject=0x258) returned 1 [0050.933] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.943] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x504 [0050.943] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.943] ReadFile (in: hFile=0x25c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0050.982] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0050.982] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.982] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.982] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.982] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x504, lpOverlapped=0x0) returned 1 [0050.983] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffafc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.983] WriteFile (in: hFile=0x25c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x504, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x504, lpOverlapped=0x0) returned 1 [0050.983] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.983] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.983] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.983] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0050.983] WriteFile (in: hFile=0x25c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.983] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0050.983] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0050.983] CloseHandle (hObject=0x25c) returned 1 [0050.983] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.983] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.lolkek") returned 145 [0050.983] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl.lolkek")) returned 1 [0051.006] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.006] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5290 | out: hHeap=0x5a0000) returned 1 [0051.006] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.007] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.007] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF", dwFileAttributes=0x80) returned 1 [0051.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0051.056] CloseHandle (hObject=0x1b4) returned 1 [0051.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0051.063] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x72 [0051.063] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.063] ReadFile (in: hFile=0x24c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.064] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.064] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.064] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.064] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.064] ReadFile (in: hFile=0x24c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x72, lpOverlapped=0x0) returned 1 [0051.064] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffff8e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.064] WriteFile (in: hFile=0x24c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x72, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x72, lpOverlapped=0x0) returned 1 [0051.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.064] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.064] WriteFile (in: hFile=0x24c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.065] WriteFile (in: hFile=0x24c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.065] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.065] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.065] CloseHandle (hObject=0x24c) returned 1 [0051.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.065] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.lolkek") returned 105 [0051.065] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf.lolkek")) returned 1 [0051.070] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.070] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb370 | out: hHeap=0x5a0000) returned 1 [0051.070] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.070] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.070] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig", dwFileAttributes=0x80) returned 1 [0051.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0051.099] CloseHandle (hObject=0x1b4) returned 1 [0051.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.108] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x80 [0051.108] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.108] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.109] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.109] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.109] ReadFile (in: hFile=0x270, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x80, lpOverlapped=0x0) returned 1 [0051.109] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff80, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.109] WriteFile (in: hFile=0x270, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x80, lpOverlapped=0x0) returned 1 [0051.109] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.109] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.109] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.109] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.109] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.109] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.110] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.110] CloseHandle (hObject=0x270) returned 1 [0051.110] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.110] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.lolkek") returned 119 [0051.110] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig.lolkek")) returned 1 [0051.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e36708 | out: hHeap=0x5a0000) returned 1 [0051.111] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.111] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.111] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat", dwFileAttributes=0x80) returned 1 [0051.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0051.112] CloseHandle (hObject=0x270) returned 1 [0051.112] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.112] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18ce0 [0051.112] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.112] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.121] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.121] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.121] ReadFile (in: hFile=0x270, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0051.130] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.130] WriteFile (in: hFile=0x270, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0051.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.130] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.130] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.130] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.130] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.130] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.131] CloseHandle (hObject=0x270) returned 1 [0051.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.132] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat.lolkek") returned 84 [0051.132] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat.lolkek")) returned 1 [0051.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616998 | out: hHeap=0x5a0000) returned 1 [0051.133] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.133] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.133] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", dwFileAttributes=0x80) returned 1 [0051.134] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0051.134] CloseHandle (hObject=0x270) returned 1 [0051.134] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.134] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5e4 [0051.134] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.134] ReadFile (in: hFile=0x270, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.145] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.145] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.145] ReadFile (in: hFile=0x270, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x5e4, lpOverlapped=0x0) returned 1 [0051.145] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffa1c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.145] WriteFile (in: hFile=0x270, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5e4, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x5e4, lpOverlapped=0x0) returned 1 [0051.145] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.145] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.145] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.146] WriteFile (in: hFile=0x270, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.146] WriteFile (in: hFile=0x270, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.146] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.146] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.146] CloseHandle (hObject=0x270) returned 1 [0051.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.146] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.lolkek") returned 133 [0051.146] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount.lolkek")) returned 1 [0051.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb508 | out: hHeap=0x5a0000) returned 1 [0051.147] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.147] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.147] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", dwFileAttributes=0x80) returned 1 [0051.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0051.160] CloseHandle (hObject=0x1e0) returned 1 [0051.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.161] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6c8 [0051.161] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.161] ReadFile (in: hFile=0x1e0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.163] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.163] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.163] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.163] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.163] ReadFile (in: hFile=0x1e0, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x6c8, lpOverlapped=0x0) returned 1 [0051.163] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffff938, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.163] WriteFile (in: hFile=0x1e0, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x6c8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x6c8, lpOverlapped=0x0) returned 1 [0051.163] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.163] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.163] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.163] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.164] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.164] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.164] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.164] CloseHandle (hObject=0x1e0) returned 1 [0051.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.164] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.lolkek") returned 133 [0051.164] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount.lolkek")) returned 1 [0051.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0258 | out: hHeap=0x5a0000) returned 1 [0051.165] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.165] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.165] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore", dwFileAttributes=0x80) returned 1 [0051.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0051.165] CloseHandle (hObject=0x1e0) returned 1 [0051.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.166] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x206000 [0051.166] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.166] ReadFile (in: hFile=0x1e0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.173] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.173] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.173] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.173] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.173] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0051.174] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.174] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0051.175] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.175] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.175] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.175] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.175] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.175] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.175] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.175] CloseHandle (hObject=0x1e0) returned 1 [0051.175] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.175] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.lolkek") returned 115 [0051.175] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore.lolkek")) returned 1 [0051.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb710 | out: hHeap=0x5a0000) returned 1 [0051.176] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.176] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.176] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk", dwFileAttributes=0x80) returned 1 [0051.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0051.176] CloseHandle (hObject=0x1e0) returned 1 [0051.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.177] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2000 [0051.177] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.177] ReadFile (in: hFile=0x1e0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.184] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.184] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.184] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x2000, lpOverlapped=0x0) returned 1 [0051.187] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.188] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x2000, lpOverlapped=0x0) returned 1 [0051.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.188] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.188] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.188] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.188] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.188] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.188] CloseHandle (hObject=0x1e0) returned 1 [0051.188] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.188] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.lolkek") returned 85 [0051.188] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk.lolkek")) returned 1 [0051.189] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.189] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616850 | out: hHeap=0x5a0000) returned 1 [0051.189] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.189] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.189] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs", dwFileAttributes=0x80) returned 1 [0051.189] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0051.190] CloseHandle (hObject=0x1e0) returned 1 [0051.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.190] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0051.190] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.190] ReadFile (in: hFile=0x1e0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.200] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.201] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.201] ReadFile (in: hFile=0x1e0, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0051.217] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.217] WriteFile (in: hFile=0x1e0, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0051.217] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.217] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.217] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.218] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.219] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.219] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.219] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.219] CloseHandle (hObject=0x1e0) returned 1 [0051.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.219] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.lolkek") returned 93 [0051.219] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs.lolkek")) returned 1 [0051.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6108 | out: hHeap=0x5a0000) returned 1 [0051.220] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.220] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.220] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini", dwFileAttributes=0x80) returned 1 [0051.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.302] CloseHandle (hObject=0x24c) returned 1 [0051.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.309] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x285 [0051.309] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.309] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.310] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.310] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.310] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x285, lpOverlapped=0x0) returned 1 [0051.310] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffd7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.310] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x285, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x285, lpOverlapped=0x0) returned 1 [0051.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.310] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.310] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.310] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.310] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.310] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.310] CloseHandle (hObject=0x1b4) returned 1 [0051.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67cd08 [0051.311] wsprintfW (in: param_1=0x67cd08, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.lolkek") returned 100 [0051.311] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini.lolkek")) returned 1 [0051.345] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd08 | out: hHeap=0x5a0000) returned 1 [0051.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a030 | out: hHeap=0x5a0000) returned 1 [0051.347] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.347] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.347] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm", dwFileAttributes=0x80) returned 1 [0051.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0051.381] CloseHandle (hObject=0x2b8) returned 1 [0051.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0051.381] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe9 [0051.381] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.382] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.382] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.382] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.382] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0xe9, lpOverlapped=0x0) returned 1 [0051.382] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff17, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.382] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0xe9, lpOverlapped=0x0) returned 1 [0051.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.382] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.382] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.383] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.383] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.383] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.383] CloseHandle (hObject=0x2b8) returned 1 [0051.383] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.383] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.lolkek") returned 98 [0051.383] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm.lolkek")) returned 1 [0051.645] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.645] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657158 | out: hHeap=0x5a0000) returned 1 [0051.645] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.646] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.646] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png", dwFileAttributes=0x80) returned 1 [0051.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0051.929] CloseHandle (hObject=0x224) returned 1 [0051.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.933] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40b0 [0051.933] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.933] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0051.959] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0051.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.959] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.959] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0051.981] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.981] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0051.983] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.983] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.983] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.983] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0051.983] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.983] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0051.983] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0051.983] CloseHandle (hObject=0x224) returned 1 [0051.984] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0051.984] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.lolkek") returned 144 [0051.985] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png.lolkek")) returned 1 [0051.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0051.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eae6d0 | out: hHeap=0x5a0000) returned 1 [0051.987] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.987] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.987] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", dwFileAttributes=0x80) returned 1 [0052.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.012] CloseHandle (hObject=0x258) returned 1 [0052.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.025] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d7 [0052.025] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.025] ReadFile (in: hFile=0x23c, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.025] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.025] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.025] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.025] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.025] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1d7, lpOverlapped=0x0) returned 1 [0052.026] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.026] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1d7, lpOverlapped=0x0) returned 1 [0052.026] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.026] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.026] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.026] WriteFile (in: hFile=0x23c, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.026] WriteFile (in: hFile=0x23c, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.026] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.026] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.026] CloseHandle (hObject=0x23c) returned 1 [0052.028] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0052.029] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.lolkek") returned 158 [0052.029] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.lolkek")) returned 1 [0052.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0052.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb268 | out: hHeap=0x5a0000) returned 1 [0052.055] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.055] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.055] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", dwFileAttributes=0x80) returned 1 [0052.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0052.072] CloseHandle (hObject=0x214) returned 1 [0052.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.084] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e3 [0052.085] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.085] ReadFile (in: hFile=0x2a0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.093] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.093] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.093] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.093] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.093] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x6e3, lpOverlapped=0x0) returned 1 [0052.093] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffff91d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.093] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x6e3, lpOverlapped=0x0) returned 1 [0052.093] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.093] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.093] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.093] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.093] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.094] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.094] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.094] CloseHandle (hObject=0x2a0) returned 1 [0052.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0052.096] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.lolkek") returned 158 [0052.096] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6.lolkek")) returned 1 [0052.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0052.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613198 | out: hHeap=0x5a0000) returned 1 [0052.116] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.116] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.116] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", dwFileAttributes=0x80) returned 1 [0052.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.133] CloseHandle (hObject=0x2a0) returned 1 [0052.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.147] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.147] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.147] ReadFile (in: hFile=0x258, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.148] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.148] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.148] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.148] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.148] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1cf, lpOverlapped=0x0) returned 1 [0052.148] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.148] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1cf, lpOverlapped=0x0) returned 1 [0052.148] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.148] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.148] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.148] WriteFile (in: hFile=0x258, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.148] WriteFile (in: hFile=0x258, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.148] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.148] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.148] CloseHandle (hObject=0x258) returned 1 [0052.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0052.149] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.lolkek") returned 158 [0052.149] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb.lolkek")) returned 1 [0052.177] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0052.177] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9140 | out: hHeap=0x5a0000) returned 1 [0052.177] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.178] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.178] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", dwFileAttributes=0x80) returned 1 [0052.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.192] CloseHandle (hObject=0x258) returned 1 [0052.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.209] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d7 [0052.209] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.209] ReadFile (in: hFile=0x2a0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.210] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.210] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.210] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.210] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.210] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1d7, lpOverlapped=0x0) returned 1 [0052.210] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.210] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1d7, lpOverlapped=0x0) returned 1 [0052.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.210] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.210] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.210] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.210] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.210] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.210] CloseHandle (hObject=0x2a0) returned 1 [0052.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.212] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.lolkek") returned 158 [0052.212] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450.lolkek")) returned 1 [0052.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa6e8 | out: hHeap=0x5a0000) returned 1 [0052.235] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.236] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.236] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", dwFileAttributes=0x80) returned 1 [0052.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.253] CloseHandle (hObject=0x2a0) returned 1 [0052.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.272] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ae [0052.272] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.272] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.274] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.274] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.274] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.274] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.274] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x5ae, lpOverlapped=0x0) returned 1 [0052.274] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffa52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.274] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5ae, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x5ae, lpOverlapped=0x0) returned 1 [0052.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.274] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.274] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.274] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.274] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.274] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.274] CloseHandle (hObject=0x210) returned 1 [0052.275] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0052.275] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.lolkek") returned 158 [0052.275] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.lolkek")) returned 1 [0052.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0052.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dabc90 | out: hHeap=0x5a0000) returned 1 [0052.366] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.366] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.366] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21", dwFileAttributes=0x80) returned 1 [0052.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.392] CloseHandle (hObject=0x210) returned 1 [0052.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.401] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x100 [0052.401] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.401] ReadFile (in: hFile=0x280, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.402] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.402] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.402] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x100, lpOverlapped=0x0) returned 1 [0052.402] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffff00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.402] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x100, lpOverlapped=0x0) returned 1 [0052.402] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.402] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.402] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.402] WriteFile (in: hFile=0x280, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.402] WriteFile (in: hFile=0x280, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.402] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.402] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.403] CloseHandle (hObject=0x280) returned 1 [0052.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.403] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.lolkek") returned 126 [0052.403] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21.lolkek")) returned 1 [0052.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635c98 | out: hHeap=0x5a0000) returned 1 [0052.428] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.428] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.428] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", dwFileAttributes=0x80) returned 1 [0052.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.446] CloseHandle (hObject=0x224) returned 1 [0052.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.453] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182 [0052.453] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.453] ReadFile (in: hFile=0x2a0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.453] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.453] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.453] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x182, lpOverlapped=0x0) returned 1 [0052.453] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.453] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x182, lpOverlapped=0x0) returned 1 [0052.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.454] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.454] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.454] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.454] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.454] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.454] CloseHandle (hObject=0x2a0) returned 1 [0052.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.455] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.lolkek") returned 159 [0052.455] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.lolkek")) returned 1 [0052.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9de8 | out: hHeap=0x5a0000) returned 1 [0052.477] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.477] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.477] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015", dwFileAttributes=0x80) returned 1 [0052.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0052.496] CloseHandle (hObject=0x290) returned 1 [0052.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0052.503] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x156 [0052.503] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.503] ReadFile (in: hFile=0x2bc, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.503] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.503] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.503] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x156, lpOverlapped=0x0) returned 1 [0052.503] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeaa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.503] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x156, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x156, lpOverlapped=0x0) returned 1 [0052.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.505] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.505] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.505] WriteFile (in: hFile=0x2bc, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.506] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.506] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.506] CloseHandle (hObject=0x2bc) returned 1 [0052.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.508] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.lolkek") returned 126 [0052.508] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015.lolkek")) returned 1 [0052.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e34ee0 | out: hHeap=0x5a0000) returned 1 [0052.535] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.535] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.535] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", dwFileAttributes=0x80) returned 1 [0052.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.552] CloseHandle (hObject=0x224) returned 1 [0052.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.560] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x204 [0052.560] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.560] ReadFile (in: hFile=0x2a0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.564] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.564] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.564] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.564] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.564] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x204, lpOverlapped=0x0) returned 1 [0052.564] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffdfc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.564] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x204, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x204, lpOverlapped=0x0) returned 1 [0052.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.564] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.564] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.564] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.564] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.565] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.565] CloseHandle (hObject=0x2a0) returned 1 [0052.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.565] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.lolkek") returned 159 [0052.566] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.lolkek")) returned 1 [0052.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9df0 | out: hHeap=0x5a0000) returned 1 [0052.589] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.589] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.589] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml", dwFileAttributes=0x80) returned 1 [0052.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.590] CloseHandle (hObject=0x2a0) returned 1 [0052.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.590] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd [0052.590] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.590] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.590] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0xd, lpOverlapped=0x0) returned 1 [0052.591] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.591] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0xd, lpOverlapped=0x0) returned 1 [0052.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.591] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.591] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.591] WriteFile (in: hFile=0x2a0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.591] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.591] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.592] CloseHandle (hObject=0x2a0) returned 1 [0052.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.592] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.lolkek") returned 127 [0052.592] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml.lolkek")) returned 1 [0052.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c2078 | out: hHeap=0x5a0000) returned 1 [0052.592] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.592] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.593] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml", dwFileAttributes=0x80) returned 1 [0052.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.595] CloseHandle (hObject=0x224) returned 1 [0052.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.595] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd [0052.595] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.596] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.596] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0xd, lpOverlapped=0x0) returned 1 [0052.596] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.596] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0xd, lpOverlapped=0x0) returned 1 [0052.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.597] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.597] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.597] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.597] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.597] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.597] CloseHandle (hObject=0x224) returned 1 [0052.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0052.597] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.lolkek") returned 121 [0052.597] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml.lolkek")) returned 1 [0052.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0052.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e368e0 | out: hHeap=0x5a0000) returned 1 [0052.598] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.598] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.598] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat", dwFileAttributes=0x80) returned 1 [0052.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.599] CloseHandle (hObject=0x224) returned 1 [0052.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.599] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0052.599] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.599] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.603] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.603] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.603] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0052.606] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.606] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0052.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.607] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.607] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.607] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.607] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.607] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.607] CloseHandle (hObject=0x224) returned 1 [0052.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.607] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.lolkek") returned 104 [0052.607] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat.lolkek")) returned 1 [0052.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f8a0 | out: hHeap=0x5a0000) returned 1 [0052.611] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.612] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.612] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi", dwFileAttributes=0x80) returned 1 [0052.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.612] CloseHandle (hObject=0x224) returned 1 [0052.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.612] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d400 [0052.613] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.613] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.615] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.615] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.615] ReadFile (in: hFile=0x224, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0052.619] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.619] WriteFile (in: hFile=0x224, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0052.619] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.620] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.620] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.620] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.620] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.620] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.620] CloseHandle (hObject=0x224) returned 1 [0052.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.620] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.lolkek") returned 76 [0052.620] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi.lolkek")) returned 1 [0052.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f460 | out: hHeap=0x5a0000) returned 1 [0052.621] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.621] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.621] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab", dwFileAttributes=0x80) returned 1 [0052.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.762] CloseHandle (hObject=0x2a0) returned 1 [0052.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.766] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182ac2a [0052.766] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.766] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.769] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.769] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.769] ReadFile (in: hFile=0x210, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0052.775] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.775] WriteFile (in: hFile=0x210, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0052.775] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.775] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.775] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.775] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.775] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.775] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.775] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.775] CloseHandle (hObject=0x210) returned 1 [0052.775] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.775] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.lolkek") returned 88 [0052.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab.lolkek")) returned 1 [0052.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cade78 | out: hHeap=0x5a0000) returned 1 [0052.779] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.779] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.779] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", dwFileAttributes=0x80) returned 1 [0052.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.779] CloseHandle (hObject=0x210) returned 1 [0052.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.779] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0052.779] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.780] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.780] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.780] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.780] ReadFile (in: hFile=0x210, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2c7dffc*=0xdd, lpOverlapped=0x0) returned 1 [0052.780] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.780] WriteFile (in: hFile=0x210, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2c7fa40*=0xdd, lpOverlapped=0x0) returned 1 [0052.780] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.780] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.780] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.780] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.781] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.781] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.781] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.781] CloseHandle (hObject=0x210) returned 1 [0052.781] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.781] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.lolkek") returned 109 [0052.781] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.lolkek")) returned 1 [0052.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de0f28 | out: hHeap=0x5a0000) returned 1 [0052.782] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.782] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.782] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk", dwFileAttributes=0x80) returned 1 [0052.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.783] CloseHandle (hObject=0x210) returned 1 [0052.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.783] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8e9 [0052.783] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.783] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.795] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.795] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.795] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x8e9, lpOverlapped=0x0) returned 1 [0052.795] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff717, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.795] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x8e9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x8e9, lpOverlapped=0x0) returned 1 [0052.795] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.795] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.795] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.795] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.795] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.795] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.795] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.795] CloseHandle (hObject=0x210) returned 1 [0052.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.795] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.lolkek") returned 115 [0052.795] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk.lolkek")) returned 1 [0052.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f0b8 | out: hHeap=0x5a0000) returned 1 [0052.796] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.796] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.796] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk", dwFileAttributes=0x80) returned 1 [0052.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.797] CloseHandle (hObject=0x210) returned 1 [0052.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.798] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x122 [0052.798] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.798] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.799] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.799] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.799] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.799] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.799] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x122, lpOverlapped=0x0) returned 1 [0052.799] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffede, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.799] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x122, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x122, lpOverlapped=0x0) returned 1 [0052.799] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.799] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.799] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.799] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.799] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.799] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.799] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.799] CloseHandle (hObject=0x210) returned 1 [0052.799] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.799] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.lolkek") returned 115 [0052.799] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk.lolkek")) returned 1 [0052.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f280 | out: hHeap=0x5a0000) returned 1 [0052.800] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.800] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.800] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", dwFileAttributes=0x80) returned 1 [0052.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.801] CloseHandle (hObject=0x210) returned 1 [0052.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.801] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19c [0052.801] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.801] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.802] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.802] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.802] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x19c, lpOverlapped=0x0) returned 1 [0052.802] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe64, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.802] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x19c, lpOverlapped=0x0) returned 1 [0052.802] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.802] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.802] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.802] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.802] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.802] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.802] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.802] CloseHandle (hObject=0x210) returned 1 [0052.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.802] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.lolkek") returned 129 [0052.802] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.lolkek")) returned 1 [0052.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3e8f8 | out: hHeap=0x5a0000) returned 1 [0052.803] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.803] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.803] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk", dwFileAttributes=0x80) returned 1 [0052.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.804] CloseHandle (hObject=0x210) returned 1 [0052.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.804] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8dd [0052.804] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.804] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.805] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.805] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.805] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x8dd, lpOverlapped=0x0) returned 1 [0052.805] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff723, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.805] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x8dd, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x8dd, lpOverlapped=0x0) returned 1 [0052.805] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.805] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.805] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.805] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.805] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.805] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.805] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.805] CloseHandle (hObject=0x210) returned 1 [0052.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.805] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.lolkek") returned 135 [0052.805] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk.lolkek")) returned 1 [0052.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c6968 | out: hHeap=0x5a0000) returned 1 [0052.807] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.807] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.807] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk", dwFileAttributes=0x80) returned 1 [0052.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.807] CloseHandle (hObject=0x210) returned 1 [0052.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.807] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ad [0052.807] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.808] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.808] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.808] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.808] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x5ad, lpOverlapped=0x0) returned 1 [0052.808] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffa53, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.808] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5ad, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x5ad, lpOverlapped=0x0) returned 1 [0052.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.809] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.809] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.809] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.809] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.809] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.809] CloseHandle (hObject=0x210) returned 1 [0052.809] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.809] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.lolkek") returned 143 [0052.809] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk.lolkek")) returned 1 [0052.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eae240 | out: hHeap=0x5a0000) returned 1 [0052.810] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.810] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.810] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk", dwFileAttributes=0x80) returned 1 [0052.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.811] CloseHandle (hObject=0x210) returned 1 [0052.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.812] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5a9 [0052.812] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.812] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.835] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.835] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.835] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x5a9, lpOverlapped=0x0) returned 1 [0052.835] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffa57, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.835] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5a9, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x5a9, lpOverlapped=0x0) returned 1 [0052.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.835] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.835] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.835] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.835] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.835] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.835] CloseHandle (hObject=0x210) returned 1 [0052.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.835] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.lolkek") returned 139 [0052.836] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk.lolkek")) returned 1 [0052.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca60e0 | out: hHeap=0x5a0000) returned 1 [0052.837] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.837] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.837] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk", dwFileAttributes=0x80) returned 1 [0052.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.837] CloseHandle (hObject=0x210) returned 1 [0052.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.837] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x60b [0052.837] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.837] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.838] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.838] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.838] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x60b, lpOverlapped=0x0) returned 1 [0052.838] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff9f5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.838] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x60b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x60b, lpOverlapped=0x0) returned 1 [0052.838] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.838] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.838] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.839] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.839] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.839] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.839] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.839] CloseHandle (hObject=0x210) returned 1 [0052.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.839] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.lolkek") returned 146 [0052.839] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk.lolkek")) returned 1 [0052.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5980 | out: hHeap=0x5a0000) returned 1 [0052.840] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.840] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.840] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk", dwFileAttributes=0x80) returned 1 [0052.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.841] CloseHandle (hObject=0x210) returned 1 [0052.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.842] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x60b [0052.842] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.842] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.858] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.859] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.859] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x60b, lpOverlapped=0x0) returned 1 [0052.859] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffff9f5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.859] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x60b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x60b, lpOverlapped=0x0) returned 1 [0052.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.859] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.859] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.859] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.859] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.859] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.859] CloseHandle (hObject=0x210) returned 1 [0052.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.859] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.lolkek") returned 142 [0052.859] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk.lolkek")) returned 1 [0052.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c6fe0 | out: hHeap=0x5a0000) returned 1 [0052.860] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.861] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.861] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk", dwFileAttributes=0x80) returned 1 [0052.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.861] CloseHandle (hObject=0x210) returned 1 [0052.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.861] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0052.862] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.862] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.862] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x0, lpOverlapped=0x0) returned 1 [0052.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.862] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.862] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.862] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.862] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.863] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.863] CloseHandle (hObject=0x210) returned 1 [0052.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.863] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk.lolkek") returned 114 [0052.863] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk.lolkek")) returned 1 [0052.863] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.863] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634250 | out: hHeap=0x5a0000) returned 1 [0052.863] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.864] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.864] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl", dwFileAttributes=0x80) returned 1 [0052.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.871] CloseHandle (hObject=0x210) returned 1 [0052.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.871] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9382 [0052.871] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.872] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0052.881] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0052.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.881] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.881] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0052.886] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.886] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0052.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.886] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.886] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0052.886] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.886] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0052.886] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0052.886] CloseHandle (hObject=0x210) returned 1 [0052.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.886] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.lolkek") returned 85 [0052.886] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl.lolkek")) returned 1 [0052.887] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.887] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616478 | out: hHeap=0x5a0000) returned 1 [0052.887] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.887] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.887] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK", dwFileAttributes=0x80) returned 1 [0052.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.704] CloseHandle (hObject=0x280) returned 1 [0053.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.715] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x472 [0053.715] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.715] ReadFile (in: hFile=0x280, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0053.718] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0053.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.718] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.718] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x472, lpOverlapped=0x0) returned 1 [0053.718] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffb8e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.718] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x472, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x472, lpOverlapped=0x0) returned 1 [0053.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.718] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.718] WriteFile (in: hFile=0x280, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0053.718] WriteFile (in: hFile=0x280, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0053.718] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0053.718] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0053.718] CloseHandle (hObject=0x280) returned 1 [0053.719] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.719] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK.lolkek") returned 94 [0053.719] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk.lolkek")) returned 1 [0053.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb63d8 | out: hHeap=0x5a0000) returned 1 [0053.730] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.730] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.730] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", dwFileAttributes=0x80) returned 1 [0053.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.735] CloseHandle (hObject=0x190) returned 1 [0053.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.736] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0000 [0053.736] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.736] ReadFile (in: hFile=0x190, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0053.739] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0053.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.740] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.740] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0053.741] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.741] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0053.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.741] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.741] WriteFile (in: hFile=0x190, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0053.741] WriteFile (in: hFile=0x190, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0053.741] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0053.742] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0053.742] CloseHandle (hObject=0x190) returned 1 [0053.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.742] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.lolkek") returned 158 [0053.742] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.lolkek")) returned 1 [0053.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1780 | out: hHeap=0x5a0000) returned 1 [0053.743] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.743] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.743] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", dwFileAttributes=0x80) returned 1 [0053.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0053.773] CloseHandle (hObject=0x258) returned 1 [0053.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.778] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x39 [0053.778] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0053.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5ec010 [0053.779] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.779] ReadFile (in: hFile=0x190, lpBuffer=0x5ec010, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x5ec010*, lpNumberOfBytesRead=0x2c7dffc*=0x39, lpOverlapped=0x0) returned 1 [0053.779] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffffc7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.779] WriteFile (in: hFile=0x190, lpBuffer=0x5ec010*, nNumberOfBytesToWrite=0x39, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x5ec010*, lpNumberOfBytesWritten=0x2c7fa40*=0x39, lpOverlapped=0x0) returned 1 [0053.780] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0053.780] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.780] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.780] WriteFile (in: hFile=0x190, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0053.780] WriteFile (in: hFile=0x190, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0053.780] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0053.780] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0053.780] CloseHandle (hObject=0x190) returned 1 [0053.782] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0053.782] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.lolkek") returned 113 [0053.782] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log.lolkek")) returned 1 [0053.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0053.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be05a8 | out: hHeap=0x5a0000) returned 1 [0053.843] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.843] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.843] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", dwFileAttributes=0x80) returned 1 [0053.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.211] CloseHandle (hObject=0x1ec) returned 1 [0054.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.238] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbc5 [0054.238] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.238] ReadFile (in: hFile=0x1ec, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.241] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.241] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.241] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.241] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.241] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0xbc5, lpOverlapped=0x0) returned 1 [0054.241] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffff43b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.241] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xbc5, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0xbc5, lpOverlapped=0x0) returned 1 [0054.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.241] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.241] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.242] WriteFile (in: hFile=0x1ec, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.242] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.242] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.242] CloseHandle (hObject=0x1ec) returned 1 [0054.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.243] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.lolkek") returned 114 [0054.243] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js.lolkek")) returned 1 [0054.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5d70 | out: hHeap=0x5a0000) returned 1 [0054.308] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.308] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.308] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv", dwFileAttributes=0x80) returned 1 [0054.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\aj0iifj0nqovhdbuqpj.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.309] CloseHandle (hObject=0x228) returned 1 [0054.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\aj0iifj0nqovhdbuqpj.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.309] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x84d8 [0054.309] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.309] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.309] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.309] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.309] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.310] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.310] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.310] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.310] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.310] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.310] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.310] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.310] CloseHandle (hObject=0x228) returned 1 [0054.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.310] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv.lolkek") returned 94 [0054.310] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\aj0iifj0nqovhdbuqpj.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\aj0iifj0nqovhdbuqpj.csv.lolkek")) returned 1 [0054.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6978 | out: hHeap=0x5a0000) returned 1 [0054.311] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.311] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.311] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx", dwFileAttributes=0x80) returned 1 [0054.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\drr7rta.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.311] CloseHandle (hObject=0x228) returned 1 [0054.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\drr7rta.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.311] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa165 [0054.312] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.312] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.312] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.312] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.312] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.312] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.312] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.312] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.312] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.313] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.313] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.313] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.313] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.313] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.313] CloseHandle (hObject=0x228) returned 1 [0054.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.313] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx.lolkek") returned 112 [0054.313] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\drr7rta.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\drr7rta.pptx.lolkek")) returned 1 [0054.314] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.314] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698400 | out: hHeap=0x5a0000) returned 1 [0054.314] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.314] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.314] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx", dwFileAttributes=0x80) returned 1 [0054.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\etj5y.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.314] CloseHandle (hObject=0x228) returned 1 [0054.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\etj5y.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.314] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x254d [0054.314] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.314] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.315] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.315] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.315] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.315] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.315] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x254d, lpOverlapped=0x0) returned 1 [0054.315] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffdab3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.315] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x254d, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x254d, lpOverlapped=0x0) returned 1 [0054.315] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.315] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.315] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.315] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.315] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.315] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.315] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.315] CloseHandle (hObject=0x228) returned 1 [0054.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.316] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx.lolkek") returned 110 [0054.316] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\etj5y.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\etj5y.docx.lolkek")) returned 1 [0054.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1b60 | out: hHeap=0x5a0000) returned 1 [0054.316] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.316] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.316] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv", dwFileAttributes=0x80) returned 1 [0054.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\nvivc.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.317] CloseHandle (hObject=0x228) returned 1 [0054.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\nvivc.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.317] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x491c [0054.317] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.317] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.318] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.318] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.318] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.318] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.318] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.318] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.318] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.318] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.318] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.318] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.318] CloseHandle (hObject=0x228) returned 1 [0054.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.318] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv.lolkek") returned 109 [0054.318] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\nvivc.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\nvivc.csv.lolkek")) returned 1 [0054.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de02e8 | out: hHeap=0x5a0000) returned 1 [0054.319] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.319] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.319] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots", dwFileAttributes=0x80) returned 1 [0054.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\qcw_uywzmw.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.319] CloseHandle (hObject=0x228) returned 1 [0054.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\qcw_uywzmw.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.320] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12ccf [0054.320] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.320] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.320] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.320] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.320] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.320] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.320] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.321] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.321] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.321] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.321] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.321] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.321] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.321] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.321] CloseHandle (hObject=0x228) returned 1 [0054.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.321] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots.lolkek") returned 114 [0054.321] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\qcw_uywzmw.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\qcw_uywzmw.ots.lolkek")) returned 1 [0054.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657598 | out: hHeap=0x5a0000) returned 1 [0054.322] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.322] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.322] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp", dwFileAttributes=0x80) returned 1 [0054.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cx5jw4.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.322] CloseHandle (hObject=0x228) returned 1 [0054.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cx5jw4.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.322] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8390 [0054.322] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.323] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.323] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.323] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.323] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.323] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.323] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.323] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.323] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.323] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.323] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.324] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.324] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.324] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.324] CloseHandle (hObject=0x228) returned 1 [0054.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.324] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp.lolkek") returned 141 [0054.324] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cx5jw4.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cx5jw4.odp.lolkek")) returned 1 [0054.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.325] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c8120 | out: hHeap=0x5a0000) returned 1 [0054.325] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.325] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.325] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls", dwFileAttributes=0x80) returned 1 [0054.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cxcrvektczcbfc.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.325] CloseHandle (hObject=0x228) returned 1 [0054.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cxcrvektczcbfc.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.326] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1469 [0054.326] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.326] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.326] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.326] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.326] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1469, lpOverlapped=0x0) returned 1 [0054.326] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffeb97, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.327] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1469, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1469, lpOverlapped=0x0) returned 1 [0054.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.327] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.327] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.327] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.327] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.327] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.327] CloseHandle (hObject=0x228) returned 1 [0054.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.327] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls.lolkek") returned 149 [0054.327] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cxcrvektczcbfc.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\cxcrvektczcbfc.xls.lolkek")) returned 1 [0054.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698d80 | out: hHeap=0x5a0000) returned 1 [0054.328] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.328] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.328] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc", dwFileAttributes=0x80) returned 1 [0054.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\d-l22sytsp dk7k.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.328] CloseHandle (hObject=0x228) returned 1 [0054.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\d-l22sytsp dk7k.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.328] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x126ba [0054.328] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.329] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.329] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.329] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.329] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.329] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.329] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.329] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.329] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.330] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.330] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.330] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.330] CloseHandle (hObject=0x228) returned 1 [0054.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.330] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc.lolkek") returned 150 [0054.330] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\d-l22sytsp dk7k.doc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\d-l22sytsp dk7k.doc.lolkek")) returned 1 [0054.330] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.331] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5788 | out: hHeap=0x5a0000) returned 1 [0054.331] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.331] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.331] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls", dwFileAttributes=0x80) returned 1 [0054.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\evrx3o.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.331] CloseHandle (hObject=0x228) returned 1 [0054.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\evrx3o.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.331] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a3f [0054.331] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.331] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.332] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.332] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.332] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.332] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.332] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.332] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.332] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.332] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.333] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.333] CloseHandle (hObject=0x228) returned 1 [0054.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.333] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls.lolkek") returned 141 [0054.333] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\evrx3o.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\evrx3o.xls.lolkek")) returned 1 [0054.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7ef8 | out: hHeap=0x5a0000) returned 1 [0054.333] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.333] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.333] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf", dwFileAttributes=0x80) returned 1 [0054.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\meeiu-.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.334] CloseHandle (hObject=0x228) returned 1 [0054.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\meeiu-.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.334] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fda [0054.334] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.334] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.334] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.335] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.335] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x3fda, lpOverlapped=0x0) returned 1 [0054.335] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc026, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.335] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3fda, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x3fda, lpOverlapped=0x0) returned 1 [0054.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.335] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.335] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.335] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.335] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.335] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.335] CloseHandle (hObject=0x228) returned 1 [0054.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.335] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf.lolkek") returned 141 [0054.335] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\meeiu-.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\meeiu-.pdf.lolkek")) returned 1 [0054.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7cd0 | out: hHeap=0x5a0000) returned 1 [0054.336] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.336] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.336] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt", dwFileAttributes=0x80) returned 1 [0054.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\ndy0.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.337] CloseHandle (hObject=0x228) returned 1 [0054.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\ndy0.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.337] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8faf [0054.337] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.337] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.337] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.337] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.337] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.337] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.338] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.338] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.338] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.338] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.338] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.338] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.338] CloseHandle (hObject=0x228) returned 1 [0054.338] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.338] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt.lolkek") returned 139 [0054.338] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\ndy0.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\ndy0.ppt.lolkek")) returned 1 [0054.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.339] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec5cf0 | out: hHeap=0x5a0000) returned 1 [0054.339] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.339] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.339] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls", dwFileAttributes=0x80) returned 1 [0054.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\rmy_3dfp5g.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.339] CloseHandle (hObject=0x228) returned 1 [0054.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\rmy_3dfp5g.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.339] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x124f3 [0054.339] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.339] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.340] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.340] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.340] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.340] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.340] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.340] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.340] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.340] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.341] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.341] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.341] CloseHandle (hObject=0x228) returned 1 [0054.341] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.341] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls.lolkek") returned 145 [0054.341] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\rmy_3dfp5g.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\rmy_3dfp5g.xls.lolkek")) returned 1 [0054.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf0d80 | out: hHeap=0x5a0000) returned 1 [0054.341] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.341] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.342] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf", dwFileAttributes=0x80) returned 1 [0054.342] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\_5ctxyr2wc6u5.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.342] CloseHandle (hObject=0x228) returned 1 [0054.342] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\_5ctxyr2wc6u5.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.342] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd1dc [0054.342] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.342] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.343] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.343] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.343] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.343] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.343] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.343] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.343] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.343] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.343] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.343] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.343] CloseHandle (hObject=0x228) returned 1 [0054.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.343] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf.lolkek") returned 148 [0054.344] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\_5ctxyr2wc6u5.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\_5ctxyr2wc6u5.rtf.lolkek")) returned 1 [0054.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68dc48 | out: hHeap=0x5a0000) returned 1 [0054.344] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.344] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.344] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx", dwFileAttributes=0x80) returned 1 [0054.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\eb_oj3.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.345] CloseHandle (hObject=0x228) returned 1 [0054.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\eb_oj3.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.345] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13ef2 [0054.345] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.345] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.345] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.345] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.345] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.345] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.345] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.346] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.346] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.346] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.346] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.346] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.346] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.346] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.346] CloseHandle (hObject=0x228) returned 1 [0054.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.346] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx.lolkek") returned 125 [0054.346] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\eb_oj3.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\eb_oj3.pptx.lolkek")) returned 1 [0054.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf0fb8 | out: hHeap=0x5a0000) returned 1 [0054.347] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.347] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.347] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt", dwFileAttributes=0x80) returned 1 [0054.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\jvujf9dzdya.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.347] CloseHandle (hObject=0x228) returned 1 [0054.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\jvujf9dzdya.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.348] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf2f8 [0054.348] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.348] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.348] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.348] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.349] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.349] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.349] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.349] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.349] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.349] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.349] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.349] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.350] CloseHandle (hObject=0x228) returned 1 [0054.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.350] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt.lolkek") returned 129 [0054.350] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\jvujf9dzdya.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\jvujf9dzdya.odt.lolkek")) returned 1 [0054.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68de88 | out: hHeap=0x5a0000) returned 1 [0054.351] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.351] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.351] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods", dwFileAttributes=0x80) returned 1 [0054.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\jvb6ml8yf6x uowhae.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.366] CloseHandle (hObject=0x228) returned 1 [0054.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\jvb6ml8yf6x uowhae.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.366] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12297 [0054.366] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.366] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.366] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.367] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.367] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.367] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.367] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.367] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.367] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.368] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.368] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.368] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.368] CloseHandle (hObject=0x228) returned 1 [0054.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.368] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods.lolkek") returned 117 [0054.368] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\jvb6ml8yf6x uowhae.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\jvb6ml8yf6x uowhae.ods.lolkek")) returned 1 [0054.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618490 | out: hHeap=0x5a0000) returned 1 [0054.370] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.371] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.371] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls", dwFileAttributes=0x80) returned 1 [0054.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\sa8t-z uf-4.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.371] CloseHandle (hObject=0x228) returned 1 [0054.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\sa8t-z uf-4.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.371] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fef [0054.371] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.371] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.372] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.372] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.372] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1fef, lpOverlapped=0x0) returned 1 [0054.372] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffe011, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.372] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1fef, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1fef, lpOverlapped=0x0) returned 1 [0054.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.372] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.373] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.373] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.373] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.373] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.373] CloseHandle (hObject=0x228) returned 1 [0054.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.373] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls.lolkek") returned 110 [0054.373] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\sa8t-z uf-4.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\sa8t-z uf-4.xls.lolkek")) returned 1 [0054.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f580 | out: hHeap=0x5a0000) returned 1 [0054.374] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.374] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.374] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx", dwFileAttributes=0x80) returned 1 [0054.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\xq0aetkh0e\\nkzcqyayzc.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.375] CloseHandle (hObject=0x228) returned 1 [0054.375] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\xq0aetkh0e\\nkzcqyayzc.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.375] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186f0 [0054.375] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.375] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.375] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.375] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.375] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.376] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.376] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.376] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.376] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.376] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.376] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.376] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.376] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.376] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.376] CloseHandle (hObject=0x228) returned 1 [0054.376] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.376] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx.lolkek") returned 121 [0054.376] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\xq0aetkh0e\\nkzcqyayzc.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\xq0aetkh0e\\nkzcqyayzc.pptx.lolkek")) returned 1 [0054.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e36180 | out: hHeap=0x5a0000) returned 1 [0054.377] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.377] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.377] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv", dwFileAttributes=0x80) returned 1 [0054.377] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\kk4q-_s_djf0tiq9yxn3.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.378] CloseHandle (hObject=0x228) returned 1 [0054.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\kk4q-_s_djf0tiq9yxn3.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.378] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x250b [0054.378] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.378] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.378] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.378] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.378] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.378] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.378] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x250b, lpOverlapped=0x0) returned 1 [0054.379] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffdaf5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.379] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x250b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x250b, lpOverlapped=0x0) returned 1 [0054.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.379] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.379] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.379] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.379] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.379] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.379] CloseHandle (hObject=0x228) returned 1 [0054.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.379] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv.lolkek") returned 113 [0054.379] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\kk4q-_s_djf0tiq9yxn3.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\kk4q-_s_djf0tiq9yxn3.csv.lolkek")) returned 1 [0054.380] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.380] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657750 | out: hHeap=0x5a0000) returned 1 [0054.380] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.380] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.380] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots", dwFileAttributes=0x80) returned 1 [0054.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\ty85bcgjeuxpxuiyff.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.380] CloseHandle (hObject=0x228) returned 1 [0054.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\ty85bcgjeuxpxuiyff.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.381] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd0c9 [0054.381] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.381] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.381] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.381] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.381] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.381] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.382] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.382] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.382] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.382] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.382] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.382] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.382] CloseHandle (hObject=0x228) returned 1 [0054.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.382] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots.lolkek") returned 111 [0054.382] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\ty85bcgjeuxpxuiyff.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\ty85bcgjeuxpxuiyff.ots.lolkek")) returned 1 [0054.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec5f10 | out: hHeap=0x5a0000) returned 1 [0054.383] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.383] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.383] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt", dwFileAttributes=0x80) returned 1 [0054.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\4njle-3d4fgbo-.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.384] CloseHandle (hObject=0x228) returned 1 [0054.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\4njle-3d4fgbo-.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.384] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10860 [0054.384] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.384] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.384] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.384] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.384] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.384] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.384] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.385] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.385] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.385] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.385] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.385] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.385] CloseHandle (hObject=0x228) returned 1 [0054.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.385] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt.lolkek") returned 115 [0054.385] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\4njle-3d4fgbo-.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\4njle-3d4fgbo-.ppt.lolkek")) returned 1 [0054.386] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.386] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eef0 | out: hHeap=0x5a0000) returned 1 [0054.386] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.386] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.386] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods", dwFileAttributes=0x80) returned 1 [0054.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\9vxarwqer.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.386] CloseHandle (hObject=0x228) returned 1 [0054.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\9vxarwqer.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.386] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x94c3 [0054.386] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.386] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.387] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.387] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.387] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.387] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.387] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.387] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.387] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.387] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.387] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.387] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.388] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.388] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.388] CloseHandle (hObject=0x228) returned 1 [0054.388] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.388] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods.lolkek") returned 110 [0054.388] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\9vxarwqer.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\9vxarwqer.ods.lolkek")) returned 1 [0054.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x68e080 | out: hHeap=0x5a0000) returned 1 [0054.388] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.389] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.389] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf", dwFileAttributes=0x80) returned 1 [0054.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\k2j_yucc.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.389] CloseHandle (hObject=0x228) returned 1 [0054.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\k2j_yucc.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.389] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13597 [0054.389] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.389] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.390] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.390] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.390] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.390] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.390] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.390] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.390] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.390] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.390] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.390] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.390] CloseHandle (hObject=0x228) returned 1 [0054.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.390] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf.lolkek") returned 109 [0054.391] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\k2j_yucc.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\k2j_yucc.rtf.lolkek")) returned 1 [0054.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657908 | out: hHeap=0x5a0000) returned 1 [0054.391] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.391] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.391] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls", dwFileAttributes=0x80) returned 1 [0054.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\nvgb6q ufapoorncs.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.392] CloseHandle (hObject=0x228) returned 1 [0054.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\nvgb6q ufapoorncs.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.392] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6cef [0054.392] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.392] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.392] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.392] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.392] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.392] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.393] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.393] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.393] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.393] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.393] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.393] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.393] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.393] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.393] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.393] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.393] CloseHandle (hObject=0x228) returned 1 [0054.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.393] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls.lolkek") returned 118 [0054.393] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\nvgb6q ufapoorncs.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\nvgb6q ufapoorncs.xls.lolkek")) returned 1 [0054.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657ab0 | out: hHeap=0x5a0000) returned 1 [0054.394] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.394] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.394] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc", dwFileAttributes=0x80) returned 1 [0054.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yor8 en-hf8gqrbir.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.394] CloseHandle (hObject=0x228) returned 1 [0054.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yor8 en-hf8gqrbir.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.395] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13f1b [0054.395] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.395] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.395] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.395] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.395] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.395] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.396] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.396] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.396] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.396] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.396] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.396] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.396] CloseHandle (hObject=0x228) returned 1 [0054.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.396] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc.lolkek") returned 110 [0054.396] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yor8 en-hf8gqrbir.doc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yor8 en-hf8gqrbir.doc.lolkek")) returned 1 [0054.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7dc0 | out: hHeap=0x5a0000) returned 1 [0054.397] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.397] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.397] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps", dwFileAttributes=0x80) returned 1 [0054.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\dduujhe7csxkj2a4k we.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.397] CloseHandle (hObject=0x228) returned 1 [0054.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\dduujhe7csxkj2a4k we.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.397] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x128db [0054.397] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.398] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.398] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.398] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.398] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.398] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.449] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.449] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.449] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.449] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.449] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.449] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.449] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.449] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.449] CloseHandle (hObject=0x228) returned 1 [0054.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.450] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps.lolkek") returned 95 [0054.450] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\dduujhe7csxkj2a4k we.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\dduujhe7csxkj2a4k we.pps.lolkek")) returned 1 [0054.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669898 | out: hHeap=0x5a0000) returned 1 [0054.451] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.451] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.451] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx", dwFileAttributes=0x80) returned 1 [0054.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eq3ta2k5.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.452] CloseHandle (hObject=0x228) returned 1 [0054.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eq3ta2k5.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.452] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe6b7 [0054.452] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.452] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.452] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.452] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.452] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.452] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.452] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.452] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.452] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.453] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.453] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.453] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.453] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.453] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.453] CloseHandle (hObject=0x228) returned 1 [0054.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.453] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx.lolkek") returned 64 [0054.453] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eq3ta2k5.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eq3ta2k5.xlsx.lolkek")) returned 1 [0054.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657c78 | out: hHeap=0x5a0000) returned 1 [0054.454] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.454] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.454] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx", dwFileAttributes=0x80) returned 1 [0054.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gvw-wr_oklc9vo6p.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.454] CloseHandle (hObject=0x228) returned 1 [0054.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gvw-wr_oklc9vo6p.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.454] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xeda3 [0054.454] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.454] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.455] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.455] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.455] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.455] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.455] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.455] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.455] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.456] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.456] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.456] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.456] CloseHandle (hObject=0x228) returned 1 [0054.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.456] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx.lolkek") returned 72 [0054.456] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gvw-wr_oklc9vo6p.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gvw-wr_oklc9vo6p.docx.lolkek")) returned 1 [0054.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6111b0 | out: hHeap=0x5a0000) returned 1 [0054.457] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.457] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.457] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp", dwFileAttributes=0x80) returned 1 [0054.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h1kpovrwgu9qi6exx7g.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.457] CloseHandle (hObject=0x228) returned 1 [0054.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h1kpovrwgu9qi6exx7g.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.457] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa674 [0054.457] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.457] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.458] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.458] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.458] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.458] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.458] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.458] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.458] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.458] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.458] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.458] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.459] CloseHandle (hObject=0x228) returned 1 [0054.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.459] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp.lolkek") returned 74 [0054.459] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h1kpovrwgu9qi6exx7g.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\h1kpovrwgu9qi6exx7g.odp.lolkek")) returned 1 [0054.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61be60 | out: hHeap=0x5a0000) returned 1 [0054.467] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.467] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.467] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx", dwFileAttributes=0x80) returned 1 [0054.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ht66glp9w-yihjwsbz.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.467] CloseHandle (hObject=0x228) returned 1 [0054.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ht66glp9w-yihjwsbz.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.467] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18577 [0054.467] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.467] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.468] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.468] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.468] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.468] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.468] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.468] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.468] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.468] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.468] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.468] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.469] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.469] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.469] CloseHandle (hObject=0x228) returned 1 [0054.469] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.469] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx.lolkek") returned 74 [0054.469] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ht66glp9w-yihjwsbz.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ht66glp9w-yihjwsbz.xlsx.lolkek")) returned 1 [0054.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66b510 | out: hHeap=0x5a0000) returned 1 [0054.469] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.470] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.470] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx", dwFileAttributes=0x80) returned 1 [0054.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kp0kwws934dtn.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.470] CloseHandle (hObject=0x228) returned 1 [0054.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kp0kwws934dtn.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.470] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6ed [0054.470] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.470] ReadFile (in: hFile=0x228, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.471] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.471] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.471] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.471] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.471] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.471] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.471] WriteFile (in: hFile=0x228, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.471] WriteFile (in: hFile=0x228, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.471] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.471] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.472] CloseHandle (hObject=0x228) returned 1 [0054.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.472] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx.lolkek") returned 69 [0054.472] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kp0kwws934dtn.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\kp0kwws934dtn.docx.lolkek")) returned 1 [0054.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4128 | out: hHeap=0x5a0000) returned 1 [0054.472] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.472] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.473] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.720] CloseHandle (hObject=0x1b4) returned 1 [0054.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0054.729] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd8 [0054.729] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.729] ReadFile (in: hFile=0x1e0, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.729] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.729] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0054.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.730] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.730] ReadFile (in: hFile=0x1e0, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x2c7dffc*=0xd8, lpOverlapped=0x0) returned 1 [0054.730] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffff28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.730] WriteFile (in: hFile=0x1e0, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x2c7fa40*=0xd8, lpOverlapped=0x0) returned 1 [0054.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0054.730] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.730] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.730] WriteFile (in: hFile=0x1e0, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.730] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.730] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.731] CloseHandle (hObject=0x1e0) returned 1 [0054.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.735] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.lolkek") returned 72 [0054.735] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini.lolkek")) returned 1 [0054.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612330 | out: hHeap=0x5a0000) returned 1 [0054.746] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.746] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.746] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0054.747] CloseHandle (hObject=0x210) returned 1 [0054.747] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0054.747] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x244 [0054.747] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.747] ReadFile (in: hFile=0x210, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.747] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.748] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.748] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x244, lpOverlapped=0x0) returned 1 [0054.748] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffdbc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.748] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x244, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x244, lpOverlapped=0x0) returned 1 [0054.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.748] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.748] WriteFile (in: hFile=0x210, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.748] WriteFile (in: hFile=0x210, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.748] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.748] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.748] CloseHandle (hObject=0x210) returned 1 [0054.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0054.748] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.lolkek") returned 58 [0054.748] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini.lolkek")) returned 1 [0054.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0054.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbdaa8 | out: hHeap=0x5a0000) returned 1 [0054.756] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.756] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.756] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk", dwFileAttributes=0x80) returned 1 [0054.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0054.761] CloseHandle (hObject=0x190) returned 1 [0054.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0054.761] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1e6 [0054.761] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.761] ReadFile (in: hFile=0x190, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.762] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.762] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.762] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1e6, lpOverlapped=0x0) returned 1 [0054.762] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffe1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.762] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1e6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1e6, lpOverlapped=0x0) returned 1 [0054.762] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.762] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.762] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.762] WriteFile (in: hFile=0x190, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.762] WriteFile (in: hFile=0x190, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.762] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.762] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.762] CloseHandle (hObject=0x190) returned 1 [0054.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.762] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.lolkek") returned 58 [0054.762] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk.lolkek")) returned 1 [0054.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd9d0 | out: hHeap=0x5a0000) returned 1 [0054.763] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.763] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.763] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", dwFileAttributes=0x80) returned 1 [0054.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0054.764] CloseHandle (hObject=0x190) returned 1 [0054.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0054.764] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3a1 [0054.764] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.764] ReadFile (in: hFile=0x190, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.766] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.766] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.766] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x3a1, lpOverlapped=0x0) returned 1 [0054.766] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffc5f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.766] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3a1, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x3a1, lpOverlapped=0x0) returned 1 [0054.766] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.766] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.766] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.766] WriteFile (in: hFile=0x190, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.766] WriteFile (in: hFile=0x190, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.766] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.766] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.766] CloseHandle (hObject=0x190) returned 1 [0054.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.766] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.lolkek") returned 60 [0054.766] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk.lolkek")) returned 1 [0054.767] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.767] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbfe50 | out: hHeap=0x5a0000) returned 1 [0054.767] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.767] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.767] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk", dwFileAttributes=0x80) returned 1 [0054.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.769] CloseHandle (hObject=0x1b4) returned 1 [0054.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.769] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16b [0054.769] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.769] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.770] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.770] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.770] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x16b, lpOverlapped=0x0) returned 1 [0054.770] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffe95, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.770] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x16b, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x16b, lpOverlapped=0x0) returned 1 [0054.770] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.770] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.770] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.771] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.771] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.771] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.771] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.771] CloseHandle (hObject=0x1b4) returned 1 [0054.771] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.771] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.lolkek") returned 63 [0054.771] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk.lolkek")) returned 1 [0054.772] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.772] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x645fb8 | out: hHeap=0x5a0000) returned 1 [0054.772] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.772] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.772] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a", dwFileAttributes=0x80) returned 1 [0054.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0nw1bw0halvafd.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.772] CloseHandle (hObject=0x1b4) returned 1 [0054.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0nw1bw0halvafd.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.772] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11682 [0054.772] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.772] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.773] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.773] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.773] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.773] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.773] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.773] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.773] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.773] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.773] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.773] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.773] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.773] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.773] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.774] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.774] CloseHandle (hObject=0x1b4) returned 1 [0054.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.774] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a.lolkek") returned 65 [0054.774] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0nw1bw0halvafd.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0nw1bw0halvafd.m4a.lolkek")) returned 1 [0054.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8110 | out: hHeap=0x5a0000) returned 1 [0054.774] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.774] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.775] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav", dwFileAttributes=0x80) returned 1 [0054.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4g9zny2va_ady-hqou.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.775] CloseHandle (hObject=0x1b4) returned 1 [0054.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4g9zny2va_ady-hqou.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.775] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6646 [0054.775] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.775] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.776] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.776] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.776] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.776] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.776] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.776] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.776] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.776] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.776] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.776] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.776] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.776] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.776] CloseHandle (hObject=0x1b4) returned 1 [0054.776] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.776] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav.lolkek") returned 69 [0054.776] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4g9zny2va_ady-hqou.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4g9zny2va_ady-hqou.wav.lolkek")) returned 1 [0054.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4650 | out: hHeap=0x5a0000) returned 1 [0054.777] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.777] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.777] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav", dwFileAttributes=0x80) returned 1 [0054.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8hmndn.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.778] CloseHandle (hObject=0x1b4) returned 1 [0054.778] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8hmndn.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.778] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11b88 [0054.778] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.778] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.778] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.778] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.778] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.779] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.779] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.779] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.779] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.779] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.779] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.779] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.779] CloseHandle (hObject=0x1b4) returned 1 [0054.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.779] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav.lolkek") returned 57 [0054.779] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8hmndn.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8hmndn.wav.lolkek")) returned 1 [0054.780] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.780] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe240 | out: hHeap=0x5a0000) returned 1 [0054.780] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.780] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.780] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a", dwFileAttributes=0x80) returned 1 [0054.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\adnvnh-o_vvgnut.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.785] CloseHandle (hObject=0x1b4) returned 1 [0054.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\adnvnh-o_vvgnut.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.785] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc0ca [0054.785] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.785] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.786] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.786] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.786] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.786] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.786] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.786] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.786] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.786] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.786] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.786] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.786] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.786] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.786] CloseHandle (hObject=0x1b4) returned 1 [0054.786] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.786] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a.lolkek") returned 66 [0054.786] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\adnvnh-o_vvgnut.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\adnvnh-o_vvgnut.m4a.lolkek")) returned 1 [0054.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca84f0 | out: hHeap=0x5a0000) returned 1 [0054.787] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.787] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.787] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3", dwFileAttributes=0x80) returned 1 [0054.787] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ap3p9ogg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.787] CloseHandle (hObject=0x1b4) returned 1 [0054.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ap3p9ogg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.788] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3da2 [0054.788] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.788] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.788] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.788] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.788] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x3da2, lpOverlapped=0x0) returned 1 [0054.788] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc25e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.789] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3da2, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x3da2, lpOverlapped=0x0) returned 1 [0054.789] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.789] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.789] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.789] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.789] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.789] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.789] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.789] CloseHandle (hObject=0x1b4) returned 1 [0054.789] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.789] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3.lolkek") returned 59 [0054.789] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ap3p9ogg.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ap3p9ogg.mp3.lolkek")) returned 1 [0054.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbf9f0 | out: hHeap=0x5a0000) returned 1 [0054.790] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.790] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.790] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a", dwFileAttributes=0x80) returned 1 [0054.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\atlwenv40g1.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.790] CloseHandle (hObject=0x1b4) returned 1 [0054.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\atlwenv40g1.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.790] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17bfd [0054.790] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.790] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.791] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.791] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.791] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.791] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.791] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.791] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.791] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.791] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.791] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.791] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.791] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.792] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.792] CloseHandle (hObject=0x1b4) returned 1 [0054.792] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.792] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a.lolkek") returned 62 [0054.792] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\atlwenv40g1.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\atlwenv40g1.m4a.lolkek")) returned 1 [0054.798] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.798] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbbdb0 | out: hHeap=0x5a0000) returned 1 [0054.798] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.798] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.798] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav", dwFileAttributes=0x80) returned 1 [0054.798] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\aw2f321.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.799] CloseHandle (hObject=0x1b4) returned 1 [0054.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\aw2f321.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.799] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaa13 [0054.799] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.799] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.800] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.800] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.800] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.800] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.800] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.800] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.800] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.800] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.800] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.800] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.800] CloseHandle (hObject=0x1b4) returned 1 [0054.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.800] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav.lolkek") returned 58 [0054.800] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\aw2f321.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\aw2f321.wav.lolkek")) returned 1 [0054.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe318 | out: hHeap=0x5a0000) returned 1 [0054.801] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.801] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.801] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav", dwFileAttributes=0x80) returned 1 [0054.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b40uewa43fffnw.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.802] CloseHandle (hObject=0x1b4) returned 1 [0054.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b40uewa43fffnw.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.802] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1838c [0054.802] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.802] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.802] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.802] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.802] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.802] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.802] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.803] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.803] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.803] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.803] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.803] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.803] CloseHandle (hObject=0x1b4) returned 1 [0054.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.803] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav.lolkek") returned 65 [0054.803] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b40uewa43fffnw.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b40uewa43fffnw.wav.lolkek")) returned 1 [0054.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca83f8 | out: hHeap=0x5a0000) returned 1 [0054.804] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.804] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.804] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav", dwFileAttributes=0x80) returned 1 [0054.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b6-rwzb7t.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.804] CloseHandle (hObject=0x1b4) returned 1 [0054.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b6-rwzb7t.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.804] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1bef [0054.804] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.804] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.805] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.805] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.805] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1bef, lpOverlapped=0x0) returned 1 [0054.805] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffe411, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.805] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1bef, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1bef, lpOverlapped=0x0) returned 1 [0054.805] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.805] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.805] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.805] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.805] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.805] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.805] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.806] CloseHandle (hObject=0x1b4) returned 1 [0054.806] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.806] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav.lolkek") returned 60 [0054.806] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b6-rwzb7t.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b6-rwzb7t.wav.lolkek")) returned 1 [0054.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbf910 | out: hHeap=0x5a0000) returned 1 [0054.806] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.806] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.806] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3", dwFileAttributes=0x80) returned 1 [0054.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cemnp.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.807] CloseHandle (hObject=0x1b4) returned 1 [0054.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cemnp.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.807] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x494d [0054.807] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.807] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.807] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.808] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.808] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.808] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.808] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.808] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.808] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.808] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.808] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.808] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.808] CloseHandle (hObject=0x1b4) returned 1 [0054.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.808] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3.lolkek") returned 56 [0054.808] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cemnp.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cemnp.mp3.lolkek")) returned 1 [0054.809] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.809] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3c238 | out: hHeap=0x5a0000) returned 1 [0054.809] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.809] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.809] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.809] CloseHandle (hObject=0x1b4) returned 1 [0054.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.810] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f8 [0054.810] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.810] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.810] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.810] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.810] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.810] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.810] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x1f8, lpOverlapped=0x0) returned 1 [0054.810] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffe08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.810] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x1f8, lpOverlapped=0x0) returned 1 [0054.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.810] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.810] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.810] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.811] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.811] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.811] CloseHandle (hObject=0x1b4) returned 1 [0054.811] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.811] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.lolkek") returned 58 [0054.811] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini.lolkek")) returned 1 [0054.811] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.811] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe3f0 | out: hHeap=0x5a0000) returned 1 [0054.811] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.812] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.812] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a", dwFileAttributes=0x80) returned 1 [0054.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\euf6 czxltu.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.812] CloseHandle (hObject=0x1b4) returned 1 [0054.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\euf6 czxltu.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.812] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7b37 [0054.812] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.812] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.813] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.813] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.813] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.813] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.813] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.813] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.813] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.813] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.813] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.813] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.813] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.813] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.813] CloseHandle (hObject=0x1b4) returned 1 [0054.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.813] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a.lolkek") returned 62 [0054.814] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\euf6 czxltu.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\euf6 czxltu.m4a.lolkek")) returned 1 [0054.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbbe98 | out: hHeap=0x5a0000) returned 1 [0054.814] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.814] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.814] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3", dwFileAttributes=0x80) returned 1 [0054.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\g-e_spya.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.815] CloseHandle (hObject=0x1b4) returned 1 [0054.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\g-e_spya.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.815] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x990f [0054.815] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.815] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.815] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.815] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.815] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.816] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.816] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.816] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.816] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.816] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.816] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.816] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.816] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.816] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.816] CloseHandle (hObject=0x1b4) returned 1 [0054.816] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.816] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3.lolkek") returned 59 [0054.816] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\g-e_spya.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\g-e_spya.mp3.lolkek")) returned 1 [0054.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbff30 | out: hHeap=0x5a0000) returned 1 [0054.817] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.817] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.817] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav", dwFileAttributes=0x80) returned 1 [0054.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hkc00ovy2t.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.817] CloseHandle (hObject=0x1b4) returned 1 [0054.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hkc00ovy2t.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.817] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7fae [0054.817] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.817] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.818] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.818] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.818] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.818] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.818] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.818] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.818] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.818] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.819] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.819] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.819] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.819] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.819] CloseHandle (hObject=0x1b4) returned 1 [0054.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.819] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav.lolkek") returned 61 [0054.819] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hkc00ovy2t.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hkc00ovy2t.wav.lolkek")) returned 1 [0054.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbbf80 | out: hHeap=0x5a0000) returned 1 [0054.820] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.820] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.820] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a", dwFileAttributes=0x80) returned 1 [0054.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\iv5usi5e5q.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.820] CloseHandle (hObject=0x1b4) returned 1 [0054.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\iv5usi5e5q.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.821] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf2b9 [0054.821] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.821] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.821] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.821] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.821] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.821] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.821] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.822] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.822] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.822] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.822] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.822] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.822] CloseHandle (hObject=0x1b4) returned 1 [0054.822] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.822] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a.lolkek") returned 61 [0054.822] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\iv5usi5e5q.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\iv5usi5e5q.m4a.lolkek")) returned 1 [0054.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc068 | out: hHeap=0x5a0000) returned 1 [0054.823] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.823] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.823] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a", dwFileAttributes=0x80) returned 1 [0054.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\l1x0jehxjkdgqb3hnp.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.823] CloseHandle (hObject=0x1b4) returned 1 [0054.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\l1x0jehxjkdgqb3hnp.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.823] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10af3 [0054.823] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.823] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.824] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.824] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.824] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.824] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.824] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.824] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.824] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.824] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.824] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.824] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.824] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.824] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.824] CloseHandle (hObject=0x1b4) returned 1 [0054.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.825] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a.lolkek") returned 69 [0054.825] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\l1x0jehxjkdgqb3hnp.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\l1x0jehxjkdgqb3hnp.m4a.lolkek")) returned 1 [0054.825] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.825] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4440 | out: hHeap=0x5a0000) returned 1 [0054.825] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.825] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.825] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3", dwFileAttributes=0x80) returned 1 [0054.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5rdn.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.826] CloseHandle (hObject=0x1b4) returned 1 [0054.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5rdn.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.826] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13550 [0054.826] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.826] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.827] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.827] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.827] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.827] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.827] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.827] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.827] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.827] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.827] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.827] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.827] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.827] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.827] CloseHandle (hObject=0x1b4) returned 1 [0054.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.827] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3.lolkek") returned 56 [0054.827] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5rdn.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m5rdn.mp3.lolkek")) returned 1 [0054.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3bc88 | out: hHeap=0x5a0000) returned 1 [0054.828] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.828] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.828] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav", dwFileAttributes=0x80) returned 1 [0054.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ng2xrzqesrdmbjwg4.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.828] CloseHandle (hObject=0x1b4) returned 1 [0054.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ng2xrzqesrdmbjwg4.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.829] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x169db [0054.829] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.829] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.829] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.829] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.829] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.829] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.829] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.830] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.830] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.830] CloseHandle (hObject=0x1b4) returned 1 [0054.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.830] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav.lolkek") returned 68 [0054.830] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ng2xrzqesrdmbjwg4.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ng2xrzqesrdmbjwg4.wav.lolkek")) returned 1 [0054.831] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.831] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0960 | out: hHeap=0x5a0000) returned 1 [0054.831] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.831] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.831] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a", dwFileAttributes=0x80) returned 1 [0054.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\onu yeahbb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.831] CloseHandle (hObject=0x1b4) returned 1 [0054.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\onu yeahbb.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.831] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d14 [0054.831] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.831] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.832] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.832] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.832] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.832] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.832] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x3d14, lpOverlapped=0x0) returned 1 [0054.832] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc2ec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.832] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3d14, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x3d14, lpOverlapped=0x0) returned 1 [0054.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.832] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.832] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.832] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.832] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.832] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.832] CloseHandle (hObject=0x1b4) returned 1 [0054.832] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.833] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a.lolkek") returned 61 [0054.833] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\onu yeahbb.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\onu yeahbb.m4a.lolkek")) returned 1 [0054.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc150 | out: hHeap=0x5a0000) returned 1 [0054.833] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.833] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.833] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav", dwFileAttributes=0x80) returned 1 [0054.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\poo7haog1.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.834] CloseHandle (hObject=0x1b4) returned 1 [0054.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\poo7haog1.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.834] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7bbe [0054.834] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.834] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.834] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.834] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.834] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.834] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.835] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.835] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.835] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.835] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.835] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.853] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.853] CloseHandle (hObject=0x1b4) returned 1 [0054.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.853] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav.lolkek") returned 60 [0054.853] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\poo7haog1.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\poo7haog1.wav.lolkek")) returned 1 [0054.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc0010 | out: hHeap=0x5a0000) returned 1 [0054.854] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.854] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav", dwFileAttributes=0x80) returned 1 [0054.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmesdhpqvx7docu-g7c.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.855] CloseHandle (hObject=0x1b4) returned 1 [0054.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmesdhpqvx7docu-g7c.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.855] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18294 [0054.855] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.855] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.855] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.855] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.856] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.856] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.856] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.856] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.856] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.856] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.856] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.856] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.856] CloseHandle (hObject=0x1b4) returned 1 [0054.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.856] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav.lolkek") returned 70 [0054.856] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmesdhpqvx7docu-g7c.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qmesdhpqvx7docu-g7c.wav.lolkek")) returned 1 [0054.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4758 | out: hHeap=0x5a0000) returned 1 [0054.857] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav", dwFileAttributes=0x80) returned 1 [0054.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\t3a_cl7 4w0xahggy.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.858] CloseHandle (hObject=0x1b4) returned 1 [0054.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\t3a_cl7 4w0xahggy.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.858] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc5b1 [0054.858] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.858] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.858] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.858] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.858] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.858] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.859] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.859] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.859] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.859] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.859] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.859] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.859] CloseHandle (hObject=0x1b4) returned 1 [0054.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.859] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav.lolkek") returned 68 [0054.859] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\t3a_cl7 4w0xahggy.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\t3a_cl7 4w0xahggy.wav.lolkek")) returned 1 [0054.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0a60 | out: hHeap=0x5a0000) returned 1 [0054.860] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.860] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.860] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3", dwFileAttributes=0x80) returned 1 [0054.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\tp7-bspbeplaee mzu7.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.860] CloseHandle (hObject=0x1b4) returned 1 [0054.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\tp7-bspbeplaee mzu7.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.861] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13de2 [0054.861] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.861] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.861] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.861] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.861] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.861] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.861] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.861] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.861] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.862] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.862] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.862] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.862] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.862] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.862] CloseHandle (hObject=0x1b4) returned 1 [0054.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.862] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3.lolkek") returned 70 [0054.862] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\tp7-bspbeplaee mzu7.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\tp7-bspbeplaee mzu7.mp3.lolkek")) returned 1 [0054.863] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.863] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4860 | out: hHeap=0x5a0000) returned 1 [0054.863] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.863] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.863] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a", dwFileAttributes=0x80) returned 1 [0054.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uw 08k- myrvk.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.863] CloseHandle (hObject=0x1b4) returned 1 [0054.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uw 08k- myrvk.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.863] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x131cd [0054.863] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.863] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.864] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.864] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.864] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.864] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.864] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.864] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.864] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.864] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.864] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.864] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.865] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.865] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.865] CloseHandle (hObject=0x1b4) returned 1 [0054.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a.lolkek") returned 64 [0054.865] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uw 08k- myrvk.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uw 08k- myrvk.m4a.lolkek")) returned 1 [0054.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6460a8 | out: hHeap=0x5a0000) returned 1 [0054.865] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.865] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.865] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav", dwFileAttributes=0x80) returned 1 [0054.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xn-scp4nxtxfiqtpi.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.866] CloseHandle (hObject=0x1b4) returned 1 [0054.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xn-scp4nxtxfiqtpi.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.866] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x83c2 [0054.866] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.866] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.867] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.867] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.867] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.867] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.867] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.867] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.867] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.867] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.868] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.868] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.868] CloseHandle (hObject=0x1b4) returned 1 [0054.868] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav.lolkek") returned 68 [0054.868] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xn-scp4nxtxfiqtpi.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xn-scp4nxtxfiqtpi.wav.lolkek")) returned 1 [0054.869] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.869] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0b60 | out: hHeap=0x5a0000) returned 1 [0054.869] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.869] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.869] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav", dwFileAttributes=0x80) returned 1 [0054.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xncdypkclgpd.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.869] CloseHandle (hObject=0x1b4) returned 1 [0054.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xncdypkclgpd.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.869] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11142 [0054.869] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.869] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.870] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.870] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.870] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.870] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.870] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.870] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.870] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.871] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.871] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.871] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.871] CloseHandle (hObject=0x1b4) returned 1 [0054.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.871] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav.lolkek") returned 63 [0054.871] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xncdypkclgpd.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xncdypkclgpd.wav.lolkek")) returned 1 [0054.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc9da0 | out: hHeap=0x5a0000) returned 1 [0054.871] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.872] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.872] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a", dwFileAttributes=0x80) returned 1 [0054.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xwyl1pnx43jxxh9i.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.872] CloseHandle (hObject=0x1b4) returned 1 [0054.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xwyl1pnx43jxxh9i.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.872] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe74b [0054.872] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.872] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.873] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.873] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.873] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.873] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.873] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.873] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.873] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.873] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.873] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.873] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.873] CloseHandle (hObject=0x1b4) returned 1 [0054.874] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.874] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a.lolkek") returned 67 [0054.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xwyl1pnx43jxxh9i.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xwyl1pnx43jxxh9i.m4a.lolkek")) returned 1 [0054.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0c60 | out: hHeap=0x5a0000) returned 1 [0054.874] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.874] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.874] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a", dwFileAttributes=0x80) returned 1 [0054.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ytjhp00v4yo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.875] CloseHandle (hObject=0x1b4) returned 1 [0054.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ytjhp00v4yo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.875] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12645 [0054.875] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.875] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.875] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.876] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.876] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.876] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.876] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.876] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.876] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.876] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.876] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.876] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.876] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.876] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.876] CloseHandle (hObject=0x1b4) returned 1 [0054.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.876] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a.lolkek") returned 62 [0054.876] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ytjhp00v4yo.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ytjhp00v4yo.m4a.lolkek")) returned 1 [0054.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc238 | out: hHeap=0x5a0000) returned 1 [0054.877] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.877] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.877] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3", dwFileAttributes=0x80) returned 1 [0054.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zhrvk6cfy2.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.878] CloseHandle (hObject=0x1b4) returned 1 [0054.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zhrvk6cfy2.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.878] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b01 [0054.878] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.878] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.878] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.878] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.878] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x2b01, lpOverlapped=0x0) returned 1 [0054.878] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffd4ff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.879] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2b01, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x2b01, lpOverlapped=0x0) returned 1 [0054.879] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.879] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.879] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.879] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.879] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.879] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.879] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.879] CloseHandle (hObject=0x1b4) returned 1 [0054.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.879] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3.lolkek") returned 61 [0054.879] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zhrvk6cfy2.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\zhrvk6cfy2.mp3.lolkek")) returned 1 [0054.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc320 | out: hHeap=0x5a0000) returned 1 [0054.880] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.880] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.880] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav", dwFileAttributes=0x80) returned 1 [0054.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wfpn7.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.880] CloseHandle (hObject=0x1b4) returned 1 [0054.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wfpn7.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.880] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x141b1 [0054.880] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.880] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.881] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.881] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.881] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.881] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.881] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.881] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.881] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.881] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.881] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.882] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.882] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.882] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.882] CloseHandle (hObject=0x1b4) returned 1 [0054.883] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.883] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav.lolkek") returned 57 [0054.883] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wfpn7.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wfpn7.wav.lolkek")) returned 1 [0054.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe4c8 | out: hHeap=0x5a0000) returned 1 [0054.884] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.884] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.885] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3", dwFileAttributes=0x80) returned 1 [0054.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wmunbqwfmh.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.885] CloseHandle (hObject=0x1b4) returned 1 [0054.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wmunbqwfmh.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.885] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13a6c [0054.885] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.886] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0054.886] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0054.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8010 [0054.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.886] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.886] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0054.886] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.886] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0054.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8010 | out: hHeap=0x5a0000) returned 1 [0054.886] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.887] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0054.887] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.887] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0054.887] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0054.887] CloseHandle (hObject=0x1b4) returned 1 [0054.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.887] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3.lolkek") returned 62 [0054.887] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wmunbqwfmh.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_wmunbqwfmh.mp3.lolkek")) returned 1 [0054.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc408 | out: hHeap=0x5a0000) returned 1 [0054.888] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.888] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.888] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", dwFileAttributes=0x80) returned 1 [0054.888] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0054.888] RmStartSession () returned 0x0 [0054.890] RmRegisterResources () returned 0x0 [0054.892] RmGetList () returned 0x0 [0054.988] GetCurrentProcessId () returned 0x86c [0054.988] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0054.988] RmEndSession () returned 0x0 [0055.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.014] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb90d8 | out: hHeap=0x5a0000) returned 1 [0055.014] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.014] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.014] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", dwFileAttributes=0x80) returned 1 [0055.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.014] RmStartSession () returned 0x0 [0055.016] RmRegisterResources () returned 0x0 [0055.018] RmGetList () returned 0x0 [0055.181] GetCurrentProcessId () returned 0x86c [0055.181] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0055.181] RmEndSession () returned 0x0 [0055.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.209] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3bef8 | out: hHeap=0x5a0000) returned 1 [0055.209] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.209] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.209] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", dwFileAttributes=0x80) returned 1 [0055.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0055.210] CloseHandle (hObject=0x1b4) returned 1 [0055.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0055.210] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14 [0055.211] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.211] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.211] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x14, lpOverlapped=0x0) returned 1 [0055.211] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffffec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.211] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x14, lpOverlapped=0x0) returned 1 [0055.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.212] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.212] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.212] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.212] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.212] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.212] CloseHandle (hObject=0x1b4) returned 1 [0055.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.212] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.lolkek") returned 51 [0055.212] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini.lolkek")) returned 1 [0055.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb9258 | out: hHeap=0x5a0000) returned 1 [0055.213] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.213] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.213] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg", dwFileAttributes=0x80) returned 1 [0055.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-weij.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0055.214] CloseHandle (hObject=0x1b4) returned 1 [0055.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-weij.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0055.214] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4fd4 [0055.214] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.214] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.214] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.214] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.215] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.215] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.215] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.215] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.215] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.215] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.215] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.215] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.215] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.215] CloseHandle (hObject=0x1b4) returned 1 [0055.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.215] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg.lolkek") returned 59 [0055.216] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-weij.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\-weij.jpg.lolkek")) returned 1 [0055.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc00f0 | out: hHeap=0x5a0000) returned 1 [0055.216] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.216] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.216] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg", dwFileAttributes=0x80) returned 1 [0055.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\djmmnmlv.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0055.217] CloseHandle (hObject=0x1b4) returned 1 [0055.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\djmmnmlv.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0055.217] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7dea [0055.217] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.217] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.218] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.218] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.218] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.218] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.218] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.218] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.218] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.218] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.218] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.218] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.218] CloseHandle (hObject=0x1b4) returned 1 [0055.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.219] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg.lolkek") returned 67 [0055.219] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\djmmnmlv.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\djmmnmlv.jpg.lolkek")) returned 1 [0055.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0d60 | out: hHeap=0x5a0000) returned 1 [0055.219] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.219] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.219] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif", dwFileAttributes=0x80) returned 1 [0055.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\fdxxrehgajznwhkfj.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0055.220] CloseHandle (hObject=0x1b4) returned 1 [0055.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\fdxxrehgajznwhkfj.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0055.220] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce7e [0055.220] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.220] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.220] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.221] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.221] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.221] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.221] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.221] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.221] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.221] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.221] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.221] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.221] CloseHandle (hObject=0x1b4) returned 1 [0055.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.221] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif.lolkek") returned 76 [0055.221] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\fdxxrehgajznwhkfj.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\fdxxrehgajznwhkfj.gif.lolkek")) returned 1 [0055.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc9e90 | out: hHeap=0x5a0000) returned 1 [0055.222] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.222] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.222] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif", dwFileAttributes=0x80) returned 1 [0055.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\gzcoonwlfdajypch.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0055.223] CloseHandle (hObject=0x1b4) returned 1 [0055.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\gzcoonwlfdajypch.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0055.223] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9a62 [0055.223] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.223] ReadFile (in: hFile=0x1b4, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.223] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.223] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.223] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.223] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.223] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.223] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.224] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.224] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.224] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.224] WriteFile (in: hFile=0x1b4, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.224] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.224] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.224] CloseHandle (hObject=0x1b4) returned 1 [0055.224] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.224] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif.lolkek") returned 75 [0055.224] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\gzcoonwlfdajypch.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\gzcoonwlfdajypch.gif.lolkek")) returned 1 [0055.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de0490 | out: hHeap=0x5a0000) returned 1 [0055.225] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.226] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.226] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif", dwFileAttributes=0x80) returned 1 [0055.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\hl3k4sfy5ww5iyxpq-we.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.227] CloseHandle (hObject=0x224) returned 1 [0055.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\hl3k4sfy5ww5iyxpq-we.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.227] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3afb [0055.227] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.227] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.228] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.228] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.228] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x3afb, lpOverlapped=0x0) returned 1 [0055.228] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc505, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.228] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3afb, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x3afb, lpOverlapped=0x0) returned 1 [0055.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.228] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.228] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.228] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.229] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.229] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.229] CloseHandle (hObject=0x224) returned 1 [0055.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.229] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif.lolkek") returned 79 [0055.229] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\hl3k4sfy5ww5iyxpq-we.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\hl3k4sfy5ww5iyxpq-we.gif.lolkek")) returned 1 [0055.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7160 | out: hHeap=0x5a0000) returned 1 [0055.229] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.230] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.230] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif", dwFileAttributes=0x80) returned 1 [0055.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\7ueon3-rkoi.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.230] CloseHandle (hObject=0x224) returned 1 [0055.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\7ueon3-rkoi.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.230] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfe60 [0055.230] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.230] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.231] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.231] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.231] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.231] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.231] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.231] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.231] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.231] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.231] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.231] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.231] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.231] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.231] CloseHandle (hObject=0x224) returned 1 [0055.231] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.231] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif.lolkek") returned 76 [0055.232] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\7ueon3-rkoi.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\7ueon3-rkoi.gif.lolkek")) returned 1 [0055.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c2078 | out: hHeap=0x5a0000) returned 1 [0055.232] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.232] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.232] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif", dwFileAttributes=0x80) returned 1 [0055.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\bdg-4ovxo3lulr5sq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.233] CloseHandle (hObject=0x224) returned 1 [0055.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\bdg-4ovxo3lulr5sq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.233] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11b8a [0055.233] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.233] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.234] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.234] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.234] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.234] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.234] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.234] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.234] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.234] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.234] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.234] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.234] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.234] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.234] CloseHandle (hObject=0x224) returned 1 [0055.234] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.234] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif.lolkek") returned 82 [0055.234] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\bdg-4ovxo3lulr5sq.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\bdg-4ovxo3lulr5sq.gif.lolkek")) returned 1 [0055.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6668 | out: hHeap=0x5a0000) returned 1 [0055.235] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.235] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.235] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif", dwFileAttributes=0x80) returned 1 [0055.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\hjvzzezqrb8yo1rr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.236] CloseHandle (hObject=0x224) returned 1 [0055.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\hjvzzezqrb8yo1rr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.236] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10fbc [0055.236] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.236] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.236] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.236] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.236] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.236] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.237] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.237] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.237] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.237] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.237] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.237] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.237] CloseHandle (hObject=0x224) returned 1 [0055.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.237] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif.lolkek") returned 81 [0055.237] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\hjvzzezqrb8yo1rr.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\hjvzzezqrb8yo1rr.gif.lolkek")) returned 1 [0055.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6c80 | out: hHeap=0x5a0000) returned 1 [0055.238] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.238] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.238] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg", dwFileAttributes=0x80) returned 1 [0055.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\nbb_.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.238] CloseHandle (hObject=0x224) returned 1 [0055.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\nbb_.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.238] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x78d0 [0055.239] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.239] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.239] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.239] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.239] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.239] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.239] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.239] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.239] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.239] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.239] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.240] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.240] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.240] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.240] CloseHandle (hObject=0x224) returned 1 [0055.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.240] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg.lolkek") returned 69 [0055.240] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\nbb_.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\nbb_.jpg.lolkek")) returned 1 [0055.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4a70 | out: hHeap=0x5a0000) returned 1 [0055.241] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.241] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.241] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp", dwFileAttributes=0x80) returned 1 [0055.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\snf_bj.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.241] CloseHandle (hObject=0x224) returned 1 [0055.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\snf_bj.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.241] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13594 [0055.241] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.241] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.242] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.242] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.242] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.242] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.242] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.242] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.242] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.242] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.242] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.242] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.242] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.242] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.242] CloseHandle (hObject=0x224) returned 1 [0055.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.243] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp.lolkek") returned 71 [0055.243] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\snf_bj.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\snf_bj.bmp.lolkek")) returned 1 [0055.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612ad8 | out: hHeap=0x5a0000) returned 1 [0055.243] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.243] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.243] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif", dwFileAttributes=0x80) returned 1 [0055.243] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\upsckdvefefkv3i.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.244] CloseHandle (hObject=0x224) returned 1 [0055.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\upsckdvefefkv3i.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.244] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfafe [0055.244] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.244] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.244] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.244] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.244] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.245] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.245] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.245] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.245] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.245] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.245] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.245] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.245] CloseHandle (hObject=0x224) returned 1 [0055.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.245] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif.lolkek") returned 80 [0055.245] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\upsckdvefefkv3i.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\upsckdvefefkv3i.gif.lolkek")) returned 1 [0055.246] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.246] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7028 | out: hHeap=0x5a0000) returned 1 [0055.246] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.246] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.246] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif", dwFileAttributes=0x80) returned 1 [0055.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\wkiqekzqaw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.246] CloseHandle (hObject=0x224) returned 1 [0055.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\wkiqekzqaw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.247] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11b71 [0055.247] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.247] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.247] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.247] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.247] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.247] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.247] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.247] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.248] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.248] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.248] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.248] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.248] CloseHandle (hObject=0x224) returned 1 [0055.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.248] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif.lolkek") returned 75 [0055.248] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\wkiqekzqaw.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\wkiqekzqaw.gif.lolkek")) returned 1 [0055.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f460 | out: hHeap=0x5a0000) returned 1 [0055.249] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.249] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.249] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png", dwFileAttributes=0x80) returned 1 [0055.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xn aywdd.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.249] CloseHandle (hObject=0x224) returned 1 [0055.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xn aywdd.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.249] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8e4f [0055.249] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.249] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.250] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.250] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.250] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.250] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.250] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.250] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.250] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.250] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.250] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.250] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.250] CloseHandle (hObject=0x224) returned 1 [0055.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.251] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png.lolkek") returned 73 [0055.251] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xn aywdd.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xn aywdd.png.lolkek")) returned 1 [0055.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612bf0 | out: hHeap=0x5a0000) returned 1 [0055.251] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.251] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.251] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png", dwFileAttributes=0x80) returned 1 [0055.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xxgq5emp5zs56vglmx.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.252] CloseHandle (hObject=0x224) returned 1 [0055.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xxgq5emp5zs56vglmx.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.252] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f6b [0055.252] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.252] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.252] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.252] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.252] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.252] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.252] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.252] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.253] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.253] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.253] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.253] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.253] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.253] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.253] CloseHandle (hObject=0x224) returned 1 [0055.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.253] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png.lolkek") returned 83 [0055.253] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xxgq5emp5zs56vglmx.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\xxgq5emp5zs56vglmx.png.lolkek")) returned 1 [0055.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6173d8 | out: hHeap=0x5a0000) returned 1 [0055.254] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.254] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.254] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png", dwFileAttributes=0x80) returned 1 [0055.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\z0t3e.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.254] CloseHandle (hObject=0x224) returned 1 [0055.254] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\z0t3e.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.254] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc9eb [0055.254] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.254] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.255] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.255] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.255] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.255] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.255] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.255] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.255] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.255] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.255] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.255] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.255] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.256] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.256] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.256] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.256] CloseHandle (hObject=0x224) returned 1 [0055.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.256] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png.lolkek") returned 70 [0055.256] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\z0t3e.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\z0t3e.png.lolkek")) returned 1 [0055.257] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.257] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4b78 | out: hHeap=0x5a0000) returned 1 [0055.257] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.257] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.257] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png", dwFileAttributes=0x80) returned 1 [0055.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\zzy04jqy6450bdxao.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.258] CloseHandle (hObject=0x224) returned 1 [0055.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\zzy04jqy6450bdxao.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.258] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa42c [0055.258] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.258] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.258] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.258] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.258] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.259] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.259] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.259] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.259] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.259] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.259] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.259] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.259] CloseHandle (hObject=0x224) returned 1 [0055.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.259] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png.lolkek") returned 82 [0055.259] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\zzy04jqy6450bdxao.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\zzy04jqy6450bdxao.png.lolkek")) returned 1 [0055.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7508 | out: hHeap=0x5a0000) returned 1 [0055.260] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.260] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.260] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp", dwFileAttributes=0x80) returned 1 [0055.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\kmlyg0n1rdf.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.260] CloseHandle (hObject=0x224) returned 1 [0055.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\kmlyg0n1rdf.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.261] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18dae [0055.261] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.261] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.261] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.261] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.261] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.261] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.261] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.262] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.262] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.262] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.262] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.262] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.262] CloseHandle (hObject=0x224) returned 1 [0055.262] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.262] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp.lolkek") returned 70 [0055.262] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\kmlyg0n1rdf.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\kmlyg0n1rdf.bmp.lolkek")) returned 1 [0055.263] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.263] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4c80 | out: hHeap=0x5a0000) returned 1 [0055.263] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.263] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.263] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp", dwFileAttributes=0x80) returned 1 [0055.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\a5ftggp wij7t.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.263] CloseHandle (hObject=0x224) returned 1 [0055.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\a5ftggp wij7t.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.263] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13c20 [0055.263] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.263] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.264] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.264] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.264] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.264] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.264] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.264] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.264] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.264] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.264] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.264] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.264] CloseHandle (hObject=0x224) returned 1 [0055.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.267] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp.lolkek") returned 79 [0055.267] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\a5ftggp wij7t.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\a5ftggp wij7t.bmp.lolkek")) returned 1 [0055.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6db8 | out: hHeap=0x5a0000) returned 1 [0055.267] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.267] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.267] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png", dwFileAttributes=0x80) returned 1 [0055.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\h0hzeojhvpfqgew.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.268] CloseHandle (hObject=0x224) returned 1 [0055.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\h0hzeojhvpfqgew.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.268] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc76 [0055.268] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.268] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.269] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.269] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.269] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0xc76, lpOverlapped=0x0) returned 1 [0055.269] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffff38a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.269] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xc76, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0xc76, lpOverlapped=0x0) returned 1 [0055.269] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.269] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.269] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.269] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.269] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.269] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.269] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.269] CloseHandle (hObject=0x224) returned 1 [0055.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.269] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png.lolkek") returned 81 [0055.269] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\h0hzeojhvpfqgew.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\h0hzeojhvpfqgew.png.lolkek")) returned 1 [0055.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca73d0 | out: hHeap=0x5a0000) returned 1 [0055.270] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.270] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.270] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp", dwFileAttributes=0x80) returned 1 [0055.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hcroyxm6at.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.270] CloseHandle (hObject=0x224) returned 1 [0055.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hcroyxm6at.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.271] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x120b1 [0055.271] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.271] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.271] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.271] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.271] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.271] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.271] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.271] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.272] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.272] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.272] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.319] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.319] CloseHandle (hObject=0x224) returned 1 [0055.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.319] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp.lolkek") returned 76 [0055.319] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hcroyxm6at.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hcroyxm6at.bmp.lolkek")) returned 1 [0055.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1d08 | out: hHeap=0x5a0000) returned 1 [0055.320] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.320] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.320] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif", dwFileAttributes=0x80) returned 1 [0055.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bnzldvsu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.320] CloseHandle (hObject=0x224) returned 1 [0055.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bnzldvsu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.321] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2bb6 [0055.321] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.321] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.321] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.321] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.321] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x2bb6, lpOverlapped=0x0) returned 1 [0055.321] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffd44a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.321] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x2bb6, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x2bb6, lpOverlapped=0x0) returned 1 [0055.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.322] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.322] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.322] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.322] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.322] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.322] CloseHandle (hObject=0x224) returned 1 [0055.322] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.322] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif.lolkek") returned 62 [0055.322] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bnzldvsu.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bnzldvsu.gif.lolkek")) returned 1 [0055.323] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.323] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc4f0 | out: hHeap=0x5a0000) returned 1 [0055.323] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.323] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.323] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp", dwFileAttributes=0x80) returned 1 [0055.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\btytmj_b0gc.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.323] CloseHandle (hObject=0x224) returned 1 [0055.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\btytmj_b0gc.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.323] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe684 [0055.323] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.323] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.324] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.324] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.324] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.324] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.324] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.324] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.324] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.324] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.324] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.324] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.324] CloseHandle (hObject=0x224) returned 1 [0055.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.325] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp.lolkek") returned 65 [0055.325] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\btytmj_b0gc.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\btytmj_b0gc.bmp.lolkek")) returned 1 [0055.325] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.325] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7668 | out: hHeap=0x5a0000) returned 1 [0055.325] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.325] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.325] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp", dwFileAttributes=0x80) returned 1 [0055.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cgejbdy.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.326] CloseHandle (hObject=0x224) returned 1 [0055.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cgejbdy.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.326] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc52d [0055.326] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.326] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.326] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.326] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.326] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.327] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.327] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.327] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.327] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.327] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.327] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.327] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.327] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.327] CloseHandle (hObject=0x224) returned 1 [0055.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.327] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp.lolkek") returned 61 [0055.327] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cgejbdy.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cgejbdy.bmp.lolkek")) returned 1 [0055.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc5d8 | out: hHeap=0x5a0000) returned 1 [0055.328] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.328] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.328] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0055.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.328] CloseHandle (hObject=0x224) returned 1 [0055.328] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.329] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f8 [0055.329] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.329] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.329] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.329] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.329] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x1f8, lpOverlapped=0x0) returned 1 [0055.329] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffe08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.329] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x1f8, lpOverlapped=0x0) returned 1 [0055.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.329] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.329] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.330] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.330] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.330] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.330] CloseHandle (hObject=0x224) returned 1 [0055.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.330] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.lolkek") returned 61 [0055.330] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini.lolkek")) returned 1 [0055.330] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.330] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc6c0 | out: hHeap=0x5a0000) returned 1 [0055.330] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.330] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.331] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png", dwFileAttributes=0x80) returned 1 [0055.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffo7.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.331] CloseHandle (hObject=0x224) returned 1 [0055.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffo7.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.331] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c97 [0055.331] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.331] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.332] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.332] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x1c97, lpOverlapped=0x0) returned 1 [0055.332] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffe369, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.332] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x1c97, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x1c97, lpOverlapped=0x0) returned 1 [0055.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.332] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.332] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.332] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.332] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.332] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.332] CloseHandle (hObject=0x224) returned 1 [0055.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.332] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png.lolkek") returned 58 [0055.332] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffo7.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffo7.png.lolkek")) returned 1 [0055.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe5a0 | out: hHeap=0x5a0000) returned 1 [0055.333] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.333] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.333] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg", dwFileAttributes=0x80) returned 1 [0055.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\i6yq4qseuepfm.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.333] CloseHandle (hObject=0x224) returned 1 [0055.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\i6yq4qseuepfm.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.334] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16422 [0055.334] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.334] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.334] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.334] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.334] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.334] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.335] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.335] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.335] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.335] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.335] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.335] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.335] CloseHandle (hObject=0x224) returned 1 [0055.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.335] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg.lolkek") returned 67 [0055.335] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\i6yq4qseuepfm.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\i6yq4qseuepfm.jpg.lolkek")) returned 1 [0055.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0660 | out: hHeap=0x5a0000) returned 1 [0055.336] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.336] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.336] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp", dwFileAttributes=0x80) returned 1 [0055.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\umqthbqlzcvmcshbo.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.336] CloseHandle (hObject=0x224) returned 1 [0055.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\umqthbqlzcvmcshbo.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.337] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcf38 [0055.337] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.337] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.337] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.337] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.337] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.337] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.337] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.337] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.338] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.338] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.338] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.338] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.338] CloseHandle (hObject=0x224) returned 1 [0055.338] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.338] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp.lolkek") returned 71 [0055.338] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\umqthbqlzcvmcshbo.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\umqthbqlzcvmcshbo.bmp.lolkek")) returned 1 [0055.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612e20 | out: hHeap=0x5a0000) returned 1 [0055.339] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.339] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.339] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg", dwFileAttributes=0x80) returned 1 [0055.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wtw62q3cjufjg.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.339] CloseHandle (hObject=0x224) returned 1 [0055.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wtw62q3cjufjg.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.339] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16ee5 [0055.339] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.339] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.340] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.340] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.340] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.340] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.340] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.340] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.340] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.340] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.340] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.340] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.340] CloseHandle (hObject=0x224) returned 1 [0055.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.340] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg.lolkek") returned 67 [0055.341] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wtw62q3cjufjg.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wtw62q3cjufjg.jpg.lolkek")) returned 1 [0055.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0560 | out: hHeap=0x5a0000) returned 1 [0055.341] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.341] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.341] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif", dwFileAttributes=0x80) returned 1 [0055.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_gu23vwb.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.342] CloseHandle (hObject=0x224) returned 1 [0055.342] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_gu23vwb.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.342] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x153af [0055.342] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.342] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.342] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.342] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.342] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x4000, lpOverlapped=0x0) returned 1 [0055.342] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.343] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x4000, lpOverlapped=0x0) returned 1 [0055.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.343] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.343] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.343] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.343] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.343] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.343] CloseHandle (hObject=0x224) returned 1 [0055.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.343] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif.lolkek") returned 62 [0055.343] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_gu23vwb.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_gu23vwb.gif.lolkek")) returned 1 [0055.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc7a8 | out: hHeap=0x5a0000) returned 1 [0055.344] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.344] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.344] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini", dwFileAttributes=0x80) returned 1 [0055.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.344] CloseHandle (hObject=0x224) returned 1 [0055.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.345] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a [0055.345] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.345] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.345] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.345] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.345] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.345] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.346] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x11a, lpOverlapped=0x0) returned 1 [0055.346] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffee6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.346] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x11a, lpOverlapped=0x0) returned 1 [0055.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.346] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.346] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.346] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.346] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.346] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.346] CloseHandle (hObject=0x224) returned 1 [0055.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.346] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.lolkek") returned 64 [0055.346] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini.lolkek")) returned 1 [0055.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f730 | out: hHeap=0x5a0000) returned 1 [0055.347] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.347] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.347] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini", dwFileAttributes=0x80) returned 1 [0055.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0055.347] CloseHandle (hObject=0x224) returned 1 [0055.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0055.347] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20c [0055.348] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.348] ReadFile (in: hFile=0x224, lpBuffer=0x2c7fa40, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2c7e024, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa40*, lpNumberOfBytesRead=0x2c7e024*=0xd, lpOverlapped=0x0) returned 1 [0055.348] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2c7fa50 | out: pbBuffer=0x2c7fa50) returned 1 [0055.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc81d8 [0055.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3de1f40 [0055.348] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.348] ReadFile (in: hFile=0x224, lpBuffer=0x3de1f40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2c7dffc, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesRead=0x2c7dffc*=0x20c, lpOverlapped=0x0) returned 1 [0055.348] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffdf4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.348] WriteFile (in: hFile=0x224, lpBuffer=0x3de1f40*, nNumberOfBytesToWrite=0x20c, lpNumberOfBytesWritten=0x2c7fa40, lpOverlapped=0x0 | out: lpBuffer=0x3de1f40*, lpNumberOfBytesWritten=0x2c7fa40*=0x20c, lpOverlapped=0x0) returned 1 [0055.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc81d8 | out: hHeap=0x5a0000) returned 1 [0055.348] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.348] WriteFile (in: hFile=0x224, lpBuffer=0x2c7e004*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7e004*, lpNumberOfBytesWritten=0x2c7e008*=0x4, lpOverlapped=0x0) returned 1 [0055.348] WriteFile (in: hFile=0x224, lpBuffer=0x2c7fa50*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x2c7fa50*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.349] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2c7e008*=0x20, lpOverlapped=0x0) returned 1 [0055.349] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2c7e008, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2c7e008*=0xd, lpOverlapped=0x0) returned 1 [0055.349] CloseHandle (hObject=0x224) returned 1 [0055.349] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.349] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.lolkek") returned 61 [0055.349] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini.lolkek")) returned 1 [0055.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbc890 | out: hHeap=0x5a0000) returned 1 [0055.763] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.763] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.763] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", dwFileAttributes=0x80) returned 0 [0055.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.763] RmStartSession () returned 0x0 [0055.766] RmRegisterResources () returned 0x0 [0055.768] RmGetList () returned 0x0 [0056.025] RmEndSession () returned 0x0 [0056.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6420 | out: hHeap=0x5a0000) returned 1 [0056.044] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.044] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.044] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", dwFileAttributes=0x80) returned 0 [0056.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.045] RmStartSession () returned 0x0 [0056.047] RmRegisterResources () returned 0x0 [0056.049] RmGetList () returned 0x0 [0056.538] RmEndSession () returned 0x0 [0056.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddfa0 | out: hHeap=0x5a0000) returned 1 [0056.561] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.561] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.561] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", dwFileAttributes=0x80) returned 0 [0056.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.561] RmStartSession () returned 0x0 [0056.563] RmRegisterResources () returned 0x0 [0056.565] RmGetList () returned 0x0 [0057.086] RmEndSession () returned 0x0 [0057.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.149] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634058 | out: hHeap=0x5a0000) returned 1 [0057.149] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.149] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.149] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", dwFileAttributes=0x80) returned 0 [0057.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.149] RmStartSession () returned 0x0 [0057.151] RmRegisterResources () returned 0x0 [0057.153] RmGetList () returned 0x0 [0057.602] RmEndSession () returned 0x0 [0057.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6270 | out: hHeap=0x5a0000) returned 1 [0057.963] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.963] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.963] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp", dwFileAttributes=0x80) returned 0 [0057.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.964] RmStartSession () returned 0x0 [0057.966] RmRegisterResources () returned 0x0 [0057.968] RmGetList () returned 0x0 [0059.562] RmEndSession () returned 0x0 [0059.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile30.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4608 | out: hHeap=0x5a0000) returned 1 [0059.578] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.579] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.579] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov", dwFileAttributes=0x80) returned 0 [0059.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.579] RmStartSession () returned 0x0 [0059.581] RmRegisterResources () returned 0x0 [0059.585] RmGetList () returned 0x0 [0062.947] RmEndSession () returned 0x0 [0063.085] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.085] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadfd0 | out: hHeap=0x5a0000) returned 1 [0063.085] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 9 os_tid = 0x8e8 [0035.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.519] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.519] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT", dwFileAttributes=0x80) returned 1 [0035.836] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0035.836] CloseHandle (hObject=0x160) returned 1 [0035.836] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.836] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10000 [0035.836] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0035.837] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0035.838] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0035.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x61c748 [0035.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x61c7e0 [0035.838] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0035.838] ReadFile (in: hFile=0x160, lpBuffer=0x61c7e0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x61c7e0*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0035.839] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0035.839] WriteFile (in: hFile=0x160, lpBuffer=0x61c7e0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x61c7e0*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0035.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c7e0 | out: hHeap=0x5a0000) returned 1 [0035.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.839] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0035.839] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0035.839] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0035.839] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0035.839] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0035.839] CloseHandle (hObject=0x160) returned 1 [0035.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.841] wsprintfW (in: param_1=0x61c748, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Boot\\BOOTSTAT.DAT.lolkek") returned 31 [0035.841] MoveFileW (lpExistingFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), lpNewFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT.lolkek" (normalized: "c:\\boot\\bootstat.dat.lolkek")) returned 1 [0035.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec128 | out: hHeap=0x5a0000) returned 1 [0035.847] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.866] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.866] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf", dwFileAttributes=0x80) returned 0 [0035.868] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.870] RmStartSession () returned 0x0 [0036.475] RmRegisterResources () returned 0x0 [0036.477] RmGetList () returned 0x0 [0037.406] RmEndSession () returned 0x0 [0037.425] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fb00 | out: hHeap=0x5a0000) returned 1 [0037.425] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.426] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.426] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.426] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.426] RmStartSession () returned 0x0 [0037.431] RmRegisterResources () returned 0x0 [0037.433] RmGetList () returned 0x0 [0039.281] RmEndSession () returned 0x0 [0039.324] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x630128 | out: hHeap=0x5a0000) returned 1 [0039.324] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.324] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.325] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", dwFileAttributes=0x80) returned 1 [0039.325] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0039.325] CloseHandle (hObject=0x27c) returned 1 [0039.325] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0039.325] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x708 [0039.325] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.325] ReadFile (in: hFile=0x27c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0039.443] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0039.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0039.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0039.443] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.443] ReadFile (in: hFile=0x27c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x310e34c*=0x708, lpOverlapped=0x0) returned 1 [0039.443] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffff8f8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.443] WriteFile (in: hFile=0x27c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x708, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x310fd90*=0x708, lpOverlapped=0x0) returned 1 [0039.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0039.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0039.443] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.444] WriteFile (in: hFile=0x27c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0039.444] WriteFile (in: hFile=0x27c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.444] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.444] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0039.444] CloseHandle (hObject=0x27c) returned 1 [0039.445] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.445] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.lolkek") returned 85 [0039.445] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.lolkek")) returned 1 [0039.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6346a8 | out: hHeap=0x5a0000) returned 1 [0039.445] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.445] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.445] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi", dwFileAttributes=0x80) returned 1 [0039.545] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.546] CloseHandle (hObject=0x24c) returned 1 [0039.546] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0039.547] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5c00 [0039.547] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.547] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0039.550] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0039.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0039.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0039.550] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.550] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0039.555] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.555] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0039.555] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0039.555] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0039.555] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.555] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0039.555] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.556] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.556] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0039.556] CloseHandle (hObject=0x24c) returned 1 [0039.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0039.617] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.lolkek") returned 92 [0039.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.lolkek")) returned 1 [0039.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0039.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635958 | out: hHeap=0x5a0000) returned 1 [0039.618] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.618] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.618] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi", dwFileAttributes=0x80) returned 1 [0039.618] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.618] CloseHandle (hObject=0x24c) returned 1 [0039.618] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0039.619] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd7200 [0039.619] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.619] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0039.704] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0039.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0039.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0039.704] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.704] ReadFile (in: hFile=0x24c, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0039.828] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.828] WriteFile (in: hFile=0x24c, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0039.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0039.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0039.828] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.828] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0039.829] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.829] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.829] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0039.829] CloseHandle (hObject=0x24c) returned 1 [0039.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0039.865] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.lolkek") returned 92 [0039.865] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.lolkek")) returned 1 [0039.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0039.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635d78 | out: hHeap=0x5a0000) returned 1 [0039.866] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.866] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.866] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", dwFileAttributes=0x80) returned 1 [0039.867] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.867] CloseHandle (hObject=0x24c) returned 1 [0039.867] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0039.867] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1416b54 [0039.867] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.867] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0039.915] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0039.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0039.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0039.915] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.915] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0039.963] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.963] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0039.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0039.964] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0039.964] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.964] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0039.964] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.964] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0039.964] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0039.964] CloseHandle (hObject=0x24c) returned 1 [0040.341] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.341] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.lolkek") returned 92 [0040.341] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.lolkek")) returned 1 [0040.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c768 | out: hHeap=0x5a0000) returned 1 [0040.364] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.364] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.364] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", dwFileAttributes=0x80) returned 1 [0040.365] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.365] CloseHandle (hObject=0x24c) returned 1 [0040.365] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.365] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x567 [0040.365] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.365] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.377] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.377] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.377] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x567, lpOverlapped=0x0) returned 1 [0040.377] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffa99, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.377] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x567, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x567, lpOverlapped=0x0) returned 1 [0040.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.378] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.378] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.378] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.378] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.378] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.378] CloseHandle (hObject=0x24c) returned 1 [0040.378] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.379] wsprintfW (in: param_1=0x3be0f38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.lolkek") returned 89 [0040.379] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.lolkek")) returned 1 [0040.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634d18 | out: hHeap=0x5a0000) returned 1 [0040.379] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.379] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.379] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.380] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.380] CloseHandle (hObject=0x24c) returned 1 [0040.380] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.380] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x93a [0040.380] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.380] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.399] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5fc600 [0040.400] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.400] ReadFile (in: hFile=0x24c, lpBuffer=0x5fc600, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x5fc600*, lpNumberOfBytesRead=0x310e34c*=0x93a, lpOverlapped=0x0) returned 1 [0040.400] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff6c6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.400] WriteFile (in: hFile=0x24c, lpBuffer=0x5fc600*, nNumberOfBytesToWrite=0x93a, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x5fc600*, lpNumberOfBytesWritten=0x310fd90*=0x93a, lpOverlapped=0x0) returned 1 [0040.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.400] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.400] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.400] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.400] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.400] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.401] CloseHandle (hObject=0x24c) returned 1 [0040.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.401] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.401] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.402] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.402] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634e70 | out: hHeap=0x5a0000) returned 1 [0040.402] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.402] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.402] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi", dwFileAttributes=0x80) returned 1 [0040.402] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.402] CloseHandle (hObject=0x24c) returned 1 [0040.402] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.402] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fac00 [0040.403] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.403] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.448] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.448] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.448] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.463] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.464] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.464] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.464] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.464] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.464] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.464] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.464] CloseHandle (hObject=0x24c) returned 1 [0040.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.482] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.lolkek") returned 89 [0040.482] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.lolkek")) returned 1 [0040.483] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.483] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6350f0 | out: hHeap=0x5a0000) returned 1 [0040.483] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.483] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.483] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.483] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.484] CloseHandle (hObject=0x24c) returned 1 [0040.484] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.484] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x73c [0040.484] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.484] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.504] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.504] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.504] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x73c, lpOverlapped=0x0) returned 1 [0040.504] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff8c4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.504] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x73c, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x73c, lpOverlapped=0x0) returned 1 [0040.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.505] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.505] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.505] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.505] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.505] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.505] CloseHandle (hObject=0x24c) returned 1 [0040.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.505] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.505] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6353a0 | out: hHeap=0x5a0000) returned 1 [0040.506] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.506] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.506] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi", dwFileAttributes=0x80) returned 1 [0040.528] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0040.529] CloseHandle (hObject=0x294) returned 1 [0040.529] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.533] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ab000 [0040.533] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.533] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.538] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0040.538] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.538] ReadFile (in: hFile=0x280, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.549] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.549] WriteFile (in: hFile=0x280, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.549] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.549] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.549] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.549] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.549] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.549] CloseHandle (hObject=0x280) returned 1 [0040.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.550] wsprintfW (in: param_1=0x3be0f38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.lolkek") returned 86 [0040.550] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.lolkek")) returned 1 [0040.550] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.550] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cb88 | out: hHeap=0x5a0000) returned 1 [0040.550] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.550] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.550] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", dwFileAttributes=0x80) returned 1 [0040.550] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0040.551] CloseHandle (hObject=0x280) returned 1 [0040.551] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.551] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x646 [0040.551] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.551] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.556] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3be0f38 [0040.556] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.557] ReadFile (in: hFile=0x280, lpBuffer=0x3be0f38, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3be0f38*, lpNumberOfBytesRead=0x310e34c*=0x646, lpOverlapped=0x0) returned 1 [0040.557] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffff9ba, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.557] WriteFile (in: hFile=0x280, lpBuffer=0x3be0f38*, nNumberOfBytesToWrite=0x646, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3be0f38*, lpNumberOfBytesWritten=0x310fd90*=0x646, lpOverlapped=0x0) returned 1 [0040.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.557] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.557] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.557] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.557] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.557] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.557] CloseHandle (hObject=0x280) returned 1 [0040.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.557] wsprintfW (in: param_1=0x3be0f38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.lolkek") returned 88 [0040.557] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.lolkek")) returned 1 [0040.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cf68 | out: hHeap=0x5a0000) returned 1 [0040.561] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.561] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.561] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.568] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0040.579] CloseHandle (hObject=0x294) returned 1 [0040.579] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.579] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7c4 [0040.579] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.579] ReadFile (in: hFile=0x294, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.583] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0040.583] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.583] ReadFile (in: hFile=0x294, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x310e34c*=0x7c4, lpOverlapped=0x0) returned 1 [0040.583] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffff83c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.583] WriteFile (in: hFile=0x294, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x7c4, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x310fd90*=0x7c4, lpOverlapped=0x0) returned 1 [0040.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.583] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.583] WriteFile (in: hFile=0x294, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.584] WriteFile (in: hFile=0x294, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.584] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.584] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.584] CloseHandle (hObject=0x294) returned 1 [0040.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.584] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.584] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d200 | out: hHeap=0x5a0000) returned 1 [0040.584] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.584] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.584] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.585] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0040.585] CloseHandle (hObject=0x294) returned 1 [0040.585] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.585] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x750 [0040.585] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.585] ReadFile (in: hFile=0x294, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.597] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x635fb0 [0040.598] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.598] ReadFile (in: hFile=0x294, lpBuffer=0x635fb0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x635fb0*, lpNumberOfBytesRead=0x310e34c*=0x750, lpOverlapped=0x0) returned 1 [0040.598] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffff8b0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.598] WriteFile (in: hFile=0x294, lpBuffer=0x635fb0*, nNumberOfBytesToWrite=0x750, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x635fb0*, lpNumberOfBytesWritten=0x310fd90*=0x750, lpOverlapped=0x0) returned 1 [0040.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.598] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.598] WriteFile (in: hFile=0x294, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.598] WriteFile (in: hFile=0x294, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.598] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.598] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.598] CloseHandle (hObject=0x294) returned 1 [0040.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.599] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.599] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d720 | out: hHeap=0x5a0000) returned 1 [0040.599] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.599] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.599] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi", dwFileAttributes=0x80) returned 1 [0040.629] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0040.631] CloseHandle (hObject=0x160) returned 1 [0040.631] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.633] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x264400 [0040.633] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.633] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.634] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.635] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.635] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.642] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.642] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.642] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.642] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.643] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.643] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.643] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.643] CloseHandle (hObject=0x24c) returned 1 [0040.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.643] wsprintfW (in: param_1=0x658b20, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.lolkek") returned 87 [0040.643] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.lolkek")) returned 1 [0040.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d9a8 | out: hHeap=0x5a0000) returned 1 [0040.643] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.643] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.644] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll", dwFileAttributes=0x80) returned 1 [0040.644] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.644] CloseHandle (hObject=0x24c) returned 1 [0040.644] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.644] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a588 [0040.644] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.644] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.650] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0040.650] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.650] ReadFile (in: hFile=0x24c, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.656] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.656] WriteFile (in: hFile=0x24c, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.656] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.656] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.656] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.656] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.656] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.656] CloseHandle (hObject=0x24c) returned 1 [0040.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.657] wsprintfW (in: param_1=0x658b20, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.lolkek") returned 91 [0040.657] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll.lolkek")) returned 1 [0040.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634058 | out: hHeap=0x5a0000) returned 1 [0040.657] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.657] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.657] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll", dwFileAttributes=0x80) returned 1 [0040.663] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.664] CloseHandle (hObject=0x24c) returned 1 [0040.664] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.666] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x80760 [0040.667] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.667] ReadFile (in: hFile=0x2a8, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.670] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x681408 [0040.670] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.670] ReadFile (in: hFile=0x2a8, lpBuffer=0x681408, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x681408*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.676] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x681408*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x681408*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x681408 | out: hHeap=0x5a0000) returned 1 [0040.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.676] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.676] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.676] CloseHandle (hObject=0x2a8) returned 1 [0040.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.677] wsprintfW (in: param_1=0x67d400, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.lolkek") returned 85 [0040.677] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll.lolkek")) returned 1 [0040.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ed90 | out: hHeap=0x5a0000) returned 1 [0040.682] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.682] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.682] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll", dwFileAttributes=0x80) returned 1 [0040.714] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0040.715] CloseHandle (hObject=0x270) returned 1 [0040.715] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.716] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa0200 [0040.716] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.716] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.717] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.717] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.717] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.722] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.722] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.723] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.723] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.723] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.723] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.723] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.723] CloseHandle (hObject=0x24c) returned 1 [0040.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.723] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.lolkek") returned 85 [0040.723] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll.lolkek")) returned 1 [0040.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.724] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f038 | out: hHeap=0x5a0000) returned 1 [0040.724] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.724] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.724] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", dwFileAttributes=0x80) returned 1 [0040.724] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.724] CloseHandle (hObject=0x24c) returned 1 [0040.724] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.724] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15b5 [0040.724] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.725] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.728] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e37ee8 [0040.728] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.728] ReadFile (in: hFile=0x24c, lpBuffer=0x3e37ee8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesRead=0x310e34c*=0x15b5, lpOverlapped=0x0) returned 1 [0040.734] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffea4b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.734] WriteFile (in: hFile=0x24c, lpBuffer=0x3e37ee8*, nNumberOfBytesToWrite=0x15b5, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesWritten=0x310fd90*=0x15b5, lpOverlapped=0x0) returned 1 [0040.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e37ee8 | out: hHeap=0x5a0000) returned 1 [0040.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.736] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.736] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.736] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.736] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.736] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.736] CloseHandle (hObject=0x24c) returned 1 [0040.736] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.737] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.lolkek") returned 87 [0040.737] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.lolkek")) returned 1 [0040.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6111b0 | out: hHeap=0x5a0000) returned 1 [0040.737] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.737] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.737] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll", dwFileAttributes=0x80) returned 1 [0040.737] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.738] CloseHandle (hObject=0x24c) returned 1 [0040.738] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.738] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ed80 [0040.738] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.738] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.744] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.745] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.745] ReadFile (in: hFile=0x24c, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.754] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.754] WriteFile (in: hFile=0x24c, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.754] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.754] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.754] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.755] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.755] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.755] CloseHandle (hObject=0x24c) returned 1 [0040.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.755] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.lolkek") returned 86 [0040.755] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll.lolkek")) returned 1 [0040.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f2c8 | out: hHeap=0x5a0000) returned 1 [0040.756] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.756] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.756] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.756] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.756] CloseHandle (hObject=0x24c) returned 1 [0040.756] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.757] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2488 [0040.757] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.757] ReadFile (in: hFile=0x24c, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.763] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.763] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.763] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.763] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.763] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x2488, lpOverlapped=0x0) returned 1 [0040.786] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffdb78, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.786] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x2488, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x2488, lpOverlapped=0x0) returned 1 [0040.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.786] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.786] WriteFile (in: hFile=0x24c, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.786] WriteFile (in: hFile=0x24c, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.786] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.786] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.786] CloseHandle (hObject=0x24c) returned 1 [0040.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0040.787] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.787] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0040.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f6a0 | out: hHeap=0x5a0000) returned 1 [0040.787] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.787] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.787] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", dwFileAttributes=0x80) returned 1 [0040.815] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.823] CloseHandle (hObject=0x290) returned 1 [0040.824] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.826] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1ab7e94 [0040.826] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.826] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.834] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0040.834] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.834] ReadFile (in: hFile=0x160, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.842] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.842] WriteFile (in: hFile=0x160, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.842] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.842] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.842] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.842] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.843] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.843] CloseHandle (hObject=0x160) returned 1 [0040.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.843] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.lolkek") returned 96 [0040.843] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.lolkek")) returned 1 [0040.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613740 | out: hHeap=0x5a0000) returned 1 [0040.843] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.843] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.843] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml", dwFileAttributes=0x80) returned 1 [0040.844] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0040.844] CloseHandle (hObject=0x160) returned 1 [0040.844] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.844] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x333 [0040.844] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.844] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.851] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.851] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.851] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x333, lpOverlapped=0x0) returned 1 [0040.851] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffccd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.851] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x333, lpOverlapped=0x0) returned 1 [0040.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.851] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.851] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.851] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.851] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.851] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.852] CloseHandle (hObject=0x160) returned 1 [0040.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e27ee0 [0040.852] wsprintfW (in: param_1=0x3e27ee0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.lolkek") returned 90 [0040.852] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.lolkek")) returned 1 [0040.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e27ee0 | out: hHeap=0x5a0000) returned 1 [0040.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612710 | out: hHeap=0x5a0000) returned 1 [0040.852] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.852] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.852] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi", dwFileAttributes=0x80) returned 1 [0040.864] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.864] CloseHandle (hObject=0x290) returned 1 [0040.865] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.865] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1e6600 [0040.865] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.866] ReadFile (in: hFile=0x290, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.868] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.868] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.869] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.869] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.870] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.871] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.871] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.871] WriteFile (in: hFile=0x290, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.871] WriteFile (in: hFile=0x290, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.871] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.871] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.871] CloseHandle (hObject=0x290) returned 1 [0040.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e2bee8 [0040.871] wsprintfW (in: param_1=0x3e2bee8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.lolkek") returned 88 [0040.871] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.lolkek")) returned 1 [0040.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e2bee8 | out: hHeap=0x5a0000) returned 1 [0040.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612868 | out: hHeap=0x5a0000) returned 1 [0040.872] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.872] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.872] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll", dwFileAttributes=0x80) returned 1 [0040.876] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0040.878] CloseHandle (hObject=0x160) returned 1 [0040.878] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.881] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x709768 [0040.881] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.881] ReadFile (in: hFile=0x290, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.882] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.882] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.882] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.884] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.884] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.884] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.884] WriteFile (in: hFile=0x290, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.884] WriteFile (in: hFile=0x290, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.884] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.884] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.884] CloseHandle (hObject=0x290) returned 1 [0040.884] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.884] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.lolkek") returned 84 [0040.884] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.lolkek")) returned 1 [0040.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60fa78 | out: hHeap=0x5a0000) returned 1 [0040.889] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.889] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.889] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", dwFileAttributes=0x80) returned 1 [0040.889] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.889] CloseHandle (hObject=0x290) returned 1 [0040.889] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.889] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaec3a [0040.890] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.890] ReadFile (in: hFile=0x290, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.897] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.897] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.897] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.899] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.899] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.899] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.899] WriteFile (in: hFile=0x290, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.899] WriteFile (in: hFile=0x290, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.899] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.899] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.899] CloseHandle (hObject=0x290) returned 1 [0040.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e53fd8 [0040.900] wsprintfW (in: param_1=0x3e53fd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.lolkek") returned 98 [0040.900] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.lolkek")) returned 1 [0040.902] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e53fd8 | out: hHeap=0x5a0000) returned 1 [0040.902] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612c40 | out: hHeap=0x5a0000) returned 1 [0040.903] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.903] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.903] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab", dwFileAttributes=0x80) returned 1 [0040.907] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.908] CloseHandle (hObject=0x290) returned 1 [0040.908] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.911] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa97cbdb [0040.911] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.911] ReadFile (in: hFile=0x290, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.921] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.921] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.921] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.924] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.924] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.924] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.924] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.924] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.924] WriteFile (in: hFile=0x290, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.924] WriteFile (in: hFile=0x290, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.924] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.924] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.924] CloseHandle (hObject=0x290) returned 1 [0040.925] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e53fd8 [0040.925] wsprintfW (in: param_1=0x3e53fd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.lolkek") returned 85 [0040.925] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.lolkek")) returned 1 [0040.928] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e53fd8 | out: hHeap=0x5a0000) returned 1 [0040.928] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60fe50 | out: hHeap=0x5a0000) returned 1 [0040.928] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.928] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.928] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.932] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.933] CloseHandle (hObject=0x290) returned 1 [0040.933] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.934] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7976 [0040.934] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.934] ReadFile (in: hFile=0x2a8, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.937] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.937] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.937] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e37ee8 [0040.937] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.937] ReadFile (in: hFile=0x2a8, lpBuffer=0x3e37ee8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.941] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.941] WriteFile (in: hFile=0x2a8, lpBuffer=0x3e37ee8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.941] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e37ee8 | out: hHeap=0x5a0000) returned 1 [0040.942] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.942] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.942] WriteFile (in: hFile=0x2a8, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.942] WriteFile (in: hFile=0x2a8, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.942] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.942] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.942] CloseHandle (hObject=0x2a8) returned 1 [0040.943] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.943] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.943] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.944] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.944] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610228 | out: hHeap=0x5a0000) returned 1 [0040.944] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.944] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.944] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x80) returned 1 [0040.952] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.952] CloseHandle (hObject=0x290) returned 1 [0040.952] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.955] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a968 [0040.955] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.955] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.957] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e37ee8 [0040.958] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.958] ReadFile (in: hFile=0x160, lpBuffer=0x3e37ee8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.964] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.964] WriteFile (in: hFile=0x160, lpBuffer=0x3e37ee8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.964] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e37ee8 | out: hHeap=0x5a0000) returned 1 [0040.965] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.965] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.965] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.965] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.965] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.965] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.966] CloseHandle (hObject=0x160) returned 1 [0040.966] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.966] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.lolkek") returned 81 [0040.966] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe.lolkek")) returned 1 [0040.972] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.972] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6131a8 | out: hHeap=0x5a0000) returned 1 [0040.972] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.972] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.972] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll", dwFileAttributes=0x80) returned 1 [0040.976] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.979] CloseHandle (hObject=0x290) returned 1 [0040.979] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.980] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x165510 [0040.980] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.980] ReadFile (in: hFile=0x290, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0040.983] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0040.983] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.983] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.983] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.983] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0040.991] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.991] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0040.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.991] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.991] WriteFile (in: hFile=0x290, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0040.991] WriteFile (in: hFile=0x290, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.991] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0040.991] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0040.991] CloseHandle (hObject=0x290) returned 1 [0040.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.992] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.lolkek") returned 85 [0040.992] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll.lolkek")) returned 1 [0040.993] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.993] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610600 | out: hHeap=0x5a0000) returned 1 [0040.993] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.993] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.993] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml", dwFileAttributes=0x80) returned 1 [0041.004] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.005] CloseHandle (hObject=0x2a8) returned 1 [0041.005] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.007] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1915 [0041.007] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.007] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.008] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.008] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.008] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x1915, lpOverlapped=0x0) returned 1 [0041.009] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffe6eb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.009] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x1915, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x1915, lpOverlapped=0x0) returned 1 [0041.009] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.011] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.011] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.011] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.011] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.011] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.011] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.011] CloseHandle (hObject=0x160) returned 1 [0041.011] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0041.012] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.lolkek") returned 87 [0041.012] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.lolkek")) returned 1 [0041.015] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0041.015] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613a48 | out: hHeap=0x5a0000) returned 1 [0041.015] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.015] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.015] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0041.021] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234 [0041.021] CloseHandle (hObject=0x234) returned 1 [0041.021] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0041.021] GetFileSize (in: hFile=0x234, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x412b [0041.021] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.021] ReadFile (in: hFile=0x234, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.026] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e73fe8 [0041.027] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.027] ReadFile (in: hFile=0x234, lpBuffer=0x3e73fe8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e73fe8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0041.033] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.033] WriteFile (in: hFile=0x234, lpBuffer=0x3e73fe8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e73fe8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0041.033] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.034] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.034] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.034] WriteFile (in: hFile=0x234, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.035] WriteFile (in: hFile=0x234, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.035] WriteFile (in: hFile=0x234, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.035] WriteFile (in: hFile=0x234, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.035] CloseHandle (hObject=0x234) returned 1 [0041.035] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.036] wsprintfW (in: param_1=0x3c03e90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0041.036] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0041.036] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.036] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6109d8 | out: hHeap=0x5a0000) returned 1 [0041.036] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.036] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.036] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x80) returned 1 [0041.056] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0041.062] CloseHandle (hObject=0x210) returned 1 [0041.062] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.067] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a968 [0041.067] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.067] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.068] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.068] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.068] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0041.069] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.069] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0041.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.070] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.070] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.070] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.070] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.070] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.070] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.070] CloseHandle (hObject=0x160) returned 1 [0041.071] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.071] wsprintfW (in: param_1=0x3c13e98, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.lolkek") returned 81 [0041.071] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe.lolkek")) returned 1 [0041.075] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.075] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615a30 | out: hHeap=0x5a0000) returned 1 [0041.075] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.075] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.075] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll", dwFileAttributes=0x80) returned 1 [0041.075] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0041.075] CloseHandle (hObject=0x160) returned 1 [0041.075] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.075] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x165510 [0041.075] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.075] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.081] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e77ff0 [0041.081] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.081] ReadFile (in: hFile=0x160, lpBuffer=0x3e77ff0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e77ff0*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0041.090] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.090] WriteFile (in: hFile=0x160, lpBuffer=0x3e77ff0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e77ff0*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0041.091] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e77ff0 | out: hHeap=0x5a0000) returned 1 [0041.092] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.092] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.092] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.092] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.092] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.092] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.092] CloseHandle (hObject=0x160) returned 1 [0041.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.093] wsprintfW (in: param_1=0x3c13e98, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.lolkek") returned 85 [0041.093] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll.lolkek")) returned 1 [0041.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615b80 | out: hHeap=0x5a0000) returned 1 [0041.103] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.103] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.103] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0041.113] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0041.116] CloseHandle (hObject=0x160) returned 1 [0041.116] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.119] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5061 [0041.119] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.119] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.125] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.125] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.125] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.126] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.126] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0041.131] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.131] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0041.131] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.132] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.132] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.132] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.133] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.133] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.133] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.133] CloseHandle (hObject=0x160) returned 1 [0041.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.134] wsprintfW (in: param_1=0x3c13e98, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0041.134] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0041.134] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.134] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615e10 | out: hHeap=0x5a0000) returned 1 [0041.134] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.134] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.134] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml", dwFileAttributes=0x80) returned 1 [0041.134] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0041.135] CloseHandle (hObject=0x160) returned 1 [0041.135] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.135] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2213 [0041.135] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.135] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.172] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.181] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.181] ReadFile (in: hFile=0x160, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x2213, lpOverlapped=0x0) returned 1 [0041.202] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffdded, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.202] WriteFile (in: hFile=0x160, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x2213, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x2213, lpOverlapped=0x0) returned 1 [0041.202] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.204] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.204] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.204] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.204] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.204] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.204] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.204] CloseHandle (hObject=0x160) returned 1 [0041.205] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.205] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.lolkek") returned 86 [0041.205] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.lolkek")) returned 1 [0041.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6161e8 | out: hHeap=0x5a0000) returned 1 [0041.206] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.206] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.206] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp", dwFileAttributes=0x80) returned 1 [0041.207] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0041.207] CloseHandle (hObject=0x160) returned 1 [0041.207] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.207] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x109d000 [0041.207] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.208] ReadFile (in: hFile=0x160, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.220] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e37ee8 [0041.220] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.220] ReadFile (in: hFile=0x160, lpBuffer=0x3e37ee8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0041.231] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.231] WriteFile (in: hFile=0x160, lpBuffer=0x3e37ee8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3e37ee8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0041.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e37ee8 | out: hHeap=0x5a0000) returned 1 [0041.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.232] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.232] WriteFile (in: hFile=0x160, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.232] WriteFile (in: hFile=0x160, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.232] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.232] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.232] CloseHandle (hObject=0x160) returned 1 [0041.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.232] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.lolkek") returned 73 [0041.232] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp"), lpNewFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.lolkek" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrupd10116_mui.msp.lolkek")) returned 1 [0041.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618f10 | out: hHeap=0x5a0000) returned 1 [0041.233] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.233] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.233] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W", dwFileAttributes=0x80) returned 1 [0041.243] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.243] CloseHandle (hObject=0x2a8) returned 1 [0041.243] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.244] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x325ec [0041.244] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.244] ReadFile (in: hFile=0x2a8, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.247] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.248] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.248] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0041.250] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.250] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0041.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.250] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.250] WriteFile (in: hFile=0x2a8, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.250] WriteFile (in: hFile=0x2a8, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.250] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.250] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.250] CloseHandle (hObject=0x2a8) returned 1 [0041.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.251] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.lolkek") returned 85 [0041.251] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.lolkek" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mkwd_bestbet.h1w.lolkek")) returned 1 [0041.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.251] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616708 | out: hHeap=0x5a0000) returned 1 [0041.251] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.251] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.251] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H", dwFileAttributes=0x80) returned 1 [0041.251] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.252] CloseHandle (hObject=0x2a8) returned 1 [0041.252] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.252] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x79f1a [0041.252] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.252] ReadFile (in: hFile=0x2a8, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.269] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.269] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.270] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0041.278] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.278] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0041.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.278] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.278] WriteFile (in: hFile=0x2a8, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.278] WriteFile (in: hFile=0x2a8, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.278] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.278] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.278] CloseHandle (hObject=0x2a8) returned 1 [0041.278] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.279] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.lolkek") returned 82 [0041.279] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.lolkek" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mtoc_help.h1h.lolkek")) returned 1 [0041.279] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.279] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c040 | out: hHeap=0x5a0000) returned 1 [0041.279] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.279] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.279] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", dwFileAttributes=0x80) returned 1 [0041.280] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.280] CloseHandle (hObject=0x2a8) returned 1 [0041.280] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.280] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2f [0041.280] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.280] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.280] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.280] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.280] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x2f, lpOverlapped=0x0) returned 1 [0041.281] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffffd1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.281] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x2f, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x2f, lpOverlapped=0x0) returned 1 [0041.281] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.281] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.281] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.281] WriteFile (in: hFile=0x2a8, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.281] WriteFile (in: hFile=0x2a8, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.281] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.281] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.281] CloseHandle (hObject=0x2a8) returned 1 [0041.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.281] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek") returned 125 [0041.282] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek")) returned 1 [0041.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf2558 | out: hHeap=0x5a0000) returned 1 [0041.282] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.282] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.282] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", dwFileAttributes=0x80) returned 1 [0041.282] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.282] CloseHandle (hObject=0x2a8) returned 1 [0041.283] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.283] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x41d [0041.283] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.283] ReadFile (in: hFile=0x2a8, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0041.316] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0041.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.316] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.316] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x310e34c*=0x41d, lpOverlapped=0x0) returned 1 [0041.316] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffbe3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.316] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x41d, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x310fd90*=0x41d, lpOverlapped=0x0) returned 1 [0041.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.317] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0041.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0041.317] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0041.317] CloseHandle (hObject=0x2a8) returned 1 [0041.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.317] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek") returned 125 [0041.317] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek")) returned 1 [0041.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de12f0 | out: hHeap=0x5a0000) returned 1 [0041.318] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.318] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.318] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", dwFileAttributes=0x80) returned 0 [0041.354] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.358] RmStartSession () returned 0x0 [0041.361] RmRegisterResources () returned 0x0 [0041.363] RmGetList () returned 0x0 [0042.248] RmEndSession () returned 0x0 [0042.409] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf098 | out: hHeap=0x5a0000) returned 1 [0042.409] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.410] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.410] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico", dwFileAttributes=0x80) returned 0 [0042.410] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.410] RmStartSession () returned 0x0 [0042.485] RmRegisterResources () returned 0x0 [0042.487] RmGetList () returned 0x0 [0043.011] RmEndSession () returned 0x0 [0043.031] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d640 | out: hHeap=0x5a0000) returned 1 [0043.031] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.031] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.032] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico", dwFileAttributes=0x80) returned 0 [0043.032] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.032] RmStartSession () returned 0x0 [0043.035] RmRegisterResources () returned 0x0 [0043.037] RmGetList () returned 0x0 [0044.217] RmEndSession () returned 0x0 [0044.240] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x677480 | out: hHeap=0x5a0000) returned 1 [0044.240] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.241] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.241] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp", dwFileAttributes=0x80) returned 0 [0044.245] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.245] RmStartSession () returned 0x0 [0044.248] RmRegisterResources () returned 0x0 [0044.250] RmGetList () returned 0x0 [0044.919] RmEndSession () returned 0x0 [0044.943] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile14.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.943] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676938 | out: hHeap=0x5a0000) returned 1 [0044.943] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.943] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.943] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", dwFileAttributes=0x80) returned 0 [0044.946] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.946] RmStartSession () returned 0x0 [0044.949] RmRegisterResources () returned 0x0 [0044.952] RmGetList () returned 0x0 [0045.580] RmEndSession () returned 0x0 [0045.602] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614a68 | out: hHeap=0x5a0000) returned 1 [0045.602] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.602] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.602] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", dwFileAttributes=0x80) returned 0 [0045.604] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.605] RmStartSession () returned 0x0 [0045.607] RmRegisterResources () returned 0x0 [0045.610] RmGetList () returned 0x0 [0046.380] RmEndSession () returned 0x0 [0046.401] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cad7c0 | out: hHeap=0x5a0000) returned 1 [0046.401] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.402] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.402] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg", dwFileAttributes=0x80) returned 0 [0046.402] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0046.402] RmStartSession () returned 0x0 [0046.405] RmRegisterResources () returned 0x0 [0046.408] RmGetList () returned 0x0 [0052.952] RmEndSession () returned 0x0 [0052.983] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0052.983] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde150 | out: hHeap=0x5a0000) returned 1 [0052.983] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.983] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.983] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7", dwFileAttributes=0x80) returned 1 [0053.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0053.726] CloseHandle (hObject=0x294) returned 1 [0053.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.750] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d4 [0053.750] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.750] ReadFile (in: hFile=0x190, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0053.750] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0053.750] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.751] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.751] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x1d4, lpOverlapped=0x0) returned 1 [0053.751] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffe2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.751] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d4, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x1d4, lpOverlapped=0x0) returned 1 [0053.751] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.751] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.751] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.751] WriteFile (in: hFile=0x190, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0053.751] WriteFile (in: hFile=0x190, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.751] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.751] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0053.751] CloseHandle (hObject=0x190) returned 1 [0053.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0053.752] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7.lolkek") returned 158 [0053.752] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7.lolkek")) returned 1 [0053.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0053.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec12b0 | out: hHeap=0x5a0000) returned 1 [0053.769] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.769] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.769] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", dwFileAttributes=0x80) returned 1 [0053.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.788] CloseHandle (hObject=0x2b8) returned 1 [0053.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0053.803] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe14 [0053.803] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.803] ReadFile (in: hFile=0x1e0, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0053.805] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0053.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.805] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.805] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0xe14, lpOverlapped=0x0) returned 1 [0053.806] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffff1ec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.806] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe14, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0xe14, lpOverlapped=0x0) returned 1 [0053.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.806] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.806] WriteFile (in: hFile=0x1e0, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0053.806] WriteFile (in: hFile=0x1e0, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.806] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.806] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0053.806] CloseHandle (hObject=0x1e0) returned 1 [0053.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0053.807] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.lolkek") returned 112 [0053.807] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat.lolkek")) returned 1 [0053.968] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0053.969] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde770 | out: hHeap=0x5a0000) returned 1 [0053.969] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.969] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.969] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact", dwFileAttributes=0x80) returned 1 [0053.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.970] CloseHandle (hObject=0x280) returned 1 [0053.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.970] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10b1e [0053.970] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.970] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0053.978] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0053.978] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.978] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.978] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.978] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0053.984] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.984] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0053.984] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.984] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.984] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.984] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0053.985] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.985] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.985] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0053.985] CloseHandle (hObject=0x280) returned 1 [0053.985] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.985] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.lolkek") returned 71 [0053.985] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.lolkek")) returned 1 [0053.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611ca0 | out: hHeap=0x5a0000) returned 1 [0053.986] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.986] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.986] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini", dwFileAttributes=0x80) returned 1 [0053.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.986] CloseHandle (hObject=0x280) returned 1 [0053.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.986] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19c [0053.987] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.987] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0053.987] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0053.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.987] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.987] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x19c, lpOverlapped=0x0) returned 1 [0053.987] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe64, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.987] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x19c, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x19c, lpOverlapped=0x0) returned 1 [0053.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.987] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.987] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0053.988] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.988] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.988] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0053.988] CloseHandle (hObject=0x280) returned 1 [0053.988] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.988] wsprintfW (in: param_1=0x3be0868, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.lolkek") returned 61 [0053.988] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini.lolkek")) returned 1 [0053.989] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.989] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb670 | out: hHeap=0x5a0000) returned 1 [0053.989] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.989] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.989] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact", dwFileAttributes=0x80) returned 1 [0053.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.989] CloseHandle (hObject=0x280) returned 1 [0053.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.989] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x496 [0053.990] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.990] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0053.995] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0053.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.995] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.995] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x496, lpOverlapped=0x0) returned 1 [0053.995] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffb6a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.995] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x496, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x496, lpOverlapped=0x0) returned 1 [0053.995] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.995] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.995] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.995] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0053.995] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.995] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.995] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0053.995] CloseHandle (hObject=0x280) returned 1 [0053.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.996] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.lolkek") returned 71 [0053.996] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.lolkek")) returned 1 [0053.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612100 | out: hHeap=0x5a0000) returned 1 [0053.996] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.997] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.997] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a", dwFileAttributes=0x80) returned 1 [0053.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-d9xf2.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.997] CloseHandle (hObject=0x280) returned 1 [0053.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-d9xf2.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.997] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb871 [0053.997] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.997] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0053.998] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0053.998] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.998] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.998] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.998] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0053.998] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.998] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0053.998] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.998] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.998] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.998] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0053.998] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.998] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0053.998] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0053.998] CloseHandle (hObject=0x280) returned 1 [0053.999] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.999] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a.lolkek") returned 59 [0053.999] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-d9xf2.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-d9xf2.m4a.lolkek")) returned 1 [0053.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbfd70 | out: hHeap=0x5a0000) returned 1 [0053.999] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.999] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.999] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc", dwFileAttributes=0x80) returned 1 [0054.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-qumnow54v6v.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.000] CloseHandle (hObject=0x280) returned 1 [0054.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-qumnow54v6v.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.000] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x943a [0054.000] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.000] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.001] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.001] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.001] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.001] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.001] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.001] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.001] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.001] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.001] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.001] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.001] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.001] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.001] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.001] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.001] CloseHandle (hObject=0x280) returned 1 [0054.001] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.001] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc.lolkek") returned 65 [0054.002] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-qumnow54v6v.doc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\-qumnow54v6v.doc.lolkek")) returned 1 [0054.002] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.002] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7c38 | out: hHeap=0x5a0000) returned 1 [0054.002] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.002] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.002] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp", dwFileAttributes=0x80) returned 1 [0054.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1e881ie2ezh.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.003] CloseHandle (hObject=0x280) returned 1 [0054.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1e881ie2ezh.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.003] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x188d7 [0054.003] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.003] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.004] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.004] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.004] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.004] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.004] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.004] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.004] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.004] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.004] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.004] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.004] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.004] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.004] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.004] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.004] CloseHandle (hObject=0x280) returned 1 [0054.004] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.004] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp.lolkek") returned 64 [0054.004] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1e881ie2ezh.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1e881ie2ezh.bmp.lolkek")) returned 1 [0054.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669690 | out: hHeap=0x5a0000) returned 1 [0054.005] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.006] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.006] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt", dwFileAttributes=0x80) returned 1 [0054.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1u8kfbiyqkmqz.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.006] CloseHandle (hObject=0x280) returned 1 [0054.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1u8kfbiyqkmqz.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.006] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10d9b [0054.006] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.006] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.007] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.007] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.007] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.007] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.007] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.007] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.007] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.007] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.007] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.007] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.007] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.007] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.008] CloseHandle (hObject=0x280) returned 1 [0054.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.008] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt.lolkek") returned 66 [0054.008] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1u8kfbiyqkmqz.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1u8kfbiyqkmqz.ppt.lolkek")) returned 1 [0054.008] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.008] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7d30 | out: hHeap=0x5a0000) returned 1 [0054.008] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.009] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.009] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3", dwFileAttributes=0x80) returned 1 [0054.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9u2r.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.009] CloseHandle (hObject=0x280) returned 1 [0054.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9u2r.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.009] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4e74 [0054.009] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.009] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.010] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.010] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.010] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.010] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.010] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.010] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.010] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.010] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.010] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.010] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.010] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.010] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.010] CloseHandle (hObject=0x280) returned 1 [0054.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.010] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3.lolkek") returned 57 [0054.011] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9u2r.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9u2r.mp3.lolkek")) returned 1 [0054.011] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.011] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd820 | out: hHeap=0x5a0000) returned 1 [0054.011] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.011] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.011] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a", dwFileAttributes=0x80) returned 1 [0054.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiogetfogolcsvc0zt6g.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.012] CloseHandle (hObject=0x280) returned 1 [0054.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiogetfogolcsvc0zt6g.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.012] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12a12 [0054.012] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.012] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.012] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.012] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.013] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.013] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.013] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.013] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.013] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.013] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.013] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.013] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.013] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.013] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.013] CloseHandle (hObject=0x280) returned 1 [0054.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.013] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a.lolkek") returned 73 [0054.013] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiogetfogolcsvc0zt6g.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aiogetfogolcsvc0zt6g.m4a.lolkek")) returned 1 [0054.014] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.014] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669780 | out: hHeap=0x5a0000) returned 1 [0054.014] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.014] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.014] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi", dwFileAttributes=0x80) returned 1 [0054.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bnl_oo3wba.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.014] CloseHandle (hObject=0x280) returned 1 [0054.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bnl_oo3wba.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.015] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x106ce [0054.015] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.015] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.015] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.015] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.015] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.015] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.015] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.016] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.016] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.016] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.016] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.016] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.016] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.016] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.016] CloseHandle (hObject=0x280) returned 1 [0054.016] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.016] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi.lolkek") returned 63 [0054.016] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bnl_oo3wba.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bnl_oo3wba.avi.lolkek")) returned 1 [0054.017] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.017] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb970 | out: hHeap=0x5a0000) returned 1 [0054.017] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.017] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.017] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav", dwFileAttributes=0x80) returned 1 [0054.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cvvmxc.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.017] CloseHandle (hObject=0x280) returned 1 [0054.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cvvmxc.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.017] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc2fe [0054.017] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.018] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.018] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.018] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.018] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.018] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.018] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.018] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.018] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.018] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.018] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.018] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.018] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.019] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.019] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.019] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.019] CloseHandle (hObject=0x280) returned 1 [0054.019] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.019] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav.lolkek") returned 59 [0054.019] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cvvmxc.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cvvmxc.wav.lolkek")) returned 1 [0054.019] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.020] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbfbb0 | out: hHeap=0x5a0000) returned 1 [0054.020] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.020] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.020] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots", dwFileAttributes=0x80) returned 1 [0054.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6dhledvqocp.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.020] CloseHandle (hObject=0x280) returned 1 [0054.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6dhledvqocp.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.020] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe621 [0054.020] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.020] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.021] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.021] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.021] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.021] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.021] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.021] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.021] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.021] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.021] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.021] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.021] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.021] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.021] CloseHandle (hObject=0x280) returned 1 [0054.022] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.022] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots.lolkek") returned 65 [0054.022] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6dhledvqocp.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6dhledvqocp.ots.lolkek")) returned 1 [0054.022] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.022] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7e28 | out: hHeap=0x5a0000) returned 1 [0054.022] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.022] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.022] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps", dwFileAttributes=0x80) returned 1 [0054.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6g6h39jpp0svtoep.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.023] CloseHandle (hObject=0x280) returned 1 [0054.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6g6h39jpp0svtoep.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.023] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x854e [0054.023] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.023] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.023] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.023] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.024] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.024] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.024] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.024] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.024] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.024] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.024] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.024] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.024] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.024] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.024] CloseHandle (hObject=0x280) returned 1 [0054.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.024] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps.lolkek") returned 70 [0054.024] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6g6h39jpp0svtoep.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d6g6h39jpp0svtoep.pps.lolkek")) returned 1 [0054.025] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.025] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62e8c0 | out: hHeap=0x5a0000) returned 1 [0054.025] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.025] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.025] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.026] CloseHandle (hObject=0x280) returned 1 [0054.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.026] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a [0054.026] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.026] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.026] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.026] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.026] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x11a, lpOverlapped=0x0) returned 1 [0054.026] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffee6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.026] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x11a, lpOverlapped=0x0) returned 1 [0054.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.027] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.027] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.027] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.027] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.027] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.027] CloseHandle (hObject=0x280) returned 1 [0054.027] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.027] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.lolkek") returned 60 [0054.027] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini.lolkek")) returned 1 [0054.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbfc90 | out: hHeap=0x5a0000) returned 1 [0054.028] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.028] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.028] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt", dwFileAttributes=0x80) returned 1 [0054.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dqa64vo.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.030] CloseHandle (hObject=0x280) returned 1 [0054.030] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dqa64vo.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.030] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6664 [0054.030] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.030] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.031] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.031] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.031] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.031] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.031] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.031] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.031] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.031] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.031] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.031] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.031] CloseHandle (hObject=0x280) returned 1 [0054.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.031] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt.lolkek") returned 60 [0054.031] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dqa64vo.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dqa64vo.ppt.lolkek")) returned 1 [0054.032] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.032] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbf830 | out: hHeap=0x5a0000) returned 1 [0054.032] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.032] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.032] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx", dwFileAttributes=0x80) returned 1 [0054.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eajjreqeahxo.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.033] CloseHandle (hObject=0x280) returned 1 [0054.033] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eajjreqeahxo.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.033] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x597b [0054.033] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.033] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.034] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.034] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.034] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.034] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.034] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.034] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.034] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.034] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.034] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.034] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.034] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.034] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.034] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.034] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.034] CloseHandle (hObject=0x280) returned 1 [0054.034] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.034] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx.lolkek") returned 66 [0054.034] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eajjreqeahxo.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eajjreqeahxo.xlsx.lolkek")) returned 1 [0054.035] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.035] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7f20 | out: hHeap=0x5a0000) returned 1 [0054.035] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.035] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.035] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf", dwFileAttributes=0x80) returned 1 [0054.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ezdtr1q3wblq2qrn4sh.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.036] CloseHandle (hObject=0x280) returned 1 [0054.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ezdtr1q3wblq2qrn4sh.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.036] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2aed [0054.036] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.036] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.036] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.036] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.036] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.036] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.036] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x2aed, lpOverlapped=0x0) returned 1 [0054.036] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffd513, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.036] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2aed, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x2aed, lpOverlapped=0x0) returned 1 [0054.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.037] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.037] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.037] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.037] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.037] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.037] CloseHandle (hObject=0x280) returned 1 [0054.037] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.037] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf.lolkek") returned 72 [0054.037] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ezdtr1q3wblq2qrn4sh.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ezdtr1q3wblq2qrn4sh.swf.lolkek")) returned 1 [0054.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611610 | out: hHeap=0x5a0000) returned 1 [0054.038] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.038] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.038] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4", dwFileAttributes=0x80) returned 1 [0054.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\ba9ed.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.038] CloseHandle (hObject=0x280) returned 1 [0054.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\ba9ed.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.038] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8622 [0054.038] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.038] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.039] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.039] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.039] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.039] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.039] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.039] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.120] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.120] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.120] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.120] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.120] CloseHandle (hObject=0x280) returned 1 [0054.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.120] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4.lolkek") returned 64 [0054.120] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\ba9ed.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\ba9ed.mp4.lolkek")) returned 1 [0054.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657f38 | out: hHeap=0x5a0000) returned 1 [0054.165] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.165] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.165] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav", dwFileAttributes=0x80) returned 1 [0054.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ouv-4si_az7.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0054.174] CloseHandle (hObject=0x280) returned 1 [0054.174] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ouv-4si_az7.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.174] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x58df [0054.174] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.174] ReadFile (in: hFile=0x280, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.175] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.175] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.175] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.175] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.175] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.175] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.175] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.175] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.175] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.175] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.176] WriteFile (in: hFile=0x280, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.176] WriteFile (in: hFile=0x280, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.176] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.176] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.176] CloseHandle (hObject=0x280) returned 1 [0054.180] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0054.181] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav.lolkek") returned 64 [0054.181] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ouv-4si_az7.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ouv-4si_az7.wav.lolkek")) returned 1 [0054.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0054.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddeb0 | out: hHeap=0x5a0000) returned 1 [0054.221] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.221] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.221] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf", dwFileAttributes=0x80) returned 1 [0054.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sjrb7jsi.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.230] CloseHandle (hObject=0x2bc) returned 1 [0054.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sjrb7jsi.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.230] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6070 [0054.230] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.230] ReadFile (in: hFile=0x2bc, lpBuffer=0x310fd90, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x310e374, lpOverlapped=0x0 | out: lpBuffer=0x310fd90*, lpNumberOfBytesRead=0x310e374*=0xd, lpOverlapped=0x0) returned 1 [0054.231] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x310fda0 | out: pbBuffer=0x310fda0) returned 1 [0054.231] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.231] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.231] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.231] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x310e34c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x310e34c*=0x4000, lpOverlapped=0x0) returned 1 [0054.231] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.231] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x310fd90, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x310fd90*=0x4000, lpOverlapped=0x0) returned 1 [0054.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.232] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.232] WriteFile (in: hFile=0x2bc, lpBuffer=0x310e354*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310e354*, lpNumberOfBytesWritten=0x310e358*=0x4, lpOverlapped=0x0) returned 1 [0054.232] WriteFile (in: hFile=0x2bc, lpBuffer=0x310fda0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x310fda0*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.232] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x310e358*=0x20, lpOverlapped=0x0) returned 1 [0054.232] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x310e358, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x310e358*=0xd, lpOverlapped=0x0) returned 1 [0054.232] CloseHandle (hObject=0x2bc) returned 1 [0054.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0054.234] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf.lolkek") returned 61 [0054.234] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sjrb7jsi.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sjrb7jsi.swf.lolkek")) returned 1 [0054.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0054.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb928 | out: hHeap=0x5a0000) returned 1 [0054.274] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.274] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.274] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe", dwFileAttributes=0x80) returned 1 [0054.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zfxqrq7mxhhem2v2.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0054.275] RmStartSession () returned 0x0 [0054.276] RmRegisterResources () returned 0x0 [0054.279] RmGetList () returned 0x0 [0063.003] GetCurrentProcessId () returned 0x86c [0063.003] RmEndSession () returned 0x0 [0063.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zfxqrq7mxhhem2v2.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec3f18 | out: hHeap=0x5a0000) returned 1 [0063.157] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 10 os_tid = 0x8f8 [0035.505] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.829] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.829] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0035.829] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.838] RmStartSession () returned 0x0 [0036.234] RmRegisterResources () returned 0x0 [0036.237] RmGetList () returned 0x0 [0036.934] RmEndSession () returned 0x0 [0036.952] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0036.952] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc2c0 | out: hHeap=0x5a0000) returned 1 [0036.953] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0036.953] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.953] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0036.953] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0036.953] RmStartSession () returned 0x0 [0036.955] RmRegisterResources () returned 0x0 [0036.957] RmGetList () returned 0x0 [0037.648] RmEndSession () returned 0x0 [0037.671] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fd20 | out: hHeap=0x5a0000) returned 1 [0037.671] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.671] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.671] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.671] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.671] RmStartSession () returned 0x0 [0037.673] RmRegisterResources () returned 0x0 [0037.675] RmGetList () returned 0x0 [0041.564] RmEndSession () returned 0x0 [0041.590] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.590] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x630368 | out: hHeap=0x5a0000) returned 1 [0041.590] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.590] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.590] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml", dwFileAttributes=0x80) returned 0 [0041.590] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.590] RmStartSession () returned 0x0 [0041.592] RmRegisterResources () returned 0x0 [0041.595] RmGetList () returned 0x0 [0042.685] RmEndSession () returned 0x0 [0042.704] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf710 | out: hHeap=0x5a0000) returned 1 [0042.704] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.704] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.704] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml", dwFileAttributes=0x80) returned 0 [0042.706] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.706] RmStartSession () returned 0x0 [0042.708] RmRegisterResources () returned 0x0 [0042.710] RmGetList () returned 0x0 [0043.851] RmEndSession () returned 0x0 [0043.874] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94aa8 | out: hHeap=0x5a0000) returned 1 [0043.875] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.875] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.875] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp", dwFileAttributes=0x80) returned 1 [0043.875] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp" (normalized: "c:\\programdata\\microsoft\\rac\\temp\\sql64ab.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.875] RmStartSession () returned 0x0 [0043.877] RmRegisterResources () returned 0x0 [0043.879] RmGetList () returned 0x0 [0044.564] GetCurrentProcessId () returned 0x86c [0044.564] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0044.564] RmEndSession () returned 0x0 [0044.587] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp" (normalized: "c:\\programdata\\microsoft\\rac\\temp\\sql64ab.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.587] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676100 | out: hHeap=0x5a0000) returned 1 [0044.587] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.587] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.587] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp", dwFileAttributes=0x80) returned 0 [0044.587] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.587] RmStartSession () returned 0x0 [0044.589] RmRegisterResources () returned 0x0 [0044.591] RmGetList () returned 0x0 [0045.255] RmEndSession () returned 0x0 [0045.278] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile20.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614258 | out: hHeap=0x5a0000) returned 1 [0045.278] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.278] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.278] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", dwFileAttributes=0x80) returned 0 [0045.278] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.278] RmStartSession () returned 0x0 [0045.280] RmRegisterResources () returned 0x0 [0045.282] RmGetList () returned 0x0 [0045.924] RmEndSession () returned 0x0 [0045.953] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.953] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615278 | out: hHeap=0x5a0000) returned 1 [0045.953] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.953] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.953] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", dwFileAttributes=0x80) returned 0 [0045.953] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.953] RmStartSession () returned 0x0 [0045.955] RmRegisterResources () returned 0x0 [0045.957] RmGetList () returned 0x0 [0047.136] RmEndSession () returned 0x0 [0047.157] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadfd0 | out: hHeap=0x5a0000) returned 1 [0047.157] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.157] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.157] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst", dwFileAttributes=0x80) returned 1 [0050.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.353] CloseHandle (hObject=0x268) returned 1 [0050.353] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.353] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x49c [0050.353] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.353] ReadFile (in: hFile=0x268, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.356] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.356] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.356] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x49c, lpOverlapped=0x0) returned 1 [0050.356] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffb64, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.356] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x49c, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x49c, lpOverlapped=0x0) returned 1 [0050.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.356] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.356] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.356] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.356] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.356] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.356] CloseHandle (hObject=0x268) returned 1 [0050.357] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.357] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst.lolkek") returned 81 [0050.357] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst.lolkek")) returned 1 [0050.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f460 | out: hHeap=0x5a0000) returned 1 [0050.357] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.358] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.358] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log", dwFileAttributes=0x80) returned 1 [0050.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.358] CloseHandle (hObject=0x268) returned 1 [0050.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.358] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.358] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.359] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.359] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x0, lpOverlapped=0x0) returned 1 [0050.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.359] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.359] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.359] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.359] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.359] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.360] CloseHandle (hObject=0x268) returned 1 [0050.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.360] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.lolkek") returned 155 [0050.360] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log.lolkek")) returned 1 [0050.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618c88 | out: hHeap=0x5a0000) returned 1 [0050.360] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.360] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.360] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT", dwFileAttributes=0x80) returned 1 [0050.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.361] CloseHandle (hObject=0x268) returned 1 [0050.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.361] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0050.361] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.361] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.361] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x10, lpOverlapped=0x0) returned 1 [0050.362] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.362] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x10, lpOverlapped=0x0) returned 1 [0050.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.362] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.362] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.362] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.362] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.362] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.362] CloseHandle (hObject=0x268) returned 1 [0050.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.362] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.lolkek") returned 152 [0050.362] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current.lolkek")) returned 1 [0050.363] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.363] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd7b0 | out: hHeap=0x5a0000) returned 1 [0050.363] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.363] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.363] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK", dwFileAttributes=0x80) returned 1 [0050.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.364] CloseHandle (hObject=0x268) returned 1 [0050.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.364] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.364] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.364] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.364] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.364] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.364] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x0, lpOverlapped=0x0) returned 1 [0050.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.364] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.364] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.365] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.365] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.365] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.365] CloseHandle (hObject=0x268) returned 1 [0050.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.365] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK.lolkek") returned 149 [0050.365] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock.lolkek")) returned 1 [0050.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc9da0 | out: hHeap=0x5a0000) returned 1 [0050.366] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.366] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.366] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG", dwFileAttributes=0x80) returned 1 [0050.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.366] CloseHandle (hObject=0x268) returned 1 [0050.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.366] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc4 [0050.366] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.366] ReadFile (in: hFile=0x268, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.367] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.367] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.367] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0xc4, lpOverlapped=0x0) returned 1 [0050.367] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffff3c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.367] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0xc4, lpOverlapped=0x0) returned 1 [0050.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.367] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.367] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.367] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.368] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.368] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.368] CloseHandle (hObject=0x268) returned 1 [0050.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.368] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.lolkek") returned 148 [0050.368] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log.lolkek")) returned 1 [0050.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697d88 | out: hHeap=0x5a0000) returned 1 [0050.368] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.368] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.368] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001", dwFileAttributes=0x80) returned 1 [0050.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.369] CloseHandle (hObject=0x268) returned 1 [0050.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.369] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29 [0050.369] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.369] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.369] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x29, lpOverlapped=0x0) returned 1 [0050.370] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffffd7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.370] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x29, lpOverlapped=0x0) returned 1 [0050.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.370] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.370] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.370] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.370] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.370] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.370] CloseHandle (hObject=0x268) returned 1 [0050.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.370] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.lolkek") returned 160 [0050.371] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001.lolkek")) returned 1 [0050.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x631ed0 | out: hHeap=0x5a0000) returned 1 [0050.371] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.371] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.371] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", dwFileAttributes=0x80) returned 1 [0050.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.373] CloseHandle (hObject=0x268) returned 1 [0050.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.373] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3000 [0050.373] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.373] ReadFile (in: hFile=0x268, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.384] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.384] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.384] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x3000, lpOverlapped=0x0) returned 1 [0050.387] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffd000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.387] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x3000, lpOverlapped=0x0) returned 1 [0050.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.387] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.387] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.387] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.388] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.388] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.388] CloseHandle (hObject=0x268) returned 1 [0050.388] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.388] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.lolkek") returned 165 [0050.388] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage.lolkek")) returned 1 [0050.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7f88 | out: hHeap=0x5a0000) returned 1 [0050.388] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.389] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.389] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal", dwFileAttributes=0x80) returned 1 [0050.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.389] CloseHandle (hObject=0x268) returned 1 [0050.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.389] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.389] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.390] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.390] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x0, lpOverlapped=0x0) returned 1 [0050.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.390] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.390] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.390] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.390] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.390] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.391] CloseHandle (hObject=0x268) returned 1 [0050.391] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.391] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal.lolkek") returned 105 [0050.391] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal.lolkek")) returned 1 [0050.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62c750 | out: hHeap=0x5a0000) returned 1 [0050.391] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.391] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.391] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor", dwFileAttributes=0x80) returned 1 [0050.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.392] CloseHandle (hObject=0x268) returned 1 [0050.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.392] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3c00 [0050.392] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.392] ReadFile (in: hFile=0x268, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.395] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.395] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.395] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x3c00, lpOverlapped=0x0) returned 1 [0050.405] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc400, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.405] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3c00, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x3c00, lpOverlapped=0x0) returned 1 [0050.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.405] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.405] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.405] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.405] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.405] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.406] CloseHandle (hObject=0x268) returned 1 [0050.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.406] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.lolkek") returned 111 [0050.406] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor.lolkek")) returned 1 [0050.406] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.406] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de0f28 | out: hHeap=0x5a0000) returned 1 [0050.407] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.407] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.407] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal", dwFileAttributes=0x80) returned 1 [0050.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.407] CloseHandle (hObject=0x268) returned 1 [0050.407] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.407] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.407] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.407] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.408] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x0, lpOverlapped=0x0) returned 1 [0050.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.408] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.408] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.408] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.408] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.408] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.409] CloseHandle (hObject=0x268) returned 1 [0050.409] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.409] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal.lolkek") returned 113 [0050.409] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal.lolkek")) returned 1 [0050.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94d38 | out: hHeap=0x5a0000) returned 1 [0050.409] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.409] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.409] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences", dwFileAttributes=0x80) returned 1 [0050.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.410] CloseHandle (hObject=0x268) returned 1 [0050.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.410] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a9d [0050.410] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.410] ReadFile (in: hFile=0x268, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.414] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.414] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.414] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x1a9d, lpOverlapped=0x0) returned 1 [0050.418] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffe563, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.418] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1a9d, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x1a9d, lpOverlapped=0x0) returned 1 [0050.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.418] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.418] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.418] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.418] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.418] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.418] CloseHandle (hObject=0x268) returned 1 [0050.418] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.419] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences.lolkek") returned 98 [0050.419] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences.lolkek")) returned 1 [0050.419] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.419] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698ba8 | out: hHeap=0x5a0000) returned 1 [0050.419] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.419] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.419] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal", dwFileAttributes=0x80) returned 1 [0050.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.420] CloseHandle (hObject=0x268) returned 1 [0050.420] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.420] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.420] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.420] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.420] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x0, lpOverlapped=0x0) returned 1 [0050.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.420] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.420] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.421] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.421] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.421] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.421] CloseHandle (hObject=0x268) returned 1 [0050.421] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.421] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal.lolkek") returned 114 [0050.421] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal.lolkek")) returned 1 [0050.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c2078 | out: hHeap=0x5a0000) returned 1 [0050.422] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.422] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.422] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager", dwFileAttributes=0x80) returned 1 [0050.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.422] CloseHandle (hObject=0x268) returned 1 [0050.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.423] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3c00 [0050.423] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.423] ReadFile (in: hFile=0x268, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.433] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.433] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.433] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x3c00, lpOverlapped=0x0) returned 1 [0050.459] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc400, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.459] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3c00, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x3c00, lpOverlapped=0x0) returned 1 [0050.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.459] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.459] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.459] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.459] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.459] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.459] CloseHandle (hObject=0x268) returned 1 [0050.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.459] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.lolkek") returned 99 [0050.459] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager.lolkek")) returned 1 [0050.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec75e8 | out: hHeap=0x5a0000) returned 1 [0050.480] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.481] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.481] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5", dwFileAttributes=0x80) returned 1 [0050.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.481] CloseHandle (hObject=0x1b4) returned 1 [0050.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.481] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0050.481] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.482] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.482] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x10, lpOverlapped=0x0) returned 1 [0050.482] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.482] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x10, lpOverlapped=0x0) returned 1 [0050.483] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.483] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.483] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.483] WriteFile (in: hFile=0x1b4, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.483] WriteFile (in: hFile=0x1b4, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.483] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.483] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.483] CloseHandle (hObject=0x1b4) returned 1 [0050.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.483] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.lolkek") returned 161 [0050.483] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5.lolkek")) returned 1 [0050.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb738 | out: hHeap=0x5a0000) returned 1 [0050.484] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.484] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.484] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", dwFileAttributes=0x80) returned 1 [0050.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.663] CloseHandle (hObject=0x268) returned 1 [0050.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.733] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11000 [0050.733] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.733] ReadFile (in: hFile=0x1e0, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.741] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.741] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.741] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0050.745] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.745] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0050.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.745] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.745] WriteFile (in: hFile=0x1e0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.745] WriteFile (in: hFile=0x1e0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.745] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.745] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.745] CloseHandle (hObject=0x1e0) returned 1 [0050.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.756] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.lolkek") returned 95 [0050.756] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data.lolkek")) returned 1 [0050.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62ca80 | out: hHeap=0x5a0000) returned 1 [0050.826] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.826] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.826] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0050.873] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.883] CloseHandle (hObject=0x268) returned 1 [0050.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0050.899] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fc [0050.899] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.899] ReadFile (in: hFile=0x210, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0050.902] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0050.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.902] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.902] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x3fc, lpOverlapped=0x0) returned 1 [0050.902] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffc04, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.903] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x3fc, lpOverlapped=0x0) returned 1 [0050.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.903] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.903] WriteFile (in: hFile=0x210, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0050.903] WriteFile (in: hFile=0x210, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.903] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0050.903] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0050.903] CloseHandle (hObject=0x210) returned 1 [0050.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0050.906] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.lolkek") returned 142 [0050.906] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl.lolkek")) returned 1 [0050.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0050.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c6db8 | out: hHeap=0x5a0000) returned 1 [0050.999] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.999] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.999] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl", dwFileAttributes=0x80) returned 1 [0051.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.069] CloseHandle (hObject=0x24c) returned 1 [0051.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.113] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x437 [0051.113] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.113] ReadFile (in: hFile=0x1b4, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.122] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.122] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.122] ReadFile (in: hFile=0x1b4, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x437, lpOverlapped=0x0) returned 1 [0051.122] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffbc9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.122] WriteFile (in: hFile=0x1b4, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x437, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x437, lpOverlapped=0x0) returned 1 [0051.123] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.123] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.123] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.123] WriteFile (in: hFile=0x1b4, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.123] WriteFile (in: hFile=0x1b4, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.123] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.123] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.123] CloseHandle (hObject=0x1b4) returned 1 [0051.135] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.135] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.lolkek") returned 124 [0051.135] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl.lolkek")) returned 1 [0051.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddac58 | out: hHeap=0x5a0000) returned 1 [0051.289] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.290] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.290] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm", dwFileAttributes=0x80) returned 1 [0051.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0051.309] CloseHandle (hObject=0x1b4) returned 1 [0051.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.335] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0051.335] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.335] ReadFile (in: hFile=0x23c, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.335] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.335] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.335] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0xe8, lpOverlapped=0x0) returned 1 [0051.335] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.336] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0xe8, lpOverlapped=0x0) returned 1 [0051.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.336] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.336] WriteFile (in: hFile=0x23c, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.336] WriteFile (in: hFile=0x23c, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.336] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.336] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.336] CloseHandle (hObject=0x23c) returned 1 [0051.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3fa0048 [0051.337] wsprintfW (in: param_1=0x3fa0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.lolkek") returned 100 [0051.337] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm.lolkek")) returned 1 [0051.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3fa0048 | out: hHeap=0x5a0000) returned 1 [0051.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5e48 | out: hHeap=0x5a0000) returned 1 [0051.374] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.374] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.374] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD", dwFileAttributes=0x80) returned 1 [0051.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.384] CloseHandle (hObject=0x258) returned 1 [0051.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.384] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f2 [0051.384] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.385] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.385] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.385] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.385] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x1f2, lpOverlapped=0x0) returned 1 [0051.385] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffe0e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.385] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1f2, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x1f2, lpOverlapped=0x0) returned 1 [0051.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.385] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.385] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.386] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.386] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.386] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.386] CloseHandle (hObject=0x258) returned 1 [0051.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.389] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.lolkek") returned 95 [0051.389] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd.lolkek")) returned 1 [0051.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.390] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657f10 | out: hHeap=0x5a0000) returned 1 [0051.390] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.390] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.390] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini", dwFileAttributes=0x80) returned 1 [0051.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.395] CloseHandle (hObject=0x268) returned 1 [0051.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.395] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x54 [0051.395] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.396] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.396] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x54, lpOverlapped=0x0) returned 1 [0051.396] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffffac, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.396] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x54, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x54, lpOverlapped=0x0) returned 1 [0051.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.396] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.396] WriteFile (in: hFile=0x268, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.397] WriteFile (in: hFile=0x268, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.397] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.397] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.397] CloseHandle (hObject=0x268) returned 1 [0051.397] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.397] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.lolkek") returned 93 [0051.397] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini.lolkek")) returned 1 [0051.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6810 | out: hHeap=0x5a0000) returned 1 [0051.398] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.398] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.398] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01", dwFileAttributes=0x80) returned 1 [0051.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.404] CloseHandle (hObject=0x258) returned 1 [0051.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.404] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb67e [0051.404] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.405] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.407] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.407] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.407] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.410] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.411] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.411] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.411] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.411] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.411] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.411] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.411] CloseHandle (hObject=0x258) returned 1 [0051.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0051.411] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.lolkek") returned 116 [0051.411] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01.lolkek")) returned 1 [0051.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0051.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eafc8 | out: hHeap=0x5a0000) returned 1 [0051.412] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.412] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.412] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01", dwFileAttributes=0x80) returned 1 [0051.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.413] CloseHandle (hObject=0x258) returned 1 [0051.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.413] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaa05 [0051.413] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.413] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.422] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.422] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.422] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.425] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.425] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.425] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.425] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.426] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.426] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.426] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.426] CloseHandle (hObject=0x258) returned 1 [0051.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.426] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.lolkek") returned 116 [0051.426] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01.lolkek")) returned 1 [0051.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb508 | out: hHeap=0x5a0000) returned 1 [0051.427] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.427] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.427] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01", dwFileAttributes=0x80) returned 1 [0051.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.427] CloseHandle (hObject=0x258) returned 1 [0051.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.427] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa60b [0051.427] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.427] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.435] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.435] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.435] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.438] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.438] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.438] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.438] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.438] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.438] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.438] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.438] CloseHandle (hObject=0x258) returned 1 [0051.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.438] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.lolkek") returned 116 [0051.438] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01.lolkek")) returned 1 [0051.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb6c8 | out: hHeap=0x5a0000) returned 1 [0051.439] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.439] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.439] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01", dwFileAttributes=0x80) returned 1 [0051.439] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.440] CloseHandle (hObject=0x258) returned 1 [0051.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.440] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x534f [0051.440] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.440] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.442] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.442] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.442] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.449] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.449] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.449] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.449] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.449] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.449] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.449] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.449] CloseHandle (hObject=0x258) returned 1 [0051.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.449] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.lolkek") returned 116 [0051.450] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01.lolkek")) returned 1 [0051.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eba48 | out: hHeap=0x5a0000) returned 1 [0051.450] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.450] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.450] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01", dwFileAttributes=0x80) returned 1 [0051.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.451] CloseHandle (hObject=0x258) returned 1 [0051.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.451] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa949 [0051.451] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.451] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.455] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.456] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.456] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.457] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.457] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.457] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.457] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.457] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.457] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.457] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.457] CloseHandle (hObject=0x258) returned 1 [0051.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.458] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.lolkek") returned 116 [0051.458] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01.lolkek")) returned 1 [0051.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b460 | out: hHeap=0x5a0000) returned 1 [0051.458] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.458] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.459] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01", dwFileAttributes=0x80) returned 1 [0051.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.459] CloseHandle (hObject=0x258) returned 1 [0051.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.459] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x404f [0051.459] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.459] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.465] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.465] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.465] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.467] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.467] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.467] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.467] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.468] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.468] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.468] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.468] CloseHandle (hObject=0x258) returned 1 [0051.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.468] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.lolkek") returned 116 [0051.468] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01.lolkek")) returned 1 [0051.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b620 | out: hHeap=0x5a0000) returned 1 [0051.469] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.469] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.469] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01", dwFileAttributes=0x80) returned 1 [0051.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.469] CloseHandle (hObject=0x258) returned 1 [0051.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.469] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8266 [0051.469] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.469] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.476] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.476] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.476] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.478] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.478] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.478] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.478] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.478] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.478] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.478] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.478] CloseHandle (hObject=0x258) returned 1 [0051.478] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.479] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.lolkek") returned 116 [0051.479] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01.lolkek")) returned 1 [0051.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x668b08 | out: hHeap=0x5a0000) returned 1 [0051.479] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.479] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.480] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01", dwFileAttributes=0x80) returned 1 [0051.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.480] CloseHandle (hObject=0x258) returned 1 [0051.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.480] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf888 [0051.480] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.481] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.489] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.489] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.489] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.490] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.491] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.491] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.491] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.491] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.491] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.491] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.491] CloseHandle (hObject=0x258) returned 1 [0051.491] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.491] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.lolkek") returned 116 [0051.491] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01.lolkek")) returned 1 [0051.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x668e88 | out: hHeap=0x5a0000) returned 1 [0051.492] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.492] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.492] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_", dwFileAttributes=0x80) returned 1 [0051.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.493] CloseHandle (hObject=0x258) returned 1 [0051.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.493] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x400000 [0051.493] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.493] ReadFile (in: hFile=0x258, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.494] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.494] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.494] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.497] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.498] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.498] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.498] WriteFile (in: hFile=0x258, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.587] WriteFile (in: hFile=0x258, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.587] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.587] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.587] CloseHandle (hObject=0x258) returned 1 [0051.587] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.587] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.lolkek") returned 114 [0051.587] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_.lolkek")) returned 1 [0051.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669048 | out: hHeap=0x5a0000) returned 1 [0051.588] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.588] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.588] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_", dwFileAttributes=0x80) returned 1 [0051.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.595] CloseHandle (hObject=0x23c) returned 1 [0051.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0051.603] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x400000 [0051.603] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.604] ReadFile (in: hFile=0x2a0, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.604] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.604] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.604] ReadFile (in: hFile=0x2a0, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0051.628] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.628] WriteFile (in: hFile=0x2a0, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0051.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.629] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.629] WriteFile (in: hFile=0x2a0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.894] WriteFile (in: hFile=0x2a0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.894] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.894] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.894] CloseHandle (hObject=0x2a0) returned 1 [0051.894] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.894] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.lolkek") returned 114 [0051.894] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_.lolkek")) returned 1 [0051.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6693b8 | out: hHeap=0x5a0000) returned 1 [0051.895] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.895] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.895] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages", dwFileAttributes=0x80) returned 1 [0051.895] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0051.896] CloseHandle (hObject=0x2a0) returned 1 [0051.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0051.896] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2000 [0051.896] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.896] ReadFile (in: hFile=0x2a0, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0051.899] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0051.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e98c10 [0051.899] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.899] ReadFile (in: hFile=0x2a0, lpBuffer=0x3e98c10, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3e98c10*, lpNumberOfBytesRead=0x330e36c*=0x2000, lpOverlapped=0x0) returned 1 [0051.911] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.911] WriteFile (in: hFile=0x2a0, lpBuffer=0x3e98c10*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3e98c10*, lpNumberOfBytesWritten=0x330fdb0*=0x2000, lpOverlapped=0x0) returned 1 [0051.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.912] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.912] WriteFile (in: hFile=0x2a0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0051.912] WriteFile (in: hFile=0x2a0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.912] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0051.912] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0051.912] CloseHandle (hObject=0x2a0) returned 1 [0051.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.912] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.lolkek") returned 91 [0051.912] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages.lolkek")) returned 1 [0051.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6ae0 | out: hHeap=0x5a0000) returned 1 [0051.913] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.913] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.913] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D", dwFileAttributes=0x80) returned 1 [0051.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.003] CloseHandle (hObject=0x2bc) returned 1 [0052.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.013] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x145 [0052.013] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.013] ReadFile (in: hFile=0x280, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.014] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.014] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.014] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.014] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.014] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x145, lpOverlapped=0x0) returned 1 [0052.014] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffebb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.014] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x145, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x145, lpOverlapped=0x0) returned 1 [0052.014] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.014] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.014] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.014] WriteFile (in: hFile=0x280, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.014] WriteFile (in: hFile=0x280, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.014] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.015] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.015] CloseHandle (hObject=0x280) returned 1 [0052.016] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.016] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.lolkek") returned 125 [0052.016] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d.lolkek")) returned 1 [0052.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3b6a0 | out: hHeap=0x5a0000) returned 1 [0052.039] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.039] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.039] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", dwFileAttributes=0x80) returned 1 [0052.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0052.061] CloseHandle (hObject=0x214) returned 1 [0052.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.072] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x648 [0052.072] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.072] ReadFile (in: hFile=0x214, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.074] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.074] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.074] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.074] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.074] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x648, lpOverlapped=0x0) returned 1 [0052.074] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffff9b8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.074] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x648, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x648, lpOverlapped=0x0) returned 1 [0052.074] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.074] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.074] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.074] WriteFile (in: hFile=0x214, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.074] WriteFile (in: hFile=0x214, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.074] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.075] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.075] CloseHandle (hObject=0x214) returned 1 [0052.075] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.075] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.lolkek") returned 158 [0052.075] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21.lolkek")) returned 1 [0052.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x619008 | out: hHeap=0x5a0000) returned 1 [0052.104] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.104] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.104] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", dwFileAttributes=0x80) returned 1 [0052.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.124] CloseHandle (hObject=0x228) returned 1 [0052.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.133] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.133] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.133] ReadFile (in: hFile=0x2a0, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.134] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.134] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.134] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x1cf, lpOverlapped=0x0) returned 1 [0052.134] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.134] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x1cf, lpOverlapped=0x0) returned 1 [0052.134] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.134] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.134] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.134] WriteFile (in: hFile=0x2a0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.134] WriteFile (in: hFile=0x2a0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.134] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.135] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.135] CloseHandle (hObject=0x2a0) returned 1 [0052.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.137] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.lolkek") returned 158 [0052.137] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e.lolkek")) returned 1 [0052.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da82d0 | out: hHeap=0x5a0000) returned 1 [0052.158] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.158] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.158] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", dwFileAttributes=0x80) returned 1 [0052.178] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.183] CloseHandle (hObject=0x258) returned 1 [0052.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.193] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x59d [0052.193] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.193] ReadFile (in: hFile=0x210, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.195] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.195] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.195] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.195] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.195] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x59d, lpOverlapped=0x0) returned 1 [0052.195] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffa63, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.195] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x59d, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x59d, lpOverlapped=0x0) returned 1 [0052.195] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.195] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.195] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.195] WriteFile (in: hFile=0x210, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.196] WriteFile (in: hFile=0x210, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.196] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.196] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.196] CloseHandle (hObject=0x210) returned 1 [0052.197] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.197] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.lolkek") returned 158 [0052.197] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61.lolkek")) returned 1 [0052.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9ae0 | out: hHeap=0x5a0000) returned 1 [0052.219] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.219] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.219] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", dwFileAttributes=0x80) returned 1 [0052.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.246] CloseHandle (hObject=0x224) returned 1 [0052.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.257] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ed [0052.257] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.257] ReadFile (in: hFile=0x2a0, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.259] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.259] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.259] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x5ed, lpOverlapped=0x0) returned 1 [0052.259] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffa13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.259] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5ed, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x5ed, lpOverlapped=0x0) returned 1 [0052.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.259] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.259] WriteFile (in: hFile=0x2a0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.260] WriteFile (in: hFile=0x2a0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.260] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.260] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.260] CloseHandle (hObject=0x2a0) returned 1 [0052.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.261] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.lolkek") returned 158 [0052.261] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150.lolkek")) returned 1 [0052.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.285] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dab088 | out: hHeap=0x5a0000) returned 1 [0052.285] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.285] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.285] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76", dwFileAttributes=0x80) returned 1 [0052.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.292] CloseHandle (hObject=0x2a0) returned 1 [0052.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.292] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x226 [0052.292] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.292] ReadFile (in: hFile=0x2a0, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.293] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.293] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.293] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x226, lpOverlapped=0x0) returned 1 [0052.293] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffdda, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.293] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x226, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x226, lpOverlapped=0x0) returned 1 [0052.293] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.293] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.293] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.293] WriteFile (in: hFile=0x2a0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.294] WriteFile (in: hFile=0x2a0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.294] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.294] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.294] CloseHandle (hObject=0x2a0) returned 1 [0052.300] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.300] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.lolkek") returned 125 [0052.300] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76.lolkek")) returned 1 [0052.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610ed8 | out: hHeap=0x5a0000) returned 1 [0052.375] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.375] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.375] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", dwFileAttributes=0x80) returned 1 [0052.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.401] CloseHandle (hObject=0x280) returned 1 [0052.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.412] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x194 [0052.412] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.412] ReadFile (in: hFile=0x23c, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.412] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.412] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.412] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x194, lpOverlapped=0x0) returned 1 [0052.413] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.413] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x194, lpOverlapped=0x0) returned 1 [0052.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.413] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.413] WriteFile (in: hFile=0x23c, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.413] WriteFile (in: hFile=0x23c, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.413] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.413] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.413] CloseHandle (hObject=0x23c) returned 1 [0052.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.414] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.lolkek") returned 159 [0052.414] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d.lolkek")) returned 1 [0052.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.435] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618c88 | out: hHeap=0x5a0000) returned 1 [0052.435] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.435] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.435] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", dwFileAttributes=0x80) returned 1 [0052.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.452] CloseHandle (hObject=0x2a0) returned 1 [0052.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.463] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186 [0052.463] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.463] ReadFile (in: hFile=0x290, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.464] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.464] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.464] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.464] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.464] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x186, lpOverlapped=0x0) returned 1 [0052.464] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffe7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.464] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x186, lpOverlapped=0x0) returned 1 [0052.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.464] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.464] WriteFile (in: hFile=0x290, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.464] WriteFile (in: hFile=0x290, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.465] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.465] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.465] CloseHandle (hObject=0x290) returned 1 [0052.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.467] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.lolkek") returned 159 [0052.467] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e.lolkek")) returned 1 [0052.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9650 | out: hHeap=0x5a0000) returned 1 [0052.484] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.484] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.484] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", dwFileAttributes=0x80) returned 1 [0052.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.499] CloseHandle (hObject=0x228) returned 1 [0052.500] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.518] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182 [0052.518] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.518] ReadFile (in: hFile=0x280, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.519] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.519] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.519] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.519] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.519] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x182, lpOverlapped=0x0) returned 1 [0052.519] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.519] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x182, lpOverlapped=0x0) returned 1 [0052.520] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.520] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.520] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.520] WriteFile (in: hFile=0x280, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.520] WriteFile (in: hFile=0x280, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.520] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.520] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.520] CloseHandle (hObject=0x280) returned 1 [0052.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.521] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.lolkek") returned 159 [0052.521] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e.lolkek")) returned 1 [0052.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebafa0 | out: hHeap=0x5a0000) returned 1 [0052.541] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.541] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.542] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", dwFileAttributes=0x80) returned 1 [0052.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.559] CloseHandle (hObject=0x224) returned 1 [0052.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.574] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18e [0052.574] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.574] ReadFile (in: hFile=0x210, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.574] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.575] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.575] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x18e, lpOverlapped=0x0) returned 1 [0052.575] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe72, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.575] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x18e, lpOverlapped=0x0) returned 1 [0052.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.575] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.575] WriteFile (in: hFile=0x210, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.575] WriteFile (in: hFile=0x210, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.575] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.575] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.575] CloseHandle (hObject=0x210) returned 1 [0052.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.575] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.lolkek") returned 159 [0052.575] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf.lolkek")) returned 1 [0052.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa588 | out: hHeap=0x5a0000) returned 1 [0052.668] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.668] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.668] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", dwFileAttributes=0x80) returned 1 [0052.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.669] CloseHandle (hObject=0x210) returned 1 [0052.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.669] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3a5 [0052.669] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.670] ReadFile (in: hFile=0x210, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.672] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.673] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.673] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.673] ReadFile (in: hFile=0x210, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x330e36c*=0x3a5, lpOverlapped=0x0) returned 1 [0052.673] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffc5b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.673] WriteFile (in: hFile=0x210, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x3a5, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x330fdb0*=0x3a5, lpOverlapped=0x0) returned 1 [0052.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.673] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.673] WriteFile (in: hFile=0x210, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.673] WriteFile (in: hFile=0x210, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.673] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.674] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.674] CloseHandle (hObject=0x210) returned 1 [0052.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.674] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.lolkek") returned 138 [0052.674] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl.lolkek")) returned 1 [0052.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec7520 | out: hHeap=0x5a0000) returned 1 [0052.675] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.675] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.675] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", dwFileAttributes=0x80) returned 1 [0052.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.675] CloseHandle (hObject=0x210) returned 1 [0052.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.675] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9347 [0052.676] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.676] ReadFile (in: hFile=0x210, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.682] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.682] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.682] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0052.726] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.727] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0052.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.727] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.727] WriteFile (in: hFile=0x210, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.727] WriteFile (in: hFile=0x210, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.727] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.727] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.727] CloseHandle (hObject=0x210) returned 1 [0052.727] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.727] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.lolkek") returned 138 [0052.727] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl.lolkek")) returned 1 [0052.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x631ed0 | out: hHeap=0x5a0000) returned 1 [0052.728] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.728] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.728] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4", dwFileAttributes=0x80) returned 1 [0052.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mb_l 1tnqjv2mb.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.728] CloseHandle (hObject=0x210) returned 1 [0052.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mb_l 1tnqjv2mb.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.729] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1326c [0052.729] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.729] ReadFile (in: hFile=0x210, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0052.730] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.730] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.730] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0052.730] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.730] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0052.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.730] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.730] WriteFile (in: hFile=0x210, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.730] WriteFile (in: hFile=0x210, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.730] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.730] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.730] CloseHandle (hObject=0x210) returned 1 [0052.731] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.731] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4.lolkek") returned 75 [0052.731] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mb_l 1tnqjv2mb.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mb_l 1tnqjv2mb.mp4.lolkek")) returned 1 [0052.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618968 | out: hHeap=0x5a0000) returned 1 [0052.731] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.731] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.731] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", dwFileAttributes=0x80) returned 1 [0052.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.732] CloseHandle (hObject=0x210) returned 1 [0052.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.732] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d [0052.732] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.732] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.732] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x2d, lpOverlapped=0x0) returned 1 [0052.733] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffffd3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.733] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x2d, lpOverlapped=0x0) returned 1 [0052.733] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.733] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.733] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.733] WriteFile (in: hFile=0x210, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.733] WriteFile (in: hFile=0x210, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.733] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.733] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.734] CloseHandle (hObject=0x210) returned 1 [0052.734] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.734] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek") returned 194 [0052.734] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek")) returned 1 [0052.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66aa10 | out: hHeap=0x5a0000) returned 1 [0052.735] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.735] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.735] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", dwFileAttributes=0x80) returned 1 [0052.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.881] CloseHandle (hObject=0x258) returned 1 [0052.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.921] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x57 [0052.921] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0052.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.921] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.921] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x57, lpOverlapped=0x0) returned 1 [0052.922] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffffa9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.922] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x57, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x57, lpOverlapped=0x0) returned 1 [0052.922] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.922] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.922] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.922] WriteFile (in: hFile=0x2a0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0052.922] WriteFile (in: hFile=0x2a0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.922] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0052.923] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0052.923] CloseHandle (hObject=0x2a0) returned 1 [0052.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.947] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek") returned 194 [0052.947] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek")) returned 1 [0053.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0053.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd6c0 | out: hHeap=0x5a0000) returned 1 [0053.633] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.633] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.633] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", dwFileAttributes=0x80) returned 1 [0053.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214 [0053.634] CloseHandle (hObject=0x214) returned 1 [0053.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0053.634] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18 [0053.634] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0053.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0053.634] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.634] ReadFile (in: hFile=0x214, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x330e36c*=0x18, lpOverlapped=0x0) returned 1 [0053.635] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffffe8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.635] WriteFile (in: hFile=0x214, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x330fdb0*=0x18, lpOverlapped=0x0) returned 1 [0053.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.635] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.635] WriteFile (in: hFile=0x214, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0053.635] WriteFile (in: hFile=0x214, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0053.635] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0053.635] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0053.635] CloseHandle (hObject=0x214) returned 1 [0053.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.635] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.lolkek") returned 110 [0053.635] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json.lolkek")) returned 1 [0053.636] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.636] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698978 | out: hHeap=0x5a0000) returned 1 [0053.636] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.636] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.636] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", dwFileAttributes=0x80) returned 1 [0053.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.715] CloseHandle (hObject=0x280) returned 1 [0053.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0053.722] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbdb [0053.722] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.722] ReadFile (in: hFile=0x224, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0053.724] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0053.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.724] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.724] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0xbdb, lpOverlapped=0x0) returned 1 [0053.724] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffff425, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.725] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xbdb, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0xbdb, lpOverlapped=0x0) returned 1 [0053.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.725] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.725] WriteFile (in: hFile=0x224, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0053.725] WriteFile (in: hFile=0x224, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0053.725] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0053.725] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0053.725] CloseHandle (hObject=0x224) returned 1 [0053.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0053.726] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.lolkek") returned 142 [0053.726] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json.lolkek")) returned 1 [0053.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0053.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7aa8 | out: hHeap=0x5a0000) returned 1 [0053.743] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.743] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.743] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", dwFileAttributes=0x80) returned 1 [0053.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0053.773] CloseHandle (hObject=0x258) returned 1 [0053.774] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.782] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xef3 [0053.782] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.782] ReadFile (in: hFile=0x190, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0053.784] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0053.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.784] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.784] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0xef3, lpOverlapped=0x0) returned 1 [0053.784] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffff10d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.784] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xef3, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0xef3, lpOverlapped=0x0) returned 1 [0053.784] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.784] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.784] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.784] WriteFile (in: hFile=0x190, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0053.784] WriteFile (in: hFile=0x190, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0053.784] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0053.784] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0053.784] CloseHandle (hObject=0x190) returned 1 [0053.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0053.785] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.lolkek") returned 112 [0053.785] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf.lolkek")) returned 1 [0053.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0053.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde410 | out: hHeap=0x5a0000) returned 1 [0053.877] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.877] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.877] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", dwFileAttributes=0x80) returned 1 [0053.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.213] CloseHandle (hObject=0x228) returned 1 [0054.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.244] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d [0054.244] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.244] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.244] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x1d, lpOverlapped=0x0) returned 1 [0054.245] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffffe3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.245] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0x1d, lpOverlapped=0x0) returned 1 [0054.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.245] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.245] WriteFile (in: hFile=0x1b4, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.245] WriteFile (in: hFile=0x1b4, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.245] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.245] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.246] CloseHandle (hObject=0x1b4) returned 1 [0054.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dbc058 [0054.247] wsprintfW (in: param_1=0x3dbc058, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.lolkek") returned 109 [0054.247] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json.lolkek")) returned 1 [0054.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dbc058 | out: hHeap=0x5a0000) returned 1 [0054.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4e98 | out: hHeap=0x5a0000) returned 1 [0054.399] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.399] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.399] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt", dwFileAttributes=0x80) returned 1 [0054.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\hzoxewo.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.400] CloseHandle (hObject=0x2bc) returned 1 [0054.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\hzoxewo.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.400] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4840 [0054.400] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.400] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.401] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.401] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.401] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.401] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.401] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.401] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.401] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.401] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.401] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.401] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.402] CloseHandle (hObject=0x2bc) returned 1 [0054.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.402] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt.lolkek") returned 82 [0054.402] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\hzoxewo.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\hzoxewo.ppt.lolkek")) returned 1 [0054.402] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.402] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6b48 | out: hHeap=0x5a0000) returned 1 [0054.402] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.402] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.402] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx", dwFileAttributes=0x80) returned 1 [0054.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\qhs3.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.403] CloseHandle (hObject=0x2bc) returned 1 [0054.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\qhs3.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.403] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdaf4 [0054.403] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.403] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.403] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.404] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.404] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.404] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.404] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.404] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.404] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.404] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.404] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.404] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.404] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.404] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.404] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.404] CloseHandle (hObject=0x2bc) returned 1 [0054.404] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.404] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx.lolkek") returned 80 [0054.404] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\qhs3.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\qhs3.xlsx.lolkek")) returned 1 [0054.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca68d8 | out: hHeap=0x5a0000) returned 1 [0054.405] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.405] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.405] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx", dwFileAttributes=0x80) returned 1 [0054.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\raiy2dsxbah lxt5kzys.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.405] CloseHandle (hObject=0x2bc) returned 1 [0054.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\raiy2dsxbah lxt5kzys.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.406] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6ecd [0054.406] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.406] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.406] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.406] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.406] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.406] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.406] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.406] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.407] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.407] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.407] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.407] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.407] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.407] CloseHandle (hObject=0x2bc) returned 1 [0054.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.407] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx.lolkek") returned 96 [0054.407] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\raiy2dsxbah lxt5kzys.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\raiy2dsxbah lxt5kzys.pptx.lolkek")) returned 1 [0054.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a138 | out: hHeap=0x5a0000) returned 1 [0054.408] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.408] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.408] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls", dwFileAttributes=0x80) returned 1 [0054.408] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\s7bsqjpb_srphs.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.408] CloseHandle (hObject=0x2bc) returned 1 [0054.408] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\s7bsqjpb_srphs.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.408] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf9dd [0054.408] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.408] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.409] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.409] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.409] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.409] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.409] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.409] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.409] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.409] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.409] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.409] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.409] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.410] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.410] CloseHandle (hObject=0x2bc) returned 1 [0054.410] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.410] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls.lolkek") returned 89 [0054.410] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\s7bsqjpb_srphs.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\s7bsqjpb_srphs.xls.lolkek")) returned 1 [0054.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caeff0 | out: hHeap=0x5a0000) returned 1 [0054.410] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.410] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.410] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp", dwFileAttributes=0x80) returned 1 [0054.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wr7ttrygdndalc5qcas.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.411] CloseHandle (hObject=0x2bc) returned 1 [0054.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wr7ttrygdndalc5qcas.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.411] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x97e6 [0054.411] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.411] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.411] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.411] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.411] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.412] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.412] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.412] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.412] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.412] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.412] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.412] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.412] CloseHandle (hObject=0x2bc) returned 1 [0054.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.412] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp.lolkek") returned 94 [0054.412] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wr7ttrygdndalc5qcas.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wr7ttrygdndalc5qcas.odp.lolkek")) returned 1 [0054.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.413] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6ae0 | out: hHeap=0x5a0000) returned 1 [0054.413] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.413] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.413] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf", dwFileAttributes=0x80) returned 1 [0054.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wrmfzxcllj0a\\e7k0ir.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.413] CloseHandle (hObject=0x2bc) returned 1 [0054.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wrmfzxcllj0a\\e7k0ir.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.413] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdcd9 [0054.413] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.414] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.414] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.414] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.414] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.414] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.414] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.414] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.414] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.415] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.415] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.415] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.415] CloseHandle (hObject=0x2bc) returned 1 [0054.415] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.415] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf.lolkek") returned 94 [0054.415] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wrmfzxcllj0a\\e7k0ir.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wrmfzxcllj0a\\e7k0ir.rtf.lolkek")) returned 1 [0054.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6c48 | out: hHeap=0x5a0000) returned 1 [0054.415] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.416] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.416] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv", dwFileAttributes=0x80) returned 1 [0054.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\xl5qcw8icrlbi4q4rk1.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.416] CloseHandle (hObject=0x2bc) returned 1 [0054.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\xl5qcw8icrlbi4q4rk1.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.416] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9776 [0054.416] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.416] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.417] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.417] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.417] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.417] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.417] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.417] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.417] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.417] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.418] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.418] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.418] CloseHandle (hObject=0x2bc) returned 1 [0054.418] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.418] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv.lolkek") returned 94 [0054.418] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\xl5qcw8icrlbi4q4rk1.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\xl5qcw8icrlbi4q4rk1.csv.lolkek")) returned 1 [0054.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6810 | out: hHeap=0x5a0000) returned 1 [0054.418] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.418] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.418] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx", dwFileAttributes=0x80) returned 1 [0054.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5xwcxj.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.419] CloseHandle (hObject=0x2bc) returned 1 [0054.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5xwcxj.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.419] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfd24 [0054.419] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.419] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.420] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.420] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.420] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.420] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.420] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.420] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.420] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.420] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.420] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.420] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.420] CloseHandle (hObject=0x2bc) returned 1 [0054.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.420] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx.lolkek") returned 62 [0054.420] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5xwcxj.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5xwcxj.xlsx.lolkek")) returned 1 [0054.421] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.421] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb840 | out: hHeap=0x5a0000) returned 1 [0054.421] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.421] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.421] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx", dwFileAttributes=0x80) returned 1 [0054.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9 __n.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.422] CloseHandle (hObject=0x2bc) returned 1 [0054.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9 __n.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.422] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15a4e [0054.422] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.422] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.422] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.422] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.422] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.423] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.423] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.423] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.423] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.423] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.423] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.423] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.423] CloseHandle (hObject=0x2bc) returned 1 [0054.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.423] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx.lolkek") returned 61 [0054.423] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9 __n.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9 __n.pptx.lolkek")) returned 1 [0054.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb758 | out: hHeap=0x5a0000) returned 1 [0054.424] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.424] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.424] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx", dwFileAttributes=0x80) returned 1 [0054.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ul1iwyicjq1hazgqyu.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.424] CloseHandle (hObject=0x2bc) returned 1 [0054.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ul1iwyicjq1hazgqyu.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.424] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12f2c [0054.425] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.425] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.425] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.425] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.425] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.425] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.425] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.426] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.426] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.426] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.426] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.426] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.426] CloseHandle (hObject=0x2bc) returned 1 [0054.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.426] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx.lolkek") returned 75 [0054.426] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ul1iwyicjq1hazgqyu.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9ul1iwyicjq1hazgqyu.pptx.lolkek")) returned 1 [0054.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc230 | out: hHeap=0x5a0000) returned 1 [0054.427] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.427] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.427] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx", dwFileAttributes=0x80) returned 1 [0054.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ciicjkpnhoqdgt.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.428] CloseHandle (hObject=0x2bc) returned 1 [0054.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ciicjkpnhoqdgt.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.428] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8b5f [0054.428] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.428] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.429] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.429] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.429] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.429] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.429] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.429] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.429] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.429] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.430] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.430] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.430] CloseHandle (hObject=0x2bc) returned 1 [0054.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.430] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx.lolkek") returned 70 [0054.430] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ciicjkpnhoqdgt.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ciicjkpnhoqdgt.docx.lolkek")) returned 1 [0054.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4020 | out: hHeap=0x5a0000) returned 1 [0054.431] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.431] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.431] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx", dwFileAttributes=0x80) returned 1 [0054.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cu_rjxqed965d.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.432] CloseHandle (hObject=0x2bc) returned 1 [0054.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cu_rjxqed965d.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.432] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x107b0 [0054.432] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.432] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.432] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.432] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.432] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.432] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.432] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.432] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.432] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.433] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.433] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.433] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.433] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.433] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.433] CloseHandle (hObject=0x2bc) returned 1 [0054.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.433] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx.lolkek") returned 69 [0054.433] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cu_rjxqed965d.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cu_rjxqed965d.docx.lolkek")) returned 1 [0054.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4338 | out: hHeap=0x5a0000) returned 1 [0054.434] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.434] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.434] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.435] CloseHandle (hObject=0x2bc) returned 1 [0054.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.435] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x192 [0054.435] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.435] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.435] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.435] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.435] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x192, lpOverlapped=0x0) returned 1 [0054.435] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe6e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.436] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x192, lpOverlapped=0x0) returned 1 [0054.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.436] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.436] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.436] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.436] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.436] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.436] CloseHandle (hObject=0x2bc) returned 1 [0054.436] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.436] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.lolkek") returned 62 [0054.436] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini.lolkek")) returned 1 [0054.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbba10 | out: hHeap=0x5a0000) returned 1 [0054.437] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.437] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.437] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls", dwFileAttributes=0x80) returned 1 [0054.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkd4jqjy2hf39xxzmya.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.438] CloseHandle (hObject=0x2bc) returned 1 [0054.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkd4jqjy2hf39xxzmya.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.438] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10951 [0054.438] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.438] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.438] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.438] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.439] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.439] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.439] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.439] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.439] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.439] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.439] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.439] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.439] CloseHandle (hObject=0x2bc) returned 1 [0054.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.439] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls.lolkek") returned 74 [0054.439] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkd4jqjy2hf39xxzmya.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkd4jqjy2hf39xxzmya.xls.lolkek")) returned 1 [0054.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5668 | out: hHeap=0x5a0000) returned 1 [0054.440] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.440] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.440] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv", dwFileAttributes=0x80) returned 1 [0054.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e6hhk.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.441] CloseHandle (hObject=0x2bc) returned 1 [0054.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e6hhk.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.441] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x328b [0054.441] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.441] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.442] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.442] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.442] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x328b, lpOverlapped=0x0) returned 1 [0054.442] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffcd75, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.442] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x328b, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x328b, lpOverlapped=0x0) returned 1 [0054.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.442] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.442] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.442] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.442] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.442] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.442] CloseHandle (hObject=0x2bc) returned 1 [0054.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.442] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv.lolkek") returned 60 [0054.442] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e6hhk.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e6hhk.csv.lolkek")) returned 1 [0054.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbf750 | out: hHeap=0x5a0000) returned 1 [0054.443] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.443] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.443] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx", dwFileAttributes=0x80) returned 1 [0054.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eeshj5bldnfhumsn.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.444] CloseHandle (hObject=0x2bc) returned 1 [0054.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eeshj5bldnfhumsn.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.444] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7d27 [0054.444] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.444] ReadFile (in: hFile=0x2bc, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0054.444] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x6466b8 [0054.444] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.444] ReadFile (in: hFile=0x2bc, lpBuffer=0x6466b8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesRead=0x330e36c*=0x4000, lpOverlapped=0x0) returned 1 [0054.444] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.444] WriteFile (in: hFile=0x2bc, lpBuffer=0x6466b8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x6466b8*, lpNumberOfBytesWritten=0x330fdb0*=0x4000, lpOverlapped=0x0) returned 1 [0054.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.445] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.445] WriteFile (in: hFile=0x2bc, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.445] WriteFile (in: hFile=0x2bc, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.445] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.473] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.473] CloseHandle (hObject=0x2bc) returned 1 [0054.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.474] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx.lolkek") returned 72 [0054.474] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eeshj5bldnfhumsn.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eeshj5bldnfhumsn.pptx.lolkek")) returned 1 [0054.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611840 | out: hHeap=0x5a0000) returned 1 [0054.474] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.474] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.474] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", dwFileAttributes=0x80) returned 1 [0054.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0054.718] CloseHandle (hObject=0x210) returned 1 [0054.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0054.724] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0054.724] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0054.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0054.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.724] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.724] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0x0, lpOverlapped=0x0) returned 1 [0054.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0054.725] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.725] WriteFile (in: hFile=0x294, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0054.725] WriteFile (in: hFile=0x294, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.725] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0054.725] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0054.725] CloseHandle (hObject=0x294) returned 1 [0054.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0054.728] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss.lolkek") returned 74 [0054.728] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss.lolkek")) returned 1 [0054.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0054.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612448 | out: hHeap=0x5a0000) returned 1 [0054.746] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.746] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.746] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url", dwFileAttributes=0x80) returned 1 [0054.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0055.141] CloseHandle (hObject=0x1e0) returned 1 [0055.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0055.187] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0055.187] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.187] ReadFile (in: hFile=0x2b8, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0055.187] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0055.188] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc80a8 [0055.188] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0055.379] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.379] ReadFile (in: hFile=0x2b8, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x330e36c*=0x85, lpOverlapped=0x0) returned 1 [0055.379] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.379] WriteFile (in: hFile=0x2b8, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x330fdb0*=0x85, lpOverlapped=0x0) returned 1 [0055.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0055.380] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc80a8 | out: hHeap=0x5a0000) returned 1 [0055.380] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.380] WriteFile (in: hFile=0x2b8, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0055.380] WriteFile (in: hFile=0x2b8, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0055.380] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0055.380] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0055.380] CloseHandle (hObject=0x2b8) returned 1 [0055.380] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0055.380] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.lolkek") returned 87 [0055.380] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.lolkek")) returned 1 [0055.381] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0055.381] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cad918 | out: hHeap=0x5a0000) returned 1 [0055.381] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.381] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.381] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x80) returned 1 [0055.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0056.006] CloseHandle (hObject=0x294) returned 1 [0056.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0056.193] GetFileSize (in: hFile=0x1b0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf8 [0056.193] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.193] ReadFile (in: hFile=0x1b0, lpBuffer=0x330fdb0, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x330e394, lpOverlapped=0x0 | out: lpBuffer=0x330fdb0*, lpNumberOfBytesRead=0x330e394*=0xd, lpOverlapped=0x0) returned 1 [0056.194] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x330fdc0 | out: pbBuffer=0x330fdc0) returned 1 [0056.194] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc80a8 [0056.194] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0056.194] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0056.194] ReadFile (in: hFile=0x1b0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x330e36c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x330e36c*=0xf8, lpOverlapped=0x0) returned 1 [0056.194] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0xffffff08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.194] WriteFile (in: hFile=0x1b0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x330fdb0, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x330fdb0*=0xf8, lpOverlapped=0x0) returned 1 [0056.194] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0056.199] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc80a8 | out: hHeap=0x5a0000) returned 1 [0056.199] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0056.199] WriteFile (in: hFile=0x1b0, lpBuffer=0x330e374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330e374*, lpNumberOfBytesWritten=0x330e378*=0x4, lpOverlapped=0x0) returned 1 [0056.199] WriteFile (in: hFile=0x1b0, lpBuffer=0x330fdc0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x330fdc0*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0056.199] WriteFile (in: hFile=0x1b0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x330e378*=0x20, lpOverlapped=0x0) returned 1 [0056.199] WriteFile (in: hFile=0x1b0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x330e378, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x330e378*=0xd, lpOverlapped=0x0) returned 1 [0056.199] CloseHandle (hObject=0x1b0) returned 1 [0056.199] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0056.200] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.lolkek") returned 77 [0056.200] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.lolkek")) returned 1 [0056.201] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0056.201] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f440 | out: hHeap=0x5a0000) returned 1 [0056.201] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.201] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.201] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico", dwFileAttributes=0x80) returned 0 [0056.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.201] RmStartSession () returned 0x0 [0056.204] RmRegisterResources () returned 0x0 [0056.206] RmGetList () returned 0x0 [0056.591] RmEndSession () returned 0x0 [0056.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.834] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eb70 | out: hHeap=0x5a0000) returned 1 [0056.834] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.834] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.834] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp", dwFileAttributes=0x80) returned 1 [0056.834] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp" (normalized: "c:\\users\\all users\\microsoft\\rac\\temp\\sql64ab.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.835] RmStartSession () returned 0x0 [0056.837] RmRegisterResources () returned 0x0 [0056.839] RmGetList () returned 0x0 [0057.051] GetCurrentProcessId () returned 0x86c [0057.051] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0057.051] RmEndSession () returned 0x0 [0057.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp" (normalized: "c:\\users\\all users\\microsoft\\rac\\temp\\sql64ab.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc09b0 | out: hHeap=0x5a0000) returned 1 [0057.072] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.072] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.072] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp", dwFileAttributes=0x80) returned 0 [0057.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.072] RmStartSession () returned 0x0 [0057.075] RmRegisterResources () returned 0x0 [0057.077] RmGetList () returned 0x0 [0057.603] RmEndSession () returned 0x0 [0057.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile12.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5fa0 | out: hHeap=0x5a0000) returned 1 [0057.670] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.670] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.670] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp", dwFileAttributes=0x80) returned 0 [0057.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.670] RmStartSession () returned 0x0 [0057.676] RmRegisterResources () returned 0x0 [0057.678] RmGetList () returned 0x0 [0058.127] RmEndSession () returned 0x0 [0058.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile24.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7788 | out: hHeap=0x5a0000) returned 1 [0058.156] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.156] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.157] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", dwFileAttributes=0x80) returned 0 [0058.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.157] RmStartSession () returned 0x0 [0058.160] RmRegisterResources () returned 0x0 [0058.162] RmGetList () returned 0x0 [0059.618] RmEndSession () returned 0x0 [0059.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4ba8 | out: hHeap=0x5a0000) returned 1 [0059.634] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.634] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.634] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov", dwFileAttributes=0x80) returned 0 [0059.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.634] RmStartSession () returned 0x0 [0059.637] RmRegisterResources () returned 0x0 [0059.640] RmGetList () returned 0x0 [0062.954] RmEndSession () returned 0x0 [0063.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5c88 | out: hHeap=0x5a0000) returned 1 [0063.099] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 11 os_tid = 0x908 [0035.506] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.853] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.853] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0035.853] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.853] RmStartSession () returned 0x0 [0036.287] RmRegisterResources () returned 0x0 [0036.290] RmGetList () returned 0x0 [0037.054] RmEndSession () returned 0x0 [0037.075] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.075] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc230 | out: hHeap=0x5a0000) returned 1 [0037.075] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.075] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.075] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.075] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.075] RmStartSession () returned 0x0 [0037.078] RmRegisterResources () returned 0x0 [0037.080] RmGetList () returned 0x0 [0037.760] RmEndSession () returned 0x0 [0037.782] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fe40 | out: hHeap=0x5a0000) returned 1 [0037.783] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.783] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.783] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.783] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.783] RmStartSession () returned 0x0 [0037.788] RmRegisterResources () returned 0x0 [0037.791] RmGetList () returned 0x0 [0041.698] RmEndSession () returned 0x0 [0041.718] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x630488 | out: hHeap=0x5a0000) returned 1 [0041.718] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.718] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.718] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", dwFileAttributes=0x80) returned 0 [0041.721] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.722] RmStartSession () returned 0x0 [0041.723] RmRegisterResources () returned 0x0 [0041.725] RmGetList () returned 0x0 [0042.795] RmEndSession () returned 0x0 [0042.815] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.816] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df2e30 | out: hHeap=0x5a0000) returned 1 [0042.816] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.816] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.816] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", dwFileAttributes=0x80) returned 0 [0042.816] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.816] RmStartSession () returned 0x0 [0042.818] RmRegisterResources () returned 0x0 [0042.821] RmGetList () returned 0x0 [0043.982] RmEndSession () returned 0x0 [0044.003] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.003] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676e08 | out: hHeap=0x5a0000) returned 1 [0044.003] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.003] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.003] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat", dwFileAttributes=0x80) returned 1 [0044.006] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\programdata\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0044.006] CloseHandle (hObject=0x160) returned 1 [0044.006] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\programdata\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.006] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0044.006] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0044.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0044.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0044.006] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0044.007] ReadFile (in: hFile=0x160, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x0, lpOverlapped=0x0) returned 1 [0044.007] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0044.007] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0044.007] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0044.007] WriteFile (in: hFile=0x160, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0044.007] WriteFile (in: hFile=0x160, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0044.007] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0044.007] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0044.008] CloseHandle (hObject=0x160) returned 1 [0044.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0044.008] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.lolkek") returned 82 [0044.008] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" (normalized: "c:\\programdata\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.lolkek" (normalized: "c:\\programdata\\microsoft\\user account pictures\\5p5nrgjn0js halpmcxz.dat.lolkek")) returned 1 [0044.008] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0044.008] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6762a0 | out: hHeap=0x5a0000) returned 1 [0044.008] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.008] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.008] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp", dwFileAttributes=0x80) returned 0 [0044.012] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.012] RmStartSession () returned 0x0 [0044.015] RmRegisterResources () returned 0x0 [0044.017] RmGetList () returned 0x0 [0044.679] RmEndSession () returned 0x0 [0044.700] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile10.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6763d8 | out: hHeap=0x5a0000) returned 1 [0044.700] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.700] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.700] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp", dwFileAttributes=0x80) returned 0 [0044.705] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.705] RmStartSession () returned 0x0 [0044.707] RmRegisterResources () returned 0x0 [0044.711] RmGetList () returned 0x0 [0045.360] RmEndSession () returned 0x0 [0045.382] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile22.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614508 | out: hHeap=0x5a0000) returned 1 [0045.382] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.382] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.382] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp", dwFileAttributes=0x80) returned 0 [0045.385] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.385] RmStartSession () returned 0x0 [0045.387] RmRegisterResources () returned 0x0 [0045.389] RmGetList () returned 0x0 [0046.158] RmEndSession () returned 0x0 [0046.178] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile34.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615528 | out: hHeap=0x5a0000) returned 1 [0046.178] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.178] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.178] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov", dwFileAttributes=0x80) returned 0 [0046.178] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0046.179] RmStartSession () returned 0x0 [0046.181] RmRegisterResources () returned 0x0 [0046.183] RmGetList () returned 0x0 [0047.178] RmEndSession () returned 0x0 [0047.200] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\fyi.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.200] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab7b0 | out: hHeap=0x5a0000) returned 1 [0047.200] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.200] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.200] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc", dwFileAttributes=0x80) returned 1 [0050.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.464] CloseHandle (hObject=0x25c) returned 1 [0050.464] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.467] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa74 [0050.467] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.467] ReadFile (in: hFile=0x27c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0050.468] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0050.469] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.469] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.469] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.469] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2ffdf1c*=0xa74, lpOverlapped=0x0) returned 1 [0050.469] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffff58c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.469] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xa74, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2fff960*=0xa74, lpOverlapped=0x0) returned 1 [0050.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.469] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.469] WriteFile (in: hFile=0x27c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0050.469] WriteFile (in: hFile=0x27c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0050.469] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0050.469] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0050.469] CloseHandle (hObject=0x27c) returned 1 [0050.469] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0050.470] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc.lolkek") returned 85 [0050.470] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc.lolkek")) returned 1 [0050.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0050.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cabf60 | out: hHeap=0x5a0000) returned 1 [0050.470] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.470] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.470] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal", dwFileAttributes=0x80) returned 1 [0050.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0050.621] CloseHandle (hObject=0x270) returned 1 [0050.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.665] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.665] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0050.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.665] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.665] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x0, lpOverlapped=0x0) returned 1 [0050.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.665] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.665] WriteFile (in: hFile=0x280, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0050.666] WriteFile (in: hFile=0x280, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0050.666] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0050.666] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0050.666] CloseHandle (hObject=0x280) returned 1 [0050.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67cd08 [0050.666] wsprintfW (in: param_1=0x67cd08, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal.lolkek") returned 104 [0050.666] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal.lolkek")) returned 1 [0050.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd08 | out: hHeap=0x5a0000) returned 1 [0050.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde708 | out: hHeap=0x5a0000) returned 1 [0050.800] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.800] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.800] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0050.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.879] CloseHandle (hObject=0x268) returned 1 [0050.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.886] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x31d [0050.886] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.886] ReadFile (in: hFile=0x268, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0050.887] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0050.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.888] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.888] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x31d, lpOverlapped=0x0) returned 1 [0050.888] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffce3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.888] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x31d, lpOverlapped=0x0) returned 1 [0050.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.888] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.888] WriteFile (in: hFile=0x268, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0050.889] WriteFile (in: hFile=0x268, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0050.889] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0050.889] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0050.889] CloseHandle (hObject=0x268) returned 1 [0050.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.890] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.lolkek") returned 147 [0050.890] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl.lolkek")) returned 1 [0050.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4c80 | out: hHeap=0x5a0000) returned 1 [0050.986] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.986] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.986] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl", dwFileAttributes=0x80) returned 1 [0051.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0051.061] CloseHandle (hObject=0x224) returned 1 [0051.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.085] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x410 [0051.085] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.085] ReadFile (in: hFile=0x1b4, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0051.095] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0051.095] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.095] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.095] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.095] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x410, lpOverlapped=0x0) returned 1 [0051.096] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffbf0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.096] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x410, lpOverlapped=0x0) returned 1 [0051.096] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.096] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.096] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.096] WriteFile (in: hFile=0x1b4, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0051.096] WriteFile (in: hFile=0x1b4, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0051.096] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0051.096] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0051.096] CloseHandle (hObject=0x1b4) returned 1 [0051.097] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.097] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.lolkek") returned 143 [0051.097] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl.lolkek")) returned 1 [0051.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eae488 | out: hHeap=0x5a0000) returned 1 [0051.261] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.261] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.261] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg", dwFileAttributes=0x80) returned 1 [0051.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.304] CloseHandle (hObject=0x24c) returned 1 [0051.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.320] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5d3f [0051.321] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.321] ReadFile (in: hFile=0x214, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0051.325] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0051.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.325] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.325] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0051.326] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.326] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0051.326] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.326] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.326] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.326] WriteFile (in: hFile=0x214, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0051.326] WriteFile (in: hFile=0x214, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0051.326] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0051.326] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0051.326] CloseHandle (hObject=0x214) returned 1 [0051.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ec7e38 [0051.328] wsprintfW (in: param_1=0x3ec7e38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.lolkek") returned 99 [0051.328] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg.lolkek")) returned 1 [0051.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec7e38 | out: hHeap=0x5a0000) returned 1 [0051.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0770 | out: hHeap=0x5a0000) returned 1 [0051.359] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.359] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.359] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg", dwFileAttributes=0x80) returned 1 [0051.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0051.466] CloseHandle (hObject=0x224) returned 1 [0051.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.466] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2949 [0051.466] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.466] ReadFile (in: hFile=0x224, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0051.474] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0051.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.474] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.474] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x2949, lpOverlapped=0x0) returned 1 [0051.477] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffd6b7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.477] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2949, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x2949, lpOverlapped=0x0) returned 1 [0051.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.477] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.477] WriteFile (in: hFile=0x224, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0051.477] WriteFile (in: hFile=0x224, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0051.477] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0051.477] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0051.477] CloseHandle (hObject=0x224) returned 1 [0051.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.490] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.lolkek") returned 101 [0051.490] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg.lolkek")) returned 1 [0051.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657908 | out: hHeap=0x5a0000) returned 1 [0051.927] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.927] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.927] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D", dwFileAttributes=0x80) returned 1 [0051.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0052.004] CloseHandle (hObject=0x2b8) returned 1 [0052.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.016] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x209 [0052.016] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.016] ReadFile (in: hFile=0x224, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.017] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.017] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.017] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x209, lpOverlapped=0x0) returned 1 [0052.017] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffdf7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.017] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x209, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x209, lpOverlapped=0x0) returned 1 [0052.017] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.017] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.017] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.017] WriteFile (in: hFile=0x224, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.017] WriteFile (in: hFile=0x224, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.018] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.018] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.018] CloseHandle (hObject=0x224) returned 1 [0052.018] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.018] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.lolkek") returned 125 [0052.018] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d.lolkek")) returned 1 [0052.040] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3b888 | out: hHeap=0x5a0000) returned 1 [0052.042] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.042] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.042] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21", dwFileAttributes=0x80) returned 1 [0052.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.064] CloseHandle (hObject=0x258) returned 1 [0052.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.076] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x22a [0052.076] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.076] ReadFile (in: hFile=0x224, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.076] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.076] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.076] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x22a, lpOverlapped=0x0) returned 1 [0052.077] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffdd6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.077] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x22a, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x22a, lpOverlapped=0x0) returned 1 [0052.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.077] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.077] WriteFile (in: hFile=0x224, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.077] WriteFile (in: hFile=0x224, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.077] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.077] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.077] CloseHandle (hObject=0x224) returned 1 [0052.078] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.078] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.lolkek") returned 125 [0052.078] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21.lolkek")) returned 1 [0052.105] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.105] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd4d8 | out: hHeap=0x5a0000) returned 1 [0052.105] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.105] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.105] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", dwFileAttributes=0x80) returned 1 [0052.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.125] CloseHandle (hObject=0x228) returned 1 [0052.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.135] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.135] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.135] ReadFile (in: hFile=0x2a0, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.135] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.136] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.136] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x1cf, lpOverlapped=0x0) returned 1 [0052.136] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.136] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x1cf, lpOverlapped=0x0) returned 1 [0052.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.136] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.136] WriteFile (in: hFile=0x2a0, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.136] WriteFile (in: hFile=0x2a0, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.136] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.136] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.136] CloseHandle (hObject=0x2a0) returned 1 [0052.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.137] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.lolkek") returned 158 [0052.137] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4.lolkek")) returned 1 [0052.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8538 | out: hHeap=0x5a0000) returned 1 [0052.160] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.160] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.160] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015", dwFileAttributes=0x80) returned 1 [0052.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.183] CloseHandle (hObject=0x258) returned 1 [0052.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.194] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2da [0052.194] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.194] ReadFile (in: hFile=0x290, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.196] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.196] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.196] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.196] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.196] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0052.196] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.196] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0052.197] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.197] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.197] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.197] WriteFile (in: hFile=0x290, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.197] WriteFile (in: hFile=0x290, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.197] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.197] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.197] CloseHandle (hObject=0x290) returned 1 [0052.198] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.198] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.lolkek") returned 125 [0052.198] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015.lolkek")) returned 1 [0052.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613668 | out: hHeap=0x5a0000) returned 1 [0052.225] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.225] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.226] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", dwFileAttributes=0x80) returned 1 [0052.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.246] CloseHandle (hObject=0x224) returned 1 [0052.246] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.258] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ed [0052.258] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.258] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.260] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.260] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.260] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x5ed, lpOverlapped=0x0) returned 1 [0052.260] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffa13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.260] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5ed, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x5ed, lpOverlapped=0x0) returned 1 [0052.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.260] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.260] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.260] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.260] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.261] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.261] CloseHandle (hObject=0x23c) returned 1 [0052.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.262] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.lolkek") returned 158 [0052.262] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc.lolkek")) returned 1 [0052.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dab2f0 | out: hHeap=0x5a0000) returned 1 [0052.294] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.294] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.294] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", dwFileAttributes=0x80) returned 1 [0052.294] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.295] CloseHandle (hObject=0x2a0) returned 1 [0052.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.295] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x190 [0052.295] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.295] ReadFile (in: hFile=0x2a0, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.296] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.296] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.296] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x190, lpOverlapped=0x0) returned 1 [0052.296] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffe70, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.296] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x190, lpOverlapped=0x0) returned 1 [0052.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.296] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.296] WriteFile (in: hFile=0x2a0, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.296] WriteFile (in: hFile=0x2a0, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.296] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.296] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.297] CloseHandle (hObject=0x2a0) returned 1 [0052.297] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.297] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.lolkek") returned 159 [0052.297] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b.lolkek")) returned 1 [0052.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eb70 | out: hHeap=0x5a0000) returned 1 [0052.299] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.299] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.300] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", dwFileAttributes=0x80) returned 1 [0052.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.301] CloseHandle (hObject=0x23c) returned 1 [0052.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.302] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x166 [0052.302] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.302] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.302] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.302] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.302] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x166, lpOverlapped=0x0) returned 1 [0052.303] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe9a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.303] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x166, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x166, lpOverlapped=0x0) returned 1 [0052.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.303] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.303] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.303] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.303] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.303] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.303] CloseHandle (hObject=0x23c) returned 1 [0052.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.304] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.lolkek") returned 159 [0052.304] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875.lolkek")) returned 1 [0052.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61ac70 | out: hHeap=0x5a0000) returned 1 [0052.304] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.304] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.304] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", dwFileAttributes=0x80) returned 1 [0052.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.306] CloseHandle (hObject=0x23c) returned 1 [0052.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.306] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x194 [0052.306] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.306] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.307] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.307] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.307] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x194, lpOverlapped=0x0) returned 1 [0052.307] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.307] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x194, lpOverlapped=0x0) returned 1 [0052.307] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.307] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.307] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.307] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.308] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.308] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.308] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.308] CloseHandle (hObject=0x23c) returned 1 [0052.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.308] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.lolkek") returned 159 [0052.308] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.lolkek")) returned 1 [0052.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61aee0 | out: hHeap=0x5a0000) returned 1 [0052.310] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.310] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.310] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406", dwFileAttributes=0x80) returned 1 [0052.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.310] CloseHandle (hObject=0x23c) returned 1 [0052.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.311] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10c [0052.311] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.311] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.311] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.311] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.311] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x10c, lpOverlapped=0x0) returned 1 [0052.311] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffef4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.312] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x10c, lpOverlapped=0x0) returned 1 [0052.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.312] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.312] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.312] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.312] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.312] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.312] CloseHandle (hObject=0x23c) returned 1 [0052.312] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.312] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.lolkek") returned 126 [0052.312] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406.lolkek")) returned 1 [0052.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61bff8 | out: hHeap=0x5a0000) returned 1 [0052.313] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.313] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.313] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D", dwFileAttributes=0x80) returned 1 [0052.313] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.313] CloseHandle (hObject=0x23c) returned 1 [0052.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.314] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x124 [0052.314] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.314] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.314] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.314] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.314] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x124, lpOverlapped=0x0) returned 1 [0052.314] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffedc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.315] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x124, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x124, lpOverlapped=0x0) returned 1 [0052.315] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.315] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.315] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.315] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.315] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.315] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.315] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.315] CloseHandle (hObject=0x23c) returned 1 [0052.315] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.315] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.lolkek") returned 126 [0052.315] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d.lolkek")) returned 1 [0052.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x645fb8 | out: hHeap=0x5a0000) returned 1 [0052.316] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.316] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.316] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D", dwFileAttributes=0x80) returned 1 [0052.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.316] CloseHandle (hObject=0x23c) returned 1 [0052.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.317] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdc [0052.317] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.317] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.317] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.317] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.317] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0xdc, lpOverlapped=0x0) returned 1 [0052.317] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffff24, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.318] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0xdc, lpOverlapped=0x0) returned 1 [0052.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.318] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.318] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.318] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.318] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.318] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.318] CloseHandle (hObject=0x23c) returned 1 [0052.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.318] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.lolkek") returned 126 [0052.318] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d.lolkek")) returned 1 [0052.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c1e0 | out: hHeap=0x5a0000) returned 1 [0052.319] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.319] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.319] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", dwFileAttributes=0x80) returned 1 [0052.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.320] CloseHandle (hObject=0x23c) returned 1 [0052.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.320] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18a [0052.320] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.320] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.320] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.320] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.321] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.321] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x18a, lpOverlapped=0x0) returned 1 [0052.321] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe76, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.321] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18a, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x18a, lpOverlapped=0x0) returned 1 [0052.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.321] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.321] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.321] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.321] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.321] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.321] CloseHandle (hObject=0x23c) returned 1 [0052.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.321] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.lolkek") returned 159 [0052.321] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.lolkek")) returned 1 [0052.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67ca98 | out: hHeap=0x5a0000) returned 1 [0052.322] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.322] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.322] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", dwFileAttributes=0x80) returned 1 [0052.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.323] CloseHandle (hObject=0x23c) returned 1 [0052.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.323] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x190 [0052.323] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.323] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.324] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.324] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.324] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x190, lpOverlapped=0x0) returned 1 [0052.324] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe70, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.324] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x190, lpOverlapped=0x0) returned 1 [0052.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.324] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.324] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.324] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.325] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.325] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.325] CloseHandle (hObject=0x23c) returned 1 [0052.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.325] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.lolkek") returned 159 [0052.325] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1.lolkek")) returned 1 [0052.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c3c8 | out: hHeap=0x5a0000) returned 1 [0052.333] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.333] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.333] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", dwFileAttributes=0x80) returned 1 [0052.333] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.334] CloseHandle (hObject=0x23c) returned 1 [0052.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.334] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1ae [0052.334] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.334] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.335] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.335] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.335] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x1ae, lpOverlapped=0x0) returned 1 [0052.335] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.335] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1ae, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x1ae, lpOverlapped=0x0) returned 1 [0052.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.335] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.335] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.336] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.336] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.336] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.336] CloseHandle (hObject=0x23c) returned 1 [0052.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.336] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.lolkek") returned 159 [0052.336] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398.lolkek")) returned 1 [0052.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b150 | out: hHeap=0x5a0000) returned 1 [0052.337] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.338] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.338] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", dwFileAttributes=0x80) returned 1 [0052.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.339] CloseHandle (hObject=0x23c) returned 1 [0052.339] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.339] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x194 [0052.339] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.339] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.339] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.339] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.340] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.340] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x194, lpOverlapped=0x0) returned 1 [0052.340] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.340] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x194, lpOverlapped=0x0) returned 1 [0052.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.340] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.340] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.340] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.340] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.340] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.340] CloseHandle (hObject=0x23c) returned 1 [0052.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.340] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.lolkek") returned 159 [0052.340] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9.lolkek")) returned 1 [0052.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3dfa0 | out: hHeap=0x5a0000) returned 1 [0052.348] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.349] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.349] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", dwFileAttributes=0x80) returned 1 [0052.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.349] CloseHandle (hObject=0x23c) returned 1 [0052.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.349] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x194 [0052.349] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.350] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.350] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.350] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.350] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x194, lpOverlapped=0x0) returned 1 [0052.350] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.350] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x194, lpOverlapped=0x0) returned 1 [0052.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.350] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.350] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.351] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.351] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.351] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.351] CloseHandle (hObject=0x23c) returned 1 [0052.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.351] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.lolkek") returned 159 [0052.351] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.lolkek")) returned 1 [0052.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3e210 | out: hHeap=0x5a0000) returned 1 [0052.353] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.353] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.353] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", dwFileAttributes=0x80) returned 1 [0052.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.371] CloseHandle (hObject=0x23c) returned 1 [0052.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.388] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x190 [0052.389] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.389] ReadFile (in: hFile=0x23c, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.389] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.389] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.389] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x190, lpOverlapped=0x0) returned 1 [0052.389] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe70, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.389] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x190, lpOverlapped=0x0) returned 1 [0052.389] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.389] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.389] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.389] WriteFile (in: hFile=0x23c, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.390] WriteFile (in: hFile=0x23c, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.390] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.390] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.390] CloseHandle (hObject=0x23c) returned 1 [0052.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.390] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.lolkek") returned 159 [0052.390] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.lolkek")) returned 1 [0052.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de04b0 | out: hHeap=0x5a0000) returned 1 [0052.410] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.410] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.410] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", dwFileAttributes=0x80) returned 1 [0052.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.431] CloseHandle (hObject=0x2bc) returned 1 [0052.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.441] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186 [0052.441] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.442] ReadFile (in: hFile=0x290, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.442] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.442] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.442] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x186, lpOverlapped=0x0) returned 1 [0052.442] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffe7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.442] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x186, lpOverlapped=0x0) returned 1 [0052.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.443] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.443] WriteFile (in: hFile=0x290, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.443] WriteFile (in: hFile=0x290, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.443] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.443] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.443] CloseHandle (hObject=0x290) returned 1 [0052.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.443] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.lolkek") returned 159 [0052.444] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.lolkek")) returned 1 [0052.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba070 | out: hHeap=0x5a0000) returned 1 [0052.461] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.461] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.461] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", dwFileAttributes=0x80) returned 1 [0052.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.480] CloseHandle (hObject=0x224) returned 1 [0052.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.491] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x188 [0052.491] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.491] ReadFile (in: hFile=0x210, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.492] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.492] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.492] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x188, lpOverlapped=0x0) returned 1 [0052.492] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe78, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.492] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x188, lpOverlapped=0x0) returned 1 [0052.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.492] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.492] WriteFile (in: hFile=0x210, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.492] WriteFile (in: hFile=0x210, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.492] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.492] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.493] CloseHandle (hObject=0x210) returned 1 [0052.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.493] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.lolkek") returned 159 [0052.493] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.lolkek")) returned 1 [0052.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8720 | out: hHeap=0x5a0000) returned 1 [0052.515] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.515] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.515] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", dwFileAttributes=0x80) returned 1 [0052.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0052.539] CloseHandle (hObject=0x290) returned 1 [0052.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.546] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a0 [0052.546] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.546] ReadFile (in: hFile=0x210, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.546] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.546] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.546] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x1a0, lpOverlapped=0x0) returned 1 [0052.546] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.546] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x1a0, lpOverlapped=0x0) returned 1 [0052.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.547] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.547] WriteFile (in: hFile=0x210, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.547] WriteFile (in: hFile=0x210, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.547] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.547] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.547] CloseHandle (hObject=0x210) returned 1 [0052.547] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.547] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.lolkek") returned 159 [0052.547] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.lolkek")) returned 1 [0052.572] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.572] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba2f8 | out: hHeap=0x5a0000) returned 1 [0052.572] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.572] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.572] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", dwFileAttributes=0x80) returned 1 [0052.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.625] CloseHandle (hObject=0x258) returned 1 [0052.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.784] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a0 [0052.784] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.787] ReadFile (in: hFile=0x294, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0052.787] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0052.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.788] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.788] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x2ffdf1c*=0x1a0, lpOverlapped=0x0) returned 1 [0052.788] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffe60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.788] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x2fff960*=0x1a0, lpOverlapped=0x0) returned 1 [0052.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.788] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.788] WriteFile (in: hFile=0x294, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0052.788] WriteFile (in: hFile=0x294, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.788] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0052.788] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0052.788] CloseHandle (hObject=0x294) returned 1 [0052.824] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.824] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.lolkek") returned 159 [0052.824] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.lolkek")) returned 1 [0052.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaafa8 | out: hHeap=0x5a0000) returned 1 [0052.991] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.991] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.991] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred", dwFileAttributes=0x80) returned 1 [0053.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0053.728] CloseHandle (hObject=0x258) returned 1 [0053.728] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0053.755] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18 [0053.755] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0053.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.755] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.755] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x18, lpOverlapped=0x0) returned 1 [0053.755] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffffe8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.755] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x18, lpOverlapped=0x0) returned 1 [0053.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.756] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.756] WriteFile (in: hFile=0x294, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0053.756] WriteFile (in: hFile=0x294, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0053.756] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0053.756] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0053.756] CloseHandle (hObject=0x294) returned 1 [0053.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0053.757] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.lolkek") returned 131 [0053.757] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred.lolkek")) returned 1 [0053.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0053.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3eaf0 | out: hHeap=0x5a0000) returned 1 [0053.769] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.769] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.769] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", dwFileAttributes=0x80) returned 1 [0053.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0053.791] CloseHandle (hObject=0x2b8) returned 1 [0053.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0053.809] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfde [0053.809] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.809] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0053.811] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0053.811] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.811] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.811] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.812] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0xfde, lpOverlapped=0x0) returned 1 [0053.812] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffff022, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.812] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xfde, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0xfde, lpOverlapped=0x0) returned 1 [0053.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.812] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.812] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0053.812] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0053.812] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0053.812] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0053.812] CloseHandle (hObject=0x1ec) returned 1 [0053.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0053.814] wsprintfW (in: param_1=0x3dac050, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.lolkek") returned 107 [0053.814] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js.lolkek")) returned 1 [0054.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.040] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddd10 | out: hHeap=0x5a0000) returned 1 [0054.040] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.040] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.040] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png", dwFileAttributes=0x80) returned 1 [0054.040] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\clx1v jiszc.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.040] CloseHandle (hObject=0x1ec) returned 1 [0054.040] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\clx1v jiszc.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.041] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb5c1 [0054.041] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.041] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.041] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.041] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.041] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.041] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.041] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.041] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.041] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.041] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.042] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.042] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.042] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.042] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.042] CloseHandle (hObject=0x1ec) returned 1 [0054.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.042] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png.lolkek") returned 70 [0054.042] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\clx1v jiszc.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\clx1v jiszc.png.lolkek")) returned 1 [0054.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94bc8 | out: hHeap=0x5a0000) returned 1 [0054.042] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.043] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.043] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps", dwFileAttributes=0x80) returned 1 [0054.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jceu6twfdt75.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.043] CloseHandle (hObject=0x1ec) returned 1 [0054.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jceu6twfdt75.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.043] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xeb13 [0054.043] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.043] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.044] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.044] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.044] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.044] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.044] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.044] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.044] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.044] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.044] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.044] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.044] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.044] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.044] CloseHandle (hObject=0x1ec) returned 1 [0054.044] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.044] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps.lolkek") returned 71 [0054.044] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jceu6twfdt75.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jceu6twfdt75.pps.lolkek")) returned 1 [0054.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6114f8 | out: hHeap=0x5a0000) returned 1 [0054.045] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.045] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.045] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv", dwFileAttributes=0x80) returned 1 [0054.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jfohtcyne_u.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.046] CloseHandle (hObject=0x1ec) returned 1 [0054.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jfohtcyne_u.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.046] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x772c [0054.046] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.046] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.046] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.046] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.046] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.046] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.046] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.046] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.046] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.047] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.047] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.047] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.047] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.047] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.047] CloseHandle (hObject=0x1ec) returned 1 [0054.047] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.047] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv.lolkek") returned 70 [0054.047] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jfohtcyne_u.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\jfohtcyne_u.mkv.lolkek")) returned 1 [0054.048] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.048] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3dc70 | out: hHeap=0x5a0000) returned 1 [0054.048] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.048] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.048] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif", dwFileAttributes=0x80) returned 1 [0054.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\ocbnpwow63hl8.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.048] CloseHandle (hObject=0x1ec) returned 1 [0054.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\ocbnpwow63hl8.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.049] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104f5 [0054.049] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.049] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.049] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.049] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.049] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.049] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.049] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.050] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.050] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.050] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.050] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.050] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.050] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.050] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.050] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.050] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.050] CloseHandle (hObject=0x1ec) returned 1 [0054.050] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.050] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif.lolkek") returned 85 [0054.050] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\ocbnpwow63hl8.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\ocbnpwow63hl8.gif.lolkek")) returned 1 [0054.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617000 | out: hHeap=0x5a0000) returned 1 [0054.051] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.051] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.051] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg", dwFileAttributes=0x80) returned 1 [0054.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\uxu-vepbvdsaouyax1.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.052] CloseHandle (hObject=0x1ec) returned 1 [0054.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\uxu-vepbvdsaouyax1.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.052] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b2d [0054.052] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.052] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.053] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.053] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.053] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.053] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.053] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x2b2d, lpOverlapped=0x0) returned 1 [0054.053] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffd4d3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.053] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2b2d, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x2b2d, lpOverlapped=0x0) returned 1 [0054.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.053] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.053] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.054] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.054] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.054] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.054] CloseHandle (hObject=0x1ec) returned 1 [0054.054] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.054] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg.lolkek") returned 90 [0054.054] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\uxu-vepbvdsaouyax1.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\uxu-vepbvdsaouyax1.jpg.lolkek")) returned 1 [0054.055] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.055] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadfd0 | out: hHeap=0x5a0000) returned 1 [0054.055] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.055] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.055] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg", dwFileAttributes=0x80) returned 1 [0054.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\-lfwfc09e9.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.055] CloseHandle (hObject=0x1ec) returned 1 [0054.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\-lfwfc09e9.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.055] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaad7 [0054.056] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.056] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.056] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.056] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.056] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.056] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.056] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.056] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.056] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.056] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.056] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.057] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.057] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.057] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.057] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.057] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.057] CloseHandle (hObject=0x1ec) returned 1 [0054.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.057] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg.lolkek") returned 99 [0054.057] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\-lfwfc09e9.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\-lfwfc09e9.jpg.lolkek")) returned 1 [0054.058] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.058] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3dd78 | out: hHeap=0x5a0000) returned 1 [0054.058] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.058] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.058] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav", dwFileAttributes=0x80) returned 1 [0054.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\iuyuv06qkuw1naci.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.058] CloseHandle (hObject=0x1ec) returned 1 [0054.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\iuyuv06qkuw1naci.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.058] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2561 [0054.058] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.058] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.059] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.059] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.059] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.059] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.059] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x2561, lpOverlapped=0x0) returned 1 [0054.059] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffda9f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.059] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2561, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x2561, lpOverlapped=0x0) returned 1 [0054.059] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.059] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.059] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.059] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.059] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.059] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.060] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.060] CloseHandle (hObject=0x1ec) returned 1 [0054.060] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.060] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav.lolkek") returned 105 [0054.060] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\iuyuv06qkuw1naci.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\iuyuv06qkuw1naci.wav.lolkek")) returned 1 [0054.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5040 | out: hHeap=0x5a0000) returned 1 [0054.060] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.060] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.060] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf", dwFileAttributes=0x80) returned 1 [0054.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\jdkg1qrkk89.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.061] CloseHandle (hObject=0x1ec) returned 1 [0054.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\jdkg1qrkk89.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.061] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x111cd [0054.061] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.061] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.062] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.062] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.062] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.062] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.062] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.062] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.062] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.062] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.062] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.062] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.062] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.062] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.062] CloseHandle (hObject=0x1ec) returned 1 [0054.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.063] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf.lolkek") returned 100 [0054.063] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\jdkg1qrkk89.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\jdkg1qrkk89.rtf.lolkek")) returned 1 [0054.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd51d8 | out: hHeap=0x5a0000) returned 1 [0054.063] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.063] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.063] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp", dwFileAttributes=0x80) returned 1 [0054.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\rg-yvnfqftolx.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.064] CloseHandle (hObject=0x1ec) returned 1 [0054.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\rg-yvnfqftolx.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.064] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x100c4 [0054.064] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.064] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.065] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.065] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.065] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.065] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.065] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.065] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.065] CloseHandle (hObject=0x1ec) returned 1 [0054.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.065] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp.lolkek") returned 102 [0054.066] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\rg-yvnfqftolx.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\rg-yvnfqftolx.bmp.lolkek")) returned 1 [0054.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5358 | out: hHeap=0x5a0000) returned 1 [0054.066] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.066] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.066] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif", dwFileAttributes=0x80) returned 1 [0054.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\tkgy9-2jwzikf.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.067] CloseHandle (hObject=0x1ec) returned 1 [0054.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\tkgy9-2jwzikf.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.067] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x69b0 [0054.067] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.067] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.067] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.067] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.067] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.067] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.067] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.068] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.068] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.068] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.068] CloseHandle (hObject=0x1ec) returned 1 [0054.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.068] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif.lolkek") returned 102 [0054.068] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\tkgy9-2jwzikf.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\tkgy9-2jwzikf.gif.lolkek")) returned 1 [0054.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd54e0 | out: hHeap=0x5a0000) returned 1 [0054.069] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.069] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.069] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp", dwFileAttributes=0x80) returned 1 [0054.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j0u7.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.069] CloseHandle (hObject=0x1ec) returned 1 [0054.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j0u7.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.070] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x69ff [0054.070] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.070] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.070] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.070] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.070] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.070] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.070] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.070] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.070] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.071] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.071] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.071] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.071] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.071] CloseHandle (hObject=0x1ec) returned 1 [0054.071] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.071] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp.lolkek") returned 57 [0054.071] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j0u7.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\j0u7.bmp.lolkek")) returned 1 [0054.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd748 | out: hHeap=0x5a0000) returned 1 [0054.072] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.072] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.072] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4", dwFileAttributes=0x80) returned 1 [0054.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mdpi.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.072] CloseHandle (hObject=0x1ec) returned 1 [0054.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mdpi.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.073] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd995 [0054.073] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.073] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.073] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.073] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.073] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.073] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.073] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.074] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.074] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.074] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.074] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.074] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.074] CloseHandle (hObject=0x1ec) returned 1 [0054.074] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.074] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4.lolkek") returned 57 [0054.074] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mdpi.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mdpi.mp4.lolkek")) returned 1 [0054.075] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.075] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe168 | out: hHeap=0x5a0000) returned 1 [0054.075] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.075] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.075] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi", dwFileAttributes=0x80) returned 1 [0054.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mmmskjiil4j4xki.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.075] CloseHandle (hObject=0x1ec) returned 1 [0054.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mmmskjiil4j4xki.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.075] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x157f4 [0054.075] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.076] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.076] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.076] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.076] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.076] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.076] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.076] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.076] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.076] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.076] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.077] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.077] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.077] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.077] CloseHandle (hObject=0x1ec) returned 1 [0054.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.077] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi.lolkek") returned 68 [0054.077] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mmmskjiil4j4xki.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mmmskjiil4j4xki.avi.lolkek")) returned 1 [0054.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.078] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0160 | out: hHeap=0x5a0000) returned 1 [0054.078] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.078] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.078] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi", dwFileAttributes=0x80) returned 1 [0054.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ncexe-7shydjis.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.078] CloseHandle (hObject=0x1ec) returned 1 [0054.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ncexe-7shydjis.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.078] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x128a0 [0054.078] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.078] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.079] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.079] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.079] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.079] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.079] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.079] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.079] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.079] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.079] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.079] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.080] CloseHandle (hObject=0x1ec) returned 1 [0054.080] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.080] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi.lolkek") returned 67 [0054.080] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ncexe-7shydjis.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ncexe-7shydjis.avi.lolkek")) returned 1 [0054.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0860 | out: hHeap=0x5a0000) returned 1 [0054.080] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.080] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.080] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a", dwFileAttributes=0x80) returned 1 [0054.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nji0qha.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.081] CloseHandle (hObject=0x1ec) returned 1 [0054.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nji0qha.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.081] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3b7f [0054.081] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.081] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.081] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.082] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.082] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x3b7f, lpOverlapped=0x0) returned 1 [0054.082] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc481, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3b7f, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x3b7f, lpOverlapped=0x0) returned 1 [0054.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.082] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.082] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.082] CloseHandle (hObject=0x1ec) returned 1 [0054.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.082] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a.lolkek") returned 60 [0054.082] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nji0qha.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nji0qha.m4a.lolkek")) returned 1 [0054.207] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.207] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbfad0 | out: hHeap=0x5a0000) returned 1 [0054.207] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.207] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.208] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png", dwFileAttributes=0x80) returned 1 [0054.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q21x-ei-l ux.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.209] CloseHandle (hObject=0x1ec) returned 1 [0054.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q21x-ei-l ux.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.209] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa5ec [0054.209] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.209] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.209] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.210] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.210] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.210] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.210] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.210] CloseHandle (hObject=0x1ec) returned 1 [0054.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.212] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png.lolkek") returned 65 [0054.212] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q21x-ei-l ux.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q21x-ei-l ux.png.lolkek")) returned 1 [0054.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8018 | out: hHeap=0x5a0000) returned 1 [0054.236] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.236] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.236] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv", dwFileAttributes=0x80) returned 1 [0054.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tl-v.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.239] CloseHandle (hObject=0x228) returned 1 [0054.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tl-v.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.239] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4cc9 [0054.239] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.239] ReadFile (in: hFile=0x228, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.240] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.240] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.240] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.240] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.240] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.240] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.240] WriteFile (in: hFile=0x228, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.240] WriteFile (in: hFile=0x228, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.241] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.241] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.241] CloseHandle (hObject=0x228) returned 1 [0054.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.242] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv.lolkek") returned 57 [0054.242] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tl-v.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tl-v.mkv.lolkek")) returned 1 [0054.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.301] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd670 | out: hHeap=0x5a0000) returned 1 [0054.301] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.301] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.301] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png", dwFileAttributes=0x80) returned 1 [0054.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zgz kfang84nkq.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0054.305] CloseHandle (hObject=0x228) returned 1 [0054.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zgz kfang84nkq.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.305] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18e11 [0054.305] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.305] ReadFile (in: hFile=0x228, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.306] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.306] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.306] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.306] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.306] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x4000, lpOverlapped=0x0) returned 1 [0054.306] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.306] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x4000, lpOverlapped=0x0) returned 1 [0054.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.306] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.306] WriteFile (in: hFile=0x228, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.306] WriteFile (in: hFile=0x228, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.306] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.306] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.306] CloseHandle (hObject=0x228) returned 1 [0054.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.307] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png.lolkek") returned 67 [0054.307] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zgz kfang84nkq.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zgz kfang84nkq.png.lolkek")) returned 1 [0054.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0360 | out: hHeap=0x5a0000) returned 1 [0054.722] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.722] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.722] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url", dwFileAttributes=0x80) returned 1 [0054.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0054.731] CloseHandle (hObject=0x1e0) returned 1 [0054.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0054.736] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.736] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.736] ReadFile (in: hFile=0x294, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0054.736] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0054.736] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.736] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.736] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.736] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0x85, lpOverlapped=0x0) returned 1 [0054.736] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.736] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0x85, lpOverlapped=0x0) returned 1 [0054.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.737] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.737] WriteFile (in: hFile=0x294, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0054.737] WriteFile (in: hFile=0x294, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.737] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0054.737] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0054.737] CloseHandle (hObject=0x294) returned 1 [0054.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.737] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.lolkek") returned 88 [0054.737] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.lolkek")) returned 1 [0054.942] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae938 | out: hHeap=0x5a0000) returned 1 [0054.947] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.948] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.948] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", dwFileAttributes=0x80) returned 1 [0054.948] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0054.948] RmStartSession () returned 0x0 [0054.950] RmRegisterResources () returned 0x0 [0054.952] RmGetList () returned 0x0 [0055.082] GetCurrentProcessId () returned 0x86c [0055.082] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0055.082] RmEndSession () returned 0x0 [0055.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3bfc8 | out: hHeap=0x5a0000) returned 1 [0055.103] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.103] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.103] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", dwFileAttributes=0x80) returned 1 [0055.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.104] RmStartSession () returned 0x0 [0055.106] RmRegisterResources () returned 0x0 [0055.108] RmGetList () returned 0x0 [0055.353] GetCurrentProcessId () returned 0x86c [0055.353] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0055.353] RmEndSession () returned 0x0 [0055.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67ca98 | out: hHeap=0x5a0000) returned 1 [0055.378] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.378] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.378] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms", dwFileAttributes=0x80) returned 1 [0055.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0056.014] CloseHandle (hObject=0x1ec) returned 1 [0056.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0056.153] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf8 [0056.153] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.153] ReadFile (in: hFile=0x1ec, lpBuffer=0x2fff960, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x2ffdf44, lpOverlapped=0x0 | out: lpBuffer=0x2fff960*, lpNumberOfBytesRead=0x2ffdf44*=0xd, lpOverlapped=0x0) returned 1 [0056.153] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x2fff970 | out: pbBuffer=0x2fff970) returned 1 [0056.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0056.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0056.302] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0056.302] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x2ffdf1c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x2ffdf1c*=0xf8, lpOverlapped=0x0) returned 1 [0056.302] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.302] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0x2fff960, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x2fff960*=0xf8, lpOverlapped=0x0) returned 1 [0056.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0056.307] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0056.307] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0056.307] WriteFile (in: hFile=0x1ec, lpBuffer=0x2ffdf24*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2ffdf24*, lpNumberOfBytesWritten=0x2ffdf28*=0x4, lpOverlapped=0x0) returned 1 [0056.307] WriteFile (in: hFile=0x1ec, lpBuffer=0x2fff970*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x2fff970*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0056.307] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x2ffdf28*=0x20, lpOverlapped=0x0) returned 1 [0056.307] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x2ffdf28, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x2ffdf28*=0xd, lpOverlapped=0x0) returned 1 [0056.307] CloseHandle (hObject=0x1ec) returned 1 [0056.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0056.307] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.lolkek") returned 70 [0056.307] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.lolkek")) returned 1 [0056.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0056.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec50a0 | out: hHeap=0x5a0000) returned 1 [0056.308] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.308] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.308] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico", dwFileAttributes=0x80) returned 0 [0056.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.309] RmStartSession () returned 0x0 [0056.312] RmRegisterResources () returned 0x0 [0056.314] RmGetList () returned 0x0 [0056.588] RmEndSession () returned 0x0 [0056.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf2c98 | out: hHeap=0x5a0000) returned 1 [0056.612] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.612] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.612] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", dwFileAttributes=0x80) returned 0 [0056.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.612] RmStartSession () returned 0x0 [0056.615] RmRegisterResources () returned 0x0 [0056.617] RmGetList () returned 0x0 [0057.086] RmEndSession () returned 0x0 [0057.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.248] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634210 | out: hHeap=0x5a0000) returned 1 [0057.248] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.248] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.248] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp", dwFileAttributes=0x80) returned 0 [0057.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.248] RmStartSession () returned 0x0 [0057.251] RmRegisterResources () returned 0x0 [0057.254] RmGetList () returned 0x0 [0057.643] RmEndSession () returned 0x0 [0057.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile16.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5cd0 | out: hHeap=0x5a0000) returned 1 [0057.867] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.867] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.867] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp", dwFileAttributes=0x80) returned 0 [0057.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.868] RmStartSession () returned 0x0 [0057.870] RmRegisterResources () returned 0x0 [0057.873] RmGetList () returned 0x0 [0059.753] RmEndSession () returned 0x0 [0059.768] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile28.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4338 | out: hHeap=0x5a0000) returned 1 [0059.768] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.768] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.768] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg", dwFileAttributes=0x80) returned 0 [0059.768] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.768] RmStartSession () returned 0x0 [0059.771] RmRegisterResources () returned 0x0 [0059.774] RmGetList () returned 0x0 [0062.974] RmEndSession () returned 0x0 [0063.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\welcomescan.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612218 | out: hHeap=0x5a0000) returned 1 [0063.137] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 12 os_tid = 0x918 [0035.506] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.853] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.853] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0035.857] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.857] RmStartSession () returned 0x0 [0036.311] RmRegisterResources () returned 0x0 [0036.313] RmGetList () returned 0x0 [0036.994] RmEndSession () returned 0x0 [0037.014] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.014] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc070 | out: hHeap=0x5a0000) returned 1 [0037.014] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.014] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.014] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.014] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.014] RmStartSession () returned 0x0 [0037.016] RmRegisterResources () returned 0x0 [0037.018] RmGetList () returned 0x0 [0037.703] RmEndSession () returned 0x0 [0037.725] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fdb0 | out: hHeap=0x5a0000) returned 1 [0037.725] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.725] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.725] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.725] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.726] RmStartSession () returned 0x0 [0037.728] RmRegisterResources () returned 0x0 [0037.730] RmGetList () returned 0x0 [0041.621] RmEndSession () returned 0x0 [0041.652] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6303f8 | out: hHeap=0x5a0000) returned 1 [0041.652] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.652] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.652] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", dwFileAttributes=0x80) returned 0 [0041.652] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.652] RmStartSession () returned 0x0 [0041.657] RmRegisterResources () returned 0x0 [0041.661] RmGetList () returned 0x0 [0042.743] RmEndSession () returned 0x0 [0042.766] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.766] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf8b0 | out: hHeap=0x5a0000) returned 1 [0042.766] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.766] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.766] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", dwFileAttributes=0x80) returned 0 [0042.766] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.766] RmStartSession () returned 0x0 [0042.769] RmRegisterResources () returned 0x0 [0042.771] RmGetList () returned 0x0 [0043.906] RmEndSession () returned 0x0 [0043.926] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94c58 | out: hHeap=0x5a0000) returned 1 [0043.927] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.927] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.927] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp", dwFileAttributes=0x80) returned 1 [0043.927] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp" (normalized: "c:\\programdata\\microsoft\\rac\\temp\\sql64bb.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.927] RmStartSession () returned 0x0 [0043.929] RmRegisterResources () returned 0x0 [0043.938] RmGetList () returned 0x0 [0044.623] GetCurrentProcessId () returned 0x86c [0044.623] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0044.623] RmEndSession () returned 0x0 [0044.645] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp" (normalized: "c:\\programdata\\microsoft\\rac\\temp\\sql64bb.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.645] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6761d0 | out: hHeap=0x5a0000) returned 1 [0044.645] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.645] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.645] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", dwFileAttributes=0x80) returned 0 [0044.645] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.645] RmStartSession () returned 0x0 [0044.648] RmRegisterResources () returned 0x0 [0044.651] RmGetList () returned 0x0 [0045.308] RmEndSession () returned 0x0 [0045.328] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6143b0 | out: hHeap=0x5a0000) returned 1 [0045.328] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.328] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.328] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp", dwFileAttributes=0x80) returned 0 [0045.328] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.328] RmStartSession () returned 0x0 [0045.331] RmRegisterResources () returned 0x0 [0045.333] RmGetList () returned 0x0 [0046.035] RmEndSession () returned 0x0 [0046.057] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile33.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.057] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6153d0 | out: hHeap=0x5a0000) returned 1 [0046.057] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.057] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.057] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp", dwFileAttributes=0x80) returned 1 [0046.058] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8 [0046.058] CloseHandle (hObject=0x1f8) returned 1 [0046.058] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.058] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0046.058] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.058] ReadFile (in: hFile=0x1f8, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.062] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.062] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.062] ReadFile (in: hFile=0x1f8, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0046.063] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.063] WriteFile (in: hFile=0x1f8, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0046.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.063] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.063] WriteFile (in: hFile=0x1f8, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.063] WriteFile (in: hFile=0x1f8, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.063] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.063] WriteFile (in: hFile=0x1f8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.063] CloseHandle (hObject=0x1f8) returned 1 [0046.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.063] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp.lolkek") returned 67 [0046.063] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp.lolkek" (normalized: "c:\\programdata\\microsoft\\user account pictures\\guest.bmp.lolkek")) returned 1 [0046.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd270 | out: hHeap=0x5a0000) returned 1 [0046.064] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.064] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.064] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp", dwFileAttributes=0x80) returned 1 [0046.064] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8 [0046.064] CloseHandle (hObject=0x1f8) returned 1 [0046.064] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.064] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc038 [0046.064] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.064] ReadFile (in: hFile=0x1f8, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.065] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.065] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.065] ReadFile (in: hFile=0x1f8, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0046.065] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.065] WriteFile (in: hFile=0x1f8, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0046.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.065] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.066] WriteFile (in: hFile=0x1f8, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.066] WriteFile (in: hFile=0x1f8, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.066] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.066] WriteFile (in: hFile=0x1f8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.066] CloseHandle (hObject=0x1f8) returned 1 [0046.066] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.066] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp.lolkek") returned 66 [0046.066] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp.lolkek" (normalized: "c:\\programdata\\microsoft\\user account pictures\\user.bmp.lolkek")) returned 1 [0046.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd370 | out: hHeap=0x5a0000) returned 1 [0046.066] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.066] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.066] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm", dwFileAttributes=0x80) returned 1 [0046.069] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198 [0046.069] CloseHandle (hObject=0x198) returned 1 [0046.069] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.069] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb17190 [0046.069] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.069] ReadFile (in: hFile=0x198, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.079] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.079] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.079] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.079] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.079] ReadFile (in: hFile=0x198, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0046.080] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.080] WriteFile (in: hFile=0x198, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0046.081] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.081] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.081] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.081] WriteFile (in: hFile=0x198, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.081] WriteFile (in: hFile=0x198, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.081] WriteFile (in: hFile=0x198, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.081] WriteFile (in: hFile=0x198, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.081] CloseHandle (hObject=0x198) returned 1 [0046.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.081] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.lolkek") returned 123 [0046.081] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasbase.vdm.lolkek")) returned 1 [0046.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698d90 | out: hHeap=0x5a0000) returned 1 [0046.082] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.082] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.082] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm", dwFileAttributes=0x80) returned 1 [0046.082] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198 [0046.082] CloseHandle (hObject=0x198) returned 1 [0046.082] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.082] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x52d90 [0046.082] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.082] ReadFile (in: hFile=0x198, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.085] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.085] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.085] ReadFile (in: hFile=0x198, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0046.087] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.087] WriteFile (in: hFile=0x198, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0046.087] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.087] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.087] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.087] WriteFile (in: hFile=0x198, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.087] WriteFile (in: hFile=0x198, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.087] WriteFile (in: hFile=0x198, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.087] WriteFile (in: hFile=0x198, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.087] CloseHandle (hObject=0x198) returned 1 [0046.087] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.088] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.lolkek") returned 123 [0046.088] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpasdlta.vdm.lolkek")) returned 1 [0046.088] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.088] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd468 | out: hHeap=0x5a0000) returned 1 [0046.088] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.088] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.088] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll", dwFileAttributes=0x80) returned 1 [0046.088] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198 [0046.088] CloseHandle (hObject=0x198) returned 1 [0046.088] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.089] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7d1d50 [0046.089] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.089] ReadFile (in: hFile=0x198, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.092] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.092] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.092] ReadFile (in: hFile=0x198, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0046.093] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.093] WriteFile (in: hFile=0x198, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0046.093] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.093] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.093] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.093] WriteFile (in: hFile=0x198, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.093] WriteFile (in: hFile=0x198, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.094] WriteFile (in: hFile=0x198, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.094] WriteFile (in: hFile=0x198, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.094] CloseHandle (hObject=0x198) returned 1 [0046.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.094] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.lolkek") returned 123 [0046.094] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\mpengine.dll.lolkek")) returned 1 [0046.094] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.094] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd648 | out: hHeap=0x5a0000) returned 1 [0046.094] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.094] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.094] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin", dwFileAttributes=0x80) returned 1 [0046.095] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198 [0046.095] CloseHandle (hObject=0x198) returned 1 [0046.095] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.095] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x33b60 [0046.095] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.095] ReadFile (in: hFile=0x198, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.098] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.098] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.098] ReadFile (in: hFile=0x198, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0046.099] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.099] WriteFile (in: hFile=0x198, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0046.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.099] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.099] WriteFile (in: hFile=0x198, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.099] WriteFile (in: hFile=0x198, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.099] WriteFile (in: hFile=0x198, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.099] WriteFile (in: hFile=0x198, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.099] CloseHandle (hObject=0x198) returned 1 [0046.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.101] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.lolkek") returned 89 [0046.101] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\mpsfc.bin.lolkek")) returned 1 [0046.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae128 | out: hHeap=0x5a0000) returned 1 [0046.102] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.102] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.102] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", dwFileAttributes=0x80) returned 1 [0046.102] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198 [0046.102] CloseHandle (hObject=0x198) returned 1 [0046.102] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.102] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a60 [0046.102] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.102] ReadFile (in: hFile=0x198, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.106] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.106] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.106] ReadFile (in: hFile=0x198, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x1a60, lpOverlapped=0x0) returned 1 [0046.107] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xffffe5a0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.107] WriteFile (in: hFile=0x198, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x1a60, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x1a60, lpOverlapped=0x0) returned 1 [0046.107] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.107] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.107] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.107] WriteFile (in: hFile=0x198, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.107] WriteFile (in: hFile=0x198, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.107] WriteFile (in: hFile=0x198, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.107] WriteFile (in: hFile=0x198, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.107] CloseHandle (hObject=0x198) returned 1 [0046.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.107] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.lolkek") returned 122 [0046.107] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\{1d1dbf3a-752f-47e2-be70-d848d4a9afb0}.lolkek")) returned 1 [0046.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd828 | out: hHeap=0x5a0000) returned 1 [0046.108] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.108] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.108] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log", dwFileAttributes=0x80) returned 1 [0046.111] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8 [0046.111] CloseHandle (hObject=0x1f8) returned 1 [0046.111] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.111] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2 [0046.111] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.111] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.111] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.111] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.111] ReadFile (in: hFile=0x1f8, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x2, lpOverlapped=0x0) returned 1 [0046.111] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0xfffffffe, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.112] WriteFile (in: hFile=0x1f8, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x2, lpOverlapped=0x0) returned 1 [0046.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.112] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.112] WriteFile (in: hFile=0x1f8, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.112] WriteFile (in: hFile=0x1f8, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.112] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.112] WriteFile (in: hFile=0x1f8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.112] CloseHandle (hObject=0x1f8) returned 1 [0046.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.112] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.lolkek") returned 86 [0046.112] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\history.log.lolkek")) returned 1 [0046.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.113] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617668 | out: hHeap=0x5a0000) returned 1 [0046.113] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.113] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.113] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log", dwFileAttributes=0x80) returned 1 [0046.116] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198 [0046.117] CloseHandle (hObject=0x198) returned 1 [0046.117] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.117] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a86 [0046.117] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.117] ReadFile (in: hFile=0x198, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.118] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.118] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.118] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.118] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.118] ReadFile (in: hFile=0x198, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x1a86, lpOverlapped=0x0) returned 1 [0046.118] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xffffe57a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.118] WriteFile (in: hFile=0x198, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x1a86, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x1a86, lpOverlapped=0x0) returned 1 [0046.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.119] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.119] WriteFile (in: hFile=0x198, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.119] WriteFile (in: hFile=0x198, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.119] WriteFile (in: hFile=0x198, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.119] WriteFile (in: hFile=0x198, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.119] CloseHandle (hObject=0x198) returned 1 [0046.119] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.119] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.lolkek") returned 86 [0046.119] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\unknown.log.lolkek")) returned 1 [0046.119] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.119] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab8f8 | out: hHeap=0x5a0000) returned 1 [0046.119] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.119] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.119] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log", dwFileAttributes=0x80) returned 1 [0046.120] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198 [0046.120] CloseHandle (hObject=0x198) returned 1 [0046.120] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.120] GetFileSize (in: hFile=0x198, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x30ada [0046.120] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.120] ReadFile (in: hFile=0x198, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0046.123] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0046.123] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.123] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.123] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.123] ReadFile (in: hFile=0x198, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0046.124] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.124] WriteFile (in: hFile=0x198, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0046.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.125] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.125] WriteFile (in: hFile=0x198, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0046.125] WriteFile (in: hFile=0x198, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.125] WriteFile (in: hFile=0x198, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0046.125] WriteFile (in: hFile=0x198, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0046.125] CloseHandle (hObject=0x198) returned 1 [0046.125] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.125] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.lolkek") returned 86 [0046.125] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.lolkek" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\mplog-07132009-221054.log.lolkek")) returned 1 [0046.125] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.125] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caba40 | out: hHeap=0x5a0000) returned 1 [0046.125] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.125] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.125] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov", dwFileAttributes=0x80) returned 0 [0046.128] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0046.128] RmStartSession () returned 0x0 [0046.130] RmRegisterResources () returned 0x0 [0046.133] RmGetList () returned 0x0 [0047.157] RmEndSession () returned 0x0 [0047.178] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae280 | out: hHeap=0x5a0000) returned 1 [0047.178] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.178] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.178] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc", dwFileAttributes=0x80) returned 1 [0050.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.464] CloseHandle (hObject=0x27c) returned 1 [0050.464] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.466] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x102a0 [0050.466] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.466] ReadFile (in: hFile=0x25c, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0050.468] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0050.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.468] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.468] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0050.471] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.471] WriteFile (in: hFile=0x25c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0050.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.471] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.471] WriteFile (in: hFile=0x25c, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0050.471] WriteFile (in: hFile=0x25c, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0050.471] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0050.471] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0050.471] CloseHandle (hObject=0x25c) returned 1 [0050.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0050.471] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc.lolkek") returned 86 [0050.471] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc.lolkek")) returned 1 [0050.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0050.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cabb88 | out: hHeap=0x5a0000) returned 1 [0050.472] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.472] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.472] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity", dwFileAttributes=0x80) returned 1 [0050.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0050.624] CloseHandle (hObject=0x1ec) returned 1 [0050.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.667] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x278 [0050.667] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.667] ReadFile (in: hFile=0x24c, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0050.668] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0050.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.668] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.668] ReadFile (in: hFile=0x24c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x278, lpOverlapped=0x0) returned 1 [0050.669] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffd88, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.669] WriteFile (in: hFile=0x24c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x278, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x278, lpOverlapped=0x0) returned 1 [0050.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.669] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.669] WriteFile (in: hFile=0x24c, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0050.669] WriteFile (in: hFile=0x24c, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0050.669] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0050.669] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0050.669] CloseHandle (hObject=0x24c) returned 1 [0050.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0050.670] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity.lolkek") returned 104 [0050.670] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity.lolkek")) returned 1 [0050.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0050.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde898 | out: hHeap=0x5a0000) returned 1 [0050.814] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.814] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.814] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0050.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.881] CloseHandle (hObject=0x268) returned 1 [0050.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.890] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x311 [0050.890] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.890] ReadFile (in: hFile=0x1ec, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0050.892] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0050.892] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.892] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.892] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.892] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x311, lpOverlapped=0x0) returned 1 [0050.892] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffcef, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.892] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x311, lpOverlapped=0x0) returned 1 [0050.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.892] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.892] WriteFile (in: hFile=0x1ec, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0050.892] WriteFile (in: hFile=0x1ec, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0050.892] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0050.893] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0050.893] CloseHandle (hObject=0x1ec) returned 1 [0050.893] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0050.893] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.lolkek") returned 142 [0050.893] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl.lolkek")) returned 1 [0050.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c6b90 | out: hHeap=0x5a0000) returned 1 [0050.987] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.987] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.987] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0051.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0051.067] CloseHandle (hObject=0x27c) returned 1 [0051.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0051.094] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fc [0051.094] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.094] ReadFile (in: hFile=0x2bc, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0051.096] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0051.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.097] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.097] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.097] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x3fc, lpOverlapped=0x0) returned 1 [0051.097] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffc04, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.097] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3fc, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x3fc, lpOverlapped=0x0) returned 1 [0051.097] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.097] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.097] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.097] WriteFile (in: hFile=0x2bc, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0051.097] WriteFile (in: hFile=0x2bc, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0051.097] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0051.097] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0051.097] CloseHandle (hObject=0x2bc) returned 1 [0051.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.099] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.lolkek") returned 142 [0051.099] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl.lolkek")) returned 1 [0051.272] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.272] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7880 | out: hHeap=0x5a0000) returned 1 [0051.272] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.272] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.272] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm", dwFileAttributes=0x80) returned 1 [0051.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.304] CloseHandle (hObject=0x24c) returned 1 [0051.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0051.321] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xeb [0051.321] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.323] ReadFile (in: hFile=0x268, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0051.324] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0051.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.324] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.324] ReadFile (in: hFile=0x268, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0xeb, lpOverlapped=0x0) returned 1 [0051.324] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffff15, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.324] WriteFile (in: hFile=0x268, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0xeb, lpOverlapped=0x0) returned 1 [0051.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.324] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.324] WriteFile (in: hFile=0x268, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0051.324] WriteFile (in: hFile=0x268, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0051.324] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0051.324] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0051.325] CloseHandle (hObject=0x268) returned 1 [0051.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0051.325] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.lolkek") returned 104 [0051.326] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm.lolkek")) returned 1 [0051.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0051.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0c20 | out: hHeap=0x5a0000) returned 1 [0051.358] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.358] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.358] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm", dwFileAttributes=0x80) returned 1 [0051.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.447] CloseHandle (hObject=0x23c) returned 1 [0051.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.447] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0051.447] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.447] ReadFile (in: hFile=0x23c, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0051.448] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0051.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.448] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.448] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0xe8, lpOverlapped=0x0) returned 1 [0051.448] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.448] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0xe8, lpOverlapped=0x0) returned 1 [0051.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.448] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.448] WriteFile (in: hFile=0x23c, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0051.448] WriteFile (in: hFile=0x23c, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0051.448] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0051.449] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0051.449] CloseHandle (hObject=0x23c) returned 1 [0051.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.456] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.lolkek") returned 102 [0051.456] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm.lolkek")) returned 1 [0051.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657780 | out: hHeap=0x5a0000) returned 1 [0051.911] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.911] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.911] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406", dwFileAttributes=0x80) returned 1 [0051.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.002] CloseHandle (hObject=0x2bc) returned 1 [0052.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.011] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf1d [0052.011] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.011] ReadFile (in: hFile=0x280, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.012] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.012] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.012] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0xf1d, lpOverlapped=0x0) returned 1 [0052.013] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffff0e3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.013] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xf1d, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0xf1d, lpOverlapped=0x0) returned 1 [0052.013] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.013] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.013] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.013] WriteFile (in: hFile=0x280, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.013] WriteFile (in: hFile=0x280, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.013] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.013] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.013] CloseHandle (hObject=0x280) returned 1 [0052.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.015] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.lolkek") returned 125 [0052.015] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406.lolkek")) returned 1 [0052.035] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.035] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec7338 | out: hHeap=0x5a0000) returned 1 [0052.035] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.035] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.035] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD", dwFileAttributes=0x80) returned 1 [0052.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.036] CloseHandle (hObject=0x280) returned 1 [0052.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.036] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x32d [0052.036] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.036] ReadFile (in: hFile=0x280, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.037] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.037] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.037] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.037] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.037] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x32d, lpOverlapped=0x0) returned 1 [0052.037] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffcd3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.037] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x32d, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x32d, lpOverlapped=0x0) returned 1 [0052.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.037] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.037] WriteFile (in: hFile=0x280, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.037] WriteFile (in: hFile=0x280, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.037] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.038] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.038] CloseHandle (hObject=0x280) returned 1 [0052.038] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.038] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.lolkek") returned 125 [0052.038] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad.lolkek")) returned 1 [0052.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3ba70 | out: hHeap=0x5a0000) returned 1 [0052.063] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.063] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.063] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", dwFileAttributes=0x80) returned 1 [0052.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.097] CloseHandle (hObject=0x2bc) returned 1 [0052.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.099] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.099] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.099] ReadFile (in: hFile=0x258, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.100] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.100] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.100] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x1cf, lpOverlapped=0x0) returned 1 [0052.100] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.100] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x1cf, lpOverlapped=0x0) returned 1 [0052.100] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.100] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.100] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.100] WriteFile (in: hFile=0x258, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.100] WriteFile (in: hFile=0x258, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.100] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.101] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.101] CloseHandle (hObject=0x258) returned 1 [0052.102] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.102] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.lolkek") returned 158 [0052.102] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0.lolkek")) returned 1 [0052.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1768 | out: hHeap=0x5a0000) returned 1 [0052.124] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.124] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.124] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", dwFileAttributes=0x80) returned 1 [0052.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.149] CloseHandle (hObject=0x2bc) returned 1 [0052.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0052.154] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x56e [0052.154] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.154] ReadFile (in: hFile=0x2bc, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.156] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.157] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.157] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.157] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.157] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x56e, lpOverlapped=0x0) returned 1 [0052.157] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffa92, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.157] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x56e, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x56e, lpOverlapped=0x0) returned 1 [0052.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.157] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.157] WriteFile (in: hFile=0x2bc, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.157] WriteFile (in: hFile=0x2bc, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.157] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.157] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.157] CloseHandle (hObject=0x2bc) returned 1 [0052.158] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.158] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.lolkek") returned 158 [0052.158] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56.lolkek")) returned 1 [0052.184] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.184] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da93a8 | out: hHeap=0x5a0000) returned 1 [0052.184] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.184] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.184] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", dwFileAttributes=0x80) returned 1 [0052.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.213] CloseHandle (hObject=0x280) returned 1 [0052.213] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.218] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ee [0052.218] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.218] ReadFile (in: hFile=0x258, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.219] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.219] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.219] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x5ee, lpOverlapped=0x0) returned 1 [0052.219] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffa12, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.219] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5ee, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x5ee, lpOverlapped=0x0) returned 1 [0052.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.219] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.219] WriteFile (in: hFile=0x258, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.219] WriteFile (in: hFile=0x258, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.219] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.220] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.220] CloseHandle (hObject=0x258) returned 1 [0052.224] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.224] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.lolkek") returned 158 [0052.224] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001.lolkek")) returned 1 [0052.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa950 | out: hHeap=0x5a0000) returned 1 [0052.247] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.247] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.247] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", dwFileAttributes=0x80) returned 1 [0052.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0052.278] CloseHandle (hObject=0x2b8) returned 1 [0052.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.283] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x663 [0052.283] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.283] ReadFile (in: hFile=0x224, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.285] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.285] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.285] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.285] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.285] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x663, lpOverlapped=0x0) returned 1 [0052.285] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffff99d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.285] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x663, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x663, lpOverlapped=0x0) returned 1 [0052.285] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.285] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.285] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.285] WriteFile (in: hFile=0x224, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.285] WriteFile (in: hFile=0x224, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.285] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.285] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.286] CloseHandle (hObject=0x224) returned 1 [0052.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.291] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.lolkek") returned 158 [0052.291] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c.lolkek")) returned 1 [0052.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebff70 | out: hHeap=0x5a0000) returned 1 [0052.374] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.374] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.374] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9", dwFileAttributes=0x80) returned 1 [0052.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.400] CloseHandle (hObject=0x280) returned 1 [0052.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.410] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdc [0052.410] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.410] ReadFile (in: hFile=0x23c, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.411] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.411] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.411] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0xdc, lpOverlapped=0x0) returned 1 [0052.411] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffff24, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.411] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0xdc, lpOverlapped=0x0) returned 1 [0052.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.411] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.411] WriteFile (in: hFile=0x23c, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.411] WriteFile (in: hFile=0x23c, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.411] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.412] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.412] CloseHandle (hObject=0x23c) returned 1 [0052.413] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.413] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek") returned 126 [0052.413] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9.lolkek")) returned 1 [0052.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc9da0 | out: hHeap=0x5a0000) returned 1 [0052.433] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.433] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.433] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", dwFileAttributes=0x80) returned 1 [0052.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.452] CloseHandle (hObject=0x2a0) returned 1 [0052.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.462] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186 [0052.462] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.462] ReadFile (in: hFile=0x290, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.462] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.462] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.462] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x186, lpOverlapped=0x0) returned 1 [0052.463] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffe7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.463] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x186, lpOverlapped=0x0) returned 1 [0052.463] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.463] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.463] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.463] WriteFile (in: hFile=0x290, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.463] WriteFile (in: hFile=0x290, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.463] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.463] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.463] CloseHandle (hObject=0x290) returned 1 [0052.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.465] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.lolkek") returned 159 [0052.465] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed.lolkek")) returned 1 [0052.481] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9b60 | out: hHeap=0x5a0000) returned 1 [0052.482] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.483] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.483] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", dwFileAttributes=0x80) returned 1 [0052.494] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.499] CloseHandle (hObject=0x228) returned 1 [0052.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.516] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186 [0052.516] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.516] ReadFile (in: hFile=0x210, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.517] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.517] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.517] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x186, lpOverlapped=0x0) returned 1 [0052.517] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.517] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x186, lpOverlapped=0x0) returned 1 [0052.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.517] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.517] WriteFile (in: hFile=0x210, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.517] WriteFile (in: hFile=0x210, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.517] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.517] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.517] CloseHandle (hObject=0x210) returned 1 [0052.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.518] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.lolkek") returned 159 [0052.518] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6.lolkek")) returned 1 [0052.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb9c0 | out: hHeap=0x5a0000) returned 1 [0052.540] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.540] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.540] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", dwFileAttributes=0x80) returned 1 [0052.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.558] CloseHandle (hObject=0x224) returned 1 [0052.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.569] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18e [0052.569] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.569] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.570] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.570] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.570] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x18e, lpOverlapped=0x0) returned 1 [0052.570] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffe72, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.570] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x18e, lpOverlapped=0x0) returned 1 [0052.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.570] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.570] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.570] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.570] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.571] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.571] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.571] CloseHandle (hObject=0x294) returned 1 [0052.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.571] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.lolkek") returned 159 [0052.571] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce.lolkek")) returned 1 [0052.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.630] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa300 | out: hHeap=0x5a0000) returned 1 [0052.631] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.631] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.631] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3", dwFileAttributes=0x80) returned 1 [0052.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0sjwedjta7-j1dlq4.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.631] CloseHandle (hObject=0x294) returned 1 [0052.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0sjwedjta7-j1dlq4.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.631] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1dfa [0052.631] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.631] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.632] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.632] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.632] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x1dfa, lpOverlapped=0x0) returned 1 [0052.632] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffe206, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.632] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1dfa, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x1dfa, lpOverlapped=0x0) returned 1 [0052.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.632] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.632] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.632] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.633] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.633] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.633] CloseHandle (hObject=0x294) returned 1 [0052.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.633] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3.lolkek") returned 78 [0052.633] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0sjwedjta7-j1dlq4.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0sjwedjta7-j1dlq4.mp3.lolkek")) returned 1 [0052.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f318 | out: hHeap=0x5a0000) returned 1 [0052.634] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.634] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.634] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp", dwFileAttributes=0x80) returned 1 [0052.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\3boe1kmijdjq.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.634] CloseHandle (hObject=0x294) returned 1 [0052.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\3boe1kmijdjq.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.634] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9f2b [0052.634] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.634] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.635] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.635] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.635] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.635] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.635] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.635] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.636] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.636] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.636] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.636] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.636] CloseHandle (hObject=0x294) returned 1 [0052.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.636] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp.lolkek") returned 73 [0052.636] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\3boe1kmijdjq.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\3boe1kmijdjq.bmp.lolkek")) returned 1 [0052.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6461a0 | out: hHeap=0x5a0000) returned 1 [0052.637] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.637] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.637] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif", dwFileAttributes=0x80) returned 1 [0052.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6-tqku1gwlr2jdmbt.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.637] CloseHandle (hObject=0x294) returned 1 [0052.637] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6-tqku1gwlr2jdmbt.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.637] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3780 [0052.637] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.637] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.638] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.638] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.638] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x3780, lpOverlapped=0x0) returned 1 [0052.638] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc880, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.638] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3780, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x3780, lpOverlapped=0x0) returned 1 [0052.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.638] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.638] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.638] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.639] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.639] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.639] CloseHandle (hObject=0x294) returned 1 [0052.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.639] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif.lolkek") returned 78 [0052.639] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6-tqku1gwlr2jdmbt.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\6-tqku1gwlr2jdmbt.gif.lolkek")) returned 1 [0052.639] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.639] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f1f0 | out: hHeap=0x5a0000) returned 1 [0052.639] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.640] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.640] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt", dwFileAttributes=0x80) returned 1 [0052.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7kso54ftzhbfe6.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.640] CloseHandle (hObject=0x294) returned 1 [0052.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7kso54ftzhbfe6.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.640] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf661 [0052.640] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.640] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.641] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.641] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.641] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.641] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.641] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.641] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.641] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.641] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.641] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.641] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.641] CloseHandle (hObject=0x294) returned 1 [0052.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.641] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt.lolkek") returned 75 [0052.641] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7kso54ftzhbfe6.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7kso54ftzhbfe6.ppt.lolkek")) returned 1 [0052.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1d28 | out: hHeap=0x5a0000) returned 1 [0052.642] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.642] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.642] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg", dwFileAttributes=0x80) returned 1 [0052.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7sm1cl5ecpw.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.643] CloseHandle (hObject=0x294) returned 1 [0052.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7sm1cl5ecpw.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.643] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15641 [0052.643] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.643] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.643] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.643] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.643] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.644] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.644] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.644] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.644] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.644] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.644] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.644] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.644] CloseHandle (hObject=0x294) returned 1 [0052.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.644] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg.lolkek") returned 72 [0052.644] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7sm1cl5ecpw.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7sm1cl5ecpw.jpg.lolkek")) returned 1 [0052.645] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.645] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611958 | out: hHeap=0x5a0000) returned 1 [0052.645] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.645] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.645] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx", dwFileAttributes=0x80) returned 1 [0052.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7vzb7karodofdprma.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.645] CloseHandle (hObject=0x294) returned 1 [0052.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7vzb7karodofdprma.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.646] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x955 [0052.646] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.646] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.646] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.646] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.646] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x955, lpOverlapped=0x0) returned 1 [0052.646] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffff6ab, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.646] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x955, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x955, lpOverlapped=0x0) returned 1 [0052.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.646] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.646] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.647] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.647] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.647] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.647] CloseHandle (hObject=0x294) returned 1 [0052.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.647] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx.lolkek") returned 79 [0052.647] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7vzb7karodofdprma.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7vzb7karodofdprma.xlsx.lolkek")) returned 1 [0052.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7508 | out: hHeap=0x5a0000) returned 1 [0052.648] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.648] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.648] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv", dwFileAttributes=0x80) returned 1 [0052.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9pukoi fokwuqk.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.648] CloseHandle (hObject=0x294) returned 1 [0052.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9pukoi fokwuqk.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.648] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6bae [0052.648] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.648] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.649] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.649] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.649] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.649] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.649] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.649] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.649] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.649] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.649] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.649] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.649] CloseHandle (hObject=0x294) returned 1 [0052.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.649] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv.lolkek") returned 75 [0052.650] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9pukoi fokwuqk.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9pukoi fokwuqk.flv.lolkek")) returned 1 [0052.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fd88 | out: hHeap=0x5a0000) returned 1 [0052.650] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.650] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.650] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi", dwFileAttributes=0x80) returned 1 [0052.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a3ichhjwhphsftace.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.651] CloseHandle (hObject=0x294) returned 1 [0052.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a3ichhjwhphsftace.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.651] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x52cb [0052.651] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.651] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.652] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.652] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.652] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.652] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.652] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.652] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.652] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.652] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.652] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.652] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.652] CloseHandle (hObject=0x294) returned 1 [0052.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.652] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi.lolkek") returned 78 [0052.653] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a3ichhjwhphsftace.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\a3ichhjwhphsftace.avi.lolkek")) returned 1 [0052.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f440 | out: hHeap=0x5a0000) returned 1 [0052.653] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.653] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.653] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js", dwFileAttributes=0x80) returned 1 [0052.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.654] CloseHandle (hObject=0x294) returned 1 [0052.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.654] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0052.654] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.654] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.654] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x0, lpOverlapped=0x0) returned 1 [0052.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.654] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.654] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.655] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.655] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.655] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.655] CloseHandle (hObject=0x294) returned 1 [0052.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.655] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js.lolkek") returned 95 [0052.655] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js.lolkek")) returned 1 [0052.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c948d8 | out: hHeap=0x5a0000) returned 1 [0052.656] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.656] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.656] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js", dwFileAttributes=0x80) returned 1 [0052.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.657] CloseHandle (hObject=0x294) returned 1 [0052.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.657] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa [0052.657] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.657] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.657] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0xa, lpOverlapped=0x0) returned 1 [0052.658] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.658] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0xa, lpOverlapped=0x0) returned 1 [0052.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.658] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.658] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.658] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.658] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.658] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.658] CloseHandle (hObject=0x294) returned 1 [0052.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.658] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.lolkek") returned 104 [0052.658] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js.lolkek")) returned 1 [0052.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf11e8 | out: hHeap=0x5a0000) returned 1 [0052.666] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.666] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.666] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata", dwFileAttributes=0x80) returned 1 [0052.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.667] CloseHandle (hObject=0x294) returned 1 [0052.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.667] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1517 [0052.667] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.667] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.672] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.672] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.672] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x1517, lpOverlapped=0x0) returned 1 [0052.677] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffeae9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.677] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1517, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x1517, lpOverlapped=0x0) returned 1 [0052.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.677] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.677] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.677] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.677] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.677] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.677] CloseHandle (hObject=0x294) returned 1 [0052.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.677] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.lolkek") returned 105 [0052.677] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata.lolkek")) returned 1 [0052.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7b50 | out: hHeap=0x5a0000) returned 1 [0052.678] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.678] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.678] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav", dwFileAttributes=0x80) returned 1 [0052.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akiamcp67znfkwryu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.679] CloseHandle (hObject=0x294) returned 1 [0052.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akiamcp67znfkwryu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.679] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17064 [0052.679] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.679] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.679] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.679] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.679] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.680] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.680] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.680] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.680] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.680] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.680] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.680] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.680] CloseHandle (hObject=0x294) returned 1 [0052.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.680] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav.lolkek") returned 78 [0052.680] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akiamcp67znfkwryu.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\akiamcp67znfkwryu.wav.lolkek")) returned 1 [0052.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f568 | out: hHeap=0x5a0000) returned 1 [0052.683] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.683] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.683] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif", dwFileAttributes=0x80) returned 1 [0052.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\anwfb-.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.684] CloseHandle (hObject=0x294) returned 1 [0052.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\anwfb-.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.684] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe299 [0052.684] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.684] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.685] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.685] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.685] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.685] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.685] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.685] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.685] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.685] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.685] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.685] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.685] CloseHandle (hObject=0x294) returned 1 [0052.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.686] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif.lolkek") returned 67 [0052.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\anwfb-.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\anwfb-.gif.lolkek")) returned 1 [0052.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0060 | out: hHeap=0x5a0000) returned 1 [0052.686] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.686] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.686] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf", dwFileAttributes=0x80) returned 1 [0052.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b2y6uxfe5dlw.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.687] CloseHandle (hObject=0x294) returned 1 [0052.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b2y6uxfe5dlw.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.687] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x60a3 [0052.687] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.687] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.687] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.687] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.688] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.688] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.688] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.688] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.688] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.688] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.688] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.688] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.688] CloseHandle (hObject=0x294) returned 1 [0052.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.688] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf.lolkek") returned 73 [0052.688] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b2y6uxfe5dlw.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\b2y6uxfe5dlw.swf.lolkek")) returned 1 [0052.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f730 | out: hHeap=0x5a0000) returned 1 [0052.689] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.689] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.689] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4", dwFileAttributes=0x80) returned 1 [0052.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\crkl.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.690] CloseHandle (hObject=0x294) returned 1 [0052.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\crkl.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.690] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x569a [0052.690] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.690] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.690] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.690] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.690] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.690] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.691] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.691] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.691] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.691] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.691] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.691] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.691] CloseHandle (hObject=0x294) returned 1 [0052.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.691] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4.lolkek") returned 65 [0052.691] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\crkl.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\crkl.mp4.lolkek")) returned 1 [0052.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7668 | out: hHeap=0x5a0000) returned 1 [0052.692] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.692] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.692] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi", dwFileAttributes=0x80) returned 1 [0052.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cz-l2nogcdgl-dkx55.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.692] CloseHandle (hObject=0x294) returned 1 [0052.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cz-l2nogcdgl-dkx55.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.693] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6acf [0052.693] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.693] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.693] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.693] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.693] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.693] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.693] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.694] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.694] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.694] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.694] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.694] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.694] CloseHandle (hObject=0x294) returned 1 [0052.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.694] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi.lolkek") returned 79 [0052.694] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cz-l2nogcdgl-dkx55.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\cz-l2nogcdgl-dkx55.avi.lolkek")) returned 1 [0052.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab668 | out: hHeap=0x5a0000) returned 1 [0052.695] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.695] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.695] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv", dwFileAttributes=0x80) returned 1 [0052.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\erijy_el7fc78.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.695] CloseHandle (hObject=0x294) returned 1 [0052.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\erijy_el7fc78.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.695] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12c6e [0052.695] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.695] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.696] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.696] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.696] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.696] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.696] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.696] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.696] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.696] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.697] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.697] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.697] CloseHandle (hObject=0x294) returned 1 [0052.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.697] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv.lolkek") returned 74 [0052.697] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\erijy_el7fc78.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\erijy_el7fc78.flv.lolkek")) returned 1 [0052.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6196c0 | out: hHeap=0x5a0000) returned 1 [0052.698] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.698] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.698] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt", dwFileAttributes=0x80) returned 1 [0052.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fuglhs.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.698] CloseHandle (hObject=0x294) returned 1 [0052.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fuglhs.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.699] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1ce4 [0052.699] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.699] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.699] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.699] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.699] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x1ce4, lpOverlapped=0x0) returned 1 [0052.699] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffe31c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.699] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1ce4, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x1ce4, lpOverlapped=0x0) returned 1 [0052.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.699] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.700] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.700] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.700] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.700] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.700] CloseHandle (hObject=0x294) returned 1 [0052.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.700] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt.lolkek") returned 67 [0052.700] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fuglhs.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fuglhs.ppt.lolkek")) returned 1 [0052.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0460 | out: hHeap=0x5a0000) returned 1 [0052.701] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.701] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.701] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv", dwFileAttributes=0x80) returned 1 [0052.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g_2fmklg9b.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.701] CloseHandle (hObject=0x294) returned 1 [0052.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g_2fmklg9b.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.701] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x677e [0052.701] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.701] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.702] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.702] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.702] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.702] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.702] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.702] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.702] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.702] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.703] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.703] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.703] CloseHandle (hObject=0x294) returned 1 [0052.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.703] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv.lolkek") returned 71 [0052.703] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g_2fmklg9b.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g_2fmklg9b.flv.lolkek")) returned 1 [0052.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611a70 | out: hHeap=0x5a0000) returned 1 [0052.703] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.704] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.704] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav", dwFileAttributes=0x80) returned 1 [0052.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpal.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.704] CloseHandle (hObject=0x294) returned 1 [0052.704] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpal.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.704] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x752f [0052.704] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.704] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.705] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.705] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.705] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.705] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.705] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.705] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.705] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.705] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.705] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.706] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.706] CloseHandle (hObject=0x294) returned 1 [0052.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.706] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav.lolkek") returned 65 [0052.706] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpal.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpal.wav.lolkek")) returned 1 [0052.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7760 | out: hHeap=0x5a0000) returned 1 [0052.707] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.707] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.707] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4", dwFileAttributes=0x80) returned 1 [0052.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i6wnfrxcqfgmhut.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.707] CloseHandle (hObject=0x294) returned 1 [0052.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i6wnfrxcqfgmhut.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.707] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x133a9 [0052.707] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.707] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.708] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.708] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.708] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.708] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.708] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.708] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.708] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.708] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.708] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.708] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.708] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.709] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.709] CloseHandle (hObject=0x294) returned 1 [0052.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.709] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4.lolkek") returned 76 [0052.709] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i6wnfrxcqfgmhut.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\i6wnfrxcqfgmhut.mp4.lolkek")) returned 1 [0052.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617b68 | out: hHeap=0x5a0000) returned 1 [0052.709] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.710] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.710] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav", dwFileAttributes=0x80) returned 1 [0052.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmto12_yhxj_em.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.710] CloseHandle (hObject=0x294) returned 1 [0052.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmto12_yhxj_em.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.710] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1371f [0052.710] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.710] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.711] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.711] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.711] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.711] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.711] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.711] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.711] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.711] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.711] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.711] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.711] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.711] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.712] CloseHandle (hObject=0x294) returned 1 [0052.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.712] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav.lolkek") returned 75 [0052.712] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmto12_yhxj_em.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmto12_yhxj_em.wav.lolkek")) returned 1 [0052.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60e930 | out: hHeap=0x5a0000) returned 1 [0052.712] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.712] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.712] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv", dwFileAttributes=0x80) returned 1 [0052.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kq2spxoh8mtt0.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.713] CloseHandle (hObject=0x294) returned 1 [0052.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kq2spxoh8mtt0.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.713] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9123 [0052.713] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.713] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.714] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.714] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.714] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.714] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.714] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.714] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.714] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.714] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.714] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.714] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.714] CloseHandle (hObject=0x294) returned 1 [0052.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.714] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv.lolkek") returned 74 [0052.714] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kq2spxoh8mtt0.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kq2spxoh8mtt0.flv.lolkek")) returned 1 [0052.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5fc8 | out: hHeap=0x5a0000) returned 1 [0052.715] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.715] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.715] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv", dwFileAttributes=0x80) returned 1 [0052.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l78jnx.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.716] CloseHandle (hObject=0x294) returned 1 [0052.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l78jnx.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.716] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb6b6 [0052.716] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.716] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.716] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.716] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.717] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.717] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.717] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.717] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.717] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.717] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.717] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.717] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.717] CloseHandle (hObject=0x294) returned 1 [0052.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.717] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv.lolkek") returned 67 [0052.717] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l78jnx.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\l78jnx.flv.lolkek")) returned 1 [0052.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0560 | out: hHeap=0x5a0000) returned 1 [0052.718] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.718] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.718] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv", dwFileAttributes=0x80) returned 1 [0052.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lea_msz.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.718] CloseHandle (hObject=0x294) returned 1 [0052.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lea_msz.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.719] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16e5c [0052.719] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.719] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.719] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.719] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.719] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.719] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.719] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.720] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.720] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.720] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.720] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.720] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.720] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.720] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.720] CloseHandle (hObject=0x294) returned 1 [0052.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.720] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv.lolkek") returned 68 [0052.720] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lea_msz.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lea_msz.flv.lolkek")) returned 1 [0052.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0660 | out: hHeap=0x5a0000) returned 1 [0052.721] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.721] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.721] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a", dwFileAttributes=0x80) returned 1 [0052.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\low2om4rnbt3pcphi4.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.722] CloseHandle (hObject=0x294) returned 1 [0052.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\low2om4rnbt3pcphi4.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.722] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9248 [0052.722] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.722] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.722] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.722] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.723] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.723] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0052.723] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.723] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0052.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.723] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.723] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.723] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.723] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.723] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.723] CloseHandle (hObject=0x294) returned 1 [0052.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.723] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a.lolkek") returned 79 [0052.723] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\low2om4rnbt3pcphi4.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\low2om4rnbt3pcphi4.m4a.lolkek")) returned 1 [0052.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab7a0 | out: hHeap=0x5a0000) returned 1 [0052.726] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.726] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.726] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", dwFileAttributes=0x80) returned 1 [0052.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.753] CloseHandle (hObject=0x280) returned 1 [0052.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.753] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d6 [0052.753] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.753] ReadFile (in: hFile=0x280, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0052.754] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.754] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.754] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x1d6, lpOverlapped=0x0) returned 1 [0052.754] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe2a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.754] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d6, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x1d6, lpOverlapped=0x0) returned 1 [0052.755] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.755] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.755] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.755] WriteFile (in: hFile=0x280, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.755] WriteFile (in: hFile=0x280, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.755] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.755] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.755] CloseHandle (hObject=0x280) returned 1 [0052.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.755] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.lolkek") returned 132 [0052.755] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol.lolkek")) returned 1 [0052.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6985c8 | out: hHeap=0x5a0000) returned 1 [0052.756] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.756] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.756] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", dwFileAttributes=0x80) returned 1 [0052.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.856] CloseHandle (hObject=0x294) returned 1 [0052.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.898] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d [0052.898] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0052.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.898] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.898] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x3d, lpOverlapped=0x0) returned 1 [0052.899] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffffc3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.899] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3d, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x3d, lpOverlapped=0x0) returned 1 [0052.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.899] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.899] WriteFile (in: hFile=0x2a0, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0052.899] WriteFile (in: hFile=0x2a0, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.899] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0052.900] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0052.900] CloseHandle (hObject=0x2a0) returned 1 [0052.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.915] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek") returned 194 [0052.915] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek")) returned 1 [0053.073] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fa38 | out: hHeap=0x5a0000) returned 1 [0053.581] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.581] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.581] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm", dwFileAttributes=0x80) returned 1 [0053.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.582] CloseHandle (hObject=0x190) returned 1 [0053.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.582] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x509b [0053.582] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.583] ReadFile (in: hFile=0x190, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0053.625] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0053.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.625] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.625] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0053.638] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.638] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0053.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.638] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.638] WriteFile (in: hFile=0x190, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0053.638] WriteFile (in: hFile=0x190, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0053.639] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0053.639] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0053.639] CloseHandle (hObject=0x190) returned 1 [0053.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.639] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.lolkek") returned 88 [0053.639] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm.lolkek")) returned 1 [0053.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadd20 | out: hHeap=0x5a0000) returned 1 [0053.640] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.640] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.640] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", dwFileAttributes=0x80) returned 1 [0053.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0053.712] CloseHandle (hObject=0x228) returned 1 [0053.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.721] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbdb [0053.721] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.721] ReadFile (in: hFile=0x280, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0053.723] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0053.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.723] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.723] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0xbdb, lpOverlapped=0x0) returned 1 [0053.723] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffff425, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.723] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xbdb, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0xbdb, lpOverlapped=0x0) returned 1 [0053.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.723] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.723] WriteFile (in: hFile=0x280, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0053.723] WriteFile (in: hFile=0x280, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0053.723] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0053.723] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0053.723] CloseHandle (hObject=0x280) returned 1 [0053.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0053.724] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.lolkek") returned 142 [0053.724] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json.lolkek")) returned 1 [0053.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0053.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7880 | out: hHeap=0x5a0000) returned 1 [0053.735] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.735] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.735] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", dwFileAttributes=0x80) returned 1 [0053.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0053.773] CloseHandle (hObject=0x258) returned 1 [0053.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0053.777] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x501 [0053.777] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.777] ReadFile (in: hFile=0x294, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0053.780] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0053.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5ec010 [0053.780] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.780] ReadFile (in: hFile=0x294, lpBuffer=0x5ec010, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x5ec010*, lpNumberOfBytesRead=0x353decc*=0x501, lpOverlapped=0x0) returned 1 [0053.780] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffaff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.780] WriteFile (in: hFile=0x294, lpBuffer=0x5ec010*, nNumberOfBytesToWrite=0x501, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x5ec010*, lpNumberOfBytesWritten=0x353f910*=0x501, lpOverlapped=0x0) returned 1 [0053.780] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0053.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.781] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.781] WriteFile (in: hFile=0x294, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0053.781] WriteFile (in: hFile=0x294, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0053.781] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0053.781] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0053.781] CloseHandle (hObject=0x294) returned 1 [0053.782] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0053.782] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.lolkek") returned 113 [0053.782] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf.lolkek")) returned 1 [0053.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0053.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde258 | out: hHeap=0x5a0000) returned 1 [0053.832] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.832] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.832] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", dwFileAttributes=0x80) returned 1 [0053.889] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.207] CloseHandle (hObject=0x1ec) returned 1 [0054.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.235] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d6 [0054.235] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.235] ReadFile (in: hFile=0x1ec, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0054.236] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0054.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.236] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.237] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x3d6, lpOverlapped=0x0) returned 1 [0054.237] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffc2a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.237] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3d6, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x3d6, lpOverlapped=0x0) returned 1 [0054.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.237] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.237] WriteFile (in: hFile=0x1ec, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0054.237] WriteFile (in: hFile=0x1ec, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0054.237] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0054.237] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0054.237] CloseHandle (hObject=0x1ec) returned 1 [0054.241] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0054.241] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.lolkek") returned 115 [0054.241] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak.lolkek")) returned 1 [0054.301] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0054.301] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f9a0 | out: hHeap=0x5a0000) returned 1 [0054.301] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.301] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.301] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps", dwFileAttributes=0x80) returned 1 [0054.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkuhkdm.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.303] CloseHandle (hObject=0x1ec) returned 1 [0054.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkuhkdm.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0054.303] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc175 [0054.303] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.303] ReadFile (in: hFile=0x1ec, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0054.303] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0054.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.304] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.304] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x4000, lpOverlapped=0x0) returned 1 [0054.304] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.304] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x4000, lpOverlapped=0x0) returned 1 [0054.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.304] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.304] WriteFile (in: hFile=0x1ec, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0054.304] WriteFile (in: hFile=0x1ec, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0054.304] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0054.304] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0054.304] CloseHandle (hObject=0x1ec) returned 1 [0054.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0054.308] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps.lolkek") returned 60 [0054.308] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkuhkdm.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkuhkdm.pps.lolkek")) returned 1 [0054.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0054.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbf670 | out: hHeap=0x5a0000) returned 1 [0054.721] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.721] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.721] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url", dwFileAttributes=0x80) returned 1 [0054.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0054.734] CloseHandle (hObject=0x210) returned 1 [0054.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0054.738] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.738] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.738] ReadFile (in: hFile=0x1e0, lpBuffer=0x353f910, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x353def4, lpOverlapped=0x0 | out: lpBuffer=0x353f910*, lpNumberOfBytesRead=0x353def4*=0xd, lpOverlapped=0x0) returned 1 [0054.739] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x353f920 | out: pbBuffer=0x353f920) returned 1 [0054.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.739] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.739] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x353decc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x353decc*=0x85, lpOverlapped=0x0) returned 1 [0054.739] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.739] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x353f910, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x353f910*=0x85, lpOverlapped=0x0) returned 1 [0054.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.739] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.739] WriteFile (in: hFile=0x1e0, lpBuffer=0x353ded4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353ded4*, lpNumberOfBytesWritten=0x353ded8*=0x4, lpOverlapped=0x0) returned 1 [0054.739] WriteFile (in: hFile=0x1e0, lpBuffer=0x353f920*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x353f920*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0054.739] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x353ded8*=0x20, lpOverlapped=0x0) returned 1 [0054.739] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x353ded8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x353ded8*=0xd, lpOverlapped=0x0) returned 1 [0054.739] CloseHandle (hObject=0x1e0) returned 1 [0054.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.741] wsprintfW (in: param_1=0x3be0390, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.lolkek") returned 84 [0054.741] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.lolkek")) returned 1 [0055.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0055.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615cc8 | out: hHeap=0x5a0000) returned 1 [0055.045] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.045] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.045] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", dwFileAttributes=0x80) returned 1 [0055.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.045] RmStartSession () returned 0x0 [0055.047] RmRegisterResources () returned 0x0 [0055.049] RmGetList () returned 0x0 [0055.149] GetCurrentProcessId () returned 0x86c [0055.149] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0055.149] RmEndSession () returned 0x0 [0055.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e34ee0 | out: hHeap=0x5a0000) returned 1 [0055.171] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.172] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.172] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", dwFileAttributes=0x80) returned 1 [0055.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.172] RmStartSession () returned 0x0 [0055.174] RmRegisterResources () returned 0x0 [0055.176] RmGetList () returned 0x0 [0055.591] GetCurrentProcessId () returned 0x86c [0055.591] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0055.591] RmEndSession () returned 0x0 [0055.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618c88 | out: hHeap=0x5a0000) returned 1 [0055.613] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.613] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.613] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", dwFileAttributes=0x80) returned 0 [0055.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.614] RmStartSession () returned 0x0 [0055.621] RmRegisterResources () returned 0x0 [0055.623] RmGetList () returned 0x0 [0055.788] RmEndSession () returned 0x0 [0055.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0050 | out: hHeap=0x5a0000) returned 1 [0055.807] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.807] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.807] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", dwFileAttributes=0x80) returned 0 [0055.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.807] RmStartSession () returned 0x0 [0055.809] RmRegisterResources () returned 0x0 [0055.812] RmGetList () returned 0x0 [0056.064] RmEndSession () returned 0x0 [0056.085] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.085] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7b20 | out: hHeap=0x5a0000) returned 1 [0056.085] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.085] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.085] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico", dwFileAttributes=0x80) returned 0 [0056.085] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.086] RmStartSession () returned 0x0 [0056.088] RmRegisterResources () returned 0x0 [0056.090] RmGetList () returned 0x0 [0056.432] RmEndSession () returned 0x0 [0056.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610ed8 | out: hHeap=0x5a0000) returned 1 [0056.456] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.456] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.456] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", dwFileAttributes=0x80) returned 0 [0056.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.456] RmStartSession () returned 0x0 [0056.463] RmRegisterResources () returned 0x0 [0056.465] RmGetList () returned 0x0 [0056.867] RmEndSession () returned 0x0 [0056.886] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca60d8 | out: hHeap=0x5a0000) returned 1 [0056.886] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.886] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.886] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp", dwFileAttributes=0x80) returned 1 [0056.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp" (normalized: "c:\\users\\all users\\microsoft\\rac\\temp\\sql64bb.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.887] RmStartSession () returned 0x0 [0056.889] RmRegisterResources () returned 0x0 [0056.891] RmGetList () returned 0x0 [0057.500] GetCurrentProcessId () returned 0x86c [0057.500] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0057.500] RmEndSession () returned 0x0 [0057.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp" (normalized: "c:\\users\\all users\\microsoft\\rac\\temp\\sql64bb.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc0470 | out: hHeap=0x5a0000) returned 1 [0057.519] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.519] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.519] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp", dwFileAttributes=0x80) returned 0 [0057.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.519] RmStartSession () returned 0x0 [0057.521] RmRegisterResources () returned 0x0 [0057.522] RmGetList () returned 0x0 [0057.737] RmEndSession () returned 0x0 [0057.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile21.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7350 | out: hHeap=0x5a0000) returned 1 [0057.753] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.753] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.753] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp", dwFileAttributes=0x80) returned 0 [0057.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.754] RmStartSession () returned 0x0 [0057.756] RmRegisterResources () returned 0x0 [0057.758] RmGetList () returned 0x0 [0058.229] RmEndSession () returned 0x0 [0058.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile26.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4068 | out: hHeap=0x5a0000) returned 1 [0058.249] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.249] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.249] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp", dwFileAttributes=0x80) returned 0 [0058.249] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.249] RmStartSession () returned 0x0 [0058.251] RmRegisterResources () returned 0x0 [0058.257] RmGetList () returned 0x0 [0059.407] RmEndSession () returned 0x0 [0059.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile36.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4e78 | out: hHeap=0x5a0000) returned 1 [0059.428] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.428] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.429] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp", dwFileAttributes=0x80) returned 0 [0059.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.429] RmStartSession () returned 0x0 [0059.431] RmRegisterResources () returned 0x0 [0059.435] RmGetList () returned 0x0 [0062.382] RmEndSession () returned 0x0 [0063.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile43.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5850 | out: hHeap=0x5a0000) returned 1 [0063.051] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 13 os_tid = 0x928 [0035.510] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0035.857] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.857] RmStartSession () returned 0x0 [0036.348] RmRegisterResources () returned 0x0 [0036.350] RmGetList () returned 0x0 [0037.184] RmEndSession () returned 0x0 [0037.203] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.204] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc100 | out: hHeap=0x5a0000) returned 1 [0037.204] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.204] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.204] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.204] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.204] RmStartSession () returned 0x0 [0037.206] RmRegisterResources () returned 0x0 [0037.208] RmGetList () returned 0x0 [0037.875] RmEndSession () returned 0x0 [0037.899] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62ff78 | out: hHeap=0x5a0000) returned 1 [0037.899] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.899] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.899] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.899] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.899] RmStartSession () returned 0x0 [0037.901] RmRegisterResources () returned 0x0 [0037.904] RmGetList () returned 0x0 [0042.033] RmEndSession () returned 0x0 [0042.140] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.140] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6305a8 | out: hHeap=0x5a0000) returned 1 [0042.140] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.140] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.140] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico", dwFileAttributes=0x80) returned 0 [0042.141] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.141] RmStartSession () returned 0x0 [0042.143] RmRegisterResources () returned 0x0 [0042.145] RmGetList () returned 0x0 [0042.953] RmEndSession () returned 0x0 [0042.973] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.974] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d180 | out: hHeap=0x5a0000) returned 1 [0042.974] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.974] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.974] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico", dwFileAttributes=0x80) returned 0 [0042.974] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.974] RmStartSession () returned 0x0 [0042.976] RmRegisterResources () returned 0x0 [0042.979] RmGetList () returned 0x0 [0044.160] RmEndSession () returned 0x0 [0044.183] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.183] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6772f8 | out: hHeap=0x5a0000) returned 1 [0044.183] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.183] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.183] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", dwFileAttributes=0x80) returned 0 [0044.183] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.183] RmStartSession () returned 0x0 [0044.185] RmRegisterResources () returned 0x0 [0044.188] RmGetList () returned 0x0 [0044.857] RmEndSession () returned 0x0 [0044.881] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.881] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6767e0 | out: hHeap=0x5a0000) returned 1 [0044.881] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.881] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.881] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp", dwFileAttributes=0x80) returned 0 [0044.881] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.882] RmStartSession () returned 0x0 [0044.884] RmRegisterResources () returned 0x0 [0044.886] RmGetList () returned 0x0 [0045.522] RmEndSession () returned 0x0 [0045.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile25.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614910 | out: hHeap=0x5a0000) returned 1 [0045.545] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.545] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.545] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", dwFileAttributes=0x80) returned 0 [0045.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.545] RmStartSession () returned 0x0 [0045.547] RmRegisterResources () returned 0x0 [0045.550] RmGetList () returned 0x0 [0046.321] RmEndSession () returned 0x0 [0046.342] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cad668 | out: hHeap=0x5a0000) returned 1 [0046.343] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.343] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.343] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif", dwFileAttributes=0x80) returned 0 [0046.343] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0046.343] RmStartSession () returned 0x0 [0046.346] RmRegisterResources () returned 0x0 [0046.348] RmGetList () returned 0x0 [0047.232] RmEndSession () returned 0x0 [0047.275] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\welcomefax.tif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.276] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6178f8 | out: hHeap=0x5a0000) returned 1 [0047.276] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.276] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.276] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms", dwFileAttributes=0x80) returned 1 [0047.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.282] CloseHandle (hObject=0x25c) returned 1 [0047.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.282] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x42d0 [0047.282] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.282] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.283] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.284] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.284] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0047.284] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.284] ReadFile (in: hFile=0x25c, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0047.285] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.285] WriteFile (in: hFile=0x25c, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0047.286] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.286] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.286] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.286] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.288] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.288] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.288] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.288] CloseHandle (hObject=0x25c) returned 1 [0047.289] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3da0048 [0047.289] wsprintfW (in: param_1=0x3da0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.lolkek") returned 175 [0047.289] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms.lolkek")) returned 1 [0047.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d820 | out: hHeap=0x5a0000) returned 1 [0047.312] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.312] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.312] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms", dwFileAttributes=0x80) returned 1 [0047.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.313] CloseHandle (hObject=0x2bc) returned 1 [0047.313] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.313] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xee0 [0047.313] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.313] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.318] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da4050 [0047.319] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.319] ReadFile (in: hFile=0x2bc, lpBuffer=0x3da4050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3da4050*, lpNumberOfBytesRead=0x373e0cc*=0xee0, lpOverlapped=0x0) returned 1 [0047.319] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffff120, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.319] WriteFile (in: hFile=0x2bc, lpBuffer=0x3da4050*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3da4050*, lpNumberOfBytesWritten=0x373fb10*=0xee0, lpOverlapped=0x0) returned 1 [0047.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4050 | out: hHeap=0x5a0000) returned 1 [0047.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.319] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.319] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.319] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.319] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.319] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.319] CloseHandle (hObject=0x2bc) returned 1 [0047.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.319] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.lolkek") returned 180 [0047.319] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms.lolkek")) returned 1 [0047.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.320] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610ed8 | out: hHeap=0x5a0000) returned 1 [0047.320] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.320] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.320] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest", dwFileAttributes=0x80) returned 1 [0047.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.320] CloseHandle (hObject=0x2bc) returned 1 [0047.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.320] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x560 [0047.321] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.321] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.329] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.329] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.329] ReadFile (in: hFile=0x2bc, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x373e0cc*=0x560, lpOverlapped=0x0) returned 1 [0047.329] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffaa0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.329] WriteFile (in: hFile=0x2bc, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x373fb10*=0x560, lpOverlapped=0x0) returned 1 [0047.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.329] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.329] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.329] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.330] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.330] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.330] CloseHandle (hObject=0x2bc) returned 1 [0047.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3da0048 [0047.330] wsprintfW (in: param_1=0x3da0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.lolkek") returned 182 [0047.330] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest.lolkek")) returned 1 [0047.330] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.330] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddaea8 | out: hHeap=0x5a0000) returned 1 [0047.330] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.330] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.330] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", dwFileAttributes=0x80) returned 1 [0047.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.331] CloseHandle (hObject=0x2bc) returned 1 [0047.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.331] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4321 [0047.331] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.331] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.331] CloseHandle (hObject=0x2bc) returned 1 [0047.331] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb3f8 | out: hHeap=0x5a0000) returned 1 [0047.331] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.331] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.331] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", dwFileAttributes=0x80) returned 1 [0047.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.331] CloseHandle (hObject=0x2bc) returned 1 [0047.332] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.332] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x359c [0047.332] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.332] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.332] CloseHandle (hObject=0x2bc) returned 1 [0047.332] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb680 | out: hHeap=0x5a0000) returned 1 [0047.332] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.332] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.332] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", dwFileAttributes=0x80) returned 1 [0047.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.338] CloseHandle (hObject=0x2bc) returned 1 [0047.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.339] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x38b0 [0047.339] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.339] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.347] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.347] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.347] ReadFile (in: hFile=0x2bc, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x373e0cc*=0x38b0, lpOverlapped=0x0) returned 1 [0047.349] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc750, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.349] WriteFile (in: hFile=0x2bc, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x38b0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x373fb10*=0x38b0, lpOverlapped=0x0) returned 1 [0047.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.349] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.349] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.349] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.349] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.349] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.350] CloseHandle (hObject=0x2bc) returned 1 [0047.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.350] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.lolkek") returned 166 [0047.350] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms.lolkek")) returned 1 [0047.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6575a8 | out: hHeap=0x5a0000) returned 1 [0047.350] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.350] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.350] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT", dwFileAttributes=0x80) returned 1 [0047.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.351] CloseHandle (hObject=0x2bc) returned 1 [0047.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.351] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a918 [0047.351] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.351] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.358] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.358] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.358] ReadFile (in: hFile=0x2bc, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0047.368] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.368] WriteFile (in: hFile=0x2bc, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0047.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.368] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.368] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.368] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.368] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.368] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.368] CloseHandle (hObject=0x2bc) returned 1 [0047.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.368] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.lolkek") returned 74 [0047.368] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat.lolkek")) returned 1 [0047.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5990 | out: hHeap=0x5a0000) returned 1 [0047.369] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.369] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.369] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1", dwFileAttributes=0x80) returned 1 [0047.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.374] CloseHandle (hObject=0x258) returned 1 [0047.375] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.375] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x42000 [0047.375] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.375] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.375] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da8050 [0047.375] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.376] ReadFile (in: hFile=0x258, lpBuffer=0x3da8050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0047.378] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.378] WriteFile (in: hFile=0x258, lpBuffer=0x3da8050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3da8050*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0047.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8050 | out: hHeap=0x5a0000) returned 1 [0047.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.378] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.378] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.396] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.396] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.396] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.396] CloseHandle (hObject=0x258) returned 1 [0047.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.396] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.lolkek") returned 99 [0047.396] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1.lolkek")) returned 1 [0047.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6135a8 | out: hHeap=0x5a0000) returned 1 [0047.397] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.397] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.397] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3", dwFileAttributes=0x80) returned 1 [0047.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.403] CloseHandle (hObject=0x2bc) returned 1 [0047.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.403] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x402000 [0047.403] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.403] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.403] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0047.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3da0048 [0047.403] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.403] ReadFile (in: hFile=0x2bc, lpBuffer=0x3da0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0047.407] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.407] WriteFile (in: hFile=0x2bc, lpBuffer=0x3da0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3da0048*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0047.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.407] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.407] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.675] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.675] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.675] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.675] CloseHandle (hObject=0x2bc) returned 1 [0047.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.676] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.lolkek") returned 99 [0047.676] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3.lolkek")) returned 1 [0047.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6138a8 | out: hHeap=0x5a0000) returned 1 [0047.676] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.676] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.676] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0047.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.677] CloseHandle (hObject=0x2bc) returned 1 [0047.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.677] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0047.677] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.677] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.678] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.678] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.678] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xdd, lpOverlapped=0x0) returned 1 [0047.678] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.678] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xdd, lpOverlapped=0x0) returned 1 [0047.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.678] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.678] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.678] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.678] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.678] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.678] CloseHandle (hObject=0x2bc) returned 1 [0047.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.679] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.lolkek") returned 162 [0047.679] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0047.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3b78 | out: hHeap=0x5a0000) returned 1 [0047.679] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.679] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.679] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0047.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.680] CloseHandle (hObject=0x2bc) returned 1 [0047.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.680] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10e [0047.680] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.680] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.680] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.680] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.680] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x10e, lpOverlapped=0x0) returned 1 [0047.681] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffef2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.681] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10e, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x10e, lpOverlapped=0x0) returned 1 [0047.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.681] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.681] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.681] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.681] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.681] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.681] CloseHandle (hObject=0x2bc) returned 1 [0047.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.681] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.lolkek") returned 162 [0047.681] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0047.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3e00 | out: hHeap=0x5a0000) returned 1 [0047.682] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.682] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.682] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0047.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.682] CloseHandle (hObject=0x2bc) returned 1 [0047.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.682] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xed [0047.682] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.682] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.683] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.683] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.683] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.683] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.683] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xed, lpOverlapped=0x0) returned 1 [0047.683] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff13, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.683] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xed, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xed, lpOverlapped=0x0) returned 1 [0047.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.683] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.683] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.683] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.684] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.684] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.684] CloseHandle (hObject=0x2bc) returned 1 [0047.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.684] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.lolkek") returned 162 [0047.684] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0047.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4088 | out: hHeap=0x5a0000) returned 1 [0047.684] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.684] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.684] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0047.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.685] CloseHandle (hObject=0x2bc) returned 1 [0047.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.685] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd7 [0047.685] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.685] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.686] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.686] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.686] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd7, lpOverlapped=0x0) returned 1 [0047.686] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.686] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd7, lpOverlapped=0x0) returned 1 [0047.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.686] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.686] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.686] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.686] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.686] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.687] CloseHandle (hObject=0x2bc) returned 1 [0047.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.687] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.lolkek") returned 165 [0047.687] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0047.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657158 | out: hHeap=0x5a0000) returned 1 [0047.687] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.687] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.687] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0047.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.688] CloseHandle (hObject=0x2bc) returned 1 [0047.688] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.688] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd1 [0047.688] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.688] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.689] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.689] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.689] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd1, lpOverlapped=0x0) returned 1 [0047.689] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff2f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.689] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd1, lpOverlapped=0x0) returned 1 [0047.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.689] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.689] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.689] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.689] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.689] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.689] CloseHandle (hObject=0x2bc) returned 1 [0047.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.689] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.lolkek") returned 165 [0047.689] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0047.690] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.690] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb8c60 | out: hHeap=0x5a0000) returned 1 [0047.690] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.690] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.690] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json", dwFileAttributes=0x80) returned 1 [0047.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.690] CloseHandle (hObject=0x2bc) returned 1 [0047.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.691] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x160 [0047.691] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.691] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.691] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.691] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.691] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x160, lpOverlapped=0x0) returned 1 [0047.691] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffea0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.691] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x160, lpOverlapped=0x0) returned 1 [0047.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.692] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.692] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.692] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.692] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.692] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.692] CloseHandle (hObject=0x2bc) returned 1 [0047.692] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0047.692] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.lolkek") returned 167 [0047.692] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.lolkek")) returned 1 [0047.693] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.693] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf190 | out: hHeap=0x5a0000) returned 1 [0047.693] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.693] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.693] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0047.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.693] CloseHandle (hObject=0x2bc) returned 1 [0047.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.693] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b56 [0047.693] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.693] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.701] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.701] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.701] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2b56, lpOverlapped=0x0) returned 1 [0047.722] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffd4aa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.722] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2b56, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2b56, lpOverlapped=0x0) returned 1 [0047.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.722] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.722] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.722] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.722] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.722] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.722] CloseHandle (hObject=0x2bc) returned 1 [0047.722] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.722] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.lolkek") returned 169 [0047.723] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0047.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf420 | out: hHeap=0x5a0000) returned 1 [0047.723] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.723] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.723] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0047.723] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.724] CloseHandle (hObject=0x2bc) returned 1 [0047.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.724] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf6 [0047.724] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.724] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.724] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.725] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.725] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xf6, lpOverlapped=0x0) returned 1 [0047.725] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff0a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.725] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xf6, lpOverlapped=0x0) returned 1 [0047.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.725] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.725] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.725] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.725] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.725] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.725] CloseHandle (hObject=0x2bc) returned 1 [0047.725] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.725] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.lolkek") returned 162 [0047.725] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0047.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4310 | out: hHeap=0x5a0000) returned 1 [0047.726] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.726] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.726] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0047.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.726] CloseHandle (hObject=0x2bc) returned 1 [0047.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.726] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x108 [0047.726] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.727] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.727] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.727] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.727] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.727] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.727] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x108, lpOverlapped=0x0) returned 1 [0047.727] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.727] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x108, lpOverlapped=0x0) returned 1 [0047.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.727] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.727] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.728] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.728] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.728] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.728] CloseHandle (hObject=0x2bc) returned 1 [0047.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.728] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.lolkek") returned 162 [0047.728] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0047.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4598 | out: hHeap=0x5a0000) returned 1 [0047.728] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.729] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.729] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0047.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.729] CloseHandle (hObject=0x2bc) returned 1 [0047.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.729] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcf [0047.729] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.729] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.730] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.730] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.730] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.730] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xcf, lpOverlapped=0x0) returned 1 [0047.730] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.730] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xcf, lpOverlapped=0x0) returned 1 [0047.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.730] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.730] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.730] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.730] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.730] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.731] CloseHandle (hObject=0x2bc) returned 1 [0047.731] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.731] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.lolkek") returned 162 [0047.731] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0047.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4820 | out: hHeap=0x5a0000) returned 1 [0047.731] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.731] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.731] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0047.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.732] CloseHandle (hObject=0x2bc) returned 1 [0047.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.732] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xde [0047.732] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.732] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.733] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.733] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.733] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.733] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.733] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xde, lpOverlapped=0x0) returned 1 [0047.733] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff22, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.733] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xde, lpOverlapped=0x0) returned 1 [0047.733] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.733] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.733] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.733] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.733] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.733] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.733] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.733] CloseHandle (hObject=0x2bc) returned 1 [0047.733] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.733] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.lolkek") returned 162 [0047.733] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0047.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4aa8 | out: hHeap=0x5a0000) returned 1 [0047.734] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.734] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.734] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0047.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.735] CloseHandle (hObject=0x2bc) returned 1 [0047.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.735] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd8 [0047.735] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.735] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.735] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.735] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.736] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd8, lpOverlapped=0x0) returned 1 [0047.736] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.736] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd8, lpOverlapped=0x0) returned 1 [0047.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.736] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.736] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.736] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.736] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.736] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.736] CloseHandle (hObject=0x2bc) returned 1 [0047.736] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.736] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.lolkek") returned 162 [0047.736] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0047.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4d30 | out: hHeap=0x5a0000) returned 1 [0047.737] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.737] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.737] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0047.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.738] CloseHandle (hObject=0x2bc) returned 1 [0047.738] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.738] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd9 [0047.738] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.738] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.738] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.738] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.739] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd9, lpOverlapped=0x0) returned 1 [0047.739] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff27, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.739] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd9, lpOverlapped=0x0) returned 1 [0047.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.739] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.739] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.739] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.739] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.739] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.739] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.739] CloseHandle (hObject=0x2bc) returned 1 [0047.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.739] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.lolkek") returned 162 [0047.739] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0047.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4fb8 | out: hHeap=0x5a0000) returned 1 [0047.740] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.740] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.740] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0047.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.740] CloseHandle (hObject=0x2bc) returned 1 [0047.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.740] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0047.740] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.740] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.741] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.741] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.741] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x104, lpOverlapped=0x0) returned 1 [0047.741] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.741] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x104, lpOverlapped=0x0) returned 1 [0047.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.741] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.741] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.741] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.742] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.742] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.742] CloseHandle (hObject=0x2bc) returned 1 [0047.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.742] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.lolkek") returned 162 [0047.742] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0047.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb5240 | out: hHeap=0x5a0000) returned 1 [0047.742] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.743] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.743] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json", dwFileAttributes=0x80) returned 1 [0047.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.743] CloseHandle (hObject=0x2bc) returned 1 [0047.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.743] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd0 [0047.743] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.743] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.744] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.744] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.744] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd0, lpOverlapped=0x0) returned 1 [0047.744] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff30, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.744] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd0, lpOverlapped=0x0) returned 1 [0047.744] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.744] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.744] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.744] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.744] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.744] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.744] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.745] CloseHandle (hObject=0x2bc) returned 1 [0047.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.745] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.lolkek") returned 165 [0047.745] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json.lolkek")) returned 1 [0047.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3b890 | out: hHeap=0x5a0000) returned 1 [0047.745] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.745] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.745] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json", dwFileAttributes=0x80) returned 1 [0047.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.746] CloseHandle (hObject=0x2bc) returned 1 [0047.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.746] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd1 [0047.746] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.746] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.746] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.746] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.747] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd1, lpOverlapped=0x0) returned 1 [0047.747] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff2f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.747] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd1, lpOverlapped=0x0) returned 1 [0047.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.747] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.747] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.747] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.747] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.747] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.747] CloseHandle (hObject=0x2bc) returned 1 [0047.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.747] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.lolkek") returned 165 [0047.747] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json.lolkek")) returned 1 [0047.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a030 | out: hHeap=0x5a0000) returned 1 [0047.748] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.748] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.748] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0047.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.748] CloseHandle (hObject=0x2bc) returned 1 [0047.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.748] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce [0047.748] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.749] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.749] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.749] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.749] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xce, lpOverlapped=0x0) returned 1 [0047.749] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff32, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.749] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xce, lpOverlapped=0x0) returned 1 [0047.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.749] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.749] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.749] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.750] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.750] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.750] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.750] CloseHandle (hObject=0x2bc) returned 1 [0047.750] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.750] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.lolkek") returned 162 [0047.750] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0047.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb54c8 | out: hHeap=0x5a0000) returned 1 [0047.750] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.750] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.750] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json", dwFileAttributes=0x80) returned 1 [0047.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.751] CloseHandle (hObject=0x2bc) returned 1 [0047.751] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.751] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce [0047.751] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.751] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.752] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.752] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.752] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xce, lpOverlapped=0x0) returned 1 [0047.752] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff32, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.752] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xce, lpOverlapped=0x0) returned 1 [0047.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.752] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.752] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.752] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.752] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.752] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.752] CloseHandle (hObject=0x2bc) returned 1 [0047.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.752] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.lolkek") returned 166 [0047.752] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.lolkek")) returned 1 [0047.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67ca98 | out: hHeap=0x5a0000) returned 1 [0047.753] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.753] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.753] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json", dwFileAttributes=0x80) returned 1 [0047.753] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.753] CloseHandle (hObject=0x2bc) returned 1 [0047.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.754] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd8 [0047.754] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.754] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.754] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.755] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.755] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd8, lpOverlapped=0x0) returned 1 [0047.755] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd8, lpOverlapped=0x0) returned 1 [0047.755] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.755] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.755] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.755] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.755] CloseHandle (hObject=0x2bc) returned 1 [0047.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.755] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.lolkek") returned 162 [0047.755] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.lolkek")) returned 1 [0047.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb5750 | out: hHeap=0x5a0000) returned 1 [0047.756] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.756] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.756] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0047.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.756] CloseHandle (hObject=0x2bc) returned 1 [0047.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.756] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd8 [0047.756] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.757] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.757] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.757] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.757] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd8, lpOverlapped=0x0) returned 1 [0047.757] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.757] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd8, lpOverlapped=0x0) returned 1 [0047.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.757] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.757] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.758] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.758] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.758] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.758] CloseHandle (hObject=0x2bc) returned 1 [0047.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.758] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.lolkek") returned 162 [0047.758] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0047.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb59d8 | out: hHeap=0x5a0000) returned 1 [0047.758] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.758] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.759] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0047.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.759] CloseHandle (hObject=0x2bc) returned 1 [0047.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.759] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdb [0047.759] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.759] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.760] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.760] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.760] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xdb, lpOverlapped=0x0) returned 1 [0047.760] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff25, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.760] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xdb, lpOverlapped=0x0) returned 1 [0047.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.760] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.760] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.760] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.760] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.760] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.761] CloseHandle (hObject=0x2bc) returned 1 [0047.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.761] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.lolkek") returned 163 [0047.761] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0047.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd20 | out: hHeap=0x5a0000) returned 1 [0047.761] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.761] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.761] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0047.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.762] CloseHandle (hObject=0x2bc) returned 1 [0047.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.762] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd7 [0047.762] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.762] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.762] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.762] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.763] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd7, lpOverlapped=0x0) returned 1 [0047.763] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.763] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd7, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd7, lpOverlapped=0x0) returned 1 [0047.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.763] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.763] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.763] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.763] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.763] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.763] CloseHandle (hObject=0x2bc) returned 1 [0047.763] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.763] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.lolkek") returned 162 [0047.763] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0047.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb5c60 | out: hHeap=0x5a0000) returned 1 [0047.764] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.764] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.764] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json", dwFileAttributes=0x80) returned 1 [0047.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.764] CloseHandle (hObject=0x2bc) returned 1 [0047.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.764] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0047.764] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.765] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.765] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.765] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.765] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.765] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.765] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xdd, lpOverlapped=0x0) returned 1 [0047.765] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.765] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xdd, lpOverlapped=0x0) returned 1 [0047.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.765] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.765] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.766] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.766] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.766] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.766] CloseHandle (hObject=0x2bc) returned 1 [0047.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.766] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.lolkek") returned 162 [0047.766] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.lolkek")) returned 1 [0047.766] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.766] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb5ee8 | out: hHeap=0x5a0000) returned 1 [0047.766] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.766] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.766] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0047.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.767] CloseHandle (hObject=0x2bc) returned 1 [0047.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.767] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x117 [0047.767] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.767] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.768] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.768] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.768] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.768] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.768] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x117, lpOverlapped=0x0) returned 1 [0047.768] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffee9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.768] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x117, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x117, lpOverlapped=0x0) returned 1 [0047.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.768] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.768] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.770] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.770] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.770] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.770] CloseHandle (hObject=0x2bc) returned 1 [0047.771] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.771] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.lolkek") returned 162 [0047.771] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0047.775] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.775] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6170 | out: hHeap=0x5a0000) returned 1 [0047.775] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.775] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.775] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0047.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0047.777] CloseHandle (hObject=0x258) returned 1 [0047.777] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.778] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xeb [0047.778] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.778] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.778] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.778] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.778] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xeb, lpOverlapped=0x0) returned 1 [0047.778] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffff15, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.779] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xeb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xeb, lpOverlapped=0x0) returned 1 [0047.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.779] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.779] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.782] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.782] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.782] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.782] CloseHandle (hObject=0x258) returned 1 [0047.783] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.783] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.lolkek") returned 162 [0047.783] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0047.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb63f8 | out: hHeap=0x5a0000) returned 1 [0047.788] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.789] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.789] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0047.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.792] CloseHandle (hObject=0x2bc) returned 1 [0047.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.792] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5 [0047.792] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.792] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.793] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.793] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.793] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.793] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.793] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd5, lpOverlapped=0x0) returned 1 [0047.793] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.793] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd5, lpOverlapped=0x0) returned 1 [0047.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.797] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.797] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.800] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.800] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.800] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.800] CloseHandle (hObject=0x2bc) returned 1 [0047.802] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.802] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.lolkek") returned 162 [0047.802] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0047.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6908 | out: hHeap=0x5a0000) returned 1 [0047.806] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.806] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.806] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0047.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.808] CloseHandle (hObject=0x1ec) returned 1 [0047.809] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.809] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xda [0047.809] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.809] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.809] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.809] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.809] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.810] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.810] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xda, lpOverlapped=0x0) returned 1 [0047.810] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff26, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.810] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xda, lpOverlapped=0x0) returned 1 [0047.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.810] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.810] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.813] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.813] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.813] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.813] CloseHandle (hObject=0x1ec) returned 1 [0047.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.818] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.lolkek") returned 162 [0047.818] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0047.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6e18 | out: hHeap=0x5a0000) returned 1 [0047.822] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.822] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.822] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0047.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.824] CloseHandle (hObject=0x2bc) returned 1 [0047.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.824] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe0 [0047.824] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.824] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.825] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.825] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.825] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe0, lpOverlapped=0x0) returned 1 [0047.825] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.825] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe0, lpOverlapped=0x0) returned 1 [0047.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.826] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.826] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.828] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.828] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.828] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.828] CloseHandle (hObject=0x2bc) returned 1 [0047.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0047.829] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.lolkek") returned 162 [0047.829] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0047.831] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0047.831] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb7328 | out: hHeap=0x5a0000) returned 1 [0047.831] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.832] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.832] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0047.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.835] CloseHandle (hObject=0x1ec) returned 1 [0047.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.835] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd9 [0047.835] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.835] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.836] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.836] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.836] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd9, lpOverlapped=0x0) returned 1 [0047.836] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff27, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.836] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd9, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd9, lpOverlapped=0x0) returned 1 [0047.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.839] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.839] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.842] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.842] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.842] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.842] CloseHandle (hObject=0x1ec) returned 1 [0047.844] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.845] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.lolkek") returned 162 [0047.845] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0047.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7f88 | out: hHeap=0x5a0000) returned 1 [0047.848] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.848] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.848] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0047.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.852] CloseHandle (hObject=0x2bc) returned 1 [0047.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.852] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5 [0047.852] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.852] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.853] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.853] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.853] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd5, lpOverlapped=0x0) returned 1 [0047.853] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.853] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd5, lpOverlapped=0x0) returned 1 [0047.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.854] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.854] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.856] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.856] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.856] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.856] CloseHandle (hObject=0x2bc) returned 1 [0047.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.858] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.lolkek") returned 162 [0047.858] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0047.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8498 | out: hHeap=0x5a0000) returned 1 [0047.865] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.865] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.865] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0047.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.867] CloseHandle (hObject=0x2bc) returned 1 [0047.867] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.867] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd0 [0047.867] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.868] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.868] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.868] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.868] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.868] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.868] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd0, lpOverlapped=0x0) returned 1 [0047.868] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff30, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.868] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd0, lpOverlapped=0x0) returned 1 [0047.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.870] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.870] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.874] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.874] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.874] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.874] CloseHandle (hObject=0x2bc) returned 1 [0047.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.875] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.lolkek") returned 165 [0047.875] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0047.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b5c0 | out: hHeap=0x5a0000) returned 1 [0047.878] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.878] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.878] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0047.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.881] CloseHandle (hObject=0x1ec) returned 1 [0047.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.881] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10a [0047.881] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.881] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.882] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.883] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.883] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x10a, lpOverlapped=0x0) returned 1 [0047.883] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffef6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.883] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x10a, lpOverlapped=0x0) returned 1 [0047.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.884] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.884] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.887] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.887] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.887] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.887] CloseHandle (hObject=0x1ec) returned 1 [0047.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.888] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.lolkek") returned 162 [0047.888] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0047.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb89a8 | out: hHeap=0x5a0000) returned 1 [0047.891] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.891] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.891] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0047.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.894] CloseHandle (hObject=0x1ec) returned 1 [0047.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.894] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xda [0047.894] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.894] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.894] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.894] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.894] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.894] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.894] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xda, lpOverlapped=0x0) returned 1 [0047.895] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff26, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.895] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xda, lpOverlapped=0x0) returned 1 [0047.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.895] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.895] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.899] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.899] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.899] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.899] CloseHandle (hObject=0x1ec) returned 1 [0047.900] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.900] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.lolkek") returned 162 [0047.900] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0047.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8eb8 | out: hHeap=0x5a0000) returned 1 [0047.906] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.906] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.906] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0047.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.908] CloseHandle (hObject=0x25c) returned 1 [0047.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.909] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6 [0047.909] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.909] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.909] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.910] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.910] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd6, lpOverlapped=0x0) returned 1 [0047.910] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff2a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.910] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd6, lpOverlapped=0x0) returned 1 [0047.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.912] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.912] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.914] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.914] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.914] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.915] CloseHandle (hObject=0x25c) returned 1 [0047.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.916] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.lolkek") returned 162 [0047.916] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0047.918] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.918] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb93c8 | out: hHeap=0x5a0000) returned 1 [0047.919] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.919] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.919] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0047.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0047.921] CloseHandle (hObject=0x1ec) returned 1 [0047.921] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.921] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe3 [0047.921] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.921] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.922] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.922] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.922] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe3, lpOverlapped=0x0) returned 1 [0047.922] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.922] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe3, lpOverlapped=0x0) returned 1 [0047.924] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.924] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.924] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.924] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.931] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.931] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.931] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.931] CloseHandle (hObject=0x1ec) returned 1 [0047.932] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.932] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.lolkek") returned 162 [0047.933] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0047.935] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.935] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb98d8 | out: hHeap=0x5a0000) returned 1 [0047.935] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.936] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.936] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0047.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0047.938] CloseHandle (hObject=0x2bc) returned 1 [0047.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.938] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe1 [0047.938] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.938] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.939] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.939] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.939] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.939] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.939] ReadFile (in: hFile=0x2bc, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe1, lpOverlapped=0x0) returned 1 [0047.939] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff1f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.939] WriteFile (in: hFile=0x2bc, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe1, lpOverlapped=0x0) returned 1 [0047.940] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.941] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.941] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.941] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.942] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.943] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.943] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.943] CloseHandle (hObject=0x2bc) returned 1 [0047.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.944] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.lolkek") returned 162 [0047.944] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0047.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9de8 | out: hHeap=0x5a0000) returned 1 [0047.947] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.947] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.947] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0047.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0047.950] CloseHandle (hObject=0x25c) returned 1 [0047.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.951] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce [0047.951] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.951] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0047.951] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0047.951] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.951] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0047.951] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.951] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xce, lpOverlapped=0x0) returned 1 [0047.951] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff32, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.952] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xce, lpOverlapped=0x0) returned 1 [0047.952] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0047.952] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.952] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.952] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0047.956] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.956] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0047.956] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0047.956] CloseHandle (hObject=0x25c) returned 1 [0047.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.957] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.lolkek") returned 165 [0047.958] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0047.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba070 | out: hHeap=0x5a0000) returned 1 [0047.960] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.960] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.960] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0048.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.009] CloseHandle (hObject=0x25c) returned 1 [0048.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.009] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b56 [0048.010] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.010] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.017] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dc2b40 [0048.017] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.018] ReadFile (in: hFile=0x25c, lpBuffer=0x3dc2b40, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesRead=0x373e0cc*=0x2b56, lpOverlapped=0x0) returned 1 [0048.027] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffd4aa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.027] WriteFile (in: hFile=0x25c, lpBuffer=0x3dc2b40*, nNumberOfBytesToWrite=0x2b56, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dc2b40*, lpNumberOfBytesWritten=0x373fb10*=0x2b56, lpOverlapped=0x0) returned 1 [0048.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.027] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.027] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.027] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.027] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.028] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.028] CloseHandle (hObject=0x25c) returned 1 [0048.028] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.028] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.lolkek") returned 169 [0048.028] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0048.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfd08 | out: hHeap=0x5a0000) returned 1 [0048.028] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.028] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.028] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0048.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.029] CloseHandle (hObject=0x25c) returned 1 [0048.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.029] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x116 [0048.029] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.029] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.030] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.030] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.030] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.030] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.030] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x116, lpOverlapped=0x0) returned 1 [0048.030] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffeea, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.030] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x116, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x116, lpOverlapped=0x0) returned 1 [0048.030] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.030] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.030] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.030] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.031] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.031] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.031] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.031] CloseHandle (hObject=0x25c) returned 1 [0048.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.031] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.lolkek") returned 163 [0048.031] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0048.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d660 | out: hHeap=0x5a0000) returned 1 [0048.032] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.032] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.032] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0048.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.032] CloseHandle (hObject=0x25c) returned 1 [0048.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.033] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13f [0048.033] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.033] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.033] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.033] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.033] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.033] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.033] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x13f, lpOverlapped=0x0) returned 1 [0048.033] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffec1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.033] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x13f, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x13f, lpOverlapped=0x0) returned 1 [0048.034] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.034] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.034] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.034] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.034] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.034] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.034] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.034] CloseHandle (hObject=0x25c) returned 1 [0048.034] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.034] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.lolkek") returned 163 [0048.034] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0048.035] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.035] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d8e0 | out: hHeap=0x5a0000) returned 1 [0048.035] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.035] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.035] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0048.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.035] CloseHandle (hObject=0x25c) returned 1 [0048.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.036] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x109 [0048.036] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.036] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.036] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.036] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.036] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.036] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.036] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x109, lpOverlapped=0x0) returned 1 [0048.036] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffef7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.036] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x109, lpOverlapped=0x0) returned 1 [0048.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.037] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.037] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.037] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.037] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.037] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.037] CloseHandle (hObject=0x25c) returned 1 [0048.037] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.037] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.lolkek") returned 163 [0048.037] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0048.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60dd88 | out: hHeap=0x5a0000) returned 1 [0048.038] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.038] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.038] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0048.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.038] CloseHandle (hObject=0x25c) returned 1 [0048.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.039] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x103 [0048.039] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.039] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.039] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.039] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.039] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x103, lpOverlapped=0x0) returned 1 [0048.039] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffefd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.039] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x103, lpOverlapped=0x0) returned 1 [0048.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.040] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.040] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.040] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.040] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.040] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.040] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.040] CloseHandle (hObject=0x25c) returned 1 [0048.040] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.040] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.lolkek") returned 163 [0048.040] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0048.041] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.041] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60e008 | out: hHeap=0x5a0000) returned 1 [0048.041] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.041] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.041] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0048.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.041] CloseHandle (hObject=0x25c) returned 1 [0048.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.041] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf3 [0048.041] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.042] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.042] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.042] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.042] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xf3, lpOverlapped=0x0) returned 1 [0048.042] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff0d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.042] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xf3, lpOverlapped=0x0) returned 1 [0048.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.042] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.043] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.043] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.043] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.043] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.043] CloseHandle (hObject=0x25c) returned 1 [0048.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.043] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.lolkek") returned 163 [0048.043] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0048.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60e288 | out: hHeap=0x5a0000) returned 1 [0048.044] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.044] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.044] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0048.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.044] CloseHandle (hObject=0x25c) returned 1 [0048.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.044] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x100 [0048.044] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.045] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.045] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.045] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.045] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x100, lpOverlapped=0x0) returned 1 [0048.045] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.045] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x100, lpOverlapped=0x0) returned 1 [0048.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.045] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.045] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.046] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.046] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.046] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.046] CloseHandle (hObject=0x25c) returned 1 [0048.046] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.046] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.lolkek") returned 163 [0048.046] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0048.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60e508 | out: hHeap=0x5a0000) returned 1 [0048.047] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.047] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.047] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0048.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.048] CloseHandle (hObject=0x25c) returned 1 [0048.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.048] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x149 [0048.048] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.048] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.049] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.049] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.050] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.050] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.050] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x149, lpOverlapped=0x0) returned 1 [0048.050] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffeb7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.050] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x149, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x149, lpOverlapped=0x0) returned 1 [0048.050] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.050] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.050] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.050] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.050] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.050] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.050] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.050] CloseHandle (hObject=0x25c) returned 1 [0048.050] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.050] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.lolkek") returned 163 [0048.050] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0048.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.051] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eafc8 | out: hHeap=0x5a0000) returned 1 [0048.051] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.051] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.051] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json", dwFileAttributes=0x80) returned 1 [0048.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.052] CloseHandle (hObject=0x25c) returned 1 [0048.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.052] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf9 [0048.052] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.052] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.053] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.053] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.053] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.053] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.053] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xf9, lpOverlapped=0x0) returned 1 [0048.053] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff07, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.053] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xf9, lpOverlapped=0x0) returned 1 [0048.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.053] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.053] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.053] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.053] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.053] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.053] CloseHandle (hObject=0x25c) returned 1 [0048.053] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.053] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.lolkek") returned 166 [0048.053] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json.lolkek")) returned 1 [0048.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba2f8 | out: hHeap=0x5a0000) returned 1 [0048.054] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.054] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.054] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json", dwFileAttributes=0x80) returned 1 [0048.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.055] CloseHandle (hObject=0x25c) returned 1 [0048.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.055] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf9 [0048.055] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.055] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.055] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.055] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.055] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.056] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.056] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xf9, lpOverlapped=0x0) returned 1 [0048.056] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff07, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.056] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf9, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xf9, lpOverlapped=0x0) returned 1 [0048.056] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.056] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.056] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.056] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.056] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.056] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.056] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.056] CloseHandle (hObject=0x25c) returned 1 [0048.056] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.056] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.lolkek") returned 166 [0048.056] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json.lolkek")) returned 1 [0048.057] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.057] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba580 | out: hHeap=0x5a0000) returned 1 [0048.057] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.057] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.057] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0048.057] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.057] CloseHandle (hObject=0x25c) returned 1 [0048.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.058] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x103 [0048.058] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.058] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.058] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.058] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.058] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.058] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.058] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x103, lpOverlapped=0x0) returned 1 [0048.059] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffefd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.059] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x103, lpOverlapped=0x0) returned 1 [0048.059] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.059] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.059] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.059] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.059] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.059] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.059] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.059] CloseHandle (hObject=0x25c) returned 1 [0048.059] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.059] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.lolkek") returned 163 [0048.059] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0048.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb248 | out: hHeap=0x5a0000) returned 1 [0048.060] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.060] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.060] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json", dwFileAttributes=0x80) returned 1 [0048.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.061] CloseHandle (hObject=0x25c) returned 1 [0048.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.061] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x103 [0048.061] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.061] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.061] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.061] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.061] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.062] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.062] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x103, lpOverlapped=0x0) returned 1 [0048.062] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffefd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.062] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x103, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x103, lpOverlapped=0x0) returned 1 [0048.062] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.062] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.062] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.062] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.062] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.062] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.062] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.062] CloseHandle (hObject=0x25c) returned 1 [0048.062] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.062] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.lolkek") returned 167 [0048.062] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.lolkek")) returned 1 [0048.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.063] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb4c8 | out: hHeap=0x5a0000) returned 1 [0048.063] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.063] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.063] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json", dwFileAttributes=0x80) returned 1 [0048.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.064] CloseHandle (hObject=0x25c) returned 1 [0048.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.064] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfb [0048.064] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.064] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.064] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.064] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.064] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.064] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.065] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfb, lpOverlapped=0x0) returned 1 [0048.117] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff05, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.117] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfb, lpOverlapped=0x0) returned 1 [0048.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.117] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.117] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.117] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.117] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.118] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.118] CloseHandle (hObject=0x25c) returned 1 [0048.118] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.118] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.lolkek") returned 163 [0048.118] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.lolkek")) returned 1 [0048.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eb758 | out: hHeap=0x5a0000) returned 1 [0048.118] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.118] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.118] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.119] CloseHandle (hObject=0x25c) returned 1 [0048.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.119] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x102 [0048.119] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.119] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.120] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.120] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.120] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x102, lpOverlapped=0x0) returned 1 [0048.120] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffefe, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.120] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x102, lpOverlapped=0x0) returned 1 [0048.120] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.120] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.120] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.120] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.120] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.120] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.121] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.121] CloseHandle (hObject=0x25c) returned 1 [0048.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.121] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.lolkek") returned 163 [0048.121] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.lolkek")) returned 1 [0048.121] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.121] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb9c0 | out: hHeap=0x5a0000) returned 1 [0048.121] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.121] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.121] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json", dwFileAttributes=0x80) returned 1 [0048.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.122] CloseHandle (hObject=0x25c) returned 1 [0048.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.122] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfe [0048.122] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.122] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.123] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.123] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.123] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.123] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.123] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfe, lpOverlapped=0x0) returned 1 [0048.123] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.123] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfe, lpOverlapped=0x0) returned 1 [0048.123] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.123] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.123] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.123] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.123] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.123] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.123] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.124] CloseHandle (hObject=0x25c) returned 1 [0048.124] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.124] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.lolkek") returned 163 [0048.124] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.lolkek")) returned 1 [0048.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9668 | out: hHeap=0x5a0000) returned 1 [0048.124] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.124] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.124] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.125] CloseHandle (hObject=0x25c) returned 1 [0048.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.125] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf2 [0048.125] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.125] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.126] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.126] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.126] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.126] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.126] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xf2, lpOverlapped=0x0) returned 1 [0048.126] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff0e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.126] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xf2, lpOverlapped=0x0) returned 1 [0048.126] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.126] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.126] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.126] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.126] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.127] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.127] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.127] CloseHandle (hObject=0x25c) returned 1 [0048.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.127] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.lolkek") returned 163 [0048.127] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0048.127] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.127] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca98f0 | out: hHeap=0x5a0000) returned 1 [0048.127] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.127] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.127] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json", dwFileAttributes=0x80) returned 1 [0048.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.128] CloseHandle (hObject=0x25c) returned 1 [0048.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.128] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xda [0048.128] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.128] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.129] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.129] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.129] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xda, lpOverlapped=0x0) returned 1 [0048.129] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff26, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.129] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xda, lpOverlapped=0x0) returned 1 [0048.129] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.129] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.129] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.129] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.129] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.129] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.129] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.130] CloseHandle (hObject=0x25c) returned 1 [0048.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.130] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.lolkek") returned 163 [0048.130] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.lolkek")) returned 1 [0048.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9b78 | out: hHeap=0x5a0000) returned 1 [0048.130] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.130] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.130] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.131] CloseHandle (hObject=0x25c) returned 1 [0048.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.131] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x101 [0048.131] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.131] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.131] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.132] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.132] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x101, lpOverlapped=0x0) returned 1 [0048.132] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffeff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.132] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x101, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x101, lpOverlapped=0x0) returned 1 [0048.132] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.132] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.132] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.132] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.132] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.132] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.132] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.132] CloseHandle (hObject=0x25c) returned 1 [0048.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.132] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.lolkek") returned 163 [0048.132] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0048.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca9e00 | out: hHeap=0x5a0000) returned 1 [0048.133] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.133] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.133] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0048.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.133] CloseHandle (hObject=0x25c) returned 1 [0048.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.134] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf6 [0048.134] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.134] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.134] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.134] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.134] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xf6, lpOverlapped=0x0) returned 1 [0048.134] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff0a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.134] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xf6, lpOverlapped=0x0) returned 1 [0048.135] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.135] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.135] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.135] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.135] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.135] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.135] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.135] CloseHandle (hObject=0x25c) returned 1 [0048.135] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.135] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.lolkek") returned 166 [0048.135] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0048.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caa088 | out: hHeap=0x5a0000) returned 1 [0048.136] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.136] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.136] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0048.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.136] CloseHandle (hObject=0x25c) returned 1 [0048.136] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.136] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x108 [0048.136] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.136] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.137] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.137] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.137] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x108, lpOverlapped=0x0) returned 1 [0048.137] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.137] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x108, lpOverlapped=0x0) returned 1 [0048.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.137] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.137] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.138] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.138] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.138] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.138] CloseHandle (hObject=0x25c) returned 1 [0048.138] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.138] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.lolkek") returned 166 [0048.138] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0048.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caa310 | out: hHeap=0x5a0000) returned 1 [0048.138] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.138] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.139] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0048.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.139] CloseHandle (hObject=0x25c) returned 1 [0048.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.139] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x119 [0048.139] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.139] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.140] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.140] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.140] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.140] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.140] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x119, lpOverlapped=0x0) returned 1 [0048.140] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffee7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.140] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x119, lpOverlapped=0x0) returned 1 [0048.140] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.140] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.140] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.140] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.140] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.140] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.140] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.141] CloseHandle (hObject=0x25c) returned 1 [0048.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.141] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.lolkek") returned 163 [0048.141] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0048.141] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.141] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caa598 | out: hHeap=0x5a0000) returned 1 [0048.141] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.141] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.141] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0048.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.142] CloseHandle (hObject=0x25c) returned 1 [0048.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.142] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x152 [0048.142] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.142] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.143] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.143] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.143] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x152, lpOverlapped=0x0) returned 1 [0048.143] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffeae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.143] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x152, lpOverlapped=0x0) returned 1 [0048.143] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.143] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.143] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.143] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.144] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.144] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.144] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.144] CloseHandle (hObject=0x25c) returned 1 [0048.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.144] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.lolkek") returned 163 [0048.144] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0048.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caa820 | out: hHeap=0x5a0000) returned 1 [0048.144] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.145] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.145] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.145] CloseHandle (hObject=0x25c) returned 1 [0048.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.145] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x112 [0048.145] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.145] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.146] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.146] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.146] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x112, lpOverlapped=0x0) returned 1 [0048.146] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffeee, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.146] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x112, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x112, lpOverlapped=0x0) returned 1 [0048.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.146] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.146] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.146] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.146] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.146] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.147] CloseHandle (hObject=0x25c) returned 1 [0048.147] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.147] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.lolkek") returned 163 [0048.147] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0048.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caaaa8 | out: hHeap=0x5a0000) returned 1 [0048.147] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.147] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.147] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.148] CloseHandle (hObject=0x25c) returned 1 [0048.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.148] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10c [0048.148] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.148] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.149] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.149] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.149] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x10c, lpOverlapped=0x0) returned 1 [0048.149] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffef4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.149] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x10c, lpOverlapped=0x0) returned 1 [0048.149] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.149] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.149] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.149] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.149] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.149] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.149] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.150] CloseHandle (hObject=0x25c) returned 1 [0048.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.150] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.lolkek") returned 163 [0048.150] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0048.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caad30 | out: hHeap=0x5a0000) returned 1 [0048.150] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.150] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.150] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.151] CloseHandle (hObject=0x25c) returned 1 [0048.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.151] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11f [0048.151] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.151] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.151] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.151] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.152] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.152] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.152] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x11f, lpOverlapped=0x0) returned 1 [0048.152] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffee1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.152] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x11f, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x11f, lpOverlapped=0x0) returned 1 [0048.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.152] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.152] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.152] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.152] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.152] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.152] CloseHandle (hObject=0x25c) returned 1 [0048.152] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.152] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.lolkek") returned 163 [0048.152] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0048.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caafb8 | out: hHeap=0x5a0000) returned 1 [0048.153] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.153] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.153] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.153] CloseHandle (hObject=0x25c) returned 1 [0048.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.154] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfd [0048.154] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.154] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.154] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.154] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.154] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfd, lpOverlapped=0x0) returned 1 [0048.154] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff03, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.155] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfd, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfd, lpOverlapped=0x0) returned 1 [0048.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.155] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.155] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.155] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.155] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.155] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.155] CloseHandle (hObject=0x25c) returned 1 [0048.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.155] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.lolkek") returned 163 [0048.155] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0048.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab240 | out: hHeap=0x5a0000) returned 1 [0048.156] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.156] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.156] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0048.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0048.156] CloseHandle (hObject=0x25c) returned 1 [0048.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.156] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x164 [0048.157] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.157] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.157] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.157] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.157] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.157] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.157] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x164, lpOverlapped=0x0) returned 1 [0048.157] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffe9c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.157] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x164, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x164, lpOverlapped=0x0) returned 1 [0048.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.158] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.158] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.158] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.158] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.158] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.158] CloseHandle (hObject=0x25c) returned 1 [0048.158] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0048.158] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.lolkek") returned 163 [0048.158] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0048.182] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0048.182] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbd00 | out: hHeap=0x5a0000) returned 1 [0048.182] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.182] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.182] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", dwFileAttributes=0x80) returned 1 [0048.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.183] CloseHandle (hObject=0x1ec) returned 1 [0048.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.183] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4e [0048.183] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.183] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.191] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.191] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.191] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.191] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.191] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd4e, lpOverlapped=0x0) returned 1 [0048.191] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffff2b2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.191] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd4e, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd4e, lpOverlapped=0x0) returned 1 [0048.192] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.192] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.192] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.192] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.192] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.192] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.192] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.192] CloseHandle (hObject=0x1ec) returned 1 [0048.192] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.192] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.lolkek") returned 146 [0048.192] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.lolkek")) returned 1 [0048.193] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.193] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ebc58 | out: hHeap=0x5a0000) returned 1 [0048.193] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.193] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.193] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0048.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.194] CloseHandle (hObject=0x1ec) returned 1 [0048.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.194] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d8 [0048.194] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.194] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.203] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.203] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.203] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.203] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.203] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0x2d8, lpOverlapped=0x0) returned 1 [0048.203] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffd28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.203] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0x2d8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0x2d8, lpOverlapped=0x0) returned 1 [0048.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.203] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.204] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.204] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.204] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.204] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.204] CloseHandle (hObject=0x1ec) returned 1 [0048.204] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.204] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.lolkek") returned 152 [0048.204] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.lolkek")) returned 1 [0048.205] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.205] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4948 | out: hHeap=0x5a0000) returned 1 [0048.205] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.205] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.205] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0048.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.206] CloseHandle (hObject=0x1ec) returned 1 [0048.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.206] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.206] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.206] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.206] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.207] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.207] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.207] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.207] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.207] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.207] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.207] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.207] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.207] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.207] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.207] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.207] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.207] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.207] CloseHandle (hObject=0x1ec) returned 1 [0048.207] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.207] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.lolkek") returned 164 [0048.207] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0048.208] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.208] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebcc30 | out: hHeap=0x5a0000) returned 1 [0048.208] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.208] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.208] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0048.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.208] CloseHandle (hObject=0x1ec) returned 1 [0048.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.209] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.209] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.209] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.209] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.209] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.209] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.209] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.210] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.210] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.210] CloseHandle (hObject=0x1ec) returned 1 [0048.210] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.210] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.lolkek") returned 164 [0048.210] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0048.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebceb8 | out: hHeap=0x5a0000) returned 1 [0048.211] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.211] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.211] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0048.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.211] CloseHandle (hObject=0x1ec) returned 1 [0048.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.211] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.211] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.212] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.212] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.212] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.212] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.212] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.212] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.212] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.213] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.213] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.213] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.213] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.213] CloseHandle (hObject=0x1ec) returned 1 [0048.213] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.213] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.lolkek") returned 164 [0048.213] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0048.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd140 | out: hHeap=0x5a0000) returned 1 [0048.214] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.214] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.214] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0048.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.214] CloseHandle (hObject=0x1ec) returned 1 [0048.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.214] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.214] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.214] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.215] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.215] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.215] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.215] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.215] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.215] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.215] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.215] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.215] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.216] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.216] CloseHandle (hObject=0x1ec) returned 1 [0048.216] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.216] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.lolkek") returned 164 [0048.216] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0048.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd3c8 | out: hHeap=0x5a0000) returned 1 [0048.216] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.216] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.217] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0048.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.217] CloseHandle (hObject=0x1ec) returned 1 [0048.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.217] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.217] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.217] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.218] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.218] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.218] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.218] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.218] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.218] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.218] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.218] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.218] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.219] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.219] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.219] CloseHandle (hObject=0x1ec) returned 1 [0048.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.219] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.lolkek") returned 164 [0048.219] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0048.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd650 | out: hHeap=0x5a0000) returned 1 [0048.219] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.219] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.219] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0048.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.220] CloseHandle (hObject=0x1ec) returned 1 [0048.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.220] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.220] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.220] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.221] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.221] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.221] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.221] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.221] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.221] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.221] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.221] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.221] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.221] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.222] CloseHandle (hObject=0x1ec) returned 1 [0048.222] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.222] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.lolkek") returned 164 [0048.222] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0048.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd8d8 | out: hHeap=0x5a0000) returned 1 [0048.222] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.222] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.222] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0048.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.223] CloseHandle (hObject=0x1ec) returned 1 [0048.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.223] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.223] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.223] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.224] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.224] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.224] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.224] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.224] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.224] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.224] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.224] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.224] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.224] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.224] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.224] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.224] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.224] CloseHandle (hObject=0x1ec) returned 1 [0048.225] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.225] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.lolkek") returned 164 [0048.225] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0048.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebdb60 | out: hHeap=0x5a0000) returned 1 [0048.225] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.225] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.225] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json", dwFileAttributes=0x80) returned 1 [0048.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.226] CloseHandle (hObject=0x1ec) returned 1 [0048.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.226] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.226] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.226] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.226] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.227] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.227] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.227] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.227] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.227] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.227] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.227] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.227] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.227] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.227] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.227] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.227] CloseHandle (hObject=0x1ec) returned 1 [0048.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.227] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.lolkek") returned 164 [0048.227] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.lolkek")) returned 1 [0048.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebdde8 | out: hHeap=0x5a0000) returned 1 [0048.228] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.228] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.228] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0048.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.228] CloseHandle (hObject=0x1ec) returned 1 [0048.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.229] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.229] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.229] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.229] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.229] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.229] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.229] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.230] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.230] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.230] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.230] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.230] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.230] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.230] CloseHandle (hObject=0x1ec) returned 1 [0048.230] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.230] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.lolkek") returned 164 [0048.230] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0048.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe070 | out: hHeap=0x5a0000) returned 1 [0048.231] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.231] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.231] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.231] CloseHandle (hObject=0x1ec) returned 1 [0048.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.232] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.232] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.232] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.232] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.232] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.232] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.232] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.232] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.233] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.233] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.233] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.233] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.233] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.233] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.233] CloseHandle (hObject=0x1ec) returned 1 [0048.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.233] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.lolkek") returned 164 [0048.233] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0048.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe2f8 | out: hHeap=0x5a0000) returned 1 [0048.234] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.234] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.234] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0048.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.234] CloseHandle (hObject=0x1ec) returned 1 [0048.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.234] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.234] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.234] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.235] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0048.235] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.235] ReadFile (in: hFile=0x1ec, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.235] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.235] WriteFile (in: hFile=0x1ec, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.235] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.235] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.235] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.236] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.236] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.236] CloseHandle (hObject=0x1ec) returned 1 [0048.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.236] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.lolkek") returned 165 [0048.236] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0048.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe580 | out: hHeap=0x5a0000) returned 1 [0048.285] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.285] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.285] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0048.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.286] CloseHandle (hObject=0x1ec) returned 1 [0048.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.286] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.286] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.286] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.287] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.287] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.287] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.287] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.287] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.287] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.287] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.287] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.288] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.288] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.288] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.288] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.288] CloseHandle (hObject=0x1ec) returned 1 [0048.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.288] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.lolkek") returned 167 [0048.288] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0048.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de02e8 | out: hHeap=0x5a0000) returned 1 [0048.289] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.289] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.289] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0048.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.289] CloseHandle (hObject=0x1ec) returned 1 [0048.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.290] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.290] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.290] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.290] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.290] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.290] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.290] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.291] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.291] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.291] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.291] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.291] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.291] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.291] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.291] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.291] CloseHandle (hObject=0x1ec) returned 1 [0048.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.291] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.lolkek") returned 164 [0048.291] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0048.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaaa98 | out: hHeap=0x5a0000) returned 1 [0048.292] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.292] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.292] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0048.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.292] CloseHandle (hObject=0x1ec) returned 1 [0048.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.293] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.293] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.293] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.293] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.293] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.293] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.293] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.293] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.294] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.294] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.294] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.294] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.294] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.294] CloseHandle (hObject=0x1ec) returned 1 [0048.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.294] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.lolkek") returned 164 [0048.294] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0048.295] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.295] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaad20 | out: hHeap=0x5a0000) returned 1 [0048.295] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.295] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.295] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.295] CloseHandle (hObject=0x1ec) returned 1 [0048.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.295] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.295] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.295] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.296] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.296] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.296] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.296] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.296] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.296] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.296] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.296] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.297] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.297] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.297] CloseHandle (hObject=0x1ec) returned 1 [0048.297] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.297] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.lolkek") returned 164 [0048.297] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0048.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaafa8 | out: hHeap=0x5a0000) returned 1 [0048.297] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.297] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.297] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.298] CloseHandle (hObject=0x1ec) returned 1 [0048.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.298] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.298] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.298] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.299] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.299] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.299] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.299] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.299] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.299] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.299] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.299] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.299] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.299] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.299] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.299] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.300] CloseHandle (hObject=0x1ec) returned 1 [0048.300] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.300] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.lolkek") returned 164 [0048.300] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0048.300] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.300] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eab230 | out: hHeap=0x5a0000) returned 1 [0048.300] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.300] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.300] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.301] CloseHandle (hObject=0x1ec) returned 1 [0048.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.301] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.301] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.301] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.301] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.302] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.302] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.302] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.302] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.302] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.302] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.302] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.302] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.302] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.302] CloseHandle (hObject=0x1ec) returned 1 [0048.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.302] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.lolkek") returned 164 [0048.302] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0048.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eab4b8 | out: hHeap=0x5a0000) returned 1 [0048.303] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.303] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.303] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.304] CloseHandle (hObject=0x1ec) returned 1 [0048.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.304] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.304] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.304] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.304] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.304] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.304] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.304] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.305] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.305] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.305] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.305] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.305] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.305] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.305] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.305] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.305] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.305] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.305] CloseHandle (hObject=0x1ec) returned 1 [0048.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.305] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.lolkek") returned 164 [0048.305] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0048.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eab740 | out: hHeap=0x5a0000) returned 1 [0048.306] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.306] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.306] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0048.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.307] CloseHandle (hObject=0x1ec) returned 1 [0048.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.307] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.307] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.307] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.307] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.307] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.307] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.308] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.308] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.308] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.308] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.308] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.308] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.308] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.308] CloseHandle (hObject=0x1ec) returned 1 [0048.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.308] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.lolkek") returned 164 [0048.308] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0048.309] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.309] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eab9c8 | out: hHeap=0x5a0000) returned 1 [0048.309] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.309] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.309] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.309] CloseHandle (hObject=0x1ec) returned 1 [0048.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.310] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.310] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.310] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.310] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.310] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.310] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.310] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.310] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.311] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.311] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.311] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.311] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.311] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.311] CloseHandle (hObject=0x1ec) returned 1 [0048.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.311] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.lolkek") returned 164 [0048.311] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0048.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eabc50 | out: hHeap=0x5a0000) returned 1 [0048.312] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.312] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.312] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.312] CloseHandle (hObject=0x1ec) returned 1 [0048.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.312] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.312] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.312] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.313] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.313] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.313] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.313] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.313] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.314] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.314] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.314] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.314] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.314] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.314] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.314] CloseHandle (hObject=0x1ec) returned 1 [0048.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.314] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.lolkek") returned 164 [0048.314] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0048.315] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.315] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eabed8 | out: hHeap=0x5a0000) returned 1 [0048.315] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.315] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.315] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.315] CloseHandle (hObject=0x1ec) returned 1 [0048.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.316] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.316] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.316] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.316] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.316] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.316] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.316] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.317] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.317] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.317] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.317] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.317] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.317] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.317] CloseHandle (hObject=0x1ec) returned 1 [0048.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.317] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.lolkek") returned 164 [0048.317] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0048.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eac160 | out: hHeap=0x5a0000) returned 1 [0048.318] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.318] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.318] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0048.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.318] CloseHandle (hObject=0x1ec) returned 1 [0048.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.318] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.319] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.319] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.319] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.319] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.319] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.319] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.319] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.320] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.320] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.320] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.320] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.320] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.320] CloseHandle (hObject=0x1ec) returned 1 [0048.320] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.320] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.lolkek") returned 167 [0048.320] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0048.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.321] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc28b0 | out: hHeap=0x5a0000) returned 1 [0048.321] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.321] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.321] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0048.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.321] CloseHandle (hObject=0x1ec) returned 1 [0048.321] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.321] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb3 [0048.321] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.322] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.322] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.322] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.322] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.322] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.322] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb3, lpOverlapped=0x0) returned 1 [0048.322] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.322] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb3, lpOverlapped=0x0) returned 1 [0048.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.322] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.322] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.323] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.323] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.323] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.323] CloseHandle (hObject=0x1ec) returned 1 [0048.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.323] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.lolkek") returned 167 [0048.323] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0048.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66b510 | out: hHeap=0x5a0000) returned 1 [0048.324] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.324] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.324] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json", dwFileAttributes=0x80) returned 1 [0048.324] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.324] CloseHandle (hObject=0x1ec) returned 1 [0048.324] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.324] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2769 [0048.324] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.324] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.331] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.331] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.332] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.332] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2769, lpOverlapped=0x0) returned 1 [0048.345] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffd897, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.345] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2769, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2769, lpOverlapped=0x0) returned 1 [0048.345] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.345] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.345] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.345] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.345] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.346] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.346] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.346] CloseHandle (hObject=0x1ec) returned 1 [0048.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.346] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.lolkek") returned 171 [0048.346] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.lolkek")) returned 1 [0048.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698400 | out: hHeap=0x5a0000) returned 1 [0048.346] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.346] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.346] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0048.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.347] CloseHandle (hObject=0x1ec) returned 1 [0048.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.347] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfe [0048.347] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.347] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.348] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.348] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.348] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfe, lpOverlapped=0x0) returned 1 [0048.348] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.348] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfe, lpOverlapped=0x0) returned 1 [0048.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.348] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.348] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.348] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.348] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.348] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.348] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.349] CloseHandle (hObject=0x1ec) returned 1 [0048.349] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.349] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.lolkek") returned 162 [0048.349] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0048.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eac3e8 | out: hHeap=0x5a0000) returned 1 [0048.349] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.349] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.349] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0048.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.350] CloseHandle (hObject=0x1ec) returned 1 [0048.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.350] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12f [0048.350] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.350] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.351] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.351] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.351] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x12f, lpOverlapped=0x0) returned 1 [0048.351] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffed1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.351] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x12f, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x12f, lpOverlapped=0x0) returned 1 [0048.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.351] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.351] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.351] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.351] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.351] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.351] CloseHandle (hObject=0x1ec) returned 1 [0048.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.353] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.lolkek") returned 162 [0048.353] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0048.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eac670 | out: hHeap=0x5a0000) returned 1 [0048.353] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.354] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.354] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0048.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.354] CloseHandle (hObject=0x1ec) returned 1 [0048.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.354] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe5 [0048.354] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.354] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.355] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.355] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.355] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe5, lpOverlapped=0x0) returned 1 [0048.355] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.355] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe5, lpOverlapped=0x0) returned 1 [0048.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.355] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.355] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.355] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.355] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.356] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.356] CloseHandle (hObject=0x1ec) returned 1 [0048.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.356] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.lolkek") returned 162 [0048.356] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0048.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eac8f8 | out: hHeap=0x5a0000) returned 1 [0048.356] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.356] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.356] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json", dwFileAttributes=0x80) returned 1 [0048.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.357] CloseHandle (hObject=0x1ec) returned 1 [0048.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.357] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xda [0048.357] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.357] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.358] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.358] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.358] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xda, lpOverlapped=0x0) returned 1 [0048.358] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff26, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.358] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xda, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xda, lpOverlapped=0x0) returned 1 [0048.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.358] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.358] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.358] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.358] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.359] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.359] CloseHandle (hObject=0x1ec) returned 1 [0048.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.359] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.lolkek") returned 162 [0048.359] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.lolkek")) returned 1 [0048.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eacb80 | out: hHeap=0x5a0000) returned 1 [0048.359] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.359] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.359] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0048.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.360] CloseHandle (hObject=0x1ec) returned 1 [0048.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.360] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcf [0048.360] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.360] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.361] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.361] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.361] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xcf, lpOverlapped=0x0) returned 1 [0048.361] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.361] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcf, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xcf, lpOverlapped=0x0) returned 1 [0048.361] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.361] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.361] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.361] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.361] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.362] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.362] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.362] CloseHandle (hObject=0x1ec) returned 1 [0048.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.362] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.lolkek") returned 162 [0048.362] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0048.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eace08 | out: hHeap=0x5a0000) returned 1 [0048.362] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.362] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.362] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0048.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.363] CloseHandle (hObject=0x1ec) returned 1 [0048.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.363] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdc [0048.363] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.363] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.364] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.364] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.364] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.364] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.364] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xdc, lpOverlapped=0x0) returned 1 [0048.364] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff24, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.364] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xdc, lpOverlapped=0x0) returned 1 [0048.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.364] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.364] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.364] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.364] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.364] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.364] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.365] CloseHandle (hObject=0x1ec) returned 1 [0048.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.365] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.lolkek") returned 162 [0048.365] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0048.365] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.365] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ead090 | out: hHeap=0x5a0000) returned 1 [0048.365] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.365] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.365] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0048.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.366] CloseHandle (hObject=0x1ec) returned 1 [0048.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.366] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x130 [0048.366] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.366] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.367] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.367] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.367] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x130, lpOverlapped=0x0) returned 1 [0048.367] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffed0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.367] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x130, lpOverlapped=0x0) returned 1 [0048.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.367] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.367] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.367] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.367] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.367] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.367] CloseHandle (hObject=0x1ec) returned 1 [0048.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.368] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.lolkek") returned 162 [0048.368] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0048.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ead318 | out: hHeap=0x5a0000) returned 1 [0048.368] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.368] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.368] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json", dwFileAttributes=0x80) returned 1 [0048.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.369] CloseHandle (hObject=0x1ec) returned 1 [0048.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.369] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5 [0048.369] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.369] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.369] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.370] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.370] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd5, lpOverlapped=0x0) returned 1 [0048.370] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.370] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd5, lpOverlapped=0x0) returned 1 [0048.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.370] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.370] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.370] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.370] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.370] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.370] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.370] CloseHandle (hObject=0x1ec) returned 1 [0048.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.370] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.lolkek") returned 165 [0048.370] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json.lolkek")) returned 1 [0048.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ead5a0 | out: hHeap=0x5a0000) returned 1 [0048.371] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.371] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.371] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json", dwFileAttributes=0x80) returned 1 [0048.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.371] CloseHandle (hObject=0x1ec) returned 1 [0048.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.372] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5 [0048.372] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.372] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.372] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.372] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.372] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd5, lpOverlapped=0x0) returned 1 [0048.372] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.372] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd5, lpOverlapped=0x0) returned 1 [0048.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.373] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.373] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.373] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.373] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.373] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.373] CloseHandle (hObject=0x1ec) returned 1 [0048.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.373] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.lolkek") returned 165 [0048.373] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json.lolkek")) returned 1 [0048.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ead828 | out: hHeap=0x5a0000) returned 1 [0048.374] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.374] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.374] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0048.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.374] CloseHandle (hObject=0x1ec) returned 1 [0048.374] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.375] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe5 [0048.375] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.375] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.375] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.375] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.375] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe5, lpOverlapped=0x0) returned 1 [0048.375] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.375] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe5, lpOverlapped=0x0) returned 1 [0048.376] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.376] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.376] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.376] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.376] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.376] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.376] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.376] CloseHandle (hObject=0x1ec) returned 1 [0048.376] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.376] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.lolkek") returned 162 [0048.376] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0048.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b68 | out: hHeap=0x5a0000) returned 1 [0048.425] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.426] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.426] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.426] CloseHandle (hObject=0x1ec) returned 1 [0048.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.426] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd [0048.426] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.427] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.427] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.427] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.427] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xdd, lpOverlapped=0x0) returned 1 [0048.427] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff23, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.427] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdd, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xdd, lpOverlapped=0x0) returned 1 [0048.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.427] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.427] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.428] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.428] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.428] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.428] CloseHandle (hObject=0x1ec) returned 1 [0048.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.428] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.lolkek") returned 162 [0048.428] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0048.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb43e8 | out: hHeap=0x5a0000) returned 1 [0048.429] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.429] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.429] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json", dwFileAttributes=0x80) returned 1 [0048.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.429] CloseHandle (hObject=0x1ec) returned 1 [0048.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.430] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbf [0048.430] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.430] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.430] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.430] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.430] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xbf, lpOverlapped=0x0) returned 1 [0048.430] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff41, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.430] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xbf, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xbf, lpOverlapped=0x0) returned 1 [0048.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.431] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.431] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.431] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.431] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.431] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.431] CloseHandle (hObject=0x1ec) returned 1 [0048.431] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.431] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.lolkek") returned 162 [0048.431] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.lolkek")) returned 1 [0048.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4670 | out: hHeap=0x5a0000) returned 1 [0048.432] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.432] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.432] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.432] CloseHandle (hObject=0x1ec) returned 1 [0048.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.432] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd1 [0048.432] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.432] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.433] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.433] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.433] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd1, lpOverlapped=0x0) returned 1 [0048.433] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff2f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.433] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd1, lpOverlapped=0x0) returned 1 [0048.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.434] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.434] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.434] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.434] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.434] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.434] CloseHandle (hObject=0x1ec) returned 1 [0048.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.434] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.lolkek") returned 162 [0048.434] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0048.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb48f8 | out: hHeap=0x5a0000) returned 1 [0048.436] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.436] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.436] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0048.436] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.437] CloseHandle (hObject=0x1ec) returned 1 [0048.437] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.437] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5 [0048.437] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.437] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.437] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.438] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.438] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd5, lpOverlapped=0x0) returned 1 [0048.438] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff2b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.438] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd5, lpOverlapped=0x0) returned 1 [0048.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.438] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.438] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.438] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.438] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.438] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.438] CloseHandle (hObject=0x1ec) returned 1 [0048.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.438] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.lolkek") returned 165 [0048.438] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0048.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4b80 | out: hHeap=0x5a0000) returned 1 [0048.439] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.439] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.439] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0048.439] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.439] CloseHandle (hObject=0x1ec) returned 1 [0048.439] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.440] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe6 [0048.440] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.440] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.440] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.440] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.440] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.440] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.440] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe6, lpOverlapped=0x0) returned 1 [0048.440] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.440] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe6, lpOverlapped=0x0) returned 1 [0048.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.441] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.441] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.441] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.441] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.441] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.441] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.441] CloseHandle (hObject=0x1ec) returned 1 [0048.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.441] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.lolkek") returned 165 [0048.441] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0048.441] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.441] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4e08 | out: hHeap=0x5a0000) returned 1 [0048.442] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.442] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.442] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0048.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.442] CloseHandle (hObject=0x1ec) returned 1 [0048.442] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.442] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe2 [0048.442] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.442] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.443] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.443] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.443] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe2, lpOverlapped=0x0) returned 1 [0048.443] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.443] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe2, lpOverlapped=0x0) returned 1 [0048.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.443] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.443] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.443] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.443] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.444] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.444] CloseHandle (hObject=0x1ec) returned 1 [0048.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.444] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.lolkek") returned 162 [0048.444] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0048.444] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.444] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5090 | out: hHeap=0x5a0000) returned 1 [0048.444] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.444] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.444] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0048.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.445] CloseHandle (hObject=0x1ec) returned 1 [0048.445] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.445] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfe [0048.445] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.445] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.446] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.446] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.446] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfe, lpOverlapped=0x0) returned 1 [0048.446] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.446] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfe, lpOverlapped=0x0) returned 1 [0048.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.446] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.446] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.446] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.446] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.446] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.446] CloseHandle (hObject=0x1ec) returned 1 [0048.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.446] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.lolkek") returned 162 [0048.446] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0048.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5318 | out: hHeap=0x5a0000) returned 1 [0048.447] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.447] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.447] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.447] CloseHandle (hObject=0x1ec) returned 1 [0048.448] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.448] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdb [0048.448] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.448] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.448] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.448] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.448] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xdb, lpOverlapped=0x0) returned 1 [0048.448] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff25, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.449] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xdb, lpOverlapped=0x0) returned 1 [0048.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.449] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.449] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.449] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.449] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.449] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.449] CloseHandle (hObject=0x1ec) returned 1 [0048.449] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.449] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.lolkek") returned 162 [0048.449] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0048.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb55a0 | out: hHeap=0x5a0000) returned 1 [0048.450] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.450] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.450] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.450] CloseHandle (hObject=0x1ec) returned 1 [0048.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.450] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xde [0048.450] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.450] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.451] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.451] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.451] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xde, lpOverlapped=0x0) returned 1 [0048.451] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff22, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.451] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xde, lpOverlapped=0x0) returned 1 [0048.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.451] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.451] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.452] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.452] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.452] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.452] CloseHandle (hObject=0x1ec) returned 1 [0048.452] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.452] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.lolkek") returned 162 [0048.452] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0048.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5828 | out: hHeap=0x5a0000) returned 1 [0048.453] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.453] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.453] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.453] CloseHandle (hObject=0x1ec) returned 1 [0048.453] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.453] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xec [0048.453] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.453] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.454] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.454] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.454] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.454] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.454] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xec, lpOverlapped=0x0) returned 1 [0048.454] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff14, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.454] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xec, lpOverlapped=0x0) returned 1 [0048.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.454] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.455] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.455] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.455] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.455] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.455] CloseHandle (hObject=0x1ec) returned 1 [0048.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.455] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.lolkek") returned 162 [0048.455] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0048.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e69e70 | out: hHeap=0x5a0000) returned 1 [0048.456] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.456] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.456] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0048.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.456] CloseHandle (hObject=0x1ec) returned 1 [0048.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.457] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd8 [0048.457] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.457] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.457] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.457] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.457] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd8, lpOverlapped=0x0) returned 1 [0048.457] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.457] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd8, lpOverlapped=0x0) returned 1 [0048.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.457] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.458] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.458] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.458] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.458] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.458] CloseHandle (hObject=0x1ec) returned 1 [0048.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.458] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.lolkek") returned 162 [0048.458] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0048.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a0f8 | out: hHeap=0x5a0000) returned 1 [0048.459] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.459] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.459] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0048.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.459] CloseHandle (hObject=0x1ec) returned 1 [0048.459] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.459] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10a [0048.459] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.459] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.460] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.460] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.460] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.460] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.460] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x10a, lpOverlapped=0x0) returned 1 [0048.460] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffef6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.460] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x10a, lpOverlapped=0x0) returned 1 [0048.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.460] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.460] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.460] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.461] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.461] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.461] CloseHandle (hObject=0x1ec) returned 1 [0048.461] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.461] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.lolkek") returned 162 [0048.461] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0048.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a380 | out: hHeap=0x5a0000) returned 1 [0048.461] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.462] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.462] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.462] CloseHandle (hObject=0x1ec) returned 1 [0048.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.462] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe1 [0048.462] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.462] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.463] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.463] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.463] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.463] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.463] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe1, lpOverlapped=0x0) returned 1 [0048.463] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.463] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe1, lpOverlapped=0x0) returned 1 [0048.463] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.463] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.463] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.463] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.463] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.463] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.463] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.464] CloseHandle (hObject=0x1ec) returned 1 [0048.464] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.464] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.lolkek") returned 162 [0048.464] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0048.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a608 | out: hHeap=0x5a0000) returned 1 [0048.464] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.464] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.464] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.465] CloseHandle (hObject=0x1ec) returned 1 [0048.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.465] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfe [0048.465] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.465] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.466] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.466] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.466] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.466] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.466] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfe, lpOverlapped=0x0) returned 1 [0048.466] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.466] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfe, lpOverlapped=0x0) returned 1 [0048.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.466] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.466] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.466] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.466] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.466] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.466] CloseHandle (hObject=0x1ec) returned 1 [0048.466] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.467] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.lolkek") returned 162 [0048.467] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0048.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a890 | out: hHeap=0x5a0000) returned 1 [0048.467] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.467] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.467] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.468] CloseHandle (hObject=0x1ec) returned 1 [0048.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.468] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe3 [0048.468] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.468] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.468] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.468] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.469] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe3, lpOverlapped=0x0) returned 1 [0048.469] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.469] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe3, lpOverlapped=0x0) returned 1 [0048.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.469] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.469] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.469] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.469] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.469] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.469] CloseHandle (hObject=0x1ec) returned 1 [0048.469] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.469] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.lolkek") returned 162 [0048.469] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0048.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6ab18 | out: hHeap=0x5a0000) returned 1 [0048.470] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.470] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.470] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0048.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.483] CloseHandle (hObject=0x270) returned 1 [0048.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.483] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4 [0048.483] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.483] ReadFile (in: hFile=0x270, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.484] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.484] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.484] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd4, lpOverlapped=0x0) returned 1 [0048.484] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffff2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.484] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd4, lpOverlapped=0x0) returned 1 [0048.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.484] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.484] WriteFile (in: hFile=0x270, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.484] WriteFile (in: hFile=0x270, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.484] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.484] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.485] CloseHandle (hObject=0x270) returned 1 [0048.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0048.485] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.lolkek") returned 165 [0048.485] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0048.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0048.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6ada0 | out: hHeap=0x5a0000) returned 1 [0048.485] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.485] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.485] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", dwFileAttributes=0x80) returned 1 [0048.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0048.486] CloseHandle (hObject=0x270) returned 1 [0048.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.486] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1378 [0048.486] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.486] ReadFile (in: hFile=0x270, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.494] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.494] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.494] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x1378, lpOverlapped=0x0) returned 1 [0048.498] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffec88, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.498] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1378, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x1378, lpOverlapped=0x0) returned 1 [0048.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.498] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.498] WriteFile (in: hFile=0x270, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.498] WriteFile (in: hFile=0x270, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.498] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.499] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.499] CloseHandle (hObject=0x270) returned 1 [0048.499] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.499] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.lolkek") returned 144 [0048.499] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.lolkek")) returned 1 [0048.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaddb0 | out: hHeap=0x5a0000) returned 1 [0048.499] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.499] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.499] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js", dwFileAttributes=0x80) returned 1 [0048.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0048.599] CloseHandle (hObject=0x258) returned 1 [0048.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.601] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1103 [0048.601] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.601] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.606] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0048.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.606] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.606] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x1103, lpOverlapped=0x0) returned 1 [0048.610] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffeefd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.610] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1103, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x1103, lpOverlapped=0x0) returned 1 [0048.610] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.610] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0048.611] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.611] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.611] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.611] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.611] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.611] CloseHandle (hObject=0x1ec) returned 1 [0048.611] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e71e60 [0048.611] wsprintfW (in: param_1=0x3e71e60, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.lolkek") returned 162 [0048.611] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.lolkek")) returned 1 [0048.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e71e60 | out: hHeap=0x5a0000) returned 1 [0048.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6b2b0 | out: hHeap=0x5a0000) returned 1 [0048.612] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.612] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.612] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0048.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.612] CloseHandle (hObject=0x1ec) returned 1 [0048.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.613] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5b1 [0048.613] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.613] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.652] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.652] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.652] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x5b1, lpOverlapped=0x0) returned 1 [0048.652] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffa4f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.652] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x5b1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x5b1, lpOverlapped=0x0) returned 1 [0048.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.652] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.652] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.652] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.652] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.653] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.653] CloseHandle (hObject=0x1ec) returned 1 [0048.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.653] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.lolkek") returned 150 [0048.653] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.lolkek")) returned 1 [0048.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc9da0 | out: hHeap=0x5a0000) returned 1 [0048.653] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.653] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.653] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json", dwFileAttributes=0x80) returned 1 [0048.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.654] CloseHandle (hObject=0x1ec) returned 1 [0048.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.654] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb2 [0048.654] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.654] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.655] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.655] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.655] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb2, lpOverlapped=0x0) returned 1 [0048.655] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.655] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb2, lpOverlapped=0x0) returned 1 [0048.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.655] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.655] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.656] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.656] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.656] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.656] CloseHandle (hObject=0x1ec) returned 1 [0048.656] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.656] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.lolkek") returned 165 [0048.656] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json.lolkek")) returned 1 [0048.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6d398 | out: hHeap=0x5a0000) returned 1 [0048.656] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.657] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.657] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json", dwFileAttributes=0x80) returned 1 [0048.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.657] CloseHandle (hObject=0x1ec) returned 1 [0048.657] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.657] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x109 [0048.657] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.657] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.658] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.658] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.658] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x109, lpOverlapped=0x0) returned 1 [0048.658] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffef7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.658] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x109, lpOverlapped=0x0) returned 1 [0048.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.658] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.658] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.658] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.659] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.659] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.659] CloseHandle (hObject=0x1ec) returned 1 [0048.659] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.659] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.lolkek") returned 165 [0048.659] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json.lolkek")) returned 1 [0048.659] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.659] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6d620 | out: hHeap=0x5a0000) returned 1 [0048.659] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.659] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.659] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0048.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.660] CloseHandle (hObject=0x1ec) returned 1 [0048.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.660] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcc [0048.660] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.660] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.661] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.661] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.661] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xcc, lpOverlapped=0x0) returned 1 [0048.661] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff34, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.661] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcc, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xcc, lpOverlapped=0x0) returned 1 [0048.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.661] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.661] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.661] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.661] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.661] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.662] CloseHandle (hObject=0x1ec) returned 1 [0048.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.662] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.lolkek") returned 162 [0048.662] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0048.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6d8a8 | out: hHeap=0x5a0000) returned 1 [0048.662] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.662] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.662] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json", dwFileAttributes=0x80) returned 1 [0048.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.663] CloseHandle (hObject=0x1ec) returned 1 [0048.663] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.663] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe3 [0048.663] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.663] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.664] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.664] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.664] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe3, lpOverlapped=0x0) returned 1 [0048.664] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff1d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.664] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe3, lpOverlapped=0x0) returned 1 [0048.664] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.664] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.664] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.664] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.664] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.664] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.664] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.664] CloseHandle (hObject=0x1ec) returned 1 [0048.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.664] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.lolkek") returned 166 [0048.664] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.lolkek")) returned 1 [0048.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6db30 | out: hHeap=0x5a0000) returned 1 [0048.665] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.665] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.665] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json", dwFileAttributes=0x80) returned 1 [0048.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.665] CloseHandle (hObject=0x1ec) returned 1 [0048.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.666] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4 [0048.666] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.666] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.666] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.666] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.666] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd4, lpOverlapped=0x0) returned 1 [0048.666] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff2c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.666] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd4, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd4, lpOverlapped=0x0) returned 1 [0048.667] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.667] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.667] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.667] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.667] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.667] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.667] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.667] CloseHandle (hObject=0x1ec) returned 1 [0048.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.667] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.lolkek") returned 162 [0048.667] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.lolkek")) returned 1 [0048.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7668 | out: hHeap=0x5a0000) returned 1 [0048.668] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.668] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.668] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json", dwFileAttributes=0x80) returned 1 [0048.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.668] CloseHandle (hObject=0x1ec) returned 1 [0048.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.668] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x98 [0048.668] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.668] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.669] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.669] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.669] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x98, lpOverlapped=0x0) returned 1 [0048.669] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff68, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.669] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x98, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x98, lpOverlapped=0x0) returned 1 [0048.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.669] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.669] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.669] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.670] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.670] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.670] CloseHandle (hObject=0x1ec) returned 1 [0048.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.670] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.lolkek") returned 162 [0048.670] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.lolkek")) returned 1 [0048.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca78f0 | out: hHeap=0x5a0000) returned 1 [0048.670] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.670] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.671] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json", dwFileAttributes=0x80) returned 1 [0048.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.671] CloseHandle (hObject=0x1ec) returned 1 [0048.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.671] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xff [0048.671] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.671] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.672] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.672] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.672] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xff, lpOverlapped=0x0) returned 1 [0048.672] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff01, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.672] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xff, lpOverlapped=0x0) returned 1 [0048.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.674] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.674] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.674] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.674] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.674] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.674] CloseHandle (hObject=0x1ec) returned 1 [0048.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.674] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.lolkek") returned 162 [0048.674] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.lolkek")) returned 1 [0048.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7b78 | out: hHeap=0x5a0000) returned 1 [0048.675] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.675] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.675] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0048.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.675] CloseHandle (hObject=0x1ec) returned 1 [0048.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.676] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb7 [0048.676] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.676] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.677] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.677] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.677] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb7, lpOverlapped=0x0) returned 1 [0048.677] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff49, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.677] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb7, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb7, lpOverlapped=0x0) returned 1 [0048.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.677] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.677] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.677] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.677] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.677] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.677] CloseHandle (hObject=0x1ec) returned 1 [0048.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.677] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.lolkek") returned 162 [0048.677] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0048.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7e00 | out: hHeap=0x5a0000) returned 1 [0048.678] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.678] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.678] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0048.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.679] CloseHandle (hObject=0x1ec) returned 1 [0048.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.679] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc7 [0048.679] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.679] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.679] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.679] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.680] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xc7, lpOverlapped=0x0) returned 1 [0048.680] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff39, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.680] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc7, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xc7, lpOverlapped=0x0) returned 1 [0048.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.680] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.680] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.680] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.680] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.680] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.680] CloseHandle (hObject=0x1ec) returned 1 [0048.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.680] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.lolkek") returned 163 [0048.680] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0048.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8088 | out: hHeap=0x5a0000) returned 1 [0048.681] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.681] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.681] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.681] CloseHandle (hObject=0x1ec) returned 1 [0048.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.682] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbb [0048.682] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.682] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.682] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.682] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.682] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xbb, lpOverlapped=0x0) returned 1 [0048.682] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff45, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.682] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xbb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xbb, lpOverlapped=0x0) returned 1 [0048.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.683] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.683] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.683] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.683] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.683] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.683] CloseHandle (hObject=0x1ec) returned 1 [0048.683] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.683] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.lolkek") returned 162 [0048.683] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0048.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8310 | out: hHeap=0x5a0000) returned 1 [0048.684] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.684] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.684] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json", dwFileAttributes=0x80) returned 1 [0048.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.684] CloseHandle (hObject=0x1ec) returned 1 [0048.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.684] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2 [0048.685] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.685] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.685] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.685] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.685] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd2, lpOverlapped=0x0) returned 1 [0048.685] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff2e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.685] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd2, lpOverlapped=0x0) returned 1 [0048.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.686] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.686] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.686] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.686] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.686] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.686] CloseHandle (hObject=0x1ec) returned 1 [0048.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.686] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.lolkek") returned 165 [0048.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json.lolkek")) returned 1 [0048.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8598 | out: hHeap=0x5a0000) returned 1 [0048.687] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.687] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.687] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.687] CloseHandle (hObject=0x1ec) returned 1 [0048.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.687] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xac [0048.687] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.688] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.688] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.688] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.688] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xac, lpOverlapped=0x0) returned 1 [0048.688] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff54, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.688] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xac, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xac, lpOverlapped=0x0) returned 1 [0048.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.688] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.710] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.710] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.710] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.710] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.710] CloseHandle (hObject=0x1ec) returned 1 [0048.710] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.710] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.lolkek") returned 162 [0048.710] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json.lolkek")) returned 1 [0048.711] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.711] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8820 | out: hHeap=0x5a0000) returned 1 [0048.711] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.711] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.711] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0048.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.711] CloseHandle (hObject=0x1ec) returned 1 [0048.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.712] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbb [0048.712] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.712] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.712] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.712] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.712] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xbb, lpOverlapped=0x0) returned 1 [0048.712] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff45, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.712] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xbb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xbb, lpOverlapped=0x0) returned 1 [0048.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.713] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.713] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.713] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.713] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.713] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.713] CloseHandle (hObject=0x1ec) returned 1 [0048.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.713] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.lolkek") returned 162 [0048.713] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0048.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da42f0 | out: hHeap=0x5a0000) returned 1 [0048.714] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.714] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.714] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json", dwFileAttributes=0x80) returned 1 [0048.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.714] CloseHandle (hObject=0x1ec) returned 1 [0048.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.715] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb2 [0048.715] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.715] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.715] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.715] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.715] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.715] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.715] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb2, lpOverlapped=0x0) returned 1 [0048.715] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.715] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb2, lpOverlapped=0x0) returned 1 [0048.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.716] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.716] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.716] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.716] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.716] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.716] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.716] CloseHandle (hObject=0x1ec) returned 1 [0048.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.716] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.lolkek") returned 162 [0048.716] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json.lolkek")) returned 1 [0048.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4578 | out: hHeap=0x5a0000) returned 1 [0048.717] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.717] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.717] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0048.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.717] CloseHandle (hObject=0x1ec) returned 1 [0048.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.717] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb6 [0048.717] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.717] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.718] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.718] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.718] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb6, lpOverlapped=0x0) returned 1 [0048.718] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.718] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb6, lpOverlapped=0x0) returned 1 [0048.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.718] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.718] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.719] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.719] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.719] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.719] CloseHandle (hObject=0x1ec) returned 1 [0048.719] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.719] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.lolkek") returned 162 [0048.719] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0048.719] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4800 | out: hHeap=0x5a0000) returned 1 [0048.720] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.720] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.720] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json", dwFileAttributes=0x80) returned 1 [0048.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.720] CloseHandle (hObject=0x1ec) returned 1 [0048.720] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.720] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16a [0048.720] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.720] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.721] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.721] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.721] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.721] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.721] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x16a, lpOverlapped=0x0) returned 1 [0048.721] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffe96, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.722] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x16a, lpOverlapped=0x0) returned 1 [0048.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.722] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.722] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.722] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.722] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.722] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.722] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.722] CloseHandle (hObject=0x1ec) returned 1 [0048.722] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.722] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.lolkek") returned 162 [0048.722] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json.lolkek")) returned 1 [0048.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4a88 | out: hHeap=0x5a0000) returned 1 [0048.723] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.723] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.723] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0048.723] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.723] CloseHandle (hObject=0x1ec) returned 1 [0048.723] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.724] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfb [0048.724] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.724] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.724] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.724] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.724] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfb, lpOverlapped=0x0) returned 1 [0048.724] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff05, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.724] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfb, lpOverlapped=0x0) returned 1 [0048.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.725] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.725] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.725] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.725] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.725] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.725] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.725] CloseHandle (hObject=0x1ec) returned 1 [0048.725] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.725] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.lolkek") returned 162 [0048.725] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0048.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.726] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4d10 | out: hHeap=0x5a0000) returned 1 [0048.726] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.726] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.726] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json", dwFileAttributes=0x80) returned 1 [0048.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.726] CloseHandle (hObject=0x1ec) returned 1 [0048.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.727] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x165 [0048.727] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.727] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.727] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.727] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.727] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.728] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.728] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x165, lpOverlapped=0x0) returned 1 [0048.728] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffe9b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.728] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x165, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x165, lpOverlapped=0x0) returned 1 [0048.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.728] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.728] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.728] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.728] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.728] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.728] CloseHandle (hObject=0x1ec) returned 1 [0048.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.728] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.lolkek") returned 162 [0048.728] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json.lolkek")) returned 1 [0048.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4f98 | out: hHeap=0x5a0000) returned 1 [0048.729] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.729] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.729] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json", dwFileAttributes=0x80) returned 1 [0048.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.729] CloseHandle (hObject=0x1ec) returned 1 [0048.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.730] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x25f [0048.730] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.730] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.766] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.768] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.768] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x25f, lpOverlapped=0x0) returned 1 [0048.768] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffda1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.768] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x25f, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x25f, lpOverlapped=0x0) returned 1 [0048.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.768] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.768] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.768] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.769] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.769] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.769] CloseHandle (hObject=0x1ec) returned 1 [0048.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.769] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.lolkek") returned 162 [0048.769] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json.lolkek")) returned 1 [0048.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5220 | out: hHeap=0x5a0000) returned 1 [0048.769] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.770] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.770] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json", dwFileAttributes=0x80) returned 1 [0048.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.770] CloseHandle (hObject=0x1ec) returned 1 [0048.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.770] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c3 [0048.770] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.770] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.771] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.771] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.771] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.771] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.771] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x1c3, lpOverlapped=0x0) returned 1 [0048.771] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffe3d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.771] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1c3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x1c3, lpOverlapped=0x0) returned 1 [0048.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.771] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.772] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.772] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.772] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.772] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.772] CloseHandle (hObject=0x1ec) returned 1 [0048.772] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.772] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.lolkek") returned 162 [0048.772] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json.lolkek")) returned 1 [0048.773] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.773] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da63d8 | out: hHeap=0x5a0000) returned 1 [0048.773] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.773] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.773] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.773] CloseHandle (hObject=0x1ec) returned 1 [0048.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.773] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12c [0048.773] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.773] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.774] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.774] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.774] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x12c, lpOverlapped=0x0) returned 1 [0048.774] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffed4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.774] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x12c, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x12c, lpOverlapped=0x0) returned 1 [0048.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.774] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.774] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.775] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.775] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.775] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.775] CloseHandle (hObject=0x1ec) returned 1 [0048.775] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.775] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.lolkek") returned 162 [0048.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json.lolkek")) returned 1 [0048.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6660 | out: hHeap=0x5a0000) returned 1 [0048.776] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.776] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.776] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json", dwFileAttributes=0x80) returned 1 [0048.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.776] CloseHandle (hObject=0x1ec) returned 1 [0048.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.776] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcb [0048.777] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.777] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.777] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.777] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.777] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.777] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.777] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xcb, lpOverlapped=0x0) returned 1 [0048.777] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff35, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.777] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xcb, lpOverlapped=0x0) returned 1 [0048.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.778] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.778] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.778] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.778] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.778] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.778] CloseHandle (hObject=0x1ec) returned 1 [0048.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.778] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.lolkek") returned 162 [0048.778] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json.lolkek")) returned 1 [0048.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da68e8 | out: hHeap=0x5a0000) returned 1 [0048.779] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.779] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.779] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json", dwFileAttributes=0x80) returned 1 [0048.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.780] CloseHandle (hObject=0x1ec) returned 1 [0048.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.780] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20b [0048.780] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.780] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.780] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.780] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.781] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x20b, lpOverlapped=0x0) returned 1 [0048.781] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffdf5, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.781] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x20b, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x20b, lpOverlapped=0x0) returned 1 [0048.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.781] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.781] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.781] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.781] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.781] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.781] CloseHandle (hObject=0x1ec) returned 1 [0048.781] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.781] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.lolkek") returned 162 [0048.781] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json.lolkek")) returned 1 [0048.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6b70 | out: hHeap=0x5a0000) returned 1 [0048.782] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.782] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.782] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.783] CloseHandle (hObject=0x1ec) returned 1 [0048.783] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.783] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb1 [0048.783] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.783] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.784] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.784] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.784] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb1, lpOverlapped=0x0) returned 1 [0048.784] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.784] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb1, lpOverlapped=0x0) returned 1 [0048.784] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.784] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.784] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.784] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.784] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.784] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.784] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.784] CloseHandle (hObject=0x1ec) returned 1 [0048.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.784] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.lolkek") returned 162 [0048.785] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0048.785] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.785] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da6df8 | out: hHeap=0x5a0000) returned 1 [0048.785] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.785] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.785] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json", dwFileAttributes=0x80) returned 1 [0048.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.786] CloseHandle (hObject=0x1ec) returned 1 [0048.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.786] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x96 [0048.786] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.786] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.787] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.787] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.787] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x96, lpOverlapped=0x0) returned 1 [0048.787] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff6a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.787] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x96, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x96, lpOverlapped=0x0) returned 1 [0048.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.787] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.787] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.787] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.787] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.787] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.787] CloseHandle (hObject=0x1ec) returned 1 [0048.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.788] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.lolkek") returned 162 [0048.788] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json.lolkek")) returned 1 [0048.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da7080 | out: hHeap=0x5a0000) returned 1 [0048.788] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.788] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.788] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.789] CloseHandle (hObject=0x1ec) returned 1 [0048.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.789] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb4 [0048.789] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.789] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.790] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.790] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.790] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.790] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.790] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb4, lpOverlapped=0x0) returned 1 [0048.790] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff4c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.790] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb4, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb4, lpOverlapped=0x0) returned 1 [0048.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.790] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.790] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.790] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.790] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.790] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.790] CloseHandle (hObject=0x1ec) returned 1 [0048.791] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.791] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.lolkek") returned 162 [0048.791] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0048.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da7308 | out: hHeap=0x5a0000) returned 1 [0048.791] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.791] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.791] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0048.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.792] CloseHandle (hObject=0x1ec) returned 1 [0048.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.792] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbb [0048.792] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.792] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.793] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.793] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.793] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.793] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.793] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xbb, lpOverlapped=0x0) returned 1 [0048.793] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff45, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.793] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xbb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xbb, lpOverlapped=0x0) returned 1 [0048.793] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.793] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.793] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.793] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.793] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.793] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.794] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.794] CloseHandle (hObject=0x1ec) returned 1 [0048.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.794] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.lolkek") returned 165 [0048.794] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0048.794] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.794] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da7590 | out: hHeap=0x5a0000) returned 1 [0048.794] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.794] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.794] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0048.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.795] CloseHandle (hObject=0x1ec) returned 1 [0048.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.795] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc6 [0048.795] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.795] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.796] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.796] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.796] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xc6, lpOverlapped=0x0) returned 1 [0048.796] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff3a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.796] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xc6, lpOverlapped=0x0) returned 1 [0048.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.796] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.796] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.797] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.797] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.797] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.797] CloseHandle (hObject=0x1ec) returned 1 [0048.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.797] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.lolkek") returned 165 [0048.797] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0048.798] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.798] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da7818 | out: hHeap=0x5a0000) returned 1 [0048.798] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.798] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.798] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0048.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.799] CloseHandle (hObject=0x1ec) returned 1 [0048.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.799] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaf [0048.799] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.799] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.800] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.800] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.800] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xaf, lpOverlapped=0x0) returned 1 [0048.800] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff51, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.800] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xaf, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xaf, lpOverlapped=0x0) returned 1 [0048.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.800] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.800] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.800] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.800] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.800] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.801] CloseHandle (hObject=0x1ec) returned 1 [0048.801] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.801] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.lolkek") returned 162 [0048.801] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0048.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da7aa0 | out: hHeap=0x5a0000) returned 1 [0048.801] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.801] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.801] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0048.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.802] CloseHandle (hObject=0x1ec) returned 1 [0048.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.802] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x119 [0048.802] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.802] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.803] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.803] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.803] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x119, lpOverlapped=0x0) returned 1 [0048.803] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffee7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.803] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x119, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x119, lpOverlapped=0x0) returned 1 [0048.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.803] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.803] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.803] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.803] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.803] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.804] CloseHandle (hObject=0x1ec) returned 1 [0048.804] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.804] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.lolkek") returned 162 [0048.804] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0048.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da7d28 | out: hHeap=0x5a0000) returned 1 [0048.804] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.804] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.804] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json", dwFileAttributes=0x80) returned 1 [0048.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.805] CloseHandle (hObject=0x1ec) returned 1 [0048.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.805] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14e [0048.805] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.805] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.806] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.806] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.806] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.806] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.806] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x14e, lpOverlapped=0x0) returned 1 [0048.806] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffeb2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.806] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x14e, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x14e, lpOverlapped=0x0) returned 1 [0048.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.806] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.806] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.806] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.806] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.807] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.807] CloseHandle (hObject=0x1ec) returned 1 [0048.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.807] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.lolkek") returned 162 [0048.807] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json.lolkek")) returned 1 [0048.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8068 | out: hHeap=0x5a0000) returned 1 [0048.807] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.807] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.807] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0048.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.808] CloseHandle (hObject=0x1ec) returned 1 [0048.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.809] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc5 [0048.809] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.809] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.810] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.810] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.810] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.810] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.810] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xc5, lpOverlapped=0x0) returned 1 [0048.810] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff3b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.810] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xc5, lpOverlapped=0x0) returned 1 [0048.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.810] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.810] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.810] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.810] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.810] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.810] CloseHandle (hObject=0x1ec) returned 1 [0048.811] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.811] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.lolkek") returned 162 [0048.811] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0048.811] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.811] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da82f0 | out: hHeap=0x5a0000) returned 1 [0048.811] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.812] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.812] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0048.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.812] CloseHandle (hObject=0x1ec) returned 1 [0048.812] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.813] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbe [0048.813] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.813] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.813] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.813] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.813] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xbe, lpOverlapped=0x0) returned 1 [0048.814] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff42, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.814] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xbe, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xbe, lpOverlapped=0x0) returned 1 [0048.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.814] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.814] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.814] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.814] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.814] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.814] CloseHandle (hObject=0x1ec) returned 1 [0048.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.819] wsprintfW (in: param_1=0x3e6de58, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.lolkek") returned 162 [0048.819] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0048.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8578 | out: hHeap=0x5a0000) returned 1 [0048.824] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.824] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.824] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.827] CloseHandle (hObject=0x1ec) returned 1 [0048.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.827] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0048.827] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.827] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.828] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.828] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.828] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x104, lpOverlapped=0x0) returned 1 [0048.828] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.828] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x104, lpOverlapped=0x0) returned 1 [0048.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.830] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.830] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.831] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.831] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.831] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.831] CloseHandle (hObject=0x1ec) returned 1 [0048.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.834] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.lolkek") returned 162 [0048.834] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0048.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8800 | out: hHeap=0x5a0000) returned 1 [0048.837] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.837] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.837] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json", dwFileAttributes=0x80) returned 1 [0048.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.840] CloseHandle (hObject=0x1ec) returned 1 [0048.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.840] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc4 [0048.840] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.840] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.841] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.841] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.841] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xc4, lpOverlapped=0x0) returned 1 [0048.841] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff3c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.841] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc4, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xc4, lpOverlapped=0x0) returned 1 [0048.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.842] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.842] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.843] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.843] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.843] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.843] CloseHandle (hObject=0x1ec) returned 1 [0048.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.846] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.lolkek") returned 162 [0048.846] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json.lolkek")) returned 1 [0048.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eef0 | out: hHeap=0x5a0000) returned 1 [0048.849] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.849] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.849] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json", dwFileAttributes=0x80) returned 1 [0048.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.851] CloseHandle (hObject=0x1ec) returned 1 [0048.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.851] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x115 [0048.851] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.852] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.852] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.852] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.852] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x115, lpOverlapped=0x0) returned 1 [0048.852] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffeeb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.852] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x115, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x115, lpOverlapped=0x0) returned 1 [0048.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.854] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.854] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.855] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.855] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.855] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.855] CloseHandle (hObject=0x1ec) returned 1 [0048.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.858] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.lolkek") returned 162 [0048.858] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json.lolkek")) returned 1 [0048.861] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.861] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4088 | out: hHeap=0x5a0000) returned 1 [0048.861] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.861] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.861] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0048.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.864] CloseHandle (hObject=0x1ec) returned 1 [0048.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.864] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xcd [0048.864] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.864] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.865] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.865] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.865] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xcd, lpOverlapped=0x0) returned 1 [0048.865] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff33, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.865] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xcd, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xcd, lpOverlapped=0x0) returned 1 [0048.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.867] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.867] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.867] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.867] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.868] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.868] CloseHandle (hObject=0x1ec) returned 1 [0048.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.870] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.lolkek") returned 162 [0048.870] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0048.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb38f0 | out: hHeap=0x5a0000) returned 1 [0048.875] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.875] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.875] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json", dwFileAttributes=0x80) returned 1 [0048.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.878] CloseHandle (hObject=0x1ec) returned 1 [0048.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.878] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x177 [0048.878] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.878] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.879] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.879] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.879] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x177, lpOverlapped=0x0) returned 1 [0048.879] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffe89, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.879] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x177, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x177, lpOverlapped=0x0) returned 1 [0048.882] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.882] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.882] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.882] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.883] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.883] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.883] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.883] CloseHandle (hObject=0x1ec) returned 1 [0048.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.885] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.lolkek") returned 162 [0048.885] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json.lolkek")) returned 1 [0048.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb5ee8 | out: hHeap=0x5a0000) returned 1 [0048.889] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.889] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.889] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json", dwFileAttributes=0x80) returned 1 [0048.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.891] CloseHandle (hObject=0x1ec) returned 1 [0048.891] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.891] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb0 [0048.892] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.892] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.892] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.892] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.892] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.892] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.892] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb0, lpOverlapped=0x0) returned 1 [0048.892] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff50, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.892] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb0, lpOverlapped=0x0) returned 1 [0048.894] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.894] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.894] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.894] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.895] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.895] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.895] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.895] CloseHandle (hObject=0x1ec) returned 1 [0048.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.897] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.lolkek") returned 165 [0048.897] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json.lolkek")) returned 1 [0048.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6170 | out: hHeap=0x5a0000) returned 1 [0048.901] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.901] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.901] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0048.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.904] CloseHandle (hObject=0x1ec) returned 1 [0048.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.904] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaa [0048.904] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.904] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.905] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.905] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.905] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xaa, lpOverlapped=0x0) returned 1 [0048.905] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffff56, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.905] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xaa, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xaa, lpOverlapped=0x0) returned 1 [0048.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.907] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.907] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.907] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.907] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.907] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.908] CloseHandle (hObject=0x1ec) returned 1 [0048.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.910] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.lolkek") returned 165 [0048.910] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0048.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6680 | out: hHeap=0x5a0000) returned 1 [0048.913] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.913] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.913] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json", dwFileAttributes=0x80) returned 1 [0048.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.916] CloseHandle (hObject=0x1ec) returned 1 [0048.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.916] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaf3 [0048.916] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.916] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.919] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.919] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.919] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xaf3, lpOverlapped=0x0) returned 1 [0048.920] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffff50d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.920] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xaf3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xaf3, lpOverlapped=0x0) returned 1 [0048.921] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.921] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.921] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.921] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.929] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.929] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.929] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.929] CloseHandle (hObject=0x1ec) returned 1 [0048.931] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.931] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.lolkek") returned 167 [0048.931] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json.lolkek")) returned 1 [0048.934] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.934] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610ed8 | out: hHeap=0x5a0000) returned 1 [0048.934] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.934] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.934] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js", dwFileAttributes=0x80) returned 1 [0048.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.937] CloseHandle (hObject=0x1ec) returned 1 [0048.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.937] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x32a2e [0048.937] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.937] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.939] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.939] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.939] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.939] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.939] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0048.942] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.942] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0048.942] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.942] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.942] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.942] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.946] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.947] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.947] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.947] CloseHandle (hObject=0x1ec) returned 1 [0048.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.948] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.lolkek") returned 159 [0048.948] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.lolkek")) returned 1 [0048.949] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.949] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697d88 | out: hHeap=0x5a0000) returned 1 [0048.949] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.949] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.949] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css", dwFileAttributes=0x80) returned 1 [0048.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.949] CloseHandle (hObject=0x1ec) returned 1 [0048.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.950] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6cd [0048.950] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.950] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.959] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.959] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.959] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x6cd, lpOverlapped=0x0) returned 1 [0048.959] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffff933, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x6cd, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x6cd, lpOverlapped=0x0) returned 1 [0048.959] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.959] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.959] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.959] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.959] CloseHandle (hObject=0x1ec) returned 1 [0048.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.960] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.lolkek") returned 160 [0048.960] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css.lolkek")) returned 1 [0048.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x631ed0 | out: hHeap=0x5a0000) returned 1 [0048.960] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.961] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.961] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", dwFileAttributes=0x80) returned 1 [0048.961] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0048.961] CloseHandle (hObject=0x1ec) returned 1 [0048.961] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.961] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x112dc [0048.961] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.961] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0048.971] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0048.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0048.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0048.971] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.971] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0048.977] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.977] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0048.977] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0048.977] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0048.977] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0048.977] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0048.978] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.978] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0048.978] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0048.978] CloseHandle (hObject=0x1ec) returned 1 [0048.978] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.978] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.lolkek") returned 159 [0048.978] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.lolkek")) returned 1 [0048.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eb70 | out: hHeap=0x5a0000) returned 1 [0048.978] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0048.979] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.979] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png", dwFileAttributes=0x80) returned 1 [0049.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0049.062] CloseHandle (hObject=0x270) returned 1 [0049.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.065] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x22c [0049.065] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.065] ReadFile (in: hFile=0x270, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.066] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.066] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.066] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.066] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.066] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x22c, lpOverlapped=0x0) returned 1 [0049.066] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffdd4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.066] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x22c, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x22c, lpOverlapped=0x0) returned 1 [0049.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.067] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.067] WriteFile (in: hFile=0x270, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.067] WriteFile (in: hFile=0x270, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.067] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.067] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.067] CloseHandle (hObject=0x270) returned 1 [0049.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.077] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.lolkek") returned 159 [0049.077] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.lolkek")) returned 1 [0049.162] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.163] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66aa10 | out: hHeap=0x5a0000) returned 1 [0049.163] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.163] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.163] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png", dwFileAttributes=0x80) returned 1 [0049.207] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0049.208] CloseHandle (hObject=0x268) returned 1 [0049.208] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.235] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfc [0049.235] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.235] ReadFile (in: hFile=0x268, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.235] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.236] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.236] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfc, lpOverlapped=0x0) returned 1 [0049.236] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffff04, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.236] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfc, lpOverlapped=0x0) returned 1 [0049.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.236] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.236] WriteFile (in: hFile=0x268, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.236] WriteFile (in: hFile=0x268, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.236] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.236] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.236] CloseHandle (hObject=0x268) returned 1 [0049.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.237] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.lolkek") returned 180 [0049.237] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png.lolkek")) returned 1 [0049.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6988e8 | out: hHeap=0x5a0000) returned 1 [0049.292] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.292] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.292] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png", dwFileAttributes=0x80) returned 1 [0049.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.331] CloseHandle (hObject=0x27c) returned 1 [0049.331] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.332] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa6 [0049.332] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.332] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.333] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.333] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xa6, lpOverlapped=0x0) returned 1 [0049.333] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff5a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.333] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xa6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xa6, lpOverlapped=0x0) returned 1 [0049.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.333] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.333] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.333] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.334] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.334] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.334] CloseHandle (hObject=0x27c) returned 1 [0049.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.334] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.lolkek") returned 183 [0049.334] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png.lolkek")) returned 1 [0049.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddd10 | out: hHeap=0x5a0000) returned 1 [0049.338] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.338] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.338] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json", dwFileAttributes=0x80) returned 1 [0049.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.338] CloseHandle (hObject=0x27c) returned 1 [0049.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.339] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x52a [0049.339] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.339] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.343] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.343] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.343] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x52a, lpOverlapped=0x0) returned 1 [0049.343] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffad6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.343] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x52a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x52a, lpOverlapped=0x0) returned 1 [0049.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.343] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.343] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.343] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.343] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.343] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.343] CloseHandle (hObject=0x27c) returned 1 [0049.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.343] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.lolkek") returned 154 [0049.343] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.lolkek")) returned 1 [0049.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61be60 | out: hHeap=0x5a0000) returned 1 [0049.344] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.344] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.344] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0049.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.345] CloseHandle (hObject=0x27c) returned 1 [0049.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.345] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c1 [0049.345] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.345] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.350] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.350] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.350] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2c1, lpOverlapped=0x0) returned 1 [0049.350] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd3f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.350] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2c1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2c1, lpOverlapped=0x0) returned 1 [0049.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.351] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.351] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.351] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.351] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.351] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.351] CloseHandle (hObject=0x27c) returned 1 [0049.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.351] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.lolkek") returned 166 [0049.351] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0049.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8210 | out: hHeap=0x5a0000) returned 1 [0049.352] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.352] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.352] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0049.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.352] CloseHandle (hObject=0x27c) returned 1 [0049.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.353] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x282 [0049.353] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.353] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.358] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.358] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.358] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x282, lpOverlapped=0x0) returned 1 [0049.358] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.358] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x282, lpOverlapped=0x0) returned 1 [0049.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.358] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.358] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.358] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.358] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.358] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.358] CloseHandle (hObject=0x27c) returned 1 [0049.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.359] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.lolkek") returned 166 [0049.359] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0049.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.359] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb89a8 | out: hHeap=0x5a0000) returned 1 [0049.359] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.359] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.359] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0049.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.360] CloseHandle (hObject=0x27c) returned 1 [0049.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.360] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x36b [0049.360] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.360] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.365] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.365] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.366] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x36b, lpOverlapped=0x0) returned 1 [0049.366] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffc95, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.366] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x36b, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x36b, lpOverlapped=0x0) returned 1 [0049.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.366] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.366] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.366] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.366] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.366] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.366] CloseHandle (hObject=0x27c) returned 1 [0049.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.366] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.lolkek") returned 166 [0049.366] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0049.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7d00 | out: hHeap=0x5a0000) returned 1 [0049.367] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.367] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.367] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json", dwFileAttributes=0x80) returned 1 [0049.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.368] CloseHandle (hObject=0x27c) returned 1 [0049.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.368] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x269 [0049.368] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.368] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.373] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.373] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.373] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x269, lpOverlapped=0x0) returned 1 [0049.373] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd97, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.374] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x269, lpOverlapped=0x0) returned 1 [0049.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.374] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.374] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.374] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.374] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.374] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.374] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.374] CloseHandle (hObject=0x27c) returned 1 [0049.374] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.374] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.lolkek") returned 169 [0049.374] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json.lolkek")) returned 1 [0049.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec07a8 | out: hHeap=0x5a0000) returned 1 [0049.375] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.375] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.375] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json", dwFileAttributes=0x80) returned 1 [0049.375] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.376] CloseHandle (hObject=0x27c) returned 1 [0049.376] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.376] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29b [0049.376] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.376] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.382] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.382] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.382] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x29b, lpOverlapped=0x0) returned 1 [0049.382] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd65, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.382] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x29b, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x29b, lpOverlapped=0x0) returned 1 [0049.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.382] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.382] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.382] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.382] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.382] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.382] CloseHandle (hObject=0x27c) returned 1 [0049.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.382] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.lolkek") returned 170 [0049.382] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json.lolkek")) returned 1 [0049.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0a50 | out: hHeap=0x5a0000) returned 1 [0049.383] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.383] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.383] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0049.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.384] CloseHandle (hObject=0x27c) returned 1 [0049.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.384] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a1 [0049.384] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.384] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.392] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.392] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.392] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.392] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.392] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2a1, lpOverlapped=0x0) returned 1 [0049.392] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd5f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.392] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2a1, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2a1, lpOverlapped=0x0) returned 1 [0049.392] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.392] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.392] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.392] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.392] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.392] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.393] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.393] CloseHandle (hObject=0x27c) returned 1 [0049.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.393] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.lolkek") returned 166 [0049.393] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0049.393] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.393] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb98d8 | out: hHeap=0x5a0000) returned 1 [0049.393] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.393] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.393] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.394] CloseHandle (hObject=0x27c) returned 1 [0049.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.394] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c4 [0049.394] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.394] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.407] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.407] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.407] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2c4, lpOverlapped=0x0) returned 1 [0049.407] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd3c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.407] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2c4, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2c4, lpOverlapped=0x0) returned 1 [0049.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.407] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.407] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.407] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.407] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.407] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.408] CloseHandle (hObject=0x27c) returned 1 [0049.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.408] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.lolkek") returned 166 [0049.408] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0049.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.409] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9de8 | out: hHeap=0x5a0000) returned 1 [0049.409] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.409] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.409] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.409] CloseHandle (hObject=0x27c) returned 1 [0049.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.410] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x279 [0049.410] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.410] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.423] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.423] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.423] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x279, lpOverlapped=0x0) returned 1 [0049.423] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd87, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.423] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x279, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x279, lpOverlapped=0x0) returned 1 [0049.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.423] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.423] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.423] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.423] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.423] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.423] CloseHandle (hObject=0x27c) returned 1 [0049.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.423] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.lolkek") returned 166 [0049.424] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json.lolkek")) returned 1 [0049.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb93c8 | out: hHeap=0x5a0000) returned 1 [0049.424] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.424] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.424] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0049.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.425] CloseHandle (hObject=0x27c) returned 1 [0049.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.425] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x269 [0049.425] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.425] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.437] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.438] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.438] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x269, lpOverlapped=0x0) returned 1 [0049.438] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd97, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.438] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x269, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x269, lpOverlapped=0x0) returned 1 [0049.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.438] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.438] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.438] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.438] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.438] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.439] CloseHandle (hObject=0x27c) returned 1 [0049.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.439] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.lolkek") returned 166 [0049.439] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0049.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8f98 | out: hHeap=0x5a0000) returned 1 [0049.440] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.440] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.440] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0049.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.440] CloseHandle (hObject=0x27c) returned 1 [0049.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.440] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x30a [0049.441] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.441] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.447] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.447] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.447] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x30a, lpOverlapped=0x0) returned 1 [0049.447] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffcf6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.447] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x30a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x30a, lpOverlapped=0x0) returned 1 [0049.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.447] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.447] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.448] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.448] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.448] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.448] CloseHandle (hObject=0x27c) returned 1 [0049.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.448] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.lolkek") returned 166 [0049.448] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0049.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da94a8 | out: hHeap=0x5a0000) returned 1 [0049.449] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.449] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.449] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0049.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.450] CloseHandle (hObject=0x27c) returned 1 [0049.450] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.450] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ae [0049.450] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.450] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.456] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.456] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.456] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2ae, lpOverlapped=0x0) returned 1 [0049.456] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.456] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2ae, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2ae, lpOverlapped=0x0) returned 1 [0049.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.456] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.456] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.457] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.457] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.457] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.457] CloseHandle (hObject=0x27c) returned 1 [0049.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.457] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.lolkek") returned 166 [0049.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0049.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da99b8 | out: hHeap=0x5a0000) returned 1 [0049.458] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.458] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.458] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json", dwFileAttributes=0x80) returned 1 [0049.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.458] CloseHandle (hObject=0x27c) returned 1 [0049.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.459] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x284 [0049.459] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.459] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.467] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.467] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.467] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x284, lpOverlapped=0x0) returned 1 [0049.467] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd7c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.467] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x284, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x284, lpOverlapped=0x0) returned 1 [0049.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.467] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.467] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.468] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.468] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.468] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.468] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.468] CloseHandle (hObject=0x27c) returned 1 [0049.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.468] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.lolkek") returned 166 [0049.468] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json.lolkek")) returned 1 [0049.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9ec8 | out: hHeap=0x5a0000) returned 1 [0049.469] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.469] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.469] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0049.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.470] CloseHandle (hObject=0x27c) returned 1 [0049.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.470] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29a [0049.470] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.470] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.476] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.476] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.476] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x29a, lpOverlapped=0x0) returned 1 [0049.476] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.476] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x29a, lpOverlapped=0x0) returned 1 [0049.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.476] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.476] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.476] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.476] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.477] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.477] CloseHandle (hObject=0x27c) returned 1 [0049.477] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.477] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.lolkek") returned 166 [0049.477] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0049.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa3d8 | out: hHeap=0x5a0000) returned 1 [0049.477] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.478] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0049.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.478] CloseHandle (hObject=0x27c) returned 1 [0049.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.478] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x295 [0049.478] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.479] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.484] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.484] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.484] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x295, lpOverlapped=0x0) returned 1 [0049.484] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd6b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.485] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x295, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x295, lpOverlapped=0x0) returned 1 [0049.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.485] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.485] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.485] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.485] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.485] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.485] CloseHandle (hObject=0x27c) returned 1 [0049.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.485] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.lolkek") returned 169 [0049.486] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0049.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0fa0 | out: hHeap=0x5a0000) returned 1 [0049.486] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.486] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.486] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0049.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.487] CloseHandle (hObject=0x27c) returned 1 [0049.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.487] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x30f [0049.487] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.487] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.493] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.493] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.493] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x30f, lpOverlapped=0x0) returned 1 [0049.493] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffcf1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.493] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x30f, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x30f, lpOverlapped=0x0) returned 1 [0049.493] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.493] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.493] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.493] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.493] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.493] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.494] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.494] CloseHandle (hObject=0x27c) returned 1 [0049.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.494] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.lolkek") returned 166 [0049.494] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0049.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa8e8 | out: hHeap=0x5a0000) returned 1 [0049.495] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.495] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.495] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0049.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.495] CloseHandle (hObject=0x27c) returned 1 [0049.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.496] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x282 [0049.496] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.496] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.503] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.503] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.503] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x282, lpOverlapped=0x0) returned 1 [0049.503] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.503] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x282, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x282, lpOverlapped=0x0) returned 1 [0049.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.503] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.503] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.503] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.503] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.504] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.504] CloseHandle (hObject=0x27c) returned 1 [0049.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.504] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.lolkek") returned 166 [0049.504] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0049.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daadf8 | out: hHeap=0x5a0000) returned 1 [0049.504] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.505] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.505] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0049.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.505] CloseHandle (hObject=0x27c) returned 1 [0049.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.505] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x289 [0049.505] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.505] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.517] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.517] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.517] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x289, lpOverlapped=0x0) returned 1 [0049.517] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd77, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.517] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x289, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x289, lpOverlapped=0x0) returned 1 [0049.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.517] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.518] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.518] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.518] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.518] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.518] CloseHandle (hObject=0x27c) returned 1 [0049.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.518] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.lolkek") returned 166 [0049.518] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0049.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dab308 | out: hHeap=0x5a0000) returned 1 [0049.519] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.519] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.519] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.519] CloseHandle (hObject=0x27c) returned 1 [0049.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.520] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x28a [0049.520] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.520] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.531] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.531] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.531] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x28a, lpOverlapped=0x0) returned 1 [0049.531] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd76, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.531] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x28a, lpOverlapped=0x0) returned 1 [0049.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.531] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.531] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.531] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.532] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.532] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.532] CloseHandle (hObject=0x27c) returned 1 [0049.532] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.532] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.lolkek") returned 166 [0049.532] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0049.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb4b0 | out: hHeap=0x5a0000) returned 1 [0049.533] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.533] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.533] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json", dwFileAttributes=0x80) returned 1 [0049.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.533] CloseHandle (hObject=0x27c) returned 1 [0049.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.533] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d0 [0049.534] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.534] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.540] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.541] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.541] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.541] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2d0, lpOverlapped=0x0) returned 1 [0049.541] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd30, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.541] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2d0, lpOverlapped=0x0) returned 1 [0049.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.541] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.541] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.541] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.541] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.541] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.541] CloseHandle (hObject=0x27c) returned 1 [0049.541] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.541] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.lolkek") returned 166 [0049.541] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json.lolkek")) returned 1 [0049.542] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.542] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc9a8 | out: hHeap=0x5a0000) returned 1 [0049.542] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.542] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.542] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json", dwFileAttributes=0x80) returned 1 [0049.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.544] CloseHandle (hObject=0x27c) returned 1 [0049.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.544] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x280 [0049.544] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.545] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.550] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.550] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.550] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x280, lpOverlapped=0x0) returned 1 [0049.550] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffd80, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.550] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x280, lpOverlapped=0x0) returned 1 [0049.550] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.550] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.550] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.550] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.551] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.551] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.551] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.551] CloseHandle (hObject=0x27c) returned 1 [0049.551] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.551] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.lolkek") returned 169 [0049.551] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json.lolkek")) returned 1 [0049.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1248 | out: hHeap=0x5a0000) returned 1 [0049.552] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.552] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.552] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", dwFileAttributes=0x80) returned 1 [0049.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.552] CloseHandle (hObject=0x27c) returned 1 [0049.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.552] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x180f [0049.552] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.553] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.560] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x658b00 [0049.560] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.560] ReadFile (in: hFile=0x27c, lpBuffer=0x658b00, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x658b00*, lpNumberOfBytesRead=0x373e0cc*=0x180f, lpOverlapped=0x0) returned 1 [0049.568] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffe7f1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.568] WriteFile (in: hFile=0x27c, lpBuffer=0x658b00*, nNumberOfBytesToWrite=0x180f, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x658b00*, lpNumberOfBytesWritten=0x373fb10*=0x180f, lpOverlapped=0x0) returned 1 [0049.568] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.568] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.568] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.568] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.568] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.568] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.569] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.569] CloseHandle (hObject=0x27c) returned 1 [0049.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.569] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.lolkek") returned 144 [0049.569] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.lolkek")) returned 1 [0049.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadff8 | out: hHeap=0x5a0000) returned 1 [0049.569] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.569] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.569] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json", dwFileAttributes=0x80) returned 1 [0049.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.577] CloseHandle (hObject=0x290) returned 1 [0049.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.577] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x138 [0049.577] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.577] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.577] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.577] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.578] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x138, lpOverlapped=0x0) returned 1 [0049.578] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffec8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.578] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x138, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x138, lpOverlapped=0x0) returned 1 [0049.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.578] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.578] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.578] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.578] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.578] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.578] CloseHandle (hObject=0x290) returned 1 [0049.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.578] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.lolkek") returned 162 [0049.578] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json.lolkek")) returned 1 [0049.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6b028 | out: hHeap=0x5a0000) returned 1 [0049.579] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.579] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.579] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0049.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.596] CloseHandle (hObject=0x27c) returned 1 [0049.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.597] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfe [0049.597] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.597] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.597] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.597] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.597] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfe, lpOverlapped=0x0) returned 1 [0049.598] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.598] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfe, lpOverlapped=0x0) returned 1 [0049.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.598] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.598] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.598] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.598] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.598] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.598] CloseHandle (hObject=0x27c) returned 1 [0049.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.598] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.lolkek") returned 162 [0049.598] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0049.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6ada0 | out: hHeap=0x5a0000) returned 1 [0049.599] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.599] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.599] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json", dwFileAttributes=0x80) returned 1 [0049.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.599] CloseHandle (hObject=0x27c) returned 1 [0049.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.600] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xef [0049.600] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.600] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.600] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.600] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.600] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xef, lpOverlapped=0x0) returned 1 [0049.601] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff11, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.601] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xef, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xef, lpOverlapped=0x0) returned 1 [0049.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.601] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.601] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.601] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.601] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.601] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.601] CloseHandle (hObject=0x27c) returned 1 [0049.601] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.601] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.lolkek") returned 162 [0049.601] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json.lolkek")) returned 1 [0049.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a380 | out: hHeap=0x5a0000) returned 1 [0049.602] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.602] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.602] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0049.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.615] CloseHandle (hObject=0x290) returned 1 [0049.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.616] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14c [0049.616] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.616] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.616] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.616] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.616] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x14c, lpOverlapped=0x0) returned 1 [0049.616] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffeb4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.616] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x14c, lpOverlapped=0x0) returned 1 [0049.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.617] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.617] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.617] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.617] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.617] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.617] CloseHandle (hObject=0x290) returned 1 [0049.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.617] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.lolkek") returned 162 [0049.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0049.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6a0f8 | out: hHeap=0x5a0000) returned 1 [0049.618] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.618] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.618] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json", dwFileAttributes=0x80) returned 1 [0049.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.629] CloseHandle (hObject=0x290) returned 1 [0049.629] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.629] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x100 [0049.629] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.629] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.630] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.630] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.630] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x100, lpOverlapped=0x0) returned 1 [0049.630] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.630] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x100, lpOverlapped=0x0) returned 1 [0049.630] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.630] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.630] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.630] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.630] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.631] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.631] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.631] CloseHandle (hObject=0x290) returned 1 [0049.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.631] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.lolkek") returned 162 [0049.631] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json.lolkek")) returned 1 [0049.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf9c0 | out: hHeap=0x5a0000) returned 1 [0049.631] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.632] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.632] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.632] CloseHandle (hObject=0x290) returned 1 [0049.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.632] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10c [0049.632] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.633] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.633] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.633] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.633] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x10c, lpOverlapped=0x0) returned 1 [0049.633] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffef4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.633] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10c, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x10c, lpOverlapped=0x0) returned 1 [0049.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.634] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.634] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.634] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.634] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.634] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.634] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.634] CloseHandle (hObject=0x290) returned 1 [0049.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.634] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.lolkek") returned 162 [0049.634] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json.lolkek")) returned 1 [0049.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf4b0 | out: hHeap=0x5a0000) returned 1 [0049.635] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.635] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.635] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json", dwFileAttributes=0x80) returned 1 [0049.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.636] CloseHandle (hObject=0x290) returned 1 [0049.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.636] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x121 [0049.636] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.636] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.636] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.637] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.637] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x121, lpOverlapped=0x0) returned 1 [0049.637] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffedf, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.637] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x121, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x121, lpOverlapped=0x0) returned 1 [0049.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.637] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.637] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.637] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.637] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.637] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.637] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.637] CloseHandle (hObject=0x290) returned 1 [0049.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.637] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.lolkek") returned 162 [0049.637] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json.lolkek")) returned 1 [0049.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.638] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebf228 | out: hHeap=0x5a0000) returned 1 [0049.638] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.638] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.638] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.639] CloseHandle (hObject=0x290) returned 1 [0049.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.639] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe6 [0049.639] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.639] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.640] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.640] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.640] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe6, lpOverlapped=0x0) returned 1 [0049.640] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.640] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe6, lpOverlapped=0x0) returned 1 [0049.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.640] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.640] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.640] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.640] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.640] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.640] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.641] CloseHandle (hObject=0x290) returned 1 [0049.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.641] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.lolkek") returned 162 [0049.641] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json.lolkek")) returned 1 [0049.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebefa0 | out: hHeap=0x5a0000) returned 1 [0049.641] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.641] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.641] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json", dwFileAttributes=0x80) returned 1 [0049.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.642] CloseHandle (hObject=0x290) returned 1 [0049.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.642] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe2 [0049.642] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.642] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.643] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.643] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.643] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe2, lpOverlapped=0x0) returned 1 [0049.643] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.643] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe2, lpOverlapped=0x0) returned 1 [0049.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.643] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.643] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.643] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.644] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.644] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.644] CloseHandle (hObject=0x290) returned 1 [0049.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.644] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.lolkek") returned 162 [0049.644] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json.lolkek")) returned 1 [0049.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebed18 | out: hHeap=0x5a0000) returned 1 [0049.644] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.645] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.645] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0049.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.645] CloseHandle (hObject=0x290) returned 1 [0049.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.645] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf2 [0049.645] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.646] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.646] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.646] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.646] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xf2, lpOverlapped=0x0) returned 1 [0049.646] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff0e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.646] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xf2, lpOverlapped=0x0) returned 1 [0049.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.646] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.647] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.647] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.647] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.647] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.647] CloseHandle (hObject=0x290) returned 1 [0049.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.647] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.lolkek") returned 162 [0049.647] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0049.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebea90 | out: hHeap=0x5a0000) returned 1 [0049.648] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.648] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.648] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json", dwFileAttributes=0x80) returned 1 [0049.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.648] CloseHandle (hObject=0x290) returned 1 [0049.648] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.649] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x100 [0049.649] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.649] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.649] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.649] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.649] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x100, lpOverlapped=0x0) returned 1 [0049.649] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.649] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x100, lpOverlapped=0x0) returned 1 [0049.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.650] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.650] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.650] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.650] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.650] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.650] CloseHandle (hObject=0x290) returned 1 [0049.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.650] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.lolkek") returned 162 [0049.650] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json.lolkek")) returned 1 [0049.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe808 | out: hHeap=0x5a0000) returned 1 [0049.651] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.651] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.651] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json", dwFileAttributes=0x80) returned 1 [0049.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.651] CloseHandle (hObject=0x290) returned 1 [0049.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.652] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10f [0049.652] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.652] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.652] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.652] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.652] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x10f, lpOverlapped=0x0) returned 1 [0049.652] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffef1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.653] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x10f, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x10f, lpOverlapped=0x0) returned 1 [0049.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.661] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.661] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.661] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.661] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.662] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.662] CloseHandle (hObject=0x290) returned 1 [0049.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.662] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.lolkek") returned 162 [0049.662] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json.lolkek")) returned 1 [0049.664] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.664] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe2f8 | out: hHeap=0x5a0000) returned 1 [0049.664] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.664] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.664] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json", dwFileAttributes=0x80) returned 1 [0049.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.665] CloseHandle (hObject=0x290) returned 1 [0049.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.665] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x100 [0049.665] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.665] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.666] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.666] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.666] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x100, lpOverlapped=0x0) returned 1 [0049.666] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffff00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.666] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x100, lpOverlapped=0x0) returned 1 [0049.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.666] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.666] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.666] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.666] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.667] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.667] CloseHandle (hObject=0x290) returned 1 [0049.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.667] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.lolkek") returned 162 [0049.667] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json.lolkek")) returned 1 [0049.667] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.667] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebe070 | out: hHeap=0x5a0000) returned 1 [0049.667] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.667] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.667] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0049.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.674] CloseHandle (hObject=0x27c) returned 1 [0049.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.674] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfd [0049.674] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.674] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.675] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.675] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.675] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xfd, lpOverlapped=0x0) returned 1 [0049.675] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff03, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.675] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xfd, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xfd, lpOverlapped=0x0) returned 1 [0049.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.675] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.675] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.675] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.675] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.675] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.676] CloseHandle (hObject=0x27c) returned 1 [0049.676] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.676] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.lolkek") returned 162 [0049.676] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0049.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebdde8 | out: hHeap=0x5a0000) returned 1 [0049.676] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.676] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.676] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0049.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.677] CloseHandle (hObject=0x27c) returned 1 [0049.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.677] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0049.677] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.677] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.678] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.678] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.678] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe8, lpOverlapped=0x0) returned 1 [0049.678] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.678] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe8, lpOverlapped=0x0) returned 1 [0049.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.678] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.678] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.678] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.679] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.679] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.679] CloseHandle (hObject=0x27c) returned 1 [0049.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.679] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.lolkek") returned 162 [0049.679] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0049.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd8d8 | out: hHeap=0x5a0000) returned 1 [0049.679] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.680] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.680] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json", dwFileAttributes=0x80) returned 1 [0049.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.680] CloseHandle (hObject=0x27c) returned 1 [0049.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.680] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2 [0049.680] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.680] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.681] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.681] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.681] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd2, lpOverlapped=0x0) returned 1 [0049.681] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff2e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.681] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd2, lpOverlapped=0x0) returned 1 [0049.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.681] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.681] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.681] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.682] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.682] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.682] CloseHandle (hObject=0x27c) returned 1 [0049.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.682] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.lolkek") returned 162 [0049.682] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json.lolkek")) returned 1 [0049.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd650 | out: hHeap=0x5a0000) returned 1 [0049.683] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.683] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.683] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json", dwFileAttributes=0x80) returned 1 [0049.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.683] CloseHandle (hObject=0x27c) returned 1 [0049.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.683] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x108 [0049.684] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.684] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.684] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.684] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.684] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x108, lpOverlapped=0x0) returned 1 [0049.684] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffef8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.684] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x108, lpOverlapped=0x0) returned 1 [0049.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.684] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.685] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.685] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.685] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.685] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.685] CloseHandle (hObject=0x27c) returned 1 [0049.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.685] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.lolkek") returned 162 [0049.685] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json.lolkek")) returned 1 [0049.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd3c8 | out: hHeap=0x5a0000) returned 1 [0049.686] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.686] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.686] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json", dwFileAttributes=0x80) returned 1 [0049.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.686] CloseHandle (hObject=0x27c) returned 1 [0049.686] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.687] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xde [0049.687] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.687] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.687] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.687] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.687] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xde, lpOverlapped=0x0) returned 1 [0049.687] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff22, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.687] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xde, lpOverlapped=0x0) returned 1 [0049.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.688] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.688] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.688] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.688] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.688] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.688] CloseHandle (hObject=0x27c) returned 1 [0049.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.688] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.lolkek") returned 165 [0049.688] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json.lolkek")) returned 1 [0049.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebd140 | out: hHeap=0x5a0000) returned 1 [0049.689] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.689] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.689] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0049.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.689] CloseHandle (hObject=0x27c) returned 1 [0049.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.690] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdf [0049.690] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.690] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.690] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.690] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.690] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xdf, lpOverlapped=0x0) returned 1 [0049.690] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff21, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.690] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xdf, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xdf, lpOverlapped=0x0) returned 1 [0049.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.691] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.691] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.691] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.691] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.691] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.691] CloseHandle (hObject=0x27c) returned 1 [0049.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.691] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.lolkek") returned 165 [0049.691] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0049.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.692] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebceb8 | out: hHeap=0x5a0000) returned 1 [0049.692] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.692] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.692] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json", dwFileAttributes=0x80) returned 1 [0049.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.692] CloseHandle (hObject=0x27c) returned 1 [0049.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.693] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x109 [0049.693] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.693] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.693] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.693] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.693] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x109, lpOverlapped=0x0) returned 1 [0049.694] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffef7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.694] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x109, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x109, lpOverlapped=0x0) returned 1 [0049.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.694] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.694] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.694] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.694] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.694] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.694] CloseHandle (hObject=0x27c) returned 1 [0049.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.694] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.lolkek") returned 162 [0049.694] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json.lolkek")) returned 1 [0049.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebcc30 | out: hHeap=0x5a0000) returned 1 [0049.695] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.695] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.695] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0049.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.696] CloseHandle (hObject=0x27c) returned 1 [0049.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.696] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11e [0049.696] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.696] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.697] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.697] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.697] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x11e, lpOverlapped=0x0) returned 1 [0049.697] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffee2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.697] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x11e, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x11e, lpOverlapped=0x0) returned 1 [0049.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.697] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.697] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.697] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.697] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.697] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.697] CloseHandle (hObject=0x27c) returned 1 [0049.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.697] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.lolkek") returned 162 [0049.697] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0049.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbd00 | out: hHeap=0x5a0000) returned 1 [0049.698] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.698] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.698] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json", dwFileAttributes=0x80) returned 1 [0049.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.699] CloseHandle (hObject=0x27c) returned 1 [0049.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.699] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2 [0049.699] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.699] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.700] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.700] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.700] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xd2, lpOverlapped=0x0) returned 1 [0049.700] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff2e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.700] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xd2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xd2, lpOverlapped=0x0) returned 1 [0049.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.700] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.700] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.700] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.700] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.700] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.701] CloseHandle (hObject=0x27c) returned 1 [0049.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.701] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.lolkek") returned 162 [0049.701] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json.lolkek")) returned 1 [0049.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc720 | out: hHeap=0x5a0000) returned 1 [0049.701] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.701] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.701] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json", dwFileAttributes=0x80) returned 1 [0049.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.702] CloseHandle (hObject=0x27c) returned 1 [0049.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.702] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xde [0049.702] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.702] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.703] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.703] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.703] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xde, lpOverlapped=0x0) returned 1 [0049.703] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff22, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.703] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xde, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xde, lpOverlapped=0x0) returned 1 [0049.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.704] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.704] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.704] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.704] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.704] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.704] CloseHandle (hObject=0x27c) returned 1 [0049.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.704] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.lolkek") returned 162 [0049.704] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json.lolkek")) returned 1 [0049.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc498 | out: hHeap=0x5a0000) returned 1 [0049.705] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.705] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.705] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0049.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.705] CloseHandle (hObject=0x27c) returned 1 [0049.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.706] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xea [0049.706] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.706] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.706] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.706] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.706] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xea, lpOverlapped=0x0) returned 1 [0049.706] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff16, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.707] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xea, lpOverlapped=0x0) returned 1 [0049.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.707] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.707] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.707] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.707] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.707] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.707] CloseHandle (hObject=0x27c) returned 1 [0049.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.707] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.lolkek") returned 162 [0049.707] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0049.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebc210 | out: hHeap=0x5a0000) returned 1 [0049.708] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.708] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.708] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.709] CloseHandle (hObject=0x27c) returned 1 [0049.709] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.709] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x127 [0049.709] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.709] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.709] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.709] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.710] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x127, lpOverlapped=0x0) returned 1 [0049.710] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffed9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.710] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x127, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x127, lpOverlapped=0x0) returned 1 [0049.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.710] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.710] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.710] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.710] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.710] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.710] CloseHandle (hObject=0x27c) returned 1 [0049.710] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.710] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.lolkek") returned 162 [0049.710] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json.lolkek")) returned 1 [0049.711] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.711] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbf88 | out: hHeap=0x5a0000) returned 1 [0049.711] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.711] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.711] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0049.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.712] CloseHandle (hObject=0x27c) returned 1 [0049.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.712] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x144 [0049.712] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.712] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.713] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.713] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.713] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x144, lpOverlapped=0x0) returned 1 [0049.713] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffebc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.713] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x144, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x144, lpOverlapped=0x0) returned 1 [0049.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.713] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.713] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.713] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.713] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.713] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.713] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.713] CloseHandle (hObject=0x27c) returned 1 [0049.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.714] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.lolkek") returned 162 [0049.714] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0049.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb7328 | out: hHeap=0x5a0000) returned 1 [0049.714] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.714] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.714] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json", dwFileAttributes=0x80) returned 1 [0049.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.715] CloseHandle (hObject=0x27c) returned 1 [0049.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.715] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xea [0049.715] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.715] ReadFile (in: hFile=0x27c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.716] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.716] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.716] ReadFile (in: hFile=0x27c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xea, lpOverlapped=0x0) returned 1 [0049.716] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff16, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.716] WriteFile (in: hFile=0x27c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xea, lpOverlapped=0x0) returned 1 [0049.716] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.716] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.716] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.716] WriteFile (in: hFile=0x27c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.716] WriteFile (in: hFile=0x27c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.716] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.716] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.716] CloseHandle (hObject=0x27c) returned 1 [0049.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d330 [0049.717] wsprintfW (in: param_1=0x67d330, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.lolkek") returned 162 [0049.717] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json.lolkek")) returned 1 [0049.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb70a0 | out: hHeap=0x5a0000) returned 1 [0049.717] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.717] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.717] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0049.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0049.718] CloseHandle (hObject=0x27c) returned 1 [0049.718] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.742] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x130 [0049.742] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.742] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.743] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.743] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.743] ReadFile (in: hFile=0x290, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x130, lpOverlapped=0x0) returned 1 [0049.743] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffed0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.743] WriteFile (in: hFile=0x290, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x130, lpOverlapped=0x0) returned 1 [0049.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.743] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.743] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.743] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.743] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.743] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.743] CloseHandle (hObject=0x290) returned 1 [0049.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.744] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.lolkek") returned 162 [0049.744] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0049.744] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.744] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb6e18 | out: hHeap=0x5a0000) returned 1 [0049.744] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.744] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.744] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js", dwFileAttributes=0x80) returned 1 [0049.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0049.745] CloseHandle (hObject=0x290) returned 1 [0049.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.745] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8c0bf [0049.745] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.745] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.751] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x67d330 [0049.751] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.751] ReadFile (in: hFile=0x290, lpBuffer=0x67d330, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x67d330*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0049.763] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.763] WriteFile (in: hFile=0x290, lpBuffer=0x67d330*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x67d330*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0049.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d330 | out: hHeap=0x5a0000) returned 1 [0049.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.763] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.763] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.763] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.763] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.763] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.763] CloseHandle (hObject=0x290) returned 1 [0049.764] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.764] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.lolkek") returned 156 [0049.764] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.lolkek")) returned 1 [0049.809] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.809] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698d80 | out: hHeap=0x5a0000) returned 1 [0049.809] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.809] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.809] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js", dwFileAttributes=0x80) returned 1 [0049.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0049.827] CloseHandle (hObject=0x268) returned 1 [0049.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.828] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x181aa [0049.828] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.828] ReadFile (in: hFile=0x268, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.829] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0049.830] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.830] ReadFile (in: hFile=0x268, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0049.834] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.834] WriteFile (in: hFile=0x268, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0049.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.835] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.835] WriteFile (in: hFile=0x268, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.835] WriteFile (in: hFile=0x268, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.835] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.835] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.835] CloseHandle (hObject=0x268) returned 1 [0049.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.836] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.lolkek") returned 165 [0049.836] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js.lolkek")) returned 1 [0049.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb54c8 | out: hHeap=0x5a0000) returned 1 [0049.838] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.838] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.838] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js", dwFileAttributes=0x80) returned 1 [0049.838] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0049.839] CloseHandle (hObject=0x268) returned 1 [0049.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.839] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3a258 [0049.839] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.839] ReadFile (in: hFile=0x268, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.842] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0049.843] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.843] ReadFile (in: hFile=0x268, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0049.851] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.851] WriteFile (in: hFile=0x268, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0049.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.852] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.852] WriteFile (in: hFile=0x268, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.852] WriteFile (in: hFile=0x268, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.852] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.852] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.852] CloseHandle (hObject=0x268) returned 1 [0049.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.852] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.lolkek") returned 167 [0049.853] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js.lolkek")) returned 1 [0049.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f598 | out: hHeap=0x5a0000) returned 1 [0049.854] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.854] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css", dwFileAttributes=0x80) returned 1 [0049.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0049.855] CloseHandle (hObject=0x268) returned 1 [0049.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.855] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a1d [0049.855] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.855] ReadFile (in: hFile=0x268, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.858] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0049.859] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.859] ReadFile (in: hFile=0x268, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x373e0cc*=0x1a1d, lpOverlapped=0x0) returned 1 [0049.864] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffe5e3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.864] WriteFile (in: hFile=0x268, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x1a1d, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x373fb10*=0x1a1d, lpOverlapped=0x0) returned 1 [0049.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.865] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.865] WriteFile (in: hFile=0x268, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.865] WriteFile (in: hFile=0x268, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.865] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.865] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.865] CloseHandle (hObject=0x268) returned 1 [0049.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.865] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.lolkek") returned 169 [0049.865] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css.lolkek")) returned 1 [0049.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec14f0 | out: hHeap=0x5a0000) returned 1 [0049.866] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.866] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.866] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js", dwFileAttributes=0x80) returned 1 [0049.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0049.868] CloseHandle (hObject=0x268) returned 1 [0049.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.868] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf2 [0049.869] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.869] ReadFile (in: hFile=0x268, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.869] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0049.869] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.869] ReadFile (in: hFile=0x268, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x373e0cc*=0xf2, lpOverlapped=0x0) returned 1 [0049.869] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffff0e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.869] WriteFile (in: hFile=0x268, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x373fb10*=0xf2, lpOverlapped=0x0) returned 1 [0049.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.870] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.870] WriteFile (in: hFile=0x268, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.870] WriteFile (in: hFile=0x268, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.870] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.870] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.870] CloseHandle (hObject=0x268) returned 1 [0049.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.870] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.lolkek") returned 177 [0049.870] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js.lolkek")) returned 1 [0049.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de02e8 | out: hHeap=0x5a0000) returned 1 [0049.871] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.871] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.871] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png", dwFileAttributes=0x80) returned 1 [0049.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0049.871] CloseHandle (hObject=0x268) returned 1 [0049.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.872] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1bef [0049.872] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.872] ReadFile (in: hFile=0x268, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.881] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.882] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.882] ReadFile (in: hFile=0x268, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x1bef, lpOverlapped=0x0) returned 1 [0049.898] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffe411, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.898] WriteFile (in: hFile=0x268, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1bef, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x1bef, lpOverlapped=0x0) returned 1 [0049.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.898] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.898] WriteFile (in: hFile=0x268, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.899] WriteFile (in: hFile=0x268, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.899] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.899] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.899] CloseHandle (hObject=0x268) returned 1 [0049.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.899] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.lolkek") returned 181 [0049.899] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png.lolkek")) returned 1 [0049.900] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.900] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698400 | out: hHeap=0x5a0000) returned 1 [0049.900] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.900] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.900] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js", dwFileAttributes=0x80) returned 1 [0049.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0049.903] CloseHandle (hObject=0x270) returned 1 [0049.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.904] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x945 [0049.904] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.904] ReadFile (in: hFile=0x270, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.911] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.911] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.911] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x945, lpOverlapped=0x0) returned 1 [0049.911] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffff6bb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.911] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x945, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x945, lpOverlapped=0x0) returned 1 [0049.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.911] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.912] WriteFile (in: hFile=0x270, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.912] WriteFile (in: hFile=0x270, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.912] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.912] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.912] CloseHandle (hObject=0x270) returned 1 [0049.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.912] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.lolkek") returned 173 [0049.912] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js.lolkek")) returned 1 [0049.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb000 | out: hHeap=0x5a0000) returned 1 [0049.923] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.923] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.923] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css", dwFileAttributes=0x80) returned 1 [0049.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0049.924] CloseHandle (hObject=0x270) returned 1 [0049.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.924] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc26 [0049.924] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.924] ReadFile (in: hFile=0x270, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.945] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.945] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.945] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.945] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.945] ReadFile (in: hFile=0x270, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xc26, lpOverlapped=0x0) returned 1 [0049.945] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffff3da, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.945] WriteFile (in: hFile=0x270, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xc26, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xc26, lpOverlapped=0x0) returned 1 [0049.945] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.945] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.945] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.946] WriteFile (in: hFile=0x270, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.946] WriteFile (in: hFile=0x270, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.946] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.946] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.946] CloseHandle (hObject=0x270) returned 1 [0049.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.946] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.lolkek") returned 158 [0049.946] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.lolkek")) returned 1 [0049.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618490 | out: hHeap=0x5a0000) returned 1 [0049.947] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.947] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.947] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js", dwFileAttributes=0x80) returned 1 [0049.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0049.951] CloseHandle (hObject=0x280) returned 1 [0049.951] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.952] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2b20 [0049.952] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.952] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.958] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.958] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.958] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0049.958] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.958] ReadFile (in: hFile=0x280, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x2b20, lpOverlapped=0x0) returned 1 [0049.971] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffd4e0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.971] WriteFile (in: hFile=0x280, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x2b20, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x2b20, lpOverlapped=0x0) returned 1 [0049.971] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0049.971] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0049.971] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.971] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.971] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.971] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.971] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.972] CloseHandle (hObject=0x280) returned 1 [0049.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.972] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.lolkek") returned 164 [0049.972] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js.lolkek")) returned 1 [0049.973] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.973] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4f98 | out: hHeap=0x5a0000) returned 1 [0049.973] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.973] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.973] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js", dwFileAttributes=0x80) returned 1 [0049.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0049.973] CloseHandle (hObject=0x280) returned 1 [0049.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.973] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7c33 [0049.974] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.974] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.977] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0049.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0049.978] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.978] ReadFile (in: hFile=0x280, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0049.987] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.987] WriteFile (in: hFile=0x280, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0049.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0049.987] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.987] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0049.987] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.987] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0049.987] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0049.987] CloseHandle (hObject=0x280) returned 1 [0049.988] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.988] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.lolkek") returned 173 [0049.988] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js.lolkek")) returned 1 [0049.988] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.988] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec7340 | out: hHeap=0x5a0000) returned 1 [0049.988] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0049.988] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.988] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js", dwFileAttributes=0x80) returned 1 [0049.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0049.989] CloseHandle (hObject=0x280) returned 1 [0049.989] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.989] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x794cf [0049.989] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.989] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0049.993] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0049.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0049.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0049.993] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0049.993] ReadFile (in: hFile=0x280, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.026] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.026] WriteFile (in: hFile=0x280, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.026] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.027] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.027] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.027] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.027] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.027] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.027] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.027] CloseHandle (hObject=0x280) returned 1 [0050.027] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.027] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.lolkek") returned 167 [0050.027] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js.lolkek")) returned 1 [0050.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc1658 | out: hHeap=0x5a0000) returned 1 [0050.028] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.028] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.029] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json", dwFileAttributes=0x80) returned 1 [0050.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.029] CloseHandle (hObject=0x280) returned 1 [0050.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.030] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4827 [0050.030] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.030] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.035] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.035] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.035] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.035] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.035] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.037] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.037] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.037] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.037] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.037] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.037] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.037] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.037] CloseHandle (hObject=0x280) returned 1 [0050.037] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.037] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.lolkek") returned 171 [0050.037] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json.lolkek")) returned 1 [0050.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc18e8 | out: hHeap=0x5a0000) returned 1 [0050.038] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.038] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.038] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json", dwFileAttributes=0x80) returned 1 [0050.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.039] CloseHandle (hObject=0x280) returned 1 [0050.039] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.039] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4b63 [0050.039] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.039] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.045] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.045] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.045] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.046] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.046] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.046] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.046] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.046] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.046] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.047] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.047] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.047] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.047] CloseHandle (hObject=0x280) returned 1 [0050.047] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.047] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.lolkek") returned 171 [0050.047] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json.lolkek")) returned 1 [0050.048] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.048] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635a68 | out: hHeap=0x5a0000) returned 1 [0050.048] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.048] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.048] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json", dwFileAttributes=0x80) returned 1 [0050.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.049] CloseHandle (hObject=0x280) returned 1 [0050.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.049] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x405d [0050.049] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.049] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.057] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.057] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.057] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.058] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.058] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.058] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.058] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.058] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.059] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.059] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.059] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.059] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.059] CloseHandle (hObject=0x280) returned 1 [0050.059] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.059] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.lolkek") returned 171 [0050.059] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json.lolkek")) returned 1 [0050.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd510 | out: hHeap=0x5a0000) returned 1 [0050.060] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.060] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.060] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json", dwFileAttributes=0x80) returned 1 [0050.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.062] CloseHandle (hObject=0x280) returned 1 [0050.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.062] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3f79 [0050.062] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.062] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.069] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.069] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.069] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.069] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.070] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3f79, lpOverlapped=0x0) returned 1 [0050.070] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc087, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.071] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3f79, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3f79, lpOverlapped=0x0) returned 1 [0050.071] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.071] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.071] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.071] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.071] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.071] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.072] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.072] CloseHandle (hObject=0x280) returned 1 [0050.072] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.072] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.lolkek") returned 171 [0050.072] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json.lolkek")) returned 1 [0050.073] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.073] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6192a8 | out: hHeap=0x5a0000) returned 1 [0050.073] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.073] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.073] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json", dwFileAttributes=0x80) returned 1 [0050.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.074] CloseHandle (hObject=0x280) returned 1 [0050.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.074] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4afe [0050.074] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.074] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.082] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.082] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.082] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.082] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.083] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.083] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.083] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.083] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.083] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.083] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.084] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.084] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.084] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.084] CloseHandle (hObject=0x280) returned 1 [0050.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.084] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.lolkek") returned 171 [0050.084] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json.lolkek")) returned 1 [0050.085] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.085] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1298 | out: hHeap=0x5a0000) returned 1 [0050.085] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.085] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.085] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json", dwFileAttributes=0x80) returned 1 [0050.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.097] CloseHandle (hObject=0x280) returned 1 [0050.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.097] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x404b [0050.097] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.097] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.105] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.105] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.105] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.106] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.106] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.106] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.106] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.107] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.107] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.107] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.107] CloseHandle (hObject=0x280) returned 1 [0050.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.107] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.lolkek") returned 171 [0050.107] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json.lolkek")) returned 1 [0050.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de17d8 | out: hHeap=0x5a0000) returned 1 [0050.108] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.108] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.108] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json", dwFileAttributes=0x80) returned 1 [0050.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.109] CloseHandle (hObject=0x280) returned 1 [0050.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.109] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x46f5 [0050.109] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.109] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.115] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.115] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.115] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.117] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.117] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.117] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.117] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.118] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.118] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.118] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.118] CloseHandle (hObject=0x280) returned 1 [0050.118] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.118] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.lolkek") returned 171 [0050.118] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json.lolkek")) returned 1 [0050.120] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.120] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613438 | out: hHeap=0x5a0000) returned 1 [0050.120] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.121] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.121] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json", dwFileAttributes=0x80) returned 1 [0050.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.121] CloseHandle (hObject=0x280) returned 1 [0050.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.121] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4082 [0050.121] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.121] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.127] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.127] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.127] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.128] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.128] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.128] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.128] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.128] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.128] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.128] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.128] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.129] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.129] CloseHandle (hObject=0x280) returned 1 [0050.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.129] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.lolkek") returned 172 [0050.129] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json.lolkek")) returned 1 [0050.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61ac70 | out: hHeap=0x5a0000) returned 1 [0050.130] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.130] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.130] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json", dwFileAttributes=0x80) returned 1 [0050.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.130] CloseHandle (hObject=0x280) returned 1 [0050.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.131] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5079 [0050.131] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.131] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.136] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.136] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.136] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.137] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.137] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.137] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.137] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.137] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.137] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.137] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.137] CloseHandle (hObject=0x280) returned 1 [0050.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.137] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.lolkek") returned 171 [0050.137] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json.lolkek")) returned 1 [0050.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec1a40 | out: hHeap=0x5a0000) returned 1 [0050.138] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.138] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.138] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json", dwFileAttributes=0x80) returned 1 [0050.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.139] CloseHandle (hObject=0x280) returned 1 [0050.139] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.139] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3ff2 [0050.139] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.139] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.145] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.145] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.145] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3ff2, lpOverlapped=0x0) returned 1 [0050.145] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc00e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.146] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3ff2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3ff2, lpOverlapped=0x0) returned 1 [0050.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.146] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.146] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.146] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.146] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.146] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.146] CloseHandle (hObject=0x280) returned 1 [0050.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.146] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.lolkek") returned 171 [0050.146] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json.lolkek")) returned 1 [0050.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0500 | out: hHeap=0x5a0000) returned 1 [0050.147] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.147] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.147] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json", dwFileAttributes=0x80) returned 1 [0050.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.148] CloseHandle (hObject=0x280) returned 1 [0050.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.148] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3e5d [0050.148] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.148] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.154] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.154] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.154] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3e5d, lpOverlapped=0x0) returned 1 [0050.155] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc1a3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.155] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3e5d, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3e5d, lpOverlapped=0x0) returned 1 [0050.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.155] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.155] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.155] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.155] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.155] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.155] CloseHandle (hObject=0x280) returned 1 [0050.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.155] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.lolkek") returned 171 [0050.155] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json.lolkek")) returned 1 [0050.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec2238 | out: hHeap=0x5a0000) returned 1 [0050.156] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.156] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.156] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json", dwFileAttributes=0x80) returned 1 [0050.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.157] CloseHandle (hObject=0x280) returned 1 [0050.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.157] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5074 [0050.157] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.157] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.162] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.162] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.163] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.163] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.164] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.164] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.164] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.164] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.164] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.164] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.164] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.164] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.164] CloseHandle (hObject=0x280) returned 1 [0050.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.164] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.lolkek") returned 171 [0050.164] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json.lolkek")) returned 1 [0050.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec2788 | out: hHeap=0x5a0000) returned 1 [0050.165] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.165] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.165] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json", dwFileAttributes=0x80) returned 1 [0050.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.166] CloseHandle (hObject=0x280) returned 1 [0050.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.166] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x55a3 [0050.166] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.166] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.172] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.172] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.172] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.173] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.173] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.173] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.173] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.173] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.173] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.174] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.174] CloseHandle (hObject=0x280) returned 1 [0050.174] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.174] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.lolkek") returned 171 [0050.174] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json.lolkek")) returned 1 [0050.174] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.174] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec2cd8 | out: hHeap=0x5a0000) returned 1 [0050.175] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.175] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.175] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json", dwFileAttributes=0x80) returned 1 [0050.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.175] CloseHandle (hObject=0x280) returned 1 [0050.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.175] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x416b [0050.176] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.176] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.183] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.183] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.183] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.183] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.184] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.184] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.184] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.184] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.184] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.184] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.184] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.184] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.184] CloseHandle (hObject=0x280) returned 1 [0050.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.184] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.lolkek") returned 171 [0050.184] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json.lolkek")) returned 1 [0050.185] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.185] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec3228 | out: hHeap=0x5a0000) returned 1 [0050.185] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.185] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.185] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json", dwFileAttributes=0x80) returned 1 [0050.185] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.186] CloseHandle (hObject=0x280) returned 1 [0050.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.186] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x583f [0050.186] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.186] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.192] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.192] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.192] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.192] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.192] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.192] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.193] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.193] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.193] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.193] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.193] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.193] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.193] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.193] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.193] CloseHandle (hObject=0x280) returned 1 [0050.193] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.193] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.lolkek") returned 171 [0050.193] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json.lolkek")) returned 1 [0050.194] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.194] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec3778 | out: hHeap=0x5a0000) returned 1 [0050.194] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.194] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.194] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json", dwFileAttributes=0x80) returned 1 [0050.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.195] CloseHandle (hObject=0x280) returned 1 [0050.195] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.195] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3f8b [0050.195] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.195] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.200] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.200] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.200] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3f8b, lpOverlapped=0x0) returned 1 [0050.201] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc075, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.201] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3f8b, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3f8b, lpOverlapped=0x0) returned 1 [0050.201] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.201] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.201] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.201] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.201] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.201] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.202] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.202] CloseHandle (hObject=0x280) returned 1 [0050.202] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.202] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.lolkek") returned 171 [0050.202] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json.lolkek")) returned 1 [0050.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b68 | out: hHeap=0x5a0000) returned 1 [0050.203] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.203] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.203] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json", dwFileAttributes=0x80) returned 1 [0050.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.203] CloseHandle (hObject=0x280) returned 1 [0050.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.204] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3f45 [0050.204] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.204] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.209] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.209] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.209] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3f45, lpOverlapped=0x0) returned 1 [0050.209] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc0bb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.210] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3f45, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3f45, lpOverlapped=0x0) returned 1 [0050.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.210] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.210] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.210] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.210] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.210] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.210] CloseHandle (hObject=0x280) returned 1 [0050.210] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.210] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.lolkek") returned 171 [0050.210] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json.lolkek")) returned 1 [0050.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb20b8 | out: hHeap=0x5a0000) returned 1 [0050.211] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.211] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.211] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json", dwFileAttributes=0x80) returned 1 [0050.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.212] CloseHandle (hObject=0x280) returned 1 [0050.212] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.212] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fdc [0050.212] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.212] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.218] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.218] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.218] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3fdc, lpOverlapped=0x0) returned 1 [0050.218] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc024, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.219] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3fdc, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3fdc, lpOverlapped=0x0) returned 1 [0050.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.219] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.219] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.219] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.219] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.219] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.219] CloseHandle (hObject=0x280) returned 1 [0050.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.219] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.lolkek") returned 171 [0050.219] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json.lolkek")) returned 1 [0050.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2608 | out: hHeap=0x5a0000) returned 1 [0050.220] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.220] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.220] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json", dwFileAttributes=0x80) returned 1 [0050.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.221] CloseHandle (hObject=0x280) returned 1 [0050.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.221] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fdc [0050.221] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.221] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.227] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.227] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.227] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3fdc, lpOverlapped=0x0) returned 1 [0050.228] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc024, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.228] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3fdc, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3fdc, lpOverlapped=0x0) returned 1 [0050.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.229] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.229] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.229] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.229] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.229] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.229] CloseHandle (hObject=0x280) returned 1 [0050.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.229] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.lolkek") returned 174 [0050.229] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json.lolkek")) returned 1 [0050.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60eb70 | out: hHeap=0x5a0000) returned 1 [0050.230] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.230] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.230] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json", dwFileAttributes=0x80) returned 1 [0050.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.231] CloseHandle (hObject=0x280) returned 1 [0050.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.231] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x490e [0050.231] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.231] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.237] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.237] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.237] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.238] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.238] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.238] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.238] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.238] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.238] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.238] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.238] CloseHandle (hObject=0x280) returned 1 [0050.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.238] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.lolkek") returned 171 [0050.238] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json.lolkek")) returned 1 [0050.239] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.239] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb2b58 | out: hHeap=0x5a0000) returned 1 [0050.239] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.239] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.239] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json", dwFileAttributes=0x80) returned 1 [0050.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.240] CloseHandle (hObject=0x280) returned 1 [0050.240] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.240] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x407a [0050.240] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.240] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.247] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.247] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.247] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.248] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.248] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.249] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.249] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.249] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.249] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.249] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.249] CloseHandle (hObject=0x280) returned 1 [0050.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.249] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.lolkek") returned 171 [0050.249] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json.lolkek")) returned 1 [0050.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb30a8 | out: hHeap=0x5a0000) returned 1 [0050.250] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.250] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.250] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json", dwFileAttributes=0x80) returned 1 [0050.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.252] CloseHandle (hObject=0x280) returned 1 [0050.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.252] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3e96 [0050.252] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.252] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.258] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.258] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.258] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3e96, lpOverlapped=0x0) returned 1 [0050.259] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc16a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.259] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3e96, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3e96, lpOverlapped=0x0) returned 1 [0050.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.259] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.259] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.259] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.259] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.259] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.260] CloseHandle (hObject=0x280) returned 1 [0050.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.260] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.lolkek") returned 171 [0050.260] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json.lolkek")) returned 1 [0050.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb35f8 | out: hHeap=0x5a0000) returned 1 [0050.261] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.261] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.261] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json", dwFileAttributes=0x80) returned 1 [0050.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.262] CloseHandle (hObject=0x280) returned 1 [0050.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.262] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x563d [0050.262] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.262] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.267] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.267] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.267] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.268] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.268] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.268] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.268] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.268] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.268] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.269] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.269] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.269] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.269] CloseHandle (hObject=0x280) returned 1 [0050.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.269] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.lolkek") returned 171 [0050.269] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json.lolkek")) returned 1 [0050.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.270] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb3b48 | out: hHeap=0x5a0000) returned 1 [0050.270] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.270] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.270] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json", dwFileAttributes=0x80) returned 1 [0050.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.270] CloseHandle (hObject=0x280) returned 1 [0050.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.271] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4f64 [0050.271] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.271] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.276] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.276] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.276] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.277] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.277] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.277] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.277] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.277] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.277] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.277] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.277] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.277] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.277] CloseHandle (hObject=0x280) returned 1 [0050.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.277] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.lolkek") returned 171 [0050.277] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json.lolkek")) returned 1 [0050.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.278] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4098 | out: hHeap=0x5a0000) returned 1 [0050.278] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.278] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.278] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json", dwFileAttributes=0x80) returned 1 [0050.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.279] CloseHandle (hObject=0x280) returned 1 [0050.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.279] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x48f1 [0050.279] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.279] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.286] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.287] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.287] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.287] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.287] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.288] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.288] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.288] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.288] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.288] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.288] CloseHandle (hObject=0x280) returned 1 [0050.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.288] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.lolkek") returned 171 [0050.288] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json.lolkek")) returned 1 [0050.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb45e8 | out: hHeap=0x5a0000) returned 1 [0050.289] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.289] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.289] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json", dwFileAttributes=0x80) returned 1 [0050.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.290] CloseHandle (hObject=0x280) returned 1 [0050.290] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.290] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d11 [0050.290] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.290] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.295] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.295] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.295] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.295] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.295] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x3d11, lpOverlapped=0x0) returned 1 [0050.296] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc2ef, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.296] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3d11, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x3d11, lpOverlapped=0x0) returned 1 [0050.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.296] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.296] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.297] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.297] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.297] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.297] CloseHandle (hObject=0x280) returned 1 [0050.297] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.297] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.lolkek") returned 171 [0050.297] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json.lolkek")) returned 1 [0050.298] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.298] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb4b38 | out: hHeap=0x5a0000) returned 1 [0050.298] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.298] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.298] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json", dwFileAttributes=0x80) returned 1 [0050.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.299] CloseHandle (hObject=0x280) returned 1 [0050.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.299] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7299 [0050.299] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.299] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.307] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.307] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.307] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.308] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.308] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.309] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.309] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.309] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.309] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.309] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.309] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.309] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.309] CloseHandle (hObject=0x280) returned 1 [0050.312] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.312] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.lolkek") returned 176 [0050.312] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json.lolkek")) returned 1 [0050.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b1b0 | out: hHeap=0x5a0000) returned 1 [0050.313] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.313] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.313] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons", dwFileAttributes=0x80) returned 1 [0050.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.314] CloseHandle (hObject=0x280) returned 1 [0050.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.315] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5000 [0050.315] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.315] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.323] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.323] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.323] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.324] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.324] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.324] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.324] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.324] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.325] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.325] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.325] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.325] CloseHandle (hObject=0x280) returned 1 [0050.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.325] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons.lolkek") returned 95 [0050.325] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons.lolkek")) returned 1 [0050.326] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.326] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddfe0 | out: hHeap=0x5a0000) returned 1 [0050.326] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.326] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.326] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History", dwFileAttributes=0x80) returned 1 [0050.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.326] CloseHandle (hObject=0x280) returned 1 [0050.326] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.326] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x19000 [0050.326] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.327] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.332] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.332] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.332] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.333] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.333] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.333] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.333] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.333] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.334] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.334] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.334] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.334] CloseHandle (hObject=0x280) returned 1 [0050.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.334] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History.lolkek") returned 94 [0050.334] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history.lolkek")) returned 1 [0050.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5cd0 | out: hHeap=0x5a0000) returned 1 [0050.335] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.335] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.335] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal", dwFileAttributes=0x80) returned 1 [0050.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.335] CloseHandle (hObject=0x280) returned 1 [0050.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.335] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.335] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.336] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.336] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.336] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.336] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.336] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.336] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.336] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.337] CloseHandle (hObject=0x280) returned 1 [0050.337] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.337] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal.lolkek") returned 102 [0050.337] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal.lolkek")) returned 1 [0050.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de05a0 | out: hHeap=0x5a0000) returned 1 [0050.337] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.337] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.337] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp", dwFileAttributes=0x80) returned 1 [0050.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.338] CloseHandle (hObject=0x280) returned 1 [0050.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.338] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.338] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.338] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.338] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.338] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.338] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.338] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.338] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.338] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.339] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.339] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.339] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.339] CloseHandle (hObject=0x280) returned 1 [0050.339] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.339] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp.lolkek") returned 109 [0050.339] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp.lolkek")) returned 1 [0050.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635d08 | out: hHeap=0x5a0000) returned 1 [0050.340] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.340] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.340] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp", dwFileAttributes=0x80) returned 1 [0050.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0050.340] CloseHandle (hObject=0x280) returned 1 [0050.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.341] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.341] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.341] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.341] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.341] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.341] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.341] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.341] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.342] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.342] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.342] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.342] CloseHandle (hObject=0x280) returned 1 [0050.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.342] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp.lolkek") returned 109 [0050.342] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp.lolkek")) returned 1 [0050.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66b780 | out: hHeap=0x5a0000) returned 1 [0050.342] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.343] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.343] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp", dwFileAttributes=0x80) returned 1 [0050.347] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.348] CloseHandle (hObject=0x25c) returned 1 [0050.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.350] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.350] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.350] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.350] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.350] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.350] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.350] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.351] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.351] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.351] CloseHandle (hObject=0x25c) returned 1 [0050.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.351] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp.lolkek") returned 112 [0050.351] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp.lolkek")) returned 1 [0050.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7b20 | out: hHeap=0x5a0000) returned 1 [0050.425] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.425] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.425] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal", dwFileAttributes=0x80) returned 1 [0050.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.426] CloseHandle (hObject=0x25c) returned 1 [0050.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.426] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.426] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.426] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.426] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.426] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.426] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.427] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.427] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.427] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.427] CloseHandle (hObject=0x25c) returned 1 [0050.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.427] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal.lolkek") returned 107 [0050.427] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal.lolkek")) returned 1 [0050.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cff8 | out: hHeap=0x5a0000) returned 1 [0050.428] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.428] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.428] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README", dwFileAttributes=0x80) returned 1 [0050.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.429] CloseHandle (hObject=0x25c) returned 1 [0050.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.429] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb4 [0050.429] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.429] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.429] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.430] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.430] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xb4, lpOverlapped=0x0) returned 1 [0050.430] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffff4c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.430] WriteFile (in: hFile=0x25c, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb4, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xb4, lpOverlapped=0x0) returned 1 [0050.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.430] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.430] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.430] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.430] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.430] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.430] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.430] CloseHandle (hObject=0x25c) returned 1 [0050.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.430] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README.lolkek") returned 93 [0050.430] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme.lolkek")) returned 1 [0050.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5b68 | out: hHeap=0x5a0000) returned 1 [0050.431] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.431] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.431] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences", dwFileAttributes=0x80) returned 1 [0050.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.431] CloseHandle (hObject=0x25c) returned 1 [0050.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.432] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8b43 [0050.432] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.432] ReadFile (in: hFile=0x25c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.458] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.458] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.458] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.460] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.460] WriteFile (in: hFile=0x25c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.460] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.460] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.460] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.461] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.461] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.461] CloseHandle (hObject=0x25c) returned 1 [0050.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.462] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences.lolkek") returned 105 [0050.462] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences.lolkek")) returned 1 [0050.572] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.572] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d198 | out: hHeap=0x5a0000) returned 1 [0050.572] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.572] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.572] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms", dwFileAttributes=0x80) returned 1 [0050.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.582] CloseHandle (hObject=0x1b4) returned 1 [0050.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.582] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0050.582] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.582] ReadFile (in: hFile=0x1b4, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.594] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.594] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.595] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.596] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.596] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.596] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.596] WriteFile (in: hFile=0x1b4, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.596] WriteFile (in: hFile=0x1b4, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.597] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.597] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.597] CloseHandle (hObject=0x1b4) returned 1 [0050.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.597] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.lolkek") returned 146 [0050.597] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms.lolkek")) returned 1 [0050.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7f60 | out: hHeap=0x5a0000) returned 1 [0050.598] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.598] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.598] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini", dwFileAttributes=0x80) returned 1 [0050.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.599] CloseHandle (hObject=0x1b4) returned 1 [0050.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.599] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0050.599] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.599] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.599] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x43, lpOverlapped=0x0) returned 1 [0050.600] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.600] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x43, lpOverlapped=0x0) returned 1 [0050.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.600] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.600] WriteFile (in: hFile=0x1b4, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.600] WriteFile (in: hFile=0x1b4, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.600] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.600] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.600] CloseHandle (hObject=0x1b4) returned 1 [0050.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.600] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.lolkek") returned 97 [0050.600] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini.lolkek")) returned 1 [0050.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd83d8 | out: hHeap=0x5a0000) returned 1 [0050.601] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.601] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.601] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0050.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.601] CloseHandle (hObject=0x1b4) returned 1 [0050.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.602] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.602] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.602] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.602] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.602] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.602] WriteFile (in: hFile=0x1b4, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.602] WriteFile (in: hFile=0x1b4, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.603] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.603] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.603] CloseHandle (hObject=0x1b4) returned 1 [0050.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.603] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].lolkek") returned 95 [0050.603] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1].lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1].lolkek")) returned 1 [0050.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd8550 | out: hHeap=0x5a0000) returned 1 [0050.603] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.603] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.603] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini", dwFileAttributes=0x80) returned 1 [0050.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.604] CloseHandle (hObject=0x1b4) returned 1 [0050.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.604] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0050.604] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.604] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.604] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x43, lpOverlapped=0x0) returned 1 [0050.605] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.605] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x43, lpOverlapped=0x0) returned 1 [0050.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.605] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.605] WriteFile (in: hFile=0x1b4, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.605] WriteFile (in: hFile=0x1b4, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.605] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.605] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.606] CloseHandle (hObject=0x1b4) returned 1 [0050.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.606] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.lolkek") returned 97 [0050.606] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini.lolkek")) returned 1 [0050.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd86c0 | out: hHeap=0x5a0000) returned 1 [0050.606] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.606] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.606] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0050.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.611] CloseHandle (hObject=0x1e0) returned 1 [0050.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.612] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.612] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.612] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.612] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.612] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.612] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.612] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.612] WriteFile (in: hFile=0x1e0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.612] WriteFile (in: hFile=0x1e0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.612] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.613] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.613] CloseHandle (hObject=0x1e0) returned 1 [0050.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.613] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].lolkek") returned 95 [0050.613] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1].lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1].lolkek")) returned 1 [0050.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd8838 | out: hHeap=0x5a0000) returned 1 [0050.613] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.613] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.613] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]", dwFileAttributes=0x80) returned 1 [0050.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.622] CloseHandle (hObject=0x1b4) returned 1 [0050.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.647] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.647] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0050.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.647] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.647] ReadFile (in: hFile=0x25c, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0050.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0050.648] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.648] WriteFile (in: hFile=0x25c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.648] WriteFile (in: hFile=0x25c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.648] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.648] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.648] CloseHandle (hObject=0x25c) returned 1 [0050.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.660] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].lolkek") returned 95 [0050.660] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1].lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1].lolkek")) returned 1 [0050.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddeec8 | out: hHeap=0x5a0000) returned 1 [0050.670] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.670] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.670] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT", dwFileAttributes=0x80) returned 1 [0050.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0050.671] CloseHandle (hObject=0x290) returned 1 [0050.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0050.672] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3c0dc [0050.672] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.672] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.677] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.677] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.677] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.686] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.687] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.687] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.687] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.687] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.687] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.687] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.687] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.687] CloseHandle (hObject=0x290) returned 1 [0050.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.687] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT.lolkek") returned 83 [0050.688] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat.lolkek")) returned 1 [0050.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616478 | out: hHeap=0x5a0000) returned 1 [0050.688] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.688] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.689] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt", dwFileAttributes=0x80) returned 1 [0050.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0050.689] CloseHandle (hObject=0x290) returned 1 [0050.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0050.689] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fb0 [0050.689] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.689] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.699] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.699] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.699] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x2fb0, lpOverlapped=0x0) returned 1 [0050.716] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffd050, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.716] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x2fb0, lpOverlapped=0x0) returned 1 [0050.716] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.717] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.717] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.718] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.718] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.718] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.718] CloseHandle (hObject=0x290) returned 1 [0050.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.718] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.lolkek") returned 94 [0050.718] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt.lolkek")) returned 1 [0050.719] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.719] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb63d8 | out: hHeap=0x5a0000) returned 1 [0050.719] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.719] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.719] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat", dwFileAttributes=0x80) returned 1 [0050.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0050.722] CloseHandle (hObject=0x1ec) returned 1 [0050.722] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.722] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23f4 [0050.723] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.723] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.725] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.725] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.725] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.725] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.725] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x23f4, lpOverlapped=0x0) returned 1 [0050.729] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffdc0c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.729] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x23f4, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x23f4, lpOverlapped=0x0) returned 1 [0050.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.729] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.729] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.729] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.729] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.729] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.729] CloseHandle (hObject=0x1ec) returned 1 [0050.729] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.729] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat.lolkek") returned 101 [0050.729] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat.lolkek")) returned 1 [0050.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf4c0 | out: hHeap=0x5a0000) returned 1 [0050.730] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.730] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.730] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", dwFileAttributes=0x80) returned 1 [0050.730] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0050.730] CloseHandle (hObject=0x1ec) returned 1 [0050.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.731] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe00 [0050.731] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.731] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.734] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.734] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.734] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.734] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.734] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0xe00, lpOverlapped=0x0) returned 1 [0050.734] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffff200, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.734] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0xe00, lpOverlapped=0x0) returned 1 [0050.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.735] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.735] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.735] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.735] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.735] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.735] CloseHandle (hObject=0x1ec) returned 1 [0050.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.735] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.lolkek") returned 160 [0050.735] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat.lolkek")) returned 1 [0050.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddf648 | out: hHeap=0x5a0000) returned 1 [0050.736] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.736] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.736] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", dwFileAttributes=0x80) returned 1 [0050.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0050.736] CloseHandle (hObject=0x1ec) returned 1 [0050.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.737] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1200 [0050.737] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.737] ReadFile (in: hFile=0x1ec, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.742] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0050.742] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.742] ReadFile (in: hFile=0x1ec, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x1200, lpOverlapped=0x0) returned 1 [0050.745] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xffffee00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.745] WriteFile (in: hFile=0x1ec, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x1200, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x1200, lpOverlapped=0x0) returned 1 [0050.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0050.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.746] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.746] WriteFile (in: hFile=0x1ec, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.746] WriteFile (in: hFile=0x1ec, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.746] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.746] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.746] CloseHandle (hObject=0x1ec) returned 1 [0050.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.746] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.lolkek") returned 160 [0050.746] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat.lolkek")) returned 1 [0050.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5768 | out: hHeap=0x5a0000) returned 1 [0050.747] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.747] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.747] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", dwFileAttributes=0x80) returned 1 [0050.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.750] CloseHandle (hObject=0x1e0) returned 1 [0050.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.750] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1200 [0050.750] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.750] ReadFile (in: hFile=0x1e0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.756] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.756] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.756] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x1200, lpOverlapped=0x0) returned 1 [0050.763] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffee00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.763] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1200, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x1200, lpOverlapped=0x0) returned 1 [0050.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.763] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.763] WriteFile (in: hFile=0x1e0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.764] WriteFile (in: hFile=0x1e0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.764] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.764] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.764] CloseHandle (hObject=0x1e0) returned 1 [0050.764] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.764] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.lolkek") returned 146 [0050.764] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat.lolkek")) returned 1 [0050.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5c10 | out: hHeap=0x5a0000) returned 1 [0050.765] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.765] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.765] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb", dwFileAttributes=0x80) returned 1 [0050.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1e0 [0050.767] CloseHandle (hObject=0x1e0) returned 1 [0050.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.768] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1106c [0050.768] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.768] ReadFile (in: hFile=0x1e0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.774] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.774] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.774] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0050.776] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.777] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0050.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.777] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.777] WriteFile (in: hFile=0x1e0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.777] WriteFile (in: hFile=0x1e0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.777] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.777] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.777] CloseHandle (hObject=0x1e0) returned 1 [0050.777] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.777] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.lolkek") returned 93 [0050.777] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb.lolkek")) returned 1 [0050.778] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.778] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6540 | out: hHeap=0x5a0000) returned 1 [0050.778] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.778] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.778] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0050.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0050.814] CloseHandle (hObject=0x24c) returned 1 [0050.814] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.869] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4f3 [0050.869] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.869] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.870] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.871] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.871] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4f3, lpOverlapped=0x0) returned 1 [0050.871] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffb0d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.871] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4f3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4f3, lpOverlapped=0x0) returned 1 [0050.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.871] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.871] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.871] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.871] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.871] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.871] CloseHandle (hObject=0x2bc) returned 1 [0050.872] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.872] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.lolkek") returned 142 [0050.872] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl.lolkek")) returned 1 [0050.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c6968 | out: hHeap=0x5a0000) returned 1 [0050.923] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.923] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.923] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0050.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0050.924] CloseHandle (hObject=0x258) returned 1 [0050.924] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0050.924] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4f3 [0050.924] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.924] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0050.928] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0050.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.928] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.928] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4f3, lpOverlapped=0x0) returned 1 [0050.928] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffb0d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.928] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4f3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4f3, lpOverlapped=0x0) returned 1 [0050.929] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.929] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.929] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.929] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0050.929] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.929] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0050.929] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0050.929] CloseHandle (hObject=0x258) returned 1 [0050.929] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.929] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.lolkek") returned 142 [0050.929] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl.lolkek")) returned 1 [0050.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7430 | out: hHeap=0x5a0000) returned 1 [0050.932] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.932] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.932] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl", dwFileAttributes=0x80) returned 1 [0050.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.985] CloseHandle (hObject=0x268) returned 1 [0050.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.003] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x311 [0051.003] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.003] ReadFile (in: hFile=0x270, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.009] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.009] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.009] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.009] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.009] ReadFile (in: hFile=0x270, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x311, lpOverlapped=0x0) returned 1 [0051.010] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffcef, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.010] WriteFile (in: hFile=0x270, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x311, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x311, lpOverlapped=0x0) returned 1 [0051.010] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.010] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.010] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.010] WriteFile (in: hFile=0x270, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.010] WriteFile (in: hFile=0x270, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.010] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.010] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.010] CloseHandle (hObject=0x270) returned 1 [0051.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.031] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.lolkek") returned 142 [0051.031] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl.lolkek")) returned 1 [0051.093] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.093] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7658 | out: hHeap=0x5a0000) returned 1 [0051.093] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.093] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.093] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", dwFileAttributes=0x80) returned 1 [0051.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0051.150] CloseHandle (hObject=0x270) returned 1 [0051.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.154] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0051.154] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.154] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.155] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.155] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.155] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x104, lpOverlapped=0x0) returned 1 [0051.155] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.155] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x104, lpOverlapped=0x0) returned 1 [0051.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.155] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.155] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.155] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.155] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.155] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.155] CloseHandle (hObject=0x280) returned 1 [0051.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0051.156] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.lolkek") returned 141 [0051.156] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat.lolkek")) returned 1 [0051.186] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0051.186] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7cd0 | out: hHeap=0x5a0000) returned 1 [0051.186] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.186] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.186] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log", dwFileAttributes=0x80) returned 1 [0051.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0051.186] CloseHandle (hObject=0x280) returned 1 [0051.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.187] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x200000 [0051.187] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.187] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.199] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.199] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.199] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.199] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.199] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0051.207] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.207] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0051.207] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.207] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.207] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.207] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.209] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.209] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.209] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.209] CloseHandle (hObject=0x280) returned 1 [0051.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.209] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.lolkek") returned 90 [0051.209] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log.lolkek")) returned 1 [0051.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.210] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadfd0 | out: hHeap=0x5a0000) returned 1 [0051.210] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.210] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.210] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml", dwFileAttributes=0x80) returned 1 [0051.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0051.211] CloseHandle (hObject=0x280) returned 1 [0051.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.211] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x104 [0051.211] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.211] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.212] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.212] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.212] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x104, lpOverlapped=0x0) returned 1 [0051.212] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.212] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x104, lpOverlapped=0x0) returned 1 [0051.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.213] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.213] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.213] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.213] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.213] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.213] CloseHandle (hObject=0x280) returned 1 [0051.213] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.213] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.lolkek") returned 87 [0051.213] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml.lolkek")) returned 1 [0051.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.214] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadd20 | out: hHeap=0x5a0000) returned 1 [0051.214] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.214] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.214] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm", dwFileAttributes=0x80) returned 1 [0051.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0051.214] CloseHandle (hObject=0x280) returned 1 [0051.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.215] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xff [0051.215] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.215] ReadFile (in: hFile=0x280, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.215] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.215] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.215] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0xff, lpOverlapped=0x0) returned 1 [0051.215] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffff01, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.215] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0xff, lpOverlapped=0x0) returned 1 [0051.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.216] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.216] WriteFile (in: hFile=0x280, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.216] WriteFile (in: hFile=0x280, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.216] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.216] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.216] CloseHandle (hObject=0x280) returned 1 [0051.216] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.216] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.lolkek") returned 98 [0051.216] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm.lolkek")) returned 1 [0051.217] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.217] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddae38 | out: hHeap=0x5a0000) returned 1 [0051.217] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.217] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.217] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg", dwFileAttributes=0x80) returned 1 [0051.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.301] CloseHandle (hObject=0x24c) returned 1 [0051.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0051.305] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x432 [0051.305] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.305] ReadFile (in: hFile=0x24c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.307] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.307] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.307] ReadFile (in: hFile=0x24c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x432, lpOverlapped=0x0) returned 1 [0051.307] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffbce, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.307] WriteFile (in: hFile=0x24c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x432, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x432, lpOverlapped=0x0) returned 1 [0051.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.308] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.308] WriteFile (in: hFile=0x24c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.308] WriteFile (in: hFile=0x24c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.308] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.308] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.308] CloseHandle (hObject=0x24c) returned 1 [0051.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.308] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.lolkek") returned 98 [0051.308] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg.lolkek")) returned 1 [0051.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.340] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd58e8 | out: hHeap=0x5a0000) returned 1 [0051.340] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.340] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.340] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg", dwFileAttributes=0x80) returned 1 [0051.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0051.367] CloseHandle (hObject=0x2b8) returned 1 [0051.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0051.368] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13fb [0051.368] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.368] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.372] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.372] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.372] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x13fb, lpOverlapped=0x0) returned 1 [0051.379] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffec05, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.379] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x13fb, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x13fb, lpOverlapped=0x0) returned 1 [0051.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.379] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.379] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.379] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.379] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.379] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.379] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.379] CloseHandle (hObject=0x2b8) returned 1 [0051.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.381] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.lolkek") returned 100 [0051.381] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg.lolkek")) returned 1 [0051.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0db0 | out: hHeap=0x5a0000) returned 1 [0051.600] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.600] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.600] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite", dwFileAttributes=0x80) returned 1 [0051.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.601] CloseHandle (hObject=0x228) returned 1 [0051.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.601] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x40000 [0051.601] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.601] ReadFile (in: hFile=0x228, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.603] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.603] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.603] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0051.607] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.607] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0051.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.607] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.607] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.608] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.608] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.608] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.608] CloseHandle (hObject=0x228) returned 1 [0051.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.608] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.lolkek") returned 122 [0051.608] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite.lolkek")) returned 1 [0051.609] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.609] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x669728 | out: hHeap=0x5a0000) returned 1 [0051.609] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.609] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.609] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache", dwFileAttributes=0x80) returned 1 [0051.609] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.610] CloseHandle (hObject=0x228) returned 1 [0051.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.610] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c [0051.610] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.610] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.610] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x2c, lpOverlapped=0x0) returned 1 [0051.611] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffffd4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.611] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x2c, lpOverlapped=0x0) returned 1 [0051.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.611] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.611] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.611] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.611] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.611] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.611] CloseHandle (hObject=0x228) returned 1 [0051.611] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.611] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.lolkek") returned 135 [0051.611] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache.lolkek")) returned 1 [0051.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7ef8 | out: hHeap=0x5a0000) returned 1 [0051.612] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.612] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.612] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset", dwFileAttributes=0x80) returned 1 [0051.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.613] CloseHandle (hObject=0x228) returned 1 [0051.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.613] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0051.613] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.613] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.613] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x10, lpOverlapped=0x0) returned 1 [0051.613] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.613] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x10, lpOverlapped=0x0) returned 1 [0051.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.614] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.614] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.614] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.614] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.614] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.614] CloseHandle (hObject=0x228) returned 1 [0051.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.614] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.lolkek") returned 134 [0051.614] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset.lolkek")) returned 1 [0051.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea8c18 | out: hHeap=0x5a0000) returned 1 [0051.615] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.615] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.615] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore", dwFileAttributes=0x80) returned 1 [0051.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.615] CloseHandle (hObject=0x228) returned 1 [0051.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.616] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0051.616] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.616] ReadFile (in: hFile=0x228, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.616] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.616] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.616] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0xe8, lpOverlapped=0x0) returned 1 [0051.616] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.616] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0xe8, lpOverlapped=0x0) returned 1 [0051.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.617] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.617] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.617] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.617] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.617] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.617] CloseHandle (hObject=0x228) returned 1 [0051.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.617] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.lolkek") returned 137 [0051.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore.lolkek")) returned 1 [0051.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea8e20 | out: hHeap=0x5a0000) returned 1 [0051.618] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.618] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.618] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache", dwFileAttributes=0x80) returned 1 [0051.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.618] CloseHandle (hObject=0x228) returned 1 [0051.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.618] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2c [0051.619] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.619] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.619] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x2c, lpOverlapped=0x0) returned 1 [0051.619] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffffd4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.619] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x2c, lpOverlapped=0x0) returned 1 [0051.619] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.620] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.620] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.620] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.620] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.620] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.620] CloseHandle (hObject=0x228) returned 1 [0051.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.620] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.lolkek") returned 133 [0051.620] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache.lolkek")) returned 1 [0051.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9038 | out: hHeap=0x5a0000) returned 1 [0051.621] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.621] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.621] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset", dwFileAttributes=0x80) returned 1 [0051.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.621] CloseHandle (hObject=0x228) returned 1 [0051.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.621] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0051.621] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.622] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.622] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x10, lpOverlapped=0x0) returned 1 [0051.622] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.622] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x10, lpOverlapped=0x0) returned 1 [0051.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.622] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.622] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.622] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.623] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.623] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.623] CloseHandle (hObject=0x228) returned 1 [0051.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.623] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.lolkek") returned 132 [0051.623] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset.lolkek")) returned 1 [0051.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9240 | out: hHeap=0x5a0000) returned 1 [0051.623] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.623] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.623] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore", dwFileAttributes=0x80) returned 1 [0051.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.624] CloseHandle (hObject=0x228) returned 1 [0051.624] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.624] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe8 [0051.624] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.624] ReadFile (in: hFile=0x228, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.625] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.625] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.625] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0xe8, lpOverlapped=0x0) returned 1 [0051.625] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffff18, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.625] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0xe8, lpOverlapped=0x0) returned 1 [0051.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.625] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.625] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.625] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.625] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.625] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.625] CloseHandle (hObject=0x228) returned 1 [0051.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.626] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.lolkek") returned 135 [0051.626] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore.lolkek")) returned 1 [0051.626] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.626] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c8120 | out: hHeap=0x5a0000) returned 1 [0051.626] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.626] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.626] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little", dwFileAttributes=0x80) returned 1 [0051.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.627] CloseHandle (hObject=0x228) returned 1 [0051.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.627] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe59f6 [0051.627] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.627] ReadFile (in: hFile=0x228, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.637] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.638] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.638] ReadFile (in: hFile=0x228, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0051.646] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.646] WriteFile (in: hFile=0x228, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0051.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.646] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.646] WriteFile (in: hFile=0x228, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.646] WriteFile (in: hFile=0x228, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.646] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.646] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.646] CloseHandle (hObject=0x228) returned 1 [0051.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.646] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.lolkek") returned 131 [0051.646] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little.lolkek")) returned 1 [0051.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ea9440 | out: hHeap=0x5a0000) returned 1 [0051.647] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.647] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.647] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png", dwFileAttributes=0x80) returned 1 [0051.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0051.931] CloseHandle (hObject=0x224) returned 1 [0051.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.985] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1c362 [0051.985] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.985] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0051.987] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0051.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.988] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.988] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0051.993] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.993] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0051.993] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.994] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.994] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.994] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0051.994] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.994] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0051.994] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0051.994] CloseHandle (hObject=0x258) returned 1 [0051.994] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.995] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.lolkek") returned 144 [0051.995] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png.lolkek")) returned 1 [0051.995] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.995] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eae918 | out: hHeap=0x5a0000) returned 1 [0051.995] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.995] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.996] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", dwFileAttributes=0x80) returned 1 [0052.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.016] CloseHandle (hObject=0x258) returned 1 [0052.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.029] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d7 [0052.029] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.029] ReadFile (in: hFile=0x214, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.030] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.030] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.030] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.030] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.030] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x2d7, lpOverlapped=0x0) returned 1 [0052.030] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffd29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.030] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x2d7, lpOverlapped=0x0) returned 1 [0052.030] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.030] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.030] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.030] WriteFile (in: hFile=0x214, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.031] WriteFile (in: hFile=0x214, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.031] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.031] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.031] CloseHandle (hObject=0x214) returned 1 [0052.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0052.031] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.lolkek") returned 158 [0052.031] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77.lolkek")) returned 1 [0052.057] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0052.057] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc18c0 | out: hHeap=0x5a0000) returned 1 [0052.057] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.057] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.057] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", dwFileAttributes=0x80) returned 1 [0052.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0052.074] CloseHandle (hObject=0x290) returned 1 [0052.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.092] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e3 [0052.092] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.092] ReadFile (in: hFile=0x23c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.094] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.095] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.095] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x6e3, lpOverlapped=0x0) returned 1 [0052.095] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffff91d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.095] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x6e3, lpOverlapped=0x0) returned 1 [0052.095] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.095] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.095] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.095] WriteFile (in: hFile=0x23c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.095] WriteFile (in: hFile=0x23c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.095] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.095] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.095] CloseHandle (hObject=0x23c) returned 1 [0052.095] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.096] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.lolkek") returned 158 [0052.096] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.lolkek")) returned 1 [0052.114] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.115] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1500 | out: hHeap=0x5a0000) returned 1 [0052.115] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.115] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.115] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", dwFileAttributes=0x80) returned 1 [0052.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.132] CloseHandle (hObject=0x280) returned 1 [0052.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.145] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.145] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.145] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.146] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.146] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.146] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x1cf, lpOverlapped=0x0) returned 1 [0052.146] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.146] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x1cf, lpOverlapped=0x0) returned 1 [0052.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.146] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.146] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.146] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.146] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.146] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.146] CloseHandle (hObject=0x290) returned 1 [0052.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.147] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.lolkek") returned 158 [0052.147] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.lolkek")) returned 1 [0052.175] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0052.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8ed8 | out: hHeap=0x5a0000) returned 1 [0052.176] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.176] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.176] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", dwFileAttributes=0x80) returned 1 [0052.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.191] CloseHandle (hObject=0x210) returned 1 [0052.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.208] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x652 [0052.208] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.208] ReadFile (in: hFile=0x23c, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.211] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.211] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.211] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x652, lpOverlapped=0x0) returned 1 [0052.211] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffff9ae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.211] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x652, lpOverlapped=0x0) returned 1 [0052.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.211] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.211] WriteFile (in: hFile=0x23c, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.211] WriteFile (in: hFile=0x23c, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.211] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.211] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.211] CloseHandle (hObject=0x23c) returned 1 [0052.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0052.212] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.lolkek") returned 158 [0052.212] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.lolkek")) returned 1 [0052.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0052.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daa480 | out: hHeap=0x5a0000) returned 1 [0052.240] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.240] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.240] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", dwFileAttributes=0x80) returned 1 [0052.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.257] CloseHandle (hObject=0x2a0) returned 1 [0052.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.274] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5ae [0052.274] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.274] ReadFile (in: hFile=0x210, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.276] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.276] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.276] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x5ae, lpOverlapped=0x0) returned 1 [0052.276] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffa52, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.276] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5ae, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x5ae, lpOverlapped=0x0) returned 1 [0052.276] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.276] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.276] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.276] WriteFile (in: hFile=0x210, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.276] WriteFile (in: hFile=0x210, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.276] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.276] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.276] CloseHandle (hObject=0x210) returned 1 [0052.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0052.277] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.lolkek") returned 158 [0052.277] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de.lolkek")) returned 1 [0052.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0052.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebfd08 | out: hHeap=0x5a0000) returned 1 [0052.368] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.368] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.368] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", dwFileAttributes=0x80) returned 1 [0052.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.394] CloseHandle (hObject=0x2a0) returned 1 [0052.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.404] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1b2 [0052.404] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.404] ReadFile (in: hFile=0x210, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.405] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.405] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.405] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x1b2, lpOverlapped=0x0) returned 1 [0052.405] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe4e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.405] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1b2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x1b2, lpOverlapped=0x0) returned 1 [0052.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.405] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.405] WriteFile (in: hFile=0x210, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.405] WriteFile (in: hFile=0x210, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.405] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.405] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.406] CloseHandle (hObject=0x210) returned 1 [0052.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.406] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.lolkek") returned 159 [0052.406] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.lolkek")) returned 1 [0052.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x697d88 | out: hHeap=0x5a0000) returned 1 [0052.429] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.429] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.429] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", dwFileAttributes=0x80) returned 1 [0052.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.447] CloseHandle (hObject=0x23c) returned 1 [0052.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0052.455] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182 [0052.455] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.456] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.456] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.456] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.456] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x182, lpOverlapped=0x0) returned 1 [0052.456] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.456] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x182, lpOverlapped=0x0) returned 1 [0052.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.456] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.456] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.457] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.457] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.457] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.457] CloseHandle (hObject=0x2bc) returned 1 [0052.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.458] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.lolkek") returned 159 [0052.458] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.lolkek")) returned 1 [0052.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb98d8 | out: hHeap=0x5a0000) returned 1 [0052.479] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.479] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.479] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", dwFileAttributes=0x80) returned 1 [0052.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.497] CloseHandle (hObject=0x228) returned 1 [0052.497] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.508] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x194 [0052.508] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.508] ReadFile (in: hFile=0x290, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.509] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.509] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.509] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x194, lpOverlapped=0x0) returned 1 [0052.509] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffe6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.509] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x194, lpOverlapped=0x0) returned 1 [0052.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.509] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.509] WriteFile (in: hFile=0x290, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.509] WriteFile (in: hFile=0x290, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.510] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.510] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.510] CloseHandle (hObject=0x290) returned 1 [0052.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.510] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.lolkek") returned 159 [0052.510] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.lolkek")) returned 1 [0052.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb8498 | out: hHeap=0x5a0000) returned 1 [0052.537] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.537] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.537] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", dwFileAttributes=0x80) returned 1 [0052.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.552] CloseHandle (hObject=0x224) returned 1 [0052.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.562] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x192 [0052.562] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.562] ReadFile (in: hFile=0x224, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.563] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.563] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.563] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x192, lpOverlapped=0x0) returned 1 [0052.563] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffe6e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.563] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x192, lpOverlapped=0x0) returned 1 [0052.563] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.563] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.563] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.563] WriteFile (in: hFile=0x224, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.564] WriteFile (in: hFile=0x224, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.564] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.564] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.564] CloseHandle (hObject=0x224) returned 1 [0052.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.566] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.lolkek") returned 159 [0052.566] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.lolkek")) returned 1 [0052.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaa078 | out: hHeap=0x5a0000) returned 1 [0052.600] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.600] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.600] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml", dwFileAttributes=0x80) returned 1 [0052.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.601] CloseHandle (hObject=0x258) returned 1 [0052.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.601] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x344 [0052.601] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.601] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.603] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.604] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.604] ReadFile (in: hFile=0x258, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x373e0cc*=0x344, lpOverlapped=0x0) returned 1 [0052.604] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffcbc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.604] WriteFile (in: hFile=0x258, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x344, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x373fb10*=0x344, lpOverlapped=0x0) returned 1 [0052.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.604] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.604] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.604] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.604] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.605] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.605] CloseHandle (hObject=0x258) returned 1 [0052.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.605] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.lolkek") returned 118 [0052.605] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml.lolkek")) returned 1 [0052.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698b58 | out: hHeap=0x5a0000) returned 1 [0052.606] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.606] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.606] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab", dwFileAttributes=0x80) returned 1 [0052.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.609] CloseHandle (hObject=0x258) returned 1 [0052.609] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.609] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8e062 [0052.609] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.609] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.614] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.614] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.614] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0052.616] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.616] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0052.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.616] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.616] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.616] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.616] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.616] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.616] CloseHandle (hObject=0x258) returned 1 [0052.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.616] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.lolkek") returned 76 [0052.616] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab.lolkek")) returned 1 [0052.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de19d0 | out: hHeap=0x5a0000) returned 1 [0052.617] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.617] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.617] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties", dwFileAttributes=0x80) returned 1 [0052.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.618] CloseHandle (hObject=0x258) returned 1 [0052.618] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.618] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2cf [0052.618] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.618] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.622] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.622] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x2cf, lpOverlapped=0x0) returned 1 [0052.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffd31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.622] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2cf, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x2cf, lpOverlapped=0x0) returned 1 [0052.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.622] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.622] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.622] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.623] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.623] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.623] CloseHandle (hObject=0x258) returned 1 [0052.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.623] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.lolkek") returned 99 [0052.623] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties.lolkek")) returned 1 [0052.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dddfc8 | out: hHeap=0x5a0000) returned 1 [0052.623] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.624] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.624] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi", dwFileAttributes=0x80) returned 1 [0052.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.672] CloseHandle (hObject=0x224) returned 1 [0052.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.763] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xdd600 [0052.763] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.763] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.767] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.767] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.767] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.767] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.767] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0052.770] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.770] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0052.770] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.770] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.771] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.771] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.771] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.771] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.771] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.771] CloseHandle (hObject=0x2a0) returned 1 [0052.771] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.771] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.lolkek") returned 94 [0052.771] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi.lolkek")) returned 1 [0052.772] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.772] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5fa0 | out: hHeap=0x5a0000) returned 1 [0052.772] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.772] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.772] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx", dwFileAttributes=0x80) returned 1 [0052.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.773] CloseHandle (hObject=0x2a0) returned 1 [0052.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.773] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fe4ab [0052.773] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.773] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.777] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.777] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.777] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.777] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.777] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0052.789] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.789] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0052.789] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.789] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.789] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.789] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.789] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.789] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.789] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.789] CloseHandle (hObject=0x2a0) returned 1 [0052.789] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.789] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.lolkek") returned 129 [0052.789] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx.lolkek")) returned 1 [0052.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634058 | out: hHeap=0x5a0000) returned 1 [0052.790] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.790] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.790] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk", dwFileAttributes=0x80) returned 1 [0052.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.792] CloseHandle (hObject=0x2a0) returned 1 [0052.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.792] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5a7 [0052.792] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.792] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.813] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.813] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.813] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x5a7, lpOverlapped=0x0) returned 1 [0052.813] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffa59, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.813] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5a7, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x5a7, lpOverlapped=0x0) returned 1 [0052.813] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.813] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.813] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.814] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.814] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.814] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.814] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.814] CloseHandle (hObject=0x2a0) returned 1 [0052.814] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.814] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.lolkek") returned 134 [0052.814] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk.lolkek")) returned 1 [0052.815] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.815] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3e6f0 | out: hHeap=0x5a0000) returned 1 [0052.815] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.815] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.815] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk", dwFileAttributes=0x80) returned 1 [0052.815] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.816] CloseHandle (hObject=0x2a0) returned 1 [0052.816] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.816] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x491 [0052.816] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.816] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.816] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.816] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.816] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.816] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.817] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x491, lpOverlapped=0x0) returned 1 [0052.817] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffb6f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.817] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x491, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x491, lpOverlapped=0x0) returned 1 [0052.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.817] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.817] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.817] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.817] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.817] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.817] CloseHandle (hObject=0x2a0) returned 1 [0052.817] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.817] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.lolkek") returned 137 [0052.817] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk.lolkek")) returned 1 [0052.818] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.818] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5768 | out: hHeap=0x5a0000) returned 1 [0052.819] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.819] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.819] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk", dwFileAttributes=0x80) returned 1 [0052.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.819] CloseHandle (hObject=0x2a0) returned 1 [0052.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.819] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4cc [0052.819] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.819] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.820] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.820] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.820] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4cc, lpOverlapped=0x0) returned 1 [0052.820] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffb34, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.820] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4cc, lpOverlapped=0x0) returned 1 [0052.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.820] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.820] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.820] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.820] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.821] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.821] CloseHandle (hObject=0x2a0) returned 1 [0052.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.821] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.lolkek") returned 142 [0052.821] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk.lolkek")) returned 1 [0052.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7430 | out: hHeap=0x5a0000) returned 1 [0052.822] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.822] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.822] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk", dwFileAttributes=0x80) returned 1 [0052.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.823] CloseHandle (hObject=0x2a0) returned 1 [0052.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.824] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4cc [0052.824] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.824] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.843] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.843] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.843] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4cc, lpOverlapped=0x0) returned 1 [0052.843] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffb34, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.843] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4cc, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4cc, lpOverlapped=0x0) returned 1 [0052.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.843] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.843] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.844] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.844] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.844] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.844] CloseHandle (hObject=0x2a0) returned 1 [0052.844] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.844] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.lolkek") returned 138 [0052.844] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk.lolkek")) returned 1 [0052.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4c80 | out: hHeap=0x5a0000) returned 1 [0052.845] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.845] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.845] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk", dwFileAttributes=0x80) returned 1 [0052.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.846] CloseHandle (hObject=0x2a0) returned 1 [0052.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.846] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x110 [0052.847] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.847] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.847] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.847] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.847] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x110, lpOverlapped=0x0) returned 1 [0052.847] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffef0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.847] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x110, lpOverlapped=0x0) returned 1 [0052.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.847] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.848] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.848] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.848] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.848] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.848] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.848] CloseHandle (hObject=0x2a0) returned 1 [0052.848] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.848] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.lolkek") returned 117 [0052.848] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk.lolkek")) returned 1 [0052.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613850 | out: hHeap=0x5a0000) returned 1 [0052.849] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.849] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.849] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat", dwFileAttributes=0x80) returned 1 [0052.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.850] CloseHandle (hObject=0x2a0) returned 1 [0052.850] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.850] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8000 [0052.850] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.850] ReadFile (in: hFile=0x2a0, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0052.864] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0052.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.864] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.864] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0052.873] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.873] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0052.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.873] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.873] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.873] WriteFile (in: hFile=0x2a0, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0052.875] WriteFile (in: hFile=0x2a0, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.875] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0052.875] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0052.875] CloseHandle (hObject=0x2a0) returned 1 [0052.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.875] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.lolkek") returned 107 [0052.875] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat.lolkek")) returned 1 [0052.883] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.883] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a2d0 | out: hHeap=0x5a0000) returned 1 [0052.883] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.883] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.883] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", dwFileAttributes=0x80) returned 1 [0052.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.661] CloseHandle (hObject=0x190) returned 1 [0053.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0053.713] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x34 [0053.713] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0053.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.713] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.713] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x34, lpOverlapped=0x0) returned 1 [0053.714] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffffcc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.714] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x34, lpOverlapped=0x0) returned 1 [0053.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.714] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.714] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0053.714] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0053.714] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0053.714] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0053.714] CloseHandle (hObject=0x258) returned 1 [0053.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.717] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.lolkek") returned 90 [0053.717] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.lolkek")) returned 1 [0053.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.729] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae530 | out: hHeap=0x5a0000) returned 1 [0053.729] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.729] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.729] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", dwFileAttributes=0x80) returned 1 [0053.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.732] CloseHandle (hObject=0x190) returned 1 [0053.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.732] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0053.732] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0053.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.732] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.732] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x0, lpOverlapped=0x0) returned 1 [0053.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.732] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.732] WriteFile (in: hFile=0x190, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0053.733] WriteFile (in: hFile=0x190, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0053.733] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0053.733] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0053.734] CloseHandle (hObject=0x190) returned 1 [0053.734] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.734] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata.lolkek") returned 138 [0053.734] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata.lolkek")) returned 1 [0053.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be01f8 | out: hHeap=0x5a0000) returned 1 [0053.734] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.734] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.734] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", dwFileAttributes=0x80) returned 1 [0053.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0053.772] CloseHandle (hObject=0x258) returned 1 [0053.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0053.776] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0053.776] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.776] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0053.778] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0053.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.778] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.778] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0053.781] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.781] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0053.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.781] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.781] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0053.782] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0053.782] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0053.782] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0053.782] CloseHandle (hObject=0x258) returned 1 [0053.783] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0053.783] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.lolkek") returned 106 [0053.783] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db.lolkek")) returned 1 [0053.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0053.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0410 | out: hHeap=0x5a0000) returned 1 [0053.874] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.874] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.874] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", dwFileAttributes=0x80) returned 1 [0053.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0054.211] CloseHandle (hObject=0x1ec) returned 1 [0054.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0054.243] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x50000 [0054.243] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.243] ReadFile (in: hFile=0x258, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.246] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.246] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.246] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.247] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.247] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.247] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.247] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.247] WriteFile (in: hFile=0x258, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.248] WriteFile (in: hFile=0x258, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.248] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.248] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.248] CloseHandle (hObject=0x258) returned 1 [0054.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ec7e38 [0054.249] wsprintfW (in: param_1=0x3ec7e38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.lolkek") returned 113 [0054.249] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite.lolkek")) returned 1 [0054.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec7e38 | out: hHeap=0x5a0000) returned 1 [0054.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657d80 | out: hHeap=0x5a0000) returned 1 [0054.513] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.513] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.513] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx", dwFileAttributes=0x80) returned 1 [0054.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogy6gmrudqr.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.514] CloseHandle (hObject=0x2b8) returned 1 [0054.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogy6gmrudqr.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.514] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14321 [0054.514] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.514] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.515] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.515] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.515] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.515] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.515] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.517] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.517] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.517] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.517] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.517] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.517] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.517] CloseHandle (hObject=0x2b8) returned 1 [0054.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.517] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx.lolkek") returned 67 [0054.517] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogy6gmrudqr.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ogy6gmrudqr.docx.lolkek")) returned 1 [0054.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0260 | out: hHeap=0x5a0000) returned 1 [0054.518] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.518] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.518] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst", dwFileAttributes=0x80) returned 1 [0054.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.519] CloseHandle (hObject=0x2b8) returned 1 [0054.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.520] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x42400 [0054.520] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.520] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.520] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.520] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.520] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.545] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.545] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.545] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.545] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.578] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.578] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.578] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.578] CloseHandle (hObject=0x2b8) returned 1 [0054.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.578] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.lolkek") returned 87 [0054.578] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.lolkek")) returned 1 [0054.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caee98 | out: hHeap=0x5a0000) returned 1 [0054.580] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.580] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.580] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx", dwFileAttributes=0x80) returned 1 [0054.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oyuwuklhu3vt8ens.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.580] CloseHandle (hObject=0x2b8) returned 1 [0054.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oyuwuklhu3vt8ens.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.581] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16116 [0054.581] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.581] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.581] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.581] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.581] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.581] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.581] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.582] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.582] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.582] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.582] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.582] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.582] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.582] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.582] CloseHandle (hObject=0x2b8) returned 1 [0054.582] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.582] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx.lolkek") returned 72 [0054.582] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oyuwuklhu3vt8ens.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oyuwuklhu3vt8ens.xlsx.lolkek")) returned 1 [0054.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612560 | out: hHeap=0x5a0000) returned 1 [0054.583] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.583] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.583] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp", dwFileAttributes=0x80) returned 1 [0054.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxnmob.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.584] CloseHandle (hObject=0x2b8) returned 1 [0054.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxnmob.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.584] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18668 [0054.584] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.584] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.584] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.585] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.585] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.585] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.585] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.585] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.585] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.585] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.585] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.585] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.585] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.585] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.585] CloseHandle (hObject=0x2b8) returned 1 [0054.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.585] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp.lolkek") returned 61 [0054.585] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxnmob.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pxnmob.odp.lolkek")) returned 1 [0054.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbbaf8 | out: hHeap=0x5a0000) returned 1 [0054.586] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.586] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.586] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx", dwFileAttributes=0x80) returned 1 [0054.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r9r3qjbl gwwr.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.587] CloseHandle (hObject=0x2b8) returned 1 [0054.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r9r3qjbl gwwr.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.587] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1808d [0054.587] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.587] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.588] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.588] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.588] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.588] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.588] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.588] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.588] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.588] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.588] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.588] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.588] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.588] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.588] CloseHandle (hObject=0x2b8) returned 1 [0054.588] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.588] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx.lolkek") returned 69 [0054.588] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r9r3qjbl gwwr.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\r9r3qjbl gwwr.pptx.lolkek")) returned 1 [0054.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4230 | out: hHeap=0x5a0000) returned 1 [0054.589] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.589] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.589] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx", dwFileAttributes=0x80) returned 1 [0054.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sfncnwbqm_pep8qgpb.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.590] CloseHandle (hObject=0x2b8) returned 1 [0054.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sfncnwbqm_pep8qgpb.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.590] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd65f [0054.590] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.590] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.590] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.591] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.591] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.591] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.591] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.591] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.591] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.591] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.591] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.591] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.591] CloseHandle (hObject=0x2b8) returned 1 [0054.591] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.591] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx.lolkek") returned 74 [0054.591] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sfncnwbqm_pep8qgpb.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sfncnwbqm_pep8qgpb.xlsx.lolkek")) returned 1 [0054.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612678 | out: hHeap=0x5a0000) returned 1 [0054.592] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.592] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.592] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt", dwFileAttributes=0x80) returned 1 [0054.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdest5f spvop089.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.593] CloseHandle (hObject=0x2b8) returned 1 [0054.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdest5f spvop089.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.593] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x119f1 [0054.593] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.593] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.593] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.593] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.593] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.593] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.594] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.594] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.594] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.594] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.594] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.594] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.594] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.594] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.594] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.594] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.594] CloseHandle (hObject=0x2b8) returned 1 [0054.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.594] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt.lolkek") returned 71 [0054.594] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdest5f spvop089.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wdest5f spvop089.odt.lolkek")) returned 1 [0054.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612790 | out: hHeap=0x5a0000) returned 1 [0054.595] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.595] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.595] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx", dwFileAttributes=0x80) returned 1 [0054.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yztl4etpvj8 c.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.596] CloseHandle (hObject=0x2b8) returned 1 [0054.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yztl4etpvj8 c.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.596] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16cb2 [0054.596] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.596] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.596] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.596] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.596] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.596] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.596] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.597] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.597] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.597] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.597] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.597] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.597] CloseHandle (hObject=0x2b8) returned 1 [0054.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.597] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx.lolkek") returned 69 [0054.597] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yztl4etpvj8 c.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yztl4etpvj8 c.pptx.lolkek")) returned 1 [0054.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4548 | out: hHeap=0x5a0000) returned 1 [0054.598] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.598] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.598] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots", dwFileAttributes=0x80) returned 1 [0054.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z5yrp_9-kop6k73dlnxt.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.598] CloseHandle (hObject=0x2b8) returned 1 [0054.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z5yrp_9-kop6k73dlnxt.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.599] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16217 [0054.599] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.599] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.599] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.599] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.599] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x4000, lpOverlapped=0x0) returned 1 [0054.599] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.599] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x4000, lpOverlapped=0x0) returned 1 [0054.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.600] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.600] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.600] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.600] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.600] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.600] CloseHandle (hObject=0x2b8) returned 1 [0054.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.600] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots.lolkek") returned 75 [0054.600] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z5yrp_9-kop6k73dlnxt.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z5yrp_9-kop6k73dlnxt.ots.lolkek")) returned 1 [0054.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc018 | out: hHeap=0x5a0000) returned 1 [0054.601] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.601] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.601] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.602] CloseHandle (hObject=0x2b8) returned 1 [0054.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.602] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x11a [0054.602] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.602] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.602] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.602] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.602] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x11a, lpOverlapped=0x0) returned 1 [0054.602] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffee6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.603] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x11a, lpOverlapped=0x0) returned 1 [0054.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.603] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.603] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.603] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.603] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.603] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.603] CloseHandle (hObject=0x2b8) returned 1 [0054.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.603] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.lolkek") returned 62 [0054.603] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini.lolkek")) returned 1 [0054.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbbbe0 | out: hHeap=0x5a0000) returned 1 [0054.604] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.604] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.604] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.604] CloseHandle (hObject=0x2b8) returned 1 [0054.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.604] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x192 [0054.604] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.604] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.605] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.605] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.605] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x192, lpOverlapped=0x0) returned 1 [0054.605] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffe6e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.605] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x192, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x192, lpOverlapped=0x0) returned 1 [0054.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.605] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.605] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.605] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.605] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.606] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.606] CloseHandle (hObject=0x2b8) returned 1 [0054.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.606] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.lolkek") returned 62 [0054.606] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini.lolkek")) returned 1 [0054.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbbcc8 | out: hHeap=0x5a0000) returned 1 [0054.606] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.606] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.606] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0054.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.607] CloseHandle (hObject=0x2b8) returned 1 [0054.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.607] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x50 [0054.607] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.607] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.607] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x50, lpOverlapped=0x0) returned 1 [0054.608] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffffb0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.608] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x50, lpOverlapped=0x0) returned 1 [0054.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.608] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.608] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.608] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.608] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.609] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.609] CloseHandle (hObject=0x2b8) returned 1 [0054.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.609] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.lolkek") returned 68 [0054.609] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini.lolkek")) returned 1 [0054.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0760 | out: hHeap=0x5a0000) returned 1 [0054.616] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.616] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.616] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url", dwFileAttributes=0x80) returned 1 [0054.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.617] CloseHandle (hObject=0x2b8) returned 1 [0054.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.617] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xec [0054.617] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.617] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.618] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.618] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.618] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.618] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.618] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0xec, lpOverlapped=0x0) returned 1 [0054.618] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff14, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.618] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0xec, lpOverlapped=0x0) returned 1 [0054.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.618] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.618] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.618] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.618] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.618] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.618] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.618] CloseHandle (hObject=0x2b8) returned 1 [0054.618] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.618] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.lolkek") returned 76 [0054.618] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.lolkek")) returned 1 [0054.619] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.619] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618658 | out: hHeap=0x5a0000) returned 1 [0054.619] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.619] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.619] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url", dwFileAttributes=0x80) returned 1 [0054.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.620] CloseHandle (hObject=0x2b8) returned 1 [0054.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.620] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe2 [0054.620] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.620] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.621] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.621] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.621] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0xe2, lpOverlapped=0x0) returned 1 [0054.621] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff1e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.621] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0xe2, lpOverlapped=0x0) returned 1 [0054.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.621] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.621] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.621] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.621] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.621] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.621] CloseHandle (hObject=0x2b8) returned 1 [0054.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.622] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.lolkek") returned 78 [0054.622] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.lolkek")) returned 1 [0054.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.622] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f0c8 | out: hHeap=0x5a0000) returned 1 [0054.622] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.622] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.622] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url", dwFileAttributes=0x80) returned 1 [0054.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.623] CloseHandle (hObject=0x2b8) returned 1 [0054.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.623] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.623] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.623] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.624] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.624] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.624] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.624] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.624] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x85, lpOverlapped=0x0) returned 1 [0054.624] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.624] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x85, lpOverlapped=0x0) returned 1 [0054.624] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.624] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.624] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.624] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.624] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.624] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.624] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.624] CloseHandle (hObject=0x2b8) returned 1 [0054.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.625] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.lolkek") returned 88 [0054.625] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.lolkek")) returned 1 [0054.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cadbc8 | out: hHeap=0x5a0000) returned 1 [0054.625] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.625] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.625] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", dwFileAttributes=0x80) returned 1 [0054.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.627] CloseHandle (hObject=0x2b8) returned 1 [0054.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.628] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.628] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.628] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.628] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.628] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.628] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x85, lpOverlapped=0x0) returned 1 [0054.628] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.628] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x85, lpOverlapped=0x0) returned 1 [0054.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.629] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.629] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.629] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.629] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.629] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.629] CloseHandle (hObject=0x2b8) returned 1 [0054.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.629] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.lolkek") returned 98 [0054.629] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.lolkek")) returned 1 [0054.630] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.630] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618778 | out: hHeap=0x5a0000) returned 1 [0054.630] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.630] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.630] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url", dwFileAttributes=0x80) returned 1 [0054.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.630] CloseHandle (hObject=0x2b8) returned 1 [0054.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.631] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.631] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.631] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.631] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.631] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.631] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x85, lpOverlapped=0x0) returned 1 [0054.631] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.632] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x85, lpOverlapped=0x0) returned 1 [0054.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.632] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.632] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.632] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.632] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.632] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.632] CloseHandle (hObject=0x2b8) returned 1 [0054.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.632] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.lolkek") returned 91 [0054.632] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.lolkek")) returned 1 [0054.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5e38 | out: hHeap=0x5a0000) returned 1 [0054.633] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.633] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.633] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url", dwFileAttributes=0x80) returned 1 [0054.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0054.634] CloseHandle (hObject=0x2b8) returned 1 [0054.634] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.634] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.634] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.634] ReadFile (in: hFile=0x2b8, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.635] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.635] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.635] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x85, lpOverlapped=0x0) returned 1 [0054.635] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.635] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x85, lpOverlapped=0x0) returned 1 [0054.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.635] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.635] WriteFile (in: hFile=0x2b8, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.635] WriteFile (in: hFile=0x2b8, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.635] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.635] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.635] CloseHandle (hObject=0x2b8) returned 1 [0054.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.635] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.lolkek") returned 91 [0054.635] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.lolkek")) returned 1 [0054.636] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.636] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb66a8 | out: hHeap=0x5a0000) returned 1 [0054.636] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.636] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.636] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url", dwFileAttributes=0x80) returned 1 [0054.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.651] CloseHandle (hObject=0x2bc) returned 1 [0054.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.651] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x86 [0054.651] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.651] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.651] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.651] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.651] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.652] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.652] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x86, lpOverlapped=0x0) returned 1 [0054.652] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.652] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x86, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x86, lpOverlapped=0x0) returned 1 [0054.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.652] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.652] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.652] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.652] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.652] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.652] CloseHandle (hObject=0x2bc) returned 1 [0054.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.653] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.lolkek") returned 89 [0054.653] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.lolkek")) returned 1 [0054.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.653] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caed40 | out: hHeap=0x5a0000) returned 1 [0054.653] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.654] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.654] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url", dwFileAttributes=0x80) returned 1 [0054.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0054.654] CloseHandle (hObject=0x2bc) returned 1 [0054.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.654] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.654] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.654] ReadFile (in: hFile=0x2bc, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.655] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.655] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.655] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x85, lpOverlapped=0x0) returned 1 [0054.655] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.655] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x85, lpOverlapped=0x0) returned 1 [0054.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.655] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.655] WriteFile (in: hFile=0x2bc, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.656] WriteFile (in: hFile=0x2bc, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.656] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.656] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.656] CloseHandle (hObject=0x2bc) returned 1 [0054.656] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.656] wsprintfW (in: param_1=0x3df1f48, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.lolkek") returned 77 [0054.656] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.lolkek")) returned 1 [0054.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.656] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3ee78 | out: hHeap=0x5a0000) returned 1 [0054.656] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.657] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.657] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url", dwFileAttributes=0x80) returned 1 [0054.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0054.733] CloseHandle (hObject=0x294) returned 1 [0054.733] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0054.744] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.744] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.744] ReadFile (in: hFile=0x190, lpBuffer=0x373fb10, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x373e0f4, lpOverlapped=0x0 | out: lpBuffer=0x373fb10*, lpNumberOfBytesRead=0x373e0f4*=0xd, lpOverlapped=0x0) returned 1 [0054.745] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x373fb20 | out: pbBuffer=0x373fb20) returned 1 [0054.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.745] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.745] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x373e0cc, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x373e0cc*=0x85, lpOverlapped=0x0) returned 1 [0054.745] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.745] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x373fb10, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x373fb10*=0x85, lpOverlapped=0x0) returned 1 [0054.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.745] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.745] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.745] WriteFile (in: hFile=0x190, lpBuffer=0x373e0d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373e0d4*, lpNumberOfBytesWritten=0x373e0d8*=0x4, lpOverlapped=0x0) returned 1 [0054.745] WriteFile (in: hFile=0x190, lpBuffer=0x373fb20*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x373fb20*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.745] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x373e0d8*=0x20, lpOverlapped=0x0) returned 1 [0054.745] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x373e0d8, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x373e0d8*=0xd, lpOverlapped=0x0) returned 1 [0054.745] CloseHandle (hObject=0x190) returned 1 [0054.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0054.756] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.lolkek") returned 85 [0054.756] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.lolkek")) returned 1 [0055.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0055.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615f58 | out: hHeap=0x5a0000) returned 1 [0055.557] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.557] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.558] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", dwFileAttributes=0x80) returned 0 [0055.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.558] RmStartSession () returned 0x0 [0055.560] RmRegisterResources () returned 0x0 [0055.563] RmGetList () returned 0x0 [0055.718] RmEndSession () returned 0x0 [0055.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf11a0 | out: hHeap=0x5a0000) returned 1 [0055.736] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.737] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.737] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png", dwFileAttributes=0x80) returned 0 [0055.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.737] RmStartSession () returned 0x0 [0055.739] RmRegisterResources () returned 0x0 [0055.741] RmGetList () returned 0x0 [0056.099] RmEndSession () returned 0x0 [0056.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd4c80 | out: hHeap=0x5a0000) returned 1 [0056.173] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.173] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.173] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml", dwFileAttributes=0x80) returned 0 [0056.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.173] RmStartSession () returned 0x0 [0056.175] RmRegisterResources () returned 0x0 [0056.177] RmGetList () returned 0x0 [0056.591] RmEndSession () returned 0x0 [0056.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.744] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be01f8 | out: hHeap=0x5a0000) returned 1 [0056.745] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.745] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.745] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf", dwFileAttributes=0x80) returned 1 [0056.745] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.745] RmStartSession () returned 0x0 [0056.747] RmRegisterResources () returned 0x0 [0056.749] RmGetList () returned 0x0 [0056.988] GetCurrentProcessId () returned 0x86c [0056.988] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0056.988] RmEndSession () returned 0x0 [0057.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racdatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.009] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec51a8 | out: hHeap=0x5a0000) returned 1 [0057.009] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.009] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.009] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", dwFileAttributes=0x80) returned 0 [0057.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.010] RmStartSession () returned 0x0 [0057.012] RmRegisterResources () returned 0x0 [0057.016] RmGetList () returned 0x0 [0057.324] RmEndSession () returned 0x0 [0057.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6540 | out: hHeap=0x5a0000) returned 1 [0057.344] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.344] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.344] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp", dwFileAttributes=0x80) returned 0 [0057.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.344] RmStartSession () returned 0x0 [0057.346] RmRegisterResources () returned 0x0 [0057.351] RmGetList () returned 0x0 [0057.784] RmEndSession () returned 0x0 [0057.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile18.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6f18 | out: hHeap=0x5a0000) returned 1 [0057.806] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.806] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.807] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", dwFileAttributes=0x80) returned 0 [0057.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.807] RmStartSession () returned 0x0 [0057.812] RmRegisterResources () returned 0x0 [0057.814] RmGetList () returned 0x0 [0057.986] RmEndSession () returned 0x0 [0058.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.004] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da41d0 | out: hHeap=0x5a0000) returned 1 [0058.004] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.004] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.004] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp", dwFileAttributes=0x80) returned 0 [0058.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.005] RmStartSession () returned 0x0 [0058.006] RmRegisterResources () returned 0x0 [0058.009] RmGetList () returned 0x0 [0059.358] RmEndSession () returned 0x0 [0059.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile31.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.378] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4770 | out: hHeap=0x5a0000) returned 1 [0059.378] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.378] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.378] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp", dwFileAttributes=0x80) returned 0 [0059.378] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.378] RmStartSession () returned 0x0 [0059.380] RmRegisterResources () returned 0x0 [0059.384] RmGetList () returned 0x0 [0062.375] RmEndSession () returned 0x0 [0063.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile42.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.015] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da56e8 | out: hHeap=0x5a0000) returned 1 [0063.015] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 14 os_tid = 0x948 [0035.511] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui", dwFileAttributes=0x80) returned 0 [0035.857] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.858] RmStartSession () returned 0x0 [0036.374] RmRegisterResources () returned 0x0 [0036.377] RmGetList () returned 0x0 [0037.120] RmEndSession () returned 0x0 [0037.145] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f8c8 | out: hHeap=0x5a0000) returned 1 [0037.146] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.146] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.146] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.146] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.146] RmStartSession () returned 0x0 [0037.149] RmRegisterResources () returned 0x0 [0037.152] RmGetList () returned 0x0 [0037.822] RmEndSession () returned 0x0 [0037.840] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fee8 | out: hHeap=0x5a0000) returned 1 [0037.840] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.840] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.840] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.840] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.840] RmStartSession () returned 0x0 [0037.843] RmRegisterResources () returned 0x0 [0037.845] RmGetList () returned 0x0 [0041.748] RmEndSession () returned 0x0 [0041.776] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0041.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x630518 | out: hHeap=0x5a0000) returned 1 [0041.777] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.777] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.777] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico", dwFileAttributes=0x80) returned 0 [0041.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.777] RmStartSession () returned 0x0 [0041.784] RmRegisterResources () returned 0x0 [0041.786] RmGetList () returned 0x0 [0042.846] RmEndSession () returned 0x0 [0042.867] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.868] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66cff0 | out: hHeap=0x5a0000) returned 1 [0042.868] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.868] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.868] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico", dwFileAttributes=0x80) returned 0 [0042.868] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.868] RmStartSession () returned 0x0 [0042.872] RmRegisterResources () returned 0x0 [0042.874] RmGetList () returned 0x0 [0044.042] RmEndSession () returned 0x0 [0044.068] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676fa8 | out: hHeap=0x5a0000) returned 1 [0044.068] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.068] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.068] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp", dwFileAttributes=0x80) returned 0 [0044.068] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.069] RmStartSession () returned 0x0 [0044.071] RmRegisterResources () returned 0x0 [0044.073] RmGetList () returned 0x0 [0044.746] RmEndSession () returned 0x0 [0044.768] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile11.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676530 | out: hHeap=0x5a0000) returned 1 [0044.768] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.768] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.768] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", dwFileAttributes=0x80) returned 0 [0044.768] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.768] RmStartSession () returned 0x0 [0044.771] RmRegisterResources () returned 0x0 [0044.773] RmGetList () returned 0x0 [0045.413] RmEndSession () returned 0x0 [0045.432] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614660 | out: hHeap=0x5a0000) returned 1 [0045.432] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.432] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.433] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp", dwFileAttributes=0x80) returned 0 [0045.433] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.433] RmStartSession () returned 0x0 [0045.435] RmRegisterResources () returned 0x0 [0045.437] RmGetList () returned 0x0 [0046.209] RmEndSession () returned 0x0 [0046.230] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile35.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615680 | out: hHeap=0x5a0000) returned 1 [0046.230] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.230] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.230] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov", dwFileAttributes=0x80) returned 0 [0046.230] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0046.230] RmStartSession () returned 0x0 [0046.233] RmRegisterResources () returned 0x0 [0046.235] RmGetList () returned 0x0 [0047.200] RmEndSession () returned 0x0 [0047.221] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\generic.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0047.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae3d8 | out: hHeap=0x5a0000) returned 1 [0047.221] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.221] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.221] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe", dwFileAttributes=0x80) returned 1 [0050.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.380] CloseHandle (hObject=0x27c) returned 1 [0050.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.380] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x113fa9 [0050.380] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.380] ReadFile (in: hFile=0x27c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.380] CloseHandle (hObject=0x27c) returned 1 [0050.380] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634058 | out: hHeap=0x5a0000) returned 1 [0050.380] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.380] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.380] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", dwFileAttributes=0x80) returned 1 [0050.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.381] CloseHandle (hObject=0x27c) returned 1 [0050.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.381] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.381] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.381] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.381] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x0, lpOverlapped=0x0) returned 1 [0050.381] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.381] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.381] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.381] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.382] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.382] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.382] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.382] CloseHandle (hObject=0x27c) returned 1 [0050.383] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.383] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.lolkek") returned 173 [0050.383] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal.lolkek")) returned 1 [0050.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67cd50 | out: hHeap=0x5a0000) returned 1 [0050.383] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.383] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.383] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", dwFileAttributes=0x80) returned 1 [0050.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.386] CloseHandle (hObject=0x27c) returned 1 [0050.386] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.386] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4800 [0050.386] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.386] ReadFile (in: hFile=0x27c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.393] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.393] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.393] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0050.395] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.395] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0050.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.396] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.396] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.396] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.396] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.396] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.396] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.396] CloseHandle (hObject=0x27c) returned 1 [0050.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.396] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.lolkek") returned 97 [0050.396] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data.lolkek")) returned 1 [0050.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.397] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf1208 | out: hHeap=0x5a0000) returned 1 [0050.397] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.397] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.397] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal", dwFileAttributes=0x80) returned 1 [0050.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.397] CloseHandle (hObject=0x27c) returned 1 [0050.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.398] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.398] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.398] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.398] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.398] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.398] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x0, lpOverlapped=0x0) returned 1 [0050.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.398] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.398] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.399] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.399] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.399] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.399] CloseHandle (hObject=0x27c) returned 1 [0050.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.399] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal.lolkek") returned 119 [0050.399] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal.lolkek")) returned 1 [0050.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.400] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e368e0 | out: hHeap=0x5a0000) returned 1 [0050.400] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.400] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.400] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State", dwFileAttributes=0x80) returned 1 [0050.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.400] CloseHandle (hObject=0x27c) returned 1 [0050.400] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.400] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x28 [0050.400] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.401] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.401] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x28, lpOverlapped=0x0) returned 1 [0050.401] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffffd8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.401] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x28, lpOverlapped=0x0) returned 1 [0050.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.401] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.401] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.402] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.402] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.402] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.402] CloseHandle (hObject=0x27c) returned 1 [0050.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.402] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State.lolkek") returned 111 [0050.402] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state.lolkek")) returned 1 [0050.403] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.403] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e34ee0 | out: hHeap=0x5a0000) returned 1 [0050.403] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.403] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.403] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs", dwFileAttributes=0x80) returned 1 [0050.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.403] CloseHandle (hObject=0x27c) returned 1 [0050.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.404] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1400 [0050.404] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.404] ReadFile (in: hFile=0x27c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.413] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.413] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.413] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.413] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.413] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x1400, lpOverlapped=0x0) returned 1 [0050.414] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffec00, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.414] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x1400, lpOverlapped=0x0) returned 1 [0050.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.415] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.415] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.415] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.415] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.415] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.415] CloseHandle (hObject=0x27c) returned 1 [0050.415] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0050.415] wsprintfW (in: param_1=0x658b00, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.lolkek") returned 105 [0050.415] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs.lolkek")) returned 1 [0050.416] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0050.416] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6986c8 | out: hHeap=0x5a0000) returned 1 [0050.416] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.416] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.416] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db", dwFileAttributes=0x80) returned 1 [0050.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.416] CloseHandle (hObject=0x27c) returned 1 [0050.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.417] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0050.417] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.417] ReadFile (in: hFile=0x27c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.425] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.425] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.425] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0050.436] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.436] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0050.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.436] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.436] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.436] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.436] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.436] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.436] CloseHandle (hObject=0x27c) returned 1 [0050.436] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.436] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.lolkek") returned 106 [0050.437] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db.lolkek")) returned 1 [0050.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f8a0 | out: hHeap=0x5a0000) returned 1 [0050.437] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.437] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.437] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal", dwFileAttributes=0x80) returned 1 [0050.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.438] CloseHandle (hObject=0x27c) returned 1 [0050.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.438] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.438] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.438] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.438] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x0, lpOverlapped=0x0) returned 1 [0050.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.438] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.438] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.438] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.439] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.439] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.439] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.439] CloseHandle (hObject=0x27c) returned 1 [0050.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.439] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal.lolkek") returned 104 [0050.440] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal.lolkek")) returned 1 [0050.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c608 | out: hHeap=0x5a0000) returned 1 [0050.440] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.440] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.440] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log", dwFileAttributes=0x80) returned 1 [0050.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.441] CloseHandle (hObject=0x27c) returned 1 [0050.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.441] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.441] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.441] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.441] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x0, lpOverlapped=0x0) returned 1 [0050.441] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.441] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.441] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.441] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.442] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.442] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.442] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.442] CloseHandle (hObject=0x27c) returned 1 [0050.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.442] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.lolkek") returned 154 [0050.442] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log.lolkek")) returned 1 [0050.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c798 | out: hHeap=0x5a0000) returned 1 [0050.443] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.443] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.443] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT", dwFileAttributes=0x80) returned 1 [0050.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.444] CloseHandle (hObject=0x27c) returned 1 [0050.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.444] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10 [0050.444] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.444] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.444] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x10, lpOverlapped=0x0) returned 1 [0050.444] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.445] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x10, lpOverlapped=0x0) returned 1 [0050.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.445] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.445] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.445] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.445] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.445] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.445] CloseHandle (hObject=0x27c) returned 1 [0050.445] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.445] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.lolkek") returned 151 [0050.445] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current.lolkek")) returned 1 [0050.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c9f0 | out: hHeap=0x5a0000) returned 1 [0050.446] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.446] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.446] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK", dwFileAttributes=0x80) returned 1 [0050.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.446] CloseHandle (hObject=0x27c) returned 1 [0050.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.447] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0050.447] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.447] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.447] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x0, lpOverlapped=0x0) returned 1 [0050.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.447] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.447] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.448] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.448] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.448] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.448] CloseHandle (hObject=0x27c) returned 1 [0050.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.448] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK.lolkek") returned 148 [0050.448] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock.lolkek")) returned 1 [0050.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cc40 | out: hHeap=0x5a0000) returned 1 [0050.449] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.449] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.449] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG", dwFileAttributes=0x80) returned 1 [0050.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.449] CloseHandle (hObject=0x27c) returned 1 [0050.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.449] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc3 [0050.449] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.449] ReadFile (in: hFile=0x27c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.450] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.450] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.450] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0xc3, lpOverlapped=0x0) returned 1 [0050.450] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff3d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.450] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xc3, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0xc3, lpOverlapped=0x0) returned 1 [0050.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.450] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.450] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.451] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.451] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.451] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.451] CloseHandle (hObject=0x27c) returned 1 [0050.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.451] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.lolkek") returned 147 [0050.451] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log.lolkek")) returned 1 [0050.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.452] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde258 | out: hHeap=0x5a0000) returned 1 [0050.452] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.452] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.452] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001", dwFileAttributes=0x80) returned 1 [0050.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0050.452] CloseHandle (hObject=0x27c) returned 1 [0050.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0050.453] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29 [0050.453] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.453] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.453] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x29, lpOverlapped=0x0) returned 1 [0050.453] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffffd7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.453] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x29, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x29, lpOverlapped=0x0) returned 1 [0050.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.453] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.454] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.454] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.454] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.454] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.454] CloseHandle (hObject=0x27c) returned 1 [0050.454] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.454] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.lolkek") returned 159 [0050.454] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001.lolkek")) returned 1 [0050.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.455] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde498 | out: hHeap=0x5a0000) returned 1 [0050.455] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.455] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.455] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites", dwFileAttributes=0x80) returned 1 [0050.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0050.485] CloseHandle (hObject=0x1b4) returned 1 [0050.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.616] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5000 [0050.616] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.616] ReadFile (in: hFile=0x270, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.617] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0050.618] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.618] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.618] ReadFile (in: hFile=0x270, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0050.619] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.619] WriteFile (in: hFile=0x270, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0050.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0050.620] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.620] WriteFile (in: hFile=0x270, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.621] WriteFile (in: hFile=0x270, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.621] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.621] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.621] CloseHandle (hObject=0x270) returned 1 [0050.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.621] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites.lolkek") returned 96 [0050.622] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites.lolkek")) returned 1 [0050.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc018 | out: hHeap=0x5a0000) returned 1 [0050.783] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.783] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.783] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0050.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.863] CloseHandle (hObject=0x268) returned 1 [0050.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.875] GetFileSize (in: hFile=0x25c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x504 [0050.875] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.875] ReadFile (in: hFile=0x25c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.876] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.877] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.877] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.877] ReadFile (in: hFile=0x25c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x504, lpOverlapped=0x0) returned 1 [0050.877] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffafc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.877] WriteFile (in: hFile=0x25c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x504, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x504, lpOverlapped=0x0) returned 1 [0050.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.877] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.877] WriteFile (in: hFile=0x25c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.877] WriteFile (in: hFile=0x25c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.877] WriteFile (in: hFile=0x25c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.877] WriteFile (in: hFile=0x25c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.878] CloseHandle (hObject=0x25c) returned 1 [0050.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.878] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.lolkek") returned 145 [0050.878] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl.lolkek")) returned 1 [0050.931] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.931] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6150 | out: hHeap=0x5a0000) returned 1 [0050.931] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.932] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.932] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl", dwFileAttributes=0x80) returned 1 [0050.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0050.984] CloseHandle (hObject=0x258) returned 1 [0050.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.987] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x31d [0050.987] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.987] ReadFile (in: hFile=0x1ec, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0050.989] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0050.989] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.989] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.989] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.989] ReadFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x31d, lpOverlapped=0x0) returned 1 [0050.989] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffce3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.989] WriteFile (in: hFile=0x1ec, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x31d, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x31d, lpOverlapped=0x0) returned 1 [0050.990] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.990] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.990] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.990] WriteFile (in: hFile=0x1ec, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0050.990] WriteFile (in: hFile=0x1ec, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.990] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0050.990] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0050.990] CloseHandle (hObject=0x1ec) returned 1 [0050.990] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.990] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.lolkek") returned 147 [0050.991] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl.lolkek")) returned 1 [0051.073] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.073] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd54c8 | out: hHeap=0x5a0000) returned 1 [0051.073] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.073] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.073] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf", dwFileAttributes=0x80) returned 1 [0051.073] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0051.074] CloseHandle (hObject=0x210) returned 1 [0051.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.074] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x462 [0051.074] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.074] ReadFile (in: hFile=0x210, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.077] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.077] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.078] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x462, lpOverlapped=0x0) returned 1 [0051.078] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffb9e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.078] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x462, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x462, lpOverlapped=0x0) returned 1 [0051.078] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.078] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.078] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.078] WriteFile (in: hFile=0x210, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.078] WriteFile (in: hFile=0x210, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.078] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.078] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.078] CloseHandle (hObject=0x210) returned 1 [0051.078] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.078] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf.lolkek") returned 84 [0051.078] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf.lolkek")) returned 1 [0051.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616eb8 | out: hHeap=0x5a0000) returned 1 [0051.103] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.103] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.103] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi", dwFileAttributes=0x80) returned 1 [0051.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0051.172] CloseHandle (hObject=0x268) returned 1 [0051.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.241] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb9 [0051.241] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.241] ReadFile (in: hFile=0x1e0, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.242] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.242] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.242] ReadFile (in: hFile=0x1e0, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x3a3e23c*=0xb9, lpOverlapped=0x0) returned 1 [0051.242] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffff47, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.242] WriteFile (in: hFile=0x1e0, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0xb9, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x3a3fc80*=0xb9, lpOverlapped=0x0) returned 1 [0051.242] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.242] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.242] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.242] WriteFile (in: hFile=0x1e0, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.242] WriteFile (in: hFile=0x1e0, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.242] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.242] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.242] CloseHandle (hObject=0x1e0) returned 1 [0051.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.253] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi.lolkek") returned 95 [0051.253] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi.lolkek")) returned 1 [0051.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698860 | out: hHeap=0x5a0000) returned 1 [0051.267] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.267] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.267] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg", dwFileAttributes=0x80) returned 1 [0051.299] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.303] CloseHandle (hObject=0x24c) returned 1 [0051.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.314] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1906 [0051.314] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.314] ReadFile (in: hFile=0x280, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.317] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.317] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.317] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x1906, lpOverlapped=0x0) returned 1 [0051.318] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffe6fa, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.318] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1906, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x1906, lpOverlapped=0x0) returned 1 [0051.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.319] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.319] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.319] WriteFile (in: hFile=0x280, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.319] WriteFile (in: hFile=0x280, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.319] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.319] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.319] CloseHandle (hObject=0x280) returned 1 [0051.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0051.320] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.lolkek") returned 105 [0051.320] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg.lolkek")) returned 1 [0051.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0051.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0a88 | out: hHeap=0x5a0000) returned 1 [0051.351] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.351] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.351] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg", dwFileAttributes=0x80) returned 1 [0051.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0051.423] CloseHandle (hObject=0x23c) returned 1 [0051.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0051.423] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x127e [0051.423] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.423] ReadFile (in: hFile=0x23c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.428] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0051.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.429] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.429] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x127e, lpOverlapped=0x0) returned 1 [0051.435] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xffffed82, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.435] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x127e, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x127e, lpOverlapped=0x0) returned 1 [0051.435] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.435] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0051.435] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.435] WriteFile (in: hFile=0x23c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.436] WriteFile (in: hFile=0x23c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.436] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.436] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.436] CloseHandle (hObject=0x23c) returned 1 [0051.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.441] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.lolkek") returned 105 [0051.441] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg.lolkek")) returned 1 [0051.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.769] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6575e8 | out: hHeap=0x5a0000) returned 1 [0051.769] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.769] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.769] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi", dwFileAttributes=0x80) returned 1 [0051.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gw3utft22-p.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.770] CloseHandle (hObject=0x228) returned 1 [0051.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gw3utft22-p.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.770] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18c5a [0051.770] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.770] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.770] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.771] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.771] ReadFile (in: hFile=0x228, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0051.771] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.771] WriteFile (in: hFile=0x228, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0051.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.771] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.771] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.771] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.771] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.771] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.771] CloseHandle (hObject=0x228) returned 1 [0051.772] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.772] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi.lolkek") returned 75 [0051.772] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gw3utft22-p.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gw3utft22-p.avi.lolkek")) returned 1 [0051.772] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.772] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc230 | out: hHeap=0x5a0000) returned 1 [0051.772] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.773] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.773] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini", dwFileAttributes=0x80) returned 1 [0051.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.773] CloseHandle (hObject=0x228) returned 1 [0051.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.773] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x91 [0051.773] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.774] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.774] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.774] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.774] ReadFile (in: hFile=0x228, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x3a3e23c*=0x91, lpOverlapped=0x0) returned 1 [0051.774] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffff6f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.774] WriteFile (in: hFile=0x228, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x91, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x3a3fc80*=0x91, lpOverlapped=0x0) returned 1 [0051.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.775] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.775] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.775] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.775] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.775] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.775] CloseHandle (hObject=0x228) returned 1 [0051.775] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.775] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini.lolkek") returned 91 [0051.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini.lolkek")) returned 1 [0051.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.776] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6978 | out: hHeap=0x5a0000) returned 1 [0051.776] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.776] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.776] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat", dwFileAttributes=0x80) returned 1 [0051.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.776] CloseHandle (hObject=0x228) returned 1 [0051.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.776] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0051.776] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.777] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.819] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.819] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.819] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0051.849] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.849] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0051.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.850] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.850] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.850] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.850] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.850] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.850] CloseHandle (hObject=0x228) returned 1 [0051.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.850] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat.lolkek") returned 89 [0051.850] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat.lolkek")) returned 1 [0051.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caed40 | out: hHeap=0x5a0000) returned 1 [0051.851] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.851] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.851] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini", dwFileAttributes=0x80) returned 1 [0051.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.852] CloseHandle (hObject=0x228) returned 1 [0051.852] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.852] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0051.852] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.852] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.852] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x43, lpOverlapped=0x0) returned 1 [0051.853] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.853] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x43, lpOverlapped=0x0) returned 1 [0051.853] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.853] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.853] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.853] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.853] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.853] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.853] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.853] CloseHandle (hObject=0x228) returned 1 [0051.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.853] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini.lolkek") returned 117 [0051.853] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini.lolkek")) returned 1 [0051.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de02e8 | out: hHeap=0x5a0000) returned 1 [0051.854] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.854] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini", dwFileAttributes=0x80) returned 1 [0051.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.855] CloseHandle (hObject=0x228) returned 1 [0051.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.855] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0051.855] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.855] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.855] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x43, lpOverlapped=0x0) returned 1 [0051.856] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.856] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x43, lpOverlapped=0x0) returned 1 [0051.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.856] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.856] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.856] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.856] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.856] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.856] CloseHandle (hObject=0x228) returned 1 [0051.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.856] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini.lolkek") returned 117 [0051.856] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini.lolkek")) returned 1 [0051.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1b60 | out: hHeap=0x5a0000) returned 1 [0051.857] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini", dwFileAttributes=0x80) returned 1 [0051.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.858] CloseHandle (hObject=0x228) returned 1 [0051.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.858] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x43 [0051.858] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.858] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.858] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x43, lpOverlapped=0x0) returned 1 [0051.859] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffffbd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.859] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x43, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x43, lpOverlapped=0x0) returned 1 [0051.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.859] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.859] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.859] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.859] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.859] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.859] CloseHandle (hObject=0x228) returned 1 [0051.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.859] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini.lolkek") returned 117 [0051.859] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini.lolkek")) returned 1 [0051.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x698400 | out: hHeap=0x5a0000) returned 1 [0051.860] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.860] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.860] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp", dwFileAttributes=0x80) returned 1 [0051.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v6aqft-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.860] CloseHandle (hObject=0x228) returned 1 [0051.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v6aqft-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.861] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x66fb [0051.861] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.861] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.861] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.861] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.861] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0051.861] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.861] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0051.861] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.861] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.862] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.862] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.862] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.862] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.862] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.862] CloseHandle (hObject=0x228) returned 1 [0051.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.862] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp.lolkek") returned 71 [0051.862] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v6aqft-.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v6aqft-.bmp.lolkek")) returned 1 [0051.863] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.863] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611840 | out: hHeap=0x5a0000) returned 1 [0051.863] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.863] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.863] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt", dwFileAttributes=0x80) returned 1 [0051.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v8bp-syyw8t_k76d9gd6.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.863] CloseHandle (hObject=0x228) returned 1 [0051.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v8bp-syyw8t_k76d9gd6.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.863] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd2ca [0051.863] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.863] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.864] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.864] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.864] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0051.864] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.864] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0051.864] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.864] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.864] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.864] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.864] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.864] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.864] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.865] CloseHandle (hObject=0x228) returned 1 [0051.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.865] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt.lolkek") returned 84 [0051.865] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v8bp-syyw8t_k76d9gd6.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v8bp-syyw8t_k76d9gd6.odt.lolkek")) returned 1 [0051.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.865] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617668 | out: hHeap=0x5a0000) returned 1 [0051.865] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.865] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.865] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a", dwFileAttributes=0x80) returned 1 [0051.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wvzq5m-fa_vyq0ddoag.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.866] CloseHandle (hObject=0x228) returned 1 [0051.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wvzq5m-fa_vyq0ddoag.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.866] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17bf5 [0051.866] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.866] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.866] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.867] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.867] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0051.867] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.867] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0051.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.867] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.867] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.867] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.867] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.867] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.867] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.867] CloseHandle (hObject=0x228) returned 1 [0051.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.867] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a.lolkek") returned 83 [0051.867] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wvzq5m-fa_vyq0ddoag.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wvzq5m-fa_vyq0ddoag.m4a.lolkek")) returned 1 [0051.868] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.868] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6161e8 | out: hHeap=0x5a0000) returned 1 [0051.868] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.868] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.868] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv", dwFileAttributes=0x80) returned 1 [0051.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\_2iu.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.869] CloseHandle (hObject=0x228) returned 1 [0051.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\_2iu.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.869] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1fd2 [0051.869] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.869] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.869] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.869] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.869] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x1fd2, lpOverlapped=0x0) returned 1 [0051.869] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffe02e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.869] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1fd2, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x1fd2, lpOverlapped=0x0) returned 1 [0051.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.870] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.870] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.870] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.870] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.870] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.870] CloseHandle (hObject=0x228) returned 1 [0051.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.870] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv.lolkek") returned 68 [0051.870] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\_2iu.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\_2iu.mkv.lolkek")) returned 1 [0051.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0360 | out: hHeap=0x5a0000) returned 1 [0051.871] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.871] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.871] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip", dwFileAttributes=0x80) returned 1 [0051.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0051.872] CloseHandle (hObject=0x228) returned 1 [0051.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0051.872] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa5ff [0051.872] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.872] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0051.898] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0051.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0051.898] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.898] ReadFile (in: hFile=0x228, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0051.908] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.908] WriteFile (in: hFile=0x228, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0051.908] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0051.909] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.909] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.909] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0051.909] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.909] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0051.909] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0051.909] CloseHandle (hObject=0x228) returned 1 [0051.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0051.909] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.lolkek") returned 91 [0051.909] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip.lolkek")) returned 1 [0051.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0051.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6c48 | out: hHeap=0x5a0000) returned 1 [0051.910] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.910] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.910] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", dwFileAttributes=0x80) returned 1 [0051.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.001] CloseHandle (hObject=0x2bc) returned 1 [0052.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0052.006] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d8 [0052.006] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.006] ReadFile (in: hFile=0x2bc, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.007] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.007] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.007] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x1d8, lpOverlapped=0x0) returned 1 [0052.008] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.008] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d8, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x1d8, lpOverlapped=0x0) returned 1 [0052.008] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.008] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.008] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.008] WriteFile (in: hFile=0x2bc, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.008] WriteFile (in: hFile=0x2bc, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.008] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.008] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.008] CloseHandle (hObject=0x2bc) returned 1 [0052.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.010] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.lolkek") returned 158 [0052.010] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973.lolkek")) returned 1 [0052.033] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.033] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec70d0 | out: hHeap=0x5a0000) returned 1 [0052.033] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.033] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.033] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", dwFileAttributes=0x80) returned 1 [0052.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.060] CloseHandle (hObject=0x228) returned 1 [0052.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.066] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2d7 [0052.066] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.066] ReadFile (in: hFile=0x258, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.069] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.069] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.069] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.069] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.069] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x2d7, lpOverlapped=0x0) returned 1 [0052.069] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffd29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.069] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2d7, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x2d7, lpOverlapped=0x0) returned 1 [0052.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.069] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.069] WriteFile (in: hFile=0x258, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.070] WriteFile (in: hFile=0x258, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.070] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.070] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.070] CloseHandle (hObject=0x258) returned 1 [0052.071] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.071] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.lolkek") returned 158 [0052.071] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220.lolkek")) returned 1 [0052.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddd270 | out: hHeap=0x5a0000) returned 1 [0052.102] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.102] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.102] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", dwFileAttributes=0x80) returned 1 [0052.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.122] CloseHandle (hObject=0x2a0) returned 1 [0052.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.130] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.130] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.130] ReadFile (in: hFile=0x280, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.130] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.130] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.131] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x1cf, lpOverlapped=0x0) returned 1 [0052.131] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.131] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x1cf, lpOverlapped=0x0) returned 1 [0052.131] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.131] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.131] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.131] WriteFile (in: hFile=0x280, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.131] WriteFile (in: hFile=0x280, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.131] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.131] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.131] CloseHandle (hObject=0x280) returned 1 [0052.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.132] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.lolkek") returned 158 [0052.132] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1.lolkek")) returned 1 [0052.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da8068 | out: hHeap=0x5a0000) returned 1 [0052.156] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.156] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.156] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", dwFileAttributes=0x80) returned 1 [0052.175] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0052.182] CloseHandle (hObject=0x210) returned 1 [0052.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.189] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e3 [0052.189] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.189] ReadFile (in: hFile=0x258, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.191] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.191] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.191] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.191] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.191] ReadFile (in: hFile=0x258, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x6e3, lpOverlapped=0x0) returned 1 [0052.191] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffff91d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.191] WriteFile (in: hFile=0x258, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x6e3, lpOverlapped=0x0) returned 1 [0052.191] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.191] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.191] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.191] WriteFile (in: hFile=0x258, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.192] WriteFile (in: hFile=0x258, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.192] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.192] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.192] CloseHandle (hObject=0x258) returned 1 [0052.192] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.193] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.lolkek") returned 158 [0052.193] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416.lolkek")) returned 1 [0052.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9878 | out: hHeap=0x5a0000) returned 1 [0052.216] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.216] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.216] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", dwFileAttributes=0x80) returned 1 [0052.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0052.244] CloseHandle (hObject=0x224) returned 1 [0052.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.252] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x652 [0052.252] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.252] ReadFile (in: hFile=0x224, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.253] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.253] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.253] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x652, lpOverlapped=0x0) returned 1 [0052.254] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffff9ae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.254] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x652, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x652, lpOverlapped=0x0) returned 1 [0052.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.254] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.254] WriteFile (in: hFile=0x224, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.254] WriteFile (in: hFile=0x224, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.254] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.254] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.254] CloseHandle (hObject=0x224) returned 1 [0052.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.256] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.lolkek") returned 158 [0052.256] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8.lolkek")) returned 1 [0052.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3daae20 | out: hHeap=0x5a0000) returned 1 [0052.282] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.282] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.282] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", dwFileAttributes=0x80) returned 1 [0052.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.371] CloseHandle (hObject=0x23c) returned 1 [0052.372] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.378] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x64c [0052.378] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.378] ReadFile (in: hFile=0x23c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.383] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.383] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.383] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.383] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.383] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x64c, lpOverlapped=0x0) returned 1 [0052.383] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffff9b4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.383] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x64c, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x64c, lpOverlapped=0x0) returned 1 [0052.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.383] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.383] WriteFile (in: hFile=0x23c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.383] WriteFile (in: hFile=0x23c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.383] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.383] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.384] CloseHandle (hObject=0x23c) returned 1 [0052.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.384] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.lolkek") returned 158 [0052.384] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1.lolkek")) returned 1 [0052.384] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.385] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec0440 | out: hHeap=0x5a0000) returned 1 [0052.385] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.385] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.385] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", dwFileAttributes=0x80) returned 1 [0052.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.403] CloseHandle (hObject=0x280) returned 1 [0052.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.414] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x198 [0052.414] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.414] ReadFile (in: hFile=0x210, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.415] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.415] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.415] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.415] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.415] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x198, lpOverlapped=0x0) returned 1 [0052.415] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe68, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.415] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x198, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x198, lpOverlapped=0x0) returned 1 [0052.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.415] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.415] WriteFile (in: hFile=0x210, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.415] WriteFile (in: hFile=0x210, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.415] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.415] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.415] CloseHandle (hObject=0x210) returned 1 [0052.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.418] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.lolkek") returned 159 [0052.418] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd.lolkek")) returned 1 [0052.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb4b0 | out: hHeap=0x5a0000) returned 1 [0052.436] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.436] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.436] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", dwFileAttributes=0x80) returned 1 [0052.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.452] CloseHandle (hObject=0x2a0) returned 1 [0052.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.465] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182 [0052.465] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.465] ReadFile (in: hFile=0x210, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.466] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.466] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.466] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.466] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.466] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x182, lpOverlapped=0x0) returned 1 [0052.466] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.466] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x182, lpOverlapped=0x0) returned 1 [0052.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.466] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.466] WriteFile (in: hFile=0x210, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.466] WriteFile (in: hFile=0x210, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.466] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.467] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.467] CloseHandle (hObject=0x210) returned 1 [0052.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.467] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.lolkek") returned 159 [0052.467] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30.lolkek")) returned 1 [0052.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb9140 | out: hHeap=0x5a0000) returned 1 [0052.486] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.486] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.486] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", dwFileAttributes=0x80) returned 1 [0052.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.501] CloseHandle (hObject=0x228) returned 1 [0052.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.521] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x182 [0052.521] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.521] ReadFile (in: hFile=0x224, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.524] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.524] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.524] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x182, lpOverlapped=0x0) returned 1 [0052.524] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffe7e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.525] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x182, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x182, lpOverlapped=0x0) returned 1 [0052.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.526] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.526] WriteFile (in: hFile=0x224, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.527] WriteFile (in: hFile=0x224, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.527] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.527] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.527] CloseHandle (hObject=0x224) returned 1 [0052.528] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.528] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.lolkek") returned 159 [0052.528] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061.lolkek")) returned 1 [0052.548] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.548] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebad18 | out: hHeap=0x5a0000) returned 1 [0052.548] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.548] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.548] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", dwFileAttributes=0x80) returned 1 [0052.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0052.568] CloseHandle (hObject=0x280) returned 1 [0052.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0052.577] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x194 [0052.577] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.577] ReadFile (in: hFile=0x2bc, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.578] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.578] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.578] ReadFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x194, lpOverlapped=0x0) returned 1 [0052.578] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.578] WriteFile (in: hFile=0x2bc, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x194, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x194, lpOverlapped=0x0) returned 1 [0052.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.578] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.578] WriteFile (in: hFile=0x2bc, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.579] WriteFile (in: hFile=0x2bc, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.579] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.579] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.579] CloseHandle (hObject=0x2bc) returned 1 [0052.579] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.579] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.lolkek") returned 159 [0052.579] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc.lolkek")) returned 1 [0052.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebb738 | out: hHeap=0x5a0000) returned 1 [0052.857] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT", dwFileAttributes=0x80) returned 1 [0052.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.857] CloseHandle (hObject=0x294) returned 1 [0052.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.858] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5f600 [0052.858] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.858] ReadFile (in: hFile=0x294, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.869] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.869] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.869] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0052.876] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.876] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0052.876] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.876] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.876] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.876] WriteFile (in: hFile=0x294, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.876] WriteFile (in: hFile=0x294, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.876] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.876] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.876] CloseHandle (hObject=0x294) returned 1 [0052.877] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.877] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.lolkek") returned 96 [0052.877] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt.lolkek")) returned 1 [0052.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62c750 | out: hHeap=0x5a0000) returned 1 [0052.878] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.878] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.878] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK", dwFileAttributes=0x80) returned 1 [0052.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0052.879] CloseHandle (hObject=0x294) returned 1 [0052.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.879] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x59a [0052.879] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.879] ReadFile (in: hFile=0x294, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0052.885] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0052.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0052.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3dac050 [0052.885] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.885] ReadFile (in: hFile=0x294, lpBuffer=0x3dac050, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesRead=0x3a3e23c*=0x59a, lpOverlapped=0x0) returned 1 [0052.885] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffa66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.885] WriteFile (in: hFile=0x294, lpBuffer=0x3dac050*, nNumberOfBytesToWrite=0x59a, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3dac050*, lpNumberOfBytesWritten=0x3a3fc80*=0x59a, lpOverlapped=0x0) returned 1 [0052.885] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0052.885] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0052.885] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.885] WriteFile (in: hFile=0x294, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0052.885] WriteFile (in: hFile=0x294, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.885] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0052.885] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0052.885] CloseHandle (hObject=0x294) returned 1 [0052.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.891] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK.lolkek") returned 91 [0052.891] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk.lolkek")) returned 1 [0053.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6540 | out: hHeap=0x5a0000) returned 1 [0053.669] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.669] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.669] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", dwFileAttributes=0x80) returned 1 [0053.669] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0053.670] CloseHandle (hObject=0x258) returned 1 [0053.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0053.670] GetFileSize (in: hFile=0x258, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x80000 [0053.670] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.670] ReadFile (in: hFile=0x258, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0053.670] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0053.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0053.671] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.671] ReadFile (in: hFile=0x258, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0053.678] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.678] WriteFile (in: hFile=0x258, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0053.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.678] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.678] WriteFile (in: hFile=0x258, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0053.706] WriteFile (in: hFile=0x258, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0053.706] WriteFile (in: hFile=0x258, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0053.706] WriteFile (in: hFile=0x258, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0053.706] CloseHandle (hObject=0x258) returned 1 [0053.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.706] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.lolkek") returned 113 [0053.707] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite.lolkek")) returned 1 [0053.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddaa68 | out: hHeap=0x5a0000) returned 1 [0053.707] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.707] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.707] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", dwFileAttributes=0x80) returned 1 [0053.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.747] CloseHandle (hObject=0x190) returned 1 [0053.748] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0053.763] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8d [0053.763] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.763] ReadFile (in: hFile=0x228, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0053.764] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0053.764] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.764] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.764] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.764] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x8d, lpOverlapped=0x0) returned 1 [0053.764] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffff73, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.764] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x8d, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x8d, lpOverlapped=0x0) returned 1 [0053.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.764] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.764] WriteFile (in: hFile=0x228, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0053.764] WriteFile (in: hFile=0x228, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0053.764] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0053.764] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0053.764] CloseHandle (hObject=0x228) returned 1 [0053.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.766] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.lolkek") returned 113 [0053.766] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini.lolkek")) returned 1 [0053.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca5bb8 | out: hHeap=0x5a0000) returned 1 [0053.790] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.790] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.790] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", dwFileAttributes=0x80) returned 1 [0053.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.878] CloseHandle (hObject=0x190) returned 1 [0053.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.892] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4000 [0053.892] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.892] ReadFile (in: hFile=0x280, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0053.930] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0053.930] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.931] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0053.931] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.931] ReadFile (in: hFile=0x280, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0053.965] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.965] WriteFile (in: hFile=0x280, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0053.965] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0053.966] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.966] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.966] WriteFile (in: hFile=0x280, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0053.966] WriteFile (in: hFile=0x280, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0053.966] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0053.966] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0053.966] CloseHandle (hObject=0x280) returned 1 [0053.978] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0053.978] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.lolkek") returned 108 [0053.979] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db.lolkek")) returned 1 [0054.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0054.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddeac8 | out: hHeap=0x5a0000) returned 1 [0054.260] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.260] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.260] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf", dwFileAttributes=0x80) returned 1 [0054.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wrzxrkvdhkkbz3ib64n.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0054.261] CloseHandle (hObject=0x224) returned 1 [0054.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wrzxrkvdhkkbz3ib64n.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0054.261] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5e58 [0054.261] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.261] ReadFile (in: hFile=0x224, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0054.262] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0054.262] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.262] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.262] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.262] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x4000, lpOverlapped=0x0) returned 1 [0054.262] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.262] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x4000, lpOverlapped=0x0) returned 1 [0054.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.262] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.262] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.262] WriteFile (in: hFile=0x224, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0054.262] WriteFile (in: hFile=0x224, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0054.262] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0054.262] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0054.262] CloseHandle (hObject=0x224) returned 1 [0054.263] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0054.263] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf.lolkek") returned 72 [0054.263] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wrzxrkvdhkkbz3ib64n.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wrzxrkvdhkkbz3ib64n.rtf.lolkek")) returned 1 [0054.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0054.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6112c8 | out: hHeap=0x5a0000) returned 1 [0054.703] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.703] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.703] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url", dwFileAttributes=0x80) returned 1 [0054.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0054.743] CloseHandle (hObject=0x1b4) returned 1 [0054.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.973] GetFileSize (in: hFile=0x27c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0054.973] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.973] ReadFile (in: hFile=0x27c, lpBuffer=0x3a3fc80, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3a3e264, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc80*, lpNumberOfBytesRead=0x3a3e264*=0xd, lpOverlapped=0x0) returned 1 [0054.974] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3a3fc90 | out: pbBuffer=0x3a3fc90) returned 1 [0054.974] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0054.974] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.974] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.974] ReadFile (in: hFile=0x27c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3a3e23c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3a3e23c*=0x85, lpOverlapped=0x0) returned 1 [0054.974] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.974] WriteFile (in: hFile=0x27c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3a3fc80, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3a3fc80*=0x85, lpOverlapped=0x0) returned 1 [0054.974] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.980] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0054.980] SetFilePointerEx (in: hFile=0x27c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.980] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3e244*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3e244*, lpNumberOfBytesWritten=0x3a3e248*=0x4, lpOverlapped=0x0) returned 1 [0054.980] WriteFile (in: hFile=0x27c, lpBuffer=0x3a3fc90*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x3a3fc90*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0054.980] WriteFile (in: hFile=0x27c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3a3e248*=0x20, lpOverlapped=0x0) returned 1 [0054.980] WriteFile (in: hFile=0x27c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3a3e248, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3a3e248*=0xd, lpOverlapped=0x0) returned 1 [0054.980] CloseHandle (hObject=0x27c) returned 1 [0054.982] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0054.982] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.lolkek") returned 78 [0054.982] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.lolkek")) returned 1 [0055.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0055.841] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3fa08 | out: hHeap=0x5a0000) returned 1 [0055.841] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.841] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.841] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml", dwFileAttributes=0x80) returned 0 [0055.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.842] RmStartSession () returned 0x0 [0055.844] RmRegisterResources () returned 0x0 [0055.846] RmGetList () returned 0x0 [0056.110] RmEndSession () returned 0x0 [0056.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.129] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f448 | out: hHeap=0x5a0000) returned 1 [0056.129] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.129] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.129] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico", dwFileAttributes=0x80) returned 0 [0056.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.129] RmStartSession () returned 0x0 [0056.131] RmRegisterResources () returned 0x0 [0056.134] RmGetList () returned 0x0 [0056.640] RmEndSession () returned 0x0 [0056.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7b50 | out: hHeap=0x5a0000) returned 1 [0056.662] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.662] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.662] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml", dwFileAttributes=0x80) returned 0 [0056.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.662] RmStartSession () returned 0x0 [0056.664] RmRegisterResources () returned 0x0 [0056.667] RmGetList () returned 0x0 [0057.184] RmEndSession () returned 0x0 [0057.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dde238 | out: hHeap=0x5a0000) returned 1 [0057.203] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.203] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.203] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", dwFileAttributes=0x80) returned 0 [0057.203] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.203] RmStartSession () returned 0x0 [0057.206] RmRegisterResources () returned 0x0 [0057.208] RmGetList () returned 0x0 [0057.611] RmEndSession () returned 0x0 [0057.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb5b68 | out: hHeap=0x5a0000) returned 1 [0057.628] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.628] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.628] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp", dwFileAttributes=0x80) returned 0 [0057.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.628] RmStartSession () returned 0x0 [0057.631] RmRegisterResources () returned 0x0 [0057.633] RmGetList () returned 0x0 [0058.034] RmEndSession () returned 0x0 [0058.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile23.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7620 | out: hHeap=0x5a0000) returned 1 [0058.054] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.054] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.054] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp", dwFileAttributes=0x80) returned 0 [0058.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.054] RmStartSession () returned 0x0 [0058.057] RmRegisterResources () returned 0x0 [0058.060] RmGetList () returned 0x0 [0058.287] RmEndSession () returned 0x0 [0058.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile32.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da48d8 | out: hHeap=0x5a0000) returned 1 [0058.306] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.306] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.306] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp", dwFileAttributes=0x80) returned 0 [0058.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.306] RmStartSession () returned 0x0 [0058.308] RmRegisterResources () returned 0x0 [0058.310] RmGetList () returned 0x0 [0059.516] RmEndSession () returned 0x0 [0059.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile37.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da4fe0 | out: hHeap=0x5a0000) returned 1 [0059.532] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.532] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.533] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov", dwFileAttributes=0x80) returned 0 [0059.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.533] RmStartSession () returned 0x0 [0059.535] RmRegisterResources () returned 0x0 [0059.539] RmGetList () returned 0x0 [0062.939] RmEndSession () returned 0x0 [0063.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\confident.cov"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.074] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5b20 | out: hHeap=0x5a0000) returned 1 [0063.074] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 15 os_tid = 0x958 [0035.512] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0035.862] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.862] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0035.862] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0035.863] RmStartSession () returned 0x0 [0036.407] RmRegisterResources () returned 0x0 [0036.409] RmGetList () returned 0x0 [0037.295] RmEndSession () returned 0x0 [0037.316] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f958 | out: hHeap=0x5a0000) returned 1 [0037.317] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0037.317] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.317] SetFileAttributesW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui", dwFileAttributes=0x80) returned 0 [0037.317] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0037.317] RmStartSession () returned 0x0 [0037.321] RmRegisterResources () returned 0x0 [0037.323] RmGetList () returned 0x0 [0037.999] RmEndSession () returned 0x0 [0038.023] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0038.023] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x630008 | out: hHeap=0x5a0000) returned 1 [0038.023] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.023] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.023] SetFileAttributesW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK", dwFileAttributes=0x80) returned 1 [0038.024] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.025] CloseHandle (hObject=0x24c) returned 1 [0038.025] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.025] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2000 [0038.025] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.025] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.065] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x62fe30 [0038.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cc5d98 [0038.065] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.065] ReadFile (in: hFile=0x24c, lpBuffer=0x3cc5d98, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cc5d98*, lpNumberOfBytesRead=0x3bce10c*=0x2000, lpOverlapped=0x0) returned 1 [0038.108] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.108] WriteFile (in: hFile=0x24c, lpBuffer=0x3cc5d98*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cc5d98*, lpNumberOfBytesWritten=0x3bcfb50*=0x2000, lpOverlapped=0x0) returned 1 [0038.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc5d98 | out: hHeap=0x5a0000) returned 1 [0038.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fe30 | out: hHeap=0x5a0000) returned 1 [0038.111] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.111] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.111] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.111] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.111] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.111] CloseHandle (hObject=0x24c) returned 1 [0038.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.112] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\BOOTSECT.BAK.lolkek") returned 26 [0038.112] MoveFileW (lpExistingFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), lpNewFileName="\\\\?\\C:\\BOOTSECT.BAK.lolkek" (normalized: "c:\\bootsect.bak.lolkek")) returned 1 [0038.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62e928 | out: hHeap=0x5a0000) returned 1 [0038.112] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.112] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.112] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi", dwFileAttributes=0x80) returned 1 [0038.113] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.113] CloseHandle (hObject=0x24c) returned 1 [0038.113] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.113] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x263e00 [0038.113] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.113] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.116] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.116] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.116] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.116] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.116] ReadFile (in: hFile=0x24c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0038.153] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.153] WriteFile (in: hFile=0x24c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0038.154] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.154] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.154] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.154] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.154] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.154] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.154] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.154] CloseHandle (hObject=0x24c) returned 1 [0038.284] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.284] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.lolkek") returned 86 [0038.284] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.lolkek")) returned 1 [0038.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f5b8 | out: hHeap=0x5a0000) returned 1 [0038.284] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.284] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.284] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", dwFileAttributes=0x80) returned 1 [0038.285] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.285] CloseHandle (hObject=0x24c) returned 1 [0038.285] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.285] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x61d [0038.285] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.285] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.375] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cc5d98 [0038.375] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.375] ReadFile (in: hFile=0x24c, lpBuffer=0x3cc5d98, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cc5d98*, lpNumberOfBytesRead=0x3bce10c*=0x61d, lpOverlapped=0x0) returned 1 [0038.375] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff9e3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.375] WriteFile (in: hFile=0x24c, lpBuffer=0x3cc5d98*, nNumberOfBytesToWrite=0x61d, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cc5d98*, lpNumberOfBytesWritten=0x3bcfb50*=0x61d, lpOverlapped=0x0) returned 1 [0038.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc5d98 | out: hHeap=0x5a0000) returned 1 [0038.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.375] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.375] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.375] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.375] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.375] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.375] CloseHandle (hObject=0x24c) returned 1 [0038.376] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.376] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.lolkek") returned 86 [0038.376] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.lolkek")) returned 1 [0038.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.377] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f700 | out: hHeap=0x5a0000) returned 1 [0038.377] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.377] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.377] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0038.377] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.377] CloseHandle (hObject=0x24c) returned 1 [0038.377] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.378] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8f8 [0038.378] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.378] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.382] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.382] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.382] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.382] ReadFile (in: hFile=0x24c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x3bce10c*=0x8f8, lpOverlapped=0x0) returned 1 [0038.382] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff708, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.382] WriteFile (in: hFile=0x24c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x8f8, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x3bcfb50*=0x8f8, lpOverlapped=0x0) returned 1 [0038.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.382] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.382] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.382] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.382] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.382] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.382] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.382] CloseHandle (hObject=0x24c) returned 1 [0038.383] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.383] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0038.383] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0038.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.383] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x632ed8 | out: hHeap=0x5a0000) returned 1 [0038.383] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.383] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.383] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", dwFileAttributes=0x80) returned 1 [0038.384] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.384] CloseHandle (hObject=0x24c) returned 1 [0038.384] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.384] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5aa [0038.384] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.384] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.386] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x62fe30 [0038.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0038.386] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.387] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x5aa, lpOverlapped=0x0) returned 1 [0038.387] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffa56, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.387] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x5aa, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x5aa, lpOverlapped=0x0) returned 1 [0038.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0038.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fe30 | out: hHeap=0x5a0000) returned 1 [0038.387] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.387] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.387] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.387] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.387] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.387] CloseHandle (hObject=0x24c) returned 1 [0038.388] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.388] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.lolkek") returned 91 [0038.388] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.lolkek")) returned 1 [0038.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.388] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x633178 | out: hHeap=0x5a0000) returned 1 [0038.388] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.388] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.388] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", dwFileAttributes=0x80) returned 1 [0038.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.425] CloseHandle (hObject=0x24c) returned 1 [0038.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.426] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x431a290 [0038.426] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.426] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.429] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.429] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.429] ReadFile (in: hFile=0x24c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0038.433] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.433] WriteFile (in: hFile=0x24c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0038.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.433] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.433] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.433] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.433] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.433] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.433] CloseHandle (hObject=0x24c) returned 1 [0038.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.701] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.lolkek") returned 83 [0038.701] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.lolkek")) returned 1 [0038.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6332d8 | out: hHeap=0x5a0000) returned 1 [0038.702] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.702] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.702] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0038.702] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.702] CloseHandle (hObject=0x24c) returned 1 [0038.702] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.703] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x648 [0038.703] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.703] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.705] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x62fe30 [0038.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0038.705] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.705] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x648, lpOverlapped=0x0) returned 1 [0038.705] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff9b8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.706] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x648, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x648, lpOverlapped=0x0) returned 1 [0038.706] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0038.706] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fe30 | out: hHeap=0x5a0000) returned 1 [0038.706] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.706] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.706] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.706] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.706] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.706] CloseHandle (hObject=0x24c) returned 1 [0038.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.707] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0038.707] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0038.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0038.707] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cf18 | out: hHeap=0x5a0000) returned 1 [0038.707] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0038.707] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.707] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", dwFileAttributes=0x80) returned 1 [0038.708] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0038.708] CloseHandle (hObject=0x24c) returned 1 [0038.708] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0038.708] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe21fcc [0038.708] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.708] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0038.755] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0038.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x60ecf0 [0038.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0038.755] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.755] ReadFile (in: hFile=0x24c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0038.832] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0038.832] WriteFile (in: hFile=0x24c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0038.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0038.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ecf0 | out: hHeap=0x5a0000) returned 1 [0038.833] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0038.833] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0038.833] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.833] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0038.833] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0038.833] CloseHandle (hObject=0x24c) returned 1 [0039.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.146] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.lolkek") returned 85 [0039.146] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.lolkek")) returned 1 [0039.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f460 | out: hHeap=0x5a0000) returned 1 [0039.146] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.146] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.146] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", dwFileAttributes=0x80) returned 1 [0039.146] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.147] CloseHandle (hObject=0x24c) returned 1 [0039.147] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0039.147] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc72 [0039.147] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.147] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0039.150] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0039.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x62fe30 [0039.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0039.150] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.150] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0xc72, lpOverlapped=0x0) returned 1 [0039.150] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff38e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.150] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0xc72, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0xc72, lpOverlapped=0x0) returned 1 [0039.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0039.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fe30 | out: hHeap=0x5a0000) returned 1 [0039.150] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.150] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0039.150] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.150] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.150] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0039.150] CloseHandle (hObject=0x24c) returned 1 [0039.151] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.151] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.lolkek") returned 88 [0039.151] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.lolkek")) returned 1 [0039.151] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.151] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d2f0 | out: hHeap=0x5a0000) returned 1 [0039.151] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.152] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.152] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0039.152] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.152] CloseHandle (hObject=0x24c) returned 1 [0039.152] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0039.152] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x106f [0039.152] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.152] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0039.159] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0039.159] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0039.160] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0039.160] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.160] ReadFile (in: hFile=0x24c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x3bce10c*=0x106f, lpOverlapped=0x0) returned 1 [0039.173] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffef91, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.173] WriteFile (in: hFile=0x24c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x106f, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x3bcfb50*=0x106f, lpOverlapped=0x0) returned 1 [0039.174] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0039.174] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0039.174] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.174] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0039.174] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.174] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.174] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0039.174] CloseHandle (hObject=0x24c) returned 1 [0039.175] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.175] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0039.175] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0039.175] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d440 | out: hHeap=0x5a0000) returned 1 [0039.176] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.176] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.176] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0039.176] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.176] CloseHandle (hObject=0x24c) returned 1 [0039.176] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0039.177] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x978 [0039.177] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.177] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0039.216] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0039.216] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0039.216] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0039.216] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.216] ReadFile (in: hFile=0x24c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x3bce10c*=0x978, lpOverlapped=0x0) returned 1 [0039.216] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff688, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.216] WriteFile (in: hFile=0x24c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x978, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x3bcfb50*=0x978, lpOverlapped=0x0) returned 1 [0039.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0039.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0039.216] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.216] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0039.216] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.216] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.216] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0039.216] CloseHandle (hObject=0x24c) returned 1 [0039.219] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0039.219] wsprintfW (in: param_1=0x67d400, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0039.219] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0039.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0039.222] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d580 | out: hHeap=0x5a0000) returned 1 [0039.222] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.222] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.222] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", dwFileAttributes=0x80) returned 1 [0039.222] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.222] CloseHandle (hObject=0x24c) returned 1 [0039.222] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0039.222] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29c6dbd [0039.222] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.222] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0039.235] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0039.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0039.235] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cbd658 [0039.235] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.235] ReadFile (in: hFile=0x24c, lpBuffer=0x3cbd658, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0039.244] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.244] WriteFile (in: hFile=0x24c, lpBuffer=0x3cbd658*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cbd658*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0039.244] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbd658 | out: hHeap=0x5a0000) returned 1 [0039.244] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0039.244] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.244] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0039.244] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.244] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.244] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0039.245] CloseHandle (hObject=0x24c) returned 1 [0039.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.543] wsprintfW (in: param_1=0x635fb0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.lolkek") returned 84 [0039.543] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.lolkek")) returned 1 [0039.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d6c0 | out: hHeap=0x5a0000) returned 1 [0039.543] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.544] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.544] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", dwFileAttributes=0x80) returned 1 [0039.546] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0039.547] CloseHandle (hObject=0x24c) returned 1 [0039.547] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.549] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x543 [0039.549] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.550] ReadFile (in: hFile=0x294, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0039.552] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0039.552] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0039.552] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x639fb8 [0039.553] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.553] ReadFile (in: hFile=0x294, lpBuffer=0x639fb8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x639fb8*, lpNumberOfBytesRead=0x3bce10c*=0x543, lpOverlapped=0x0) returned 1 [0039.553] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffabd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.553] WriteFile (in: hFile=0x294, lpBuffer=0x639fb8*, nNumberOfBytesToWrite=0x543, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x639fb8*, lpNumberOfBytesWritten=0x3bcfb50*=0x543, lpOverlapped=0x0) returned 1 [0039.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x639fb8 | out: hHeap=0x5a0000) returned 1 [0039.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0039.553] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.553] WriteFile (in: hFile=0x294, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0039.553] WriteFile (in: hFile=0x294, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.553] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.553] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0039.553] CloseHandle (hObject=0x294) returned 1 [0039.554] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0039.554] wsprintfW (in: param_1=0x3be0f38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.lolkek") returned 92 [0039.554] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.lolkek")) returned 1 [0039.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0039.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635ab8 | out: hHeap=0x5a0000) returned 1 [0039.554] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0039.555] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.555] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", dwFileAttributes=0x80) returned 1 [0039.607] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x250 [0039.607] CloseHandle (hObject=0x250) returned 1 [0039.607] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0039.608] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd02aea [0039.608] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.608] ReadFile (in: hFile=0x250, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0039.703] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0039.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0039.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0039.703] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.703] ReadFile (in: hFile=0x250, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0039.797] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0039.797] WriteFile (in: hFile=0x250, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0039.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0039.797] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0039.797] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0039.797] WriteFile (in: hFile=0x250, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0039.797] WriteFile (in: hFile=0x250, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.797] WriteFile (in: hFile=0x250, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0039.798] WriteFile (in: hFile=0x250, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0039.798] CloseHandle (hObject=0x250) returned 1 [0040.202] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.203] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.lolkek") returned 92 [0040.203] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.lolkek")) returned 1 [0040.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635c18 | out: hHeap=0x5a0000) returned 1 [0040.250] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.250] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.250] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi", dwFileAttributes=0x80) returned 1 [0040.251] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x250 [0040.251] CloseHandle (hObject=0x250) returned 1 [0040.251] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0040.251] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd4200 [0040.251] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.251] ReadFile (in: hFile=0x250, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.335] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.335] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.335] ReadFile (in: hFile=0x250, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.342] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.342] WriteFile (in: hFile=0x250, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.342] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.342] WriteFile (in: hFile=0x250, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.342] WriteFile (in: hFile=0x250, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.342] WriteFile (in: hFile=0x250, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.342] WriteFile (in: hFile=0x250, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.342] CloseHandle (hObject=0x250) returned 1 [0040.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.351] wsprintfW (in: param_1=0x67d400, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.lolkek") returned 86 [0040.351] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.lolkek")) returned 1 [0040.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6347f0 | out: hHeap=0x5a0000) returned 1 [0040.352] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.352] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.352] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi", dwFileAttributes=0x80) returned 1 [0040.353] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x250 [0040.353] CloseHandle (hObject=0x250) returned 1 [0040.353] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0040.353] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd5600 [0040.353] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.353] ReadFile (in: hFile=0x250, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.366] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0040.366] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.366] ReadFile (in: hFile=0x250, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.381] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.381] WriteFile (in: hFile=0x250, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.381] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.381] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.382] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.382] WriteFile (in: hFile=0x250, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.382] WriteFile (in: hFile=0x250, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.382] WriteFile (in: hFile=0x250, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.382] WriteFile (in: hFile=0x250, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.382] CloseHandle (hObject=0x250) returned 1 [0040.393] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.393] wsprintfW (in: param_1=0x3be0f38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.lolkek") returned 89 [0040.393] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.lolkek")) returned 1 [0040.395] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.395] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634bc0 | out: hHeap=0x5a0000) returned 1 [0040.395] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.395] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.395] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", dwFileAttributes=0x80) returned 1 [0040.396] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x250 [0040.396] CloseHandle (hObject=0x250) returned 1 [0040.396] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0040.396] GetFileSize (in: hFile=0x250, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1200204 [0040.396] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.396] ReadFile (in: hFile=0x250, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.404] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.404] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.404] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5fc600 [0040.404] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.404] ReadFile (in: hFile=0x250, lpBuffer=0x5fc600, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x5fc600*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.449] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.449] WriteFile (in: hFile=0x250, lpBuffer=0x5fc600*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x5fc600*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.449] SetFilePointerEx (in: hFile=0x250, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.449] WriteFile (in: hFile=0x250, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.450] WriteFile (in: hFile=0x250, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.450] WriteFile (in: hFile=0x250, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.450] WriteFile (in: hFile=0x250, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.450] CloseHandle (hObject=0x250) returned 1 [0040.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.500] wsprintfW (in: param_1=0x5fc600, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.lolkek") returned 83 [0040.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.lolkek")) returned 1 [0040.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.501] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634fb0 | out: hHeap=0x5a0000) returned 1 [0040.501] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.501] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.501] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.528] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0040.529] CloseHandle (hObject=0x294) returned 1 [0040.529] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.530] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1861 [0040.530] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.530] ReadFile (in: hFile=0x294, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.531] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.531] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.531] ReadFile (in: hFile=0x294, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x1861, lpOverlapped=0x0) returned 1 [0040.534] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffe79f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.534] WriteFile (in: hFile=0x294, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x1861, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x1861, lpOverlapped=0x0) returned 1 [0040.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.534] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.534] WriteFile (in: hFile=0x294, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.534] WriteFile (in: hFile=0x294, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.535] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.535] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.535] CloseHandle (hObject=0x294) returned 1 [0040.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.535] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.535] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6354e0 | out: hHeap=0x5a0000) returned 1 [0040.536] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.536] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.536] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", dwFileAttributes=0x80) returned 1 [0040.536] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0040.536] CloseHandle (hObject=0x294) returned 1 [0040.536] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.536] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x251f [0040.536] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.536] ReadFile (in: hFile=0x294, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.545] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c99768 [0040.545] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.545] ReadFile (in: hFile=0x294, lpBuffer=0x3c99768, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3c99768*, lpNumberOfBytesRead=0x3bce10c*=0x251f, lpOverlapped=0x0) returned 1 [0040.551] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffdae1, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.552] WriteFile (in: hFile=0x294, lpBuffer=0x3c99768*, nNumberOfBytesToWrite=0x251f, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3c99768*, lpNumberOfBytesWritten=0x3bcfb50*=0x251f, lpOverlapped=0x0) returned 1 [0040.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c99768 | out: hHeap=0x5a0000) returned 1 [0040.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.552] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.552] WriteFile (in: hFile=0x294, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.552] WriteFile (in: hFile=0x294, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.552] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.552] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.552] CloseHandle (hObject=0x294) returned 1 [0040.552] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.552] wsprintfW (in: param_1=0x3be0f38, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.lolkek") returned 86 [0040.552] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.lolkek")) returned 1 [0040.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ccd0 | out: hHeap=0x5a0000) returned 1 [0040.553] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.553] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.553] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", dwFileAttributes=0x80) returned 1 [0040.560] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.564] CloseHandle (hObject=0x290) returned 1 [0040.565] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.576] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10a5df8 [0040.576] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.576] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.580] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.580] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.580] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.586] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.586] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.586] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.586] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.586] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.587] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.587] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.587] CloseHandle (hObject=0x24c) returned 1 [0040.587] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.587] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.lolkek") returned 85 [0040.587] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.lolkek")) returned 1 [0040.587] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.587] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d0b8 | out: hHeap=0x5a0000) returned 1 [0040.587] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.587] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.587] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", dwFileAttributes=0x80) returned 1 [0040.630] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0040.631] CloseHandle (hObject=0x160) returned 1 [0040.631] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.636] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3e7e1f [0040.636] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.636] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.645] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.645] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.645] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.645] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.645] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.650] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.650] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.650] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.650] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.651] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.651] CloseHandle (hObject=0x2a8) returned 1 [0040.651] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e27ee0 [0040.651] wsprintfW (in: param_1=0x3e27ee0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.lolkek") returned 86 [0040.651] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.lolkek")) returned 1 [0040.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e27ee0 | out: hHeap=0x5a0000) returned 1 [0040.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60d860 | out: hHeap=0x5a0000) returned 1 [0040.651] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.651] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.651] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE", dwFileAttributes=0x80) returned 1 [0040.662] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0040.664] CloseHandle (hObject=0x24c) returned 1 [0040.664] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.665] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xccb88 [0040.665] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.666] ReadFile (in: hFile=0x280, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.669] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x67d400 [0040.669] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.669] ReadFile (in: hFile=0x280, lpBuffer=0x67d400, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x67d400*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.674] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.674] WriteFile (in: hFile=0x280, lpBuffer=0x67d400*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x67d400*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.674] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.675] WriteFile (in: hFile=0x280, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.675] WriteFile (in: hFile=0x280, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.675] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.675] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.675] CloseHandle (hObject=0x280) returned 1 [0040.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.675] wsprintfW (in: param_1=0x658b20, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.lolkek") returned 82 [0040.675] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.lolkek")) returned 1 [0040.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.675] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634300 | out: hHeap=0x5a0000) returned 1 [0040.675] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.675] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.675] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest", dwFileAttributes=0x80) returned 1 [0040.682] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0040.682] CloseHandle (hObject=0x2a8) returned 1 [0040.682] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.710] GetFileSize (in: hFile=0x24c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x741 [0040.710] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.710] ReadFile (in: hFile=0x24c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.712] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.712] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.712] ReadFile (in: hFile=0x24c, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x741, lpOverlapped=0x0) returned 1 [0040.712] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0xfffff8bf, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.712] WriteFile (in: hFile=0x24c, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x741, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x741, lpOverlapped=0x0) returned 1 [0040.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.712] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.712] WriteFile (in: hFile=0x24c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.712] WriteFile (in: hFile=0x24c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.712] WriteFile (in: hFile=0x24c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.713] WriteFile (in: hFile=0x24c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.713] CloseHandle (hObject=0x24c) returned 1 [0040.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.713] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.lolkek") returned 101 [0040.713] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.lolkek")) returned 1 [0040.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610ed8 | out: hHeap=0x5a0000) returned 1 [0040.715] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.715] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.715] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi", dwFileAttributes=0x80) returned 1 [0040.721] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0040.721] CloseHandle (hObject=0x268) returned 1 [0040.721] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0040.721] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x387e00 [0040.721] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.722] ReadFile (in: hFile=0x268, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.726] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.727] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.727] ReadFile (in: hFile=0x268, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.731] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.732] WriteFile (in: hFile=0x268, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.732] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.732] WriteFile (in: hFile=0x268, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.732] WriteFile (in: hFile=0x268, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.732] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.732] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.732] CloseHandle (hObject=0x268) returned 1 [0040.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.732] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.lolkek") returned 87 [0040.732] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.lolkek")) returned 1 [0040.733] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.733] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611060 | out: hHeap=0x5a0000) returned 1 [0040.733] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.733] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.733] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", dwFileAttributes=0x80) returned 1 [0040.733] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0040.733] CloseHandle (hObject=0x268) returned 1 [0040.733] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0040.733] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x333 [0040.733] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.734] ReadFile (in: hFile=0x268, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.741] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.742] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.742] ReadFile (in: hFile=0x268, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x3bce10c*=0x333, lpOverlapped=0x0) returned 1 [0040.742] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffccd, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.742] WriteFile (in: hFile=0x268, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x333, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x333, lpOverlapped=0x0) returned 1 [0040.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.742] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.742] WriteFile (in: hFile=0x268, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.742] WriteFile (in: hFile=0x268, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.742] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.742] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.742] CloseHandle (hObject=0x268) returned 1 [0040.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.743] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.lolkek") returned 90 [0040.743] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.lolkek")) returned 1 [0040.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.743] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611458 | out: hHeap=0x5a0000) returned 1 [0040.743] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.743] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.743] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm", dwFileAttributes=0x80) returned 1 [0040.743] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0040.743] CloseHandle (hObject=0x268) returned 1 [0040.744] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0040.744] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6a3b [0040.744] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.744] ReadFile (in: hFile=0x268, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.753] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.753] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.753] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.753] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.753] ReadFile (in: hFile=0x268, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.760] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.760] WriteFile (in: hFile=0x268, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.760] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.760] WriteFile (in: hFile=0x268, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.760] WriteFile (in: hFile=0x268, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.760] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.760] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.761] CloseHandle (hObject=0x268) returned 1 [0040.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.761] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.lolkek") returned 84 [0040.761] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.lolkek")) returned 1 [0040.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.761] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f410 | out: hHeap=0x5a0000) returned 1 [0040.761] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.761] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.761] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST", dwFileAttributes=0x80) returned 1 [0040.762] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0040.762] CloseHandle (hObject=0x268) returned 1 [0040.762] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0040.762] GetFileSize (in: hFile=0x268, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe00 [0040.762] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.762] ReadFile (in: hFile=0x268, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.778] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5ec010 [0040.778] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.778] ReadFile (in: hFile=0x268, lpBuffer=0x5ec010, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x5ec010*, lpNumberOfBytesRead=0x3bce10c*=0xe00, lpOverlapped=0x0) returned 1 [0040.778] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0xfffff200, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.778] WriteFile (in: hFile=0x268, lpBuffer=0x5ec010*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x5ec010*, lpNumberOfBytesWritten=0x3bcfb50*=0xe00, lpOverlapped=0x0) returned 1 [0040.778] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0040.778] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.778] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.778] WriteFile (in: hFile=0x268, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.778] WriteFile (in: hFile=0x268, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.778] WriteFile (in: hFile=0x268, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.778] WriteFile (in: hFile=0x268, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.779] CloseHandle (hObject=0x268) returned 1 [0040.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0040.779] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.lolkek") returned 85 [0040.779] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.lolkek")) returned 1 [0040.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0040.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f7e8 | out: hHeap=0x5a0000) returned 1 [0040.779] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.779] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.779] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", dwFileAttributes=0x80) returned 1 [0040.814] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.823] CloseHandle (hObject=0x290) returned 1 [0040.823] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.825] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x545 [0040.825] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.825] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.829] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e23ed8 [0040.829] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.829] ReadFile (in: hFile=0x2a8, lpBuffer=0x3e23ed8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesRead=0x3bce10c*=0x545, lpOverlapped=0x0) returned 1 [0040.829] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffabb, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.829] WriteFile (in: hFile=0x2a8, lpBuffer=0x3e23ed8*, nNumberOfBytesToWrite=0x545, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e23ed8*, lpNumberOfBytesWritten=0x3bcfb50*=0x545, lpOverlapped=0x0) returned 1 [0040.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.830] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.830] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.830] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.830] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.830] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.830] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.830] CloseHandle (hObject=0x2a8) returned 1 [0040.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.830] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.lolkek") returned 100 [0040.830] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.lolkek")) returned 1 [0040.831] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.831] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6135c0 | out: hHeap=0x5a0000) returned 1 [0040.831] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.831] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.831] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml", dwFileAttributes=0x80) returned 1 [0040.833] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0040.833] CloseHandle (hObject=0x2a8) returned 1 [0040.833] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.833] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x91975 [0040.833] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.834] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.841] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.841] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.841] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.848] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.848] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.848] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.848] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.848] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.848] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.848] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.848] CloseHandle (hObject=0x2a8) returned 1 [0040.848] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e27ee0 [0040.848] wsprintfW (in: param_1=0x3e27ee0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.lolkek") returned 99 [0040.848] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.lolkek")) returned 1 [0040.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e27ee0 | out: hHeap=0x5a0000) returned 1 [0040.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6138b0 | out: hHeap=0x5a0000) returned 1 [0040.849] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.849] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.849] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml", dwFileAttributes=0x80) returned 1 [0040.849] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0040.849] CloseHandle (hObject=0x2a8) returned 1 [0040.849] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.850] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa40 [0040.850] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.850] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.855] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.855] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.855] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0xa40, lpOverlapped=0x0) returned 1 [0040.855] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffff5c0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.855] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0xa40, lpOverlapped=0x0) returned 1 [0040.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.855] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.856] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.856] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.856] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.856] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.856] CloseHandle (hObject=0x2a8) returned 1 [0040.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.856] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek") returned 83 [0040.856] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.lolkek" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.lolkek")) returned 1 [0040.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f930 | out: hHeap=0x5a0000) returned 1 [0040.856] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.857] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.857] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe", dwFileAttributes=0x80) returned 1 [0040.864] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.865] CloseHandle (hObject=0x290) returned 1 [0040.865] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.867] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2a968 [0040.868] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.868] ReadFile (in: hFile=0x160, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.870] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e27ee0 [0040.870] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.870] ReadFile (in: hFile=0x160, lpBuffer=0x3e27ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e27ee0*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.874] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.874] WriteFile (in: hFile=0x160, lpBuffer=0x3e27ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e27ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e27ee0 | out: hHeap=0x5a0000) returned 1 [0040.874] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.874] SetFilePointerEx (in: hFile=0x160, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.874] WriteFile (in: hFile=0x160, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.874] WriteFile (in: hFile=0x160, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.874] WriteFile (in: hFile=0x160, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.874] WriteFile (in: hFile=0x160, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.874] CloseHandle (hObject=0x160) returned 1 [0040.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.875] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.lolkek") returned 81 [0040.875] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe.lolkek")) returned 1 [0040.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612b08 | out: hHeap=0x5a0000) returned 1 [0040.878] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.878] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.878] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll", dwFileAttributes=0x80) returned 1 [0040.882] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0040.885] CloseHandle (hObject=0x2a8) returned 1 [0040.885] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.887] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x165510 [0040.887] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.887] ReadFile (in: hFile=0x270, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.890] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.891] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.891] ReadFile (in: hFile=0x270, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.898] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.898] WriteFile (in: hFile=0x270, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.898] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.898] WriteFile (in: hFile=0x270, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.898] WriteFile (in: hFile=0x270, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.898] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.898] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.898] CloseHandle (hObject=0x270) returned 1 [0040.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.898] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.lolkek") returned 85 [0040.898] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll.lolkek")) returned 1 [0040.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60fd08 | out: hHeap=0x5a0000) returned 1 [0040.901] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.902] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.902] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml", dwFileAttributes=0x80) returned 1 [0040.905] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.908] CloseHandle (hObject=0x290) returned 1 [0040.908] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.909] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x41d4 [0040.909] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.909] ReadFile (in: hFile=0x290, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.910] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.910] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.910] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.910] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.910] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.911] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.911] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.911] WriteFile (in: hFile=0x290, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.911] WriteFile (in: hFile=0x290, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.911] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.911] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.911] CloseHandle (hObject=0x290) returned 1 [0040.920] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.921] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.lolkek") returned 88 [0040.921] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.lolkek")) returned 1 [0040.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.927] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612f08 | out: hHeap=0x5a0000) returned 1 [0040.927] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.927] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.927] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x80) returned 1 [0040.929] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.932] CloseHandle (hObject=0x290) returned 1 [0040.932] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.933] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x150578 [0040.933] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.933] ReadFile (in: hFile=0x290, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.936] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.936] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.936] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.936] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.936] ReadFile (in: hFile=0x290, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.939] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.939] WriteFile (in: hFile=0x290, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.939] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.939] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.940] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.940] WriteFile (in: hFile=0x290, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.940] WriteFile (in: hFile=0x290, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.940] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.940] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.940] CloseHandle (hObject=0x290) returned 1 [0040.940] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.940] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.lolkek") returned 83 [0040.940] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe.lolkek")) returned 1 [0040.941] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.941] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6100e0 | out: hHeap=0x5a0000) returned 1 [0040.941] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.941] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.941] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml", dwFileAttributes=0x80) returned 1 [0040.951] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.952] CloseHandle (hObject=0x290) returned 1 [0040.952] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.953] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10b2 [0040.953] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.953] ReadFile (in: hFile=0x290, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.956] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0040.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.956] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.956] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x10b2, lpOverlapped=0x0) returned 1 [0040.958] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffef4e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.958] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x10b2, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x10b2, lpOverlapped=0x0) returned 1 [0040.958] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.958] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0040.958] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.958] WriteFile (in: hFile=0x290, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.959] WriteFile (in: hFile=0x290, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.959] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.959] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.959] CloseHandle (hObject=0x290) returned 1 [0040.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.959] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.lolkek") returned 88 [0040.959] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.lolkek")) returned 1 [0040.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613058 | out: hHeap=0x5a0000) returned 1 [0040.960] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.960] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.960] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll", dwFileAttributes=0x80) returned 1 [0040.960] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.961] CloseHandle (hObject=0x290) returned 1 [0040.961] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.961] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x709768 [0040.961] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.961] ReadFile (in: hFile=0x290, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.968] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.968] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0040.968] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0040.968] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.968] ReadFile (in: hFile=0x290, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.970] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.970] WriteFile (in: hFile=0x290, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.970] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0040.970] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0040.970] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.970] WriteFile (in: hFile=0x290, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.970] WriteFile (in: hFile=0x290, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.970] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.970] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.970] CloseHandle (hObject=0x290) returned 1 [0040.970] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e53fd8 [0040.971] wsprintfW (in: param_1=0x3e53fd8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.lolkek") returned 84 [0040.971] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.lolkek")) returned 1 [0040.973] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e53fd8 | out: hHeap=0x5a0000) returned 1 [0040.973] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610370 | out: hHeap=0x5a0000) returned 1 [0040.973] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0040.973] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.973] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms", dwFileAttributes=0x80) returned 1 [0040.978] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0040.979] CloseHandle (hObject=0x290) returned 1 [0040.979] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.981] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaec3a [0040.981] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.981] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0040.983] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0040.983] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0040.983] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0040.984] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.984] ReadFile (in: hFile=0x2a8, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0040.993] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.993] WriteFile (in: hFile=0x2a8, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0040.993] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0040.994] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0040.994] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0040.994] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0040.994] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.994] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0040.994] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0040.994] CloseHandle (hObject=0x2a8) returned 1 [0040.994] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.994] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.lolkek") returned 98 [0040.994] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.lolkek")) returned 1 [0041.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0041.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6132e0 | out: hHeap=0x5a0000) returned 1 [0041.005] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.005] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.005] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab", dwFileAttributes=0x80) returned 1 [0041.008] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.012] CloseHandle (hObject=0x2a8) returned 1 [0041.013] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.017] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x9b6ba9f [0041.017] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.018] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.025] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.025] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.025] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.025] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.025] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0041.029] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.029] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0041.029] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.029] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.029] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.029] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.030] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.030] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.030] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.030] CloseHandle (hObject=0x2a8) returned 1 [0041.030] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.031] wsprintfW (in: param_1=0x3c03e90, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.lolkek") returned 86 [0041.031] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.lolkek")) returned 1 [0041.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.031] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610748 | out: hHeap=0x5a0000) returned 1 [0041.031] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.031] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.031] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml", dwFileAttributes=0x80) returned 1 [0041.032] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.032] CloseHandle (hObject=0x2a8) returned 1 [0041.032] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.032] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10b2 [0041.032] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.032] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.041] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.041] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.041] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x10b2, lpOverlapped=0x0) returned 1 [0041.053] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffef4e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.054] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x10b2, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x10b2, lpOverlapped=0x0) returned 1 [0041.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.054] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.054] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.054] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.054] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.054] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.054] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.054] CloseHandle (hObject=0x2a8) returned 1 [0041.055] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c23ea0 [0041.056] wsprintfW (in: param_1=0x3c23ea0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.lolkek") returned 88 [0041.056] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.lolkek")) returned 1 [0041.062] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c23ea0 | out: hHeap=0x5a0000) returned 1 [0041.062] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613cf8 | out: hHeap=0x5a0000) returned 1 [0041.062] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.062] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.062] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab", dwFileAttributes=0x80) returned 1 [0041.067] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0041.072] CloseHandle (hObject=0x210) returned 1 [0041.072] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0041.073] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x228df5c [0041.073] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.073] ReadFile (in: hFile=0x208, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.077] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e73fe8 [0041.078] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.078] ReadFile (in: hFile=0x208, lpBuffer=0x3e73fe8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e73fe8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0041.087] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.087] WriteFile (in: hFile=0x208, lpBuffer=0x3e73fe8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e73fe8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0041.087] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.088] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.088] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.088] WriteFile (in: hFile=0x208, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.088] WriteFile (in: hFile=0x208, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.088] WriteFile (in: hFile=0x208, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.088] WriteFile (in: hFile=0x208, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.088] CloseHandle (hObject=0x208) returned 1 [0041.089] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.089] wsprintfW (in: param_1=0x3c13e98, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.lolkek") returned 86 [0041.089] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.lolkek")) returned 1 [0041.090] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.090] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x610c68 | out: hHeap=0x5a0000) returned 1 [0041.090] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.090] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.090] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe", dwFileAttributes=0x80) returned 1 [0041.102] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.106] CloseHandle (hObject=0x2a8) returned 1 [0041.106] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.113] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x150578 [0041.113] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.113] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.115] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0041.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.115] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.115] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0041.116] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.116] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0041.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0041.117] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.117] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.117] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.117] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.117] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.117] CloseHandle (hObject=0x2a8) returned 1 [0041.118] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.118] wsprintfW (in: param_1=0x3c13e98, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.lolkek") returned 83 [0041.118] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe.lolkek")) returned 1 [0041.123] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615cc8 | out: hHeap=0x5a0000) returned 1 [0041.124] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.124] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.124] SetFileAttributesW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi", dwFileAttributes=0x80) returned 1 [0041.124] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.124] CloseHandle (hObject=0x2a8) returned 1 [0041.124] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.124] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb80800 [0041.124] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.124] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.130] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e77ff0 [0041.130] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.130] ReadFile (in: hFile=0x2a8, lpBuffer=0x3e77ff0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e77ff0*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0041.170] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.170] WriteFile (in: hFile=0x2a8, lpBuffer=0x3e77ff0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e77ff0*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0041.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e77ff0 | out: hHeap=0x5a0000) returned 1 [0041.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.173] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.173] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.173] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.174] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.174] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.174] CloseHandle (hObject=0x2a8) returned 1 [0041.176] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c53ea0 [0041.176] wsprintfW (in: param_1=0x3c53ea0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.lolkek") returned 86 [0041.176] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.lolkek" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.lolkek")) returned 1 [0041.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c53ea0 | out: hHeap=0x5a0000) returned 1 [0041.176] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6160a0 | out: hHeap=0x5a0000) returned 1 [0041.176] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.177] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.177] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata", dwFileAttributes=0x80) returned 1 [0041.177] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.177] CloseHandle (hObject=0x2a8) returned 1 [0041.177] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.177] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1df [0041.177] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.178] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.178] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.178] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.178] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.178] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.178] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x1df, lpOverlapped=0x0) returned 1 [0041.178] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffe21, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.179] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x1df, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x1df, lpOverlapped=0x0) returned 1 [0041.179] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.179] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.179] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.179] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.179] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.179] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.179] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.179] CloseHandle (hObject=0x2a8) returned 1 [0041.179] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c53ea0 [0041.179] wsprintfW (in: param_1=0x3c53ea0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.lolkek") returned 84 [0041.179] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata"), lpNewFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.lolkek" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\directories.acrodata.lolkek")) returned 1 [0041.180] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c53ea0 | out: hHeap=0x5a0000) returned 1 [0041.180] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616330 | out: hHeap=0x5a0000) returned 1 [0041.180] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.180] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.180] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp", dwFileAttributes=0x80) returned 1 [0041.182] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.182] CloseHandle (hObject=0x2a8) returned 1 [0041.182] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.182] GetFileSize (in: hFile=0x2a8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d800 [0041.182] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.182] ReadFile (in: hFile=0x2a8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.209] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0041.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3cb3650 [0041.209] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.209] ReadFile (in: hFile=0x2a8, lpBuffer=0x3cb3650, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0041.221] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.221] WriteFile (in: hFile=0x2a8, lpBuffer=0x3cb3650*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3cb3650*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0041.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb3650 | out: hHeap=0x5a0000) returned 1 [0041.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0041.221] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.221] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.221] WriteFile (in: hFile=0x2a8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.222] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.222] WriteFile (in: hFile=0x2a8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.222] CloseHandle (hObject=0x2a8) returned 1 [0041.222] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.222] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.lolkek") returned 72 [0041.222] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp"), lpNewFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.lolkek" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\adberdrsecupd10111.msp.lolkek")) returned 1 [0041.223] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.223] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x618ce8 | out: hHeap=0x5a0000) returned 1 [0041.223] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.223] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.223] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D", dwFileAttributes=0x80) returned 1 [0041.243] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a8 [0041.244] CloseHandle (hObject=0x2a8) returned 1 [0041.244] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0041.245] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2f22 [0041.245] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.245] ReadFile (in: hFile=0x208, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.248] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0041.249] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.249] ReadFile (in: hFile=0x208, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x3bce10c*=0x2f22, lpOverlapped=0x0) returned 1 [0041.253] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xffffd0de, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.253] WriteFile (in: hFile=0x208, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x2f22, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x2f22, lpOverlapped=0x0) returned 1 [0041.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0041.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.253] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.253] WriteFile (in: hFile=0x208, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.253] WriteFile (in: hFile=0x208, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.253] WriteFile (in: hFile=0x208, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.253] WriteFile (in: hFile=0x208, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.253] CloseHandle (hObject=0x208) returned 1 [0041.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.254] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.lolkek") returned 83 [0041.254] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.lolkek" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_cvalidator.h1d.lolkek")) returned 1 [0041.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616478 | out: hHeap=0x5a0000) returned 1 [0041.254] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.254] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.254] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D", dwFileAttributes=0x80) returned 1 [0041.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x208 [0041.254] CloseHandle (hObject=0x208) returned 1 [0041.255] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0041.255] GetFileSize (in: hFile=0x208, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3944 [0041.255] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.255] ReadFile (in: hFile=0x208, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0041.270] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0041.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0041.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e33ee0 [0041.271] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.271] ReadFile (in: hFile=0x208, lpBuffer=0x3e33ee0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesRead=0x3bce10c*=0x3944, lpOverlapped=0x0) returned 1 [0041.283] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0xffffc6bc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.284] WriteFile (in: hFile=0x208, lpBuffer=0x3e33ee0*, nNumberOfBytesToWrite=0x3944, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e33ee0*, lpNumberOfBytesWritten=0x3bcfb50*=0x3944, lpOverlapped=0x0) returned 1 [0041.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e33ee0 | out: hHeap=0x5a0000) returned 1 [0041.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0041.284] SetFilePointerEx (in: hFile=0x208, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0041.284] WriteFile (in: hFile=0x208, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0041.284] WriteFile (in: hFile=0x208, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.284] WriteFile (in: hFile=0x208, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0041.284] WriteFile (in: hFile=0x208, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0041.284] CloseHandle (hObject=0x208) returned 1 [0041.284] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e83ff0 [0041.284] wsprintfW (in: param_1=0x3e83ff0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.lolkek") returned 83 [0041.284] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.lolkek" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\help_mvalidator.h1d.lolkek")) returned 1 [0041.285] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e83ff0 | out: hHeap=0x5a0000) returned 1 [0041.285] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616850 | out: hHeap=0x5a0000) returned 1 [0041.285] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0041.285] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.285] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", dwFileAttributes=0x80) returned 0 [0041.285] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0041.285] RmStartSession () returned 0x0 [0041.287] RmRegisterResources () returned 0x0 [0041.290] RmGetList () returned 0x0 [0042.061] RmEndSession () returned 0x0 [0042.237] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0042.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dded50 | out: hHeap=0x5a0000) returned 1 [0042.237] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0042.237] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.237] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", dwFileAttributes=0x80) returned 0 [0042.247] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0042.247] RmStartSession () returned 0x0 [0042.412] RmRegisterResources () returned 0x0 [0042.414] RmGetList () returned 0x0 [0043.071] RmEndSession () returned 0x0 [0043.093] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0043.093] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66d4a8 | out: hHeap=0x5a0000) returned 1 [0043.093] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0043.093] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.093] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico", dwFileAttributes=0x80) returned 0 [0043.093] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0043.093] RmStartSession () returned 0x0 [0043.096] RmRegisterResources () returned 0x0 [0043.098] RmGetList () returned 0x0 [0044.274] RmEndSession () returned 0x0 [0044.294] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x677628 | out: hHeap=0x5a0000) returned 1 [0044.294] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.294] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.294] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp", dwFileAttributes=0x80) returned 0 [0044.294] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.294] RmStartSession () returned 0x0 [0044.297] RmRegisterResources () returned 0x0 [0044.299] RmGetList () returned 0x0 [0044.976] RmEndSession () returned 0x0 [0044.996] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile15.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0044.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x676a90 | out: hHeap=0x5a0000) returned 1 [0044.996] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0044.996] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.996] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp", dwFileAttributes=0x80) returned 0 [0044.997] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0044.997] RmStartSession () returned 0x0 [0044.999] RmRegisterResources () returned 0x0 [0045.001] RmGetList () returned 0x0 [0045.635] RmEndSession () returned 0x0 [0045.654] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile27.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0045.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x614bc0 | out: hHeap=0x5a0000) returned 1 [0045.654] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0045.655] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.655] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp", dwFileAttributes=0x80) returned 0 [0045.655] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0045.655] RmStartSession () returned 0x0 [0045.657] RmRegisterResources () returned 0x0 [0045.659] RmGetList () returned 0x0 [0046.434] RmEndSession () returned 0x0 [0046.454] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\usertile39.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0046.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cad918 | out: hHeap=0x5a0000) returned 1 [0046.454] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.454] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.454] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn", dwFileAttributes=0x80) returned 1 [0046.454] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.454] CloseHandle (hObject=0x1bc) returned 1 [0046.454] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.454] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186 [0046.454] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.455] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.455] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.455] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.455] ReadFile (in: hFile=0x1bc, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x186, lpOverlapped=0x0) returned 1 [0046.456] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffe7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.456] WriteFile (in: hFile=0x1bc, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x186, lpOverlapped=0x0) returned 1 [0046.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.456] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.456] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.456] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.456] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.456] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.456] CloseHandle (hObject=0x1bc) returned 1 [0046.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.456] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn.lolkek") returned 47 [0046.456] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" (normalized: "c:\\programdata\\microsoft help\\hx.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\hx.hxn.lolkek")) returned 1 [0046.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb1668 | out: hHeap=0x5a0000) returned 1 [0046.457] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.457] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.457] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.462] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.462] CloseHandle (hObject=0x2bc) returned 1 [0046.462] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.462] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x146 [0046.462] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.462] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.463] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.463] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.463] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.463] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.463] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x146, lpOverlapped=0x0) returned 1 [0046.463] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeba, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.463] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x146, lpOverlapped=0x0) returned 1 [0046.463] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.463] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.463] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.463] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.463] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.463] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.463] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.463] CloseHandle (hObject=0x2bc) returned 1 [0046.463] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.463] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn.lolkek") returned 61 [0046.463] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.excel.14.1033.hxn.lolkek")) returned 1 [0046.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc230 | out: hHeap=0x5a0000) returned 1 [0046.464] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.464] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.464] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.464] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.464] CloseHandle (hObject=0x2bc) returned 1 [0046.464] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.464] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15e [0046.464] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.464] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.465] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.465] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.465] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x15e, lpOverlapped=0x0) returned 1 [0046.465] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffea2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.465] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x15e, lpOverlapped=0x0) returned 1 [0046.465] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.465] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.465] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.465] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.465] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.466] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.466] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.466] CloseHandle (hObject=0x2bc) returned 1 [0046.466] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.466] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.lolkek") returned 65 [0046.466] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.excel.dev.14.1033.hxn.lolkek")) returned 1 [0046.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc070 | out: hHeap=0x5a0000) returned 1 [0046.466] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.466] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.466] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.476] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.476] CloseHandle (hObject=0x2bc) returned 1 [0046.476] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.476] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x146 [0046.476] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.476] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.477] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.477] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.477] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.477] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.477] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x146, lpOverlapped=0x0) returned 1 [0046.477] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeba, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.477] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x146, lpOverlapped=0x0) returned 1 [0046.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.477] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.477] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.477] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.477] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.477] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.477] CloseHandle (hObject=0x2bc) returned 1 [0046.477] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.477] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn.lolkek") returned 61 [0046.477] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.graph.14.1033.hxn.lolkek")) returned 1 [0046.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b4d8 | out: hHeap=0x5a0000) returned 1 [0046.478] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.478] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.478] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.478] CloseHandle (hObject=0x2bc) returned 1 [0046.478] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.478] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14c [0046.478] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.478] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.479] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.479] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.479] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x14c, lpOverlapped=0x0) returned 1 [0046.479] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeb4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.479] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x14c, lpOverlapped=0x0) returned 1 [0046.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.479] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.479] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.479] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.479] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.480] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.480] CloseHandle (hObject=0x2bc) returned 1 [0046.480] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.480] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn.lolkek") returned 62 [0046.480] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.groove.14.1033.hxn.lolkek")) returned 1 [0046.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb670 | out: hHeap=0x5a0000) returned 1 [0046.480] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.480] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.480] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.487] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0046.487] CloseHandle (hObject=0x270) returned 1 [0046.487] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0046.487] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x158 [0046.487] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.487] ReadFile (in: hFile=0x270, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.487] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.488] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.488] ReadFile (in: hFile=0x270, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x158, lpOverlapped=0x0) returned 1 [0046.488] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffea8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.488] WriteFile (in: hFile=0x270, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x158, lpOverlapped=0x0) returned 1 [0046.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.488] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.488] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.488] WriteFile (in: hFile=0x270, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.488] WriteFile (in: hFile=0x270, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.488] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.488] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.488] CloseHandle (hObject=0x270) returned 1 [0046.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.489] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.lolkek") returned 64 [0046.489] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.infopath.14.1033.hxn.lolkek")) returned 1 [0046.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f8a0 | out: hHeap=0x5a0000) returned 1 [0046.489] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.489] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.489] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.490] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x270 [0046.490] CloseHandle (hObject=0x270) returned 1 [0046.490] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0046.490] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17c [0046.490] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.490] ReadFile (in: hFile=0x270, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.490] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.490] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.491] ReadFile (in: hFile=0x270, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x17c, lpOverlapped=0x0) returned 1 [0046.491] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffe84, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.491] WriteFile (in: hFile=0x270, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x17c, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x17c, lpOverlapped=0x0) returned 1 [0046.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.491] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.491] WriteFile (in: hFile=0x270, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.491] WriteFile (in: hFile=0x270, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.491] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.491] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.491] CloseHandle (hObject=0x270) returned 1 [0046.491] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.491] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.lolkek") returned 70 [0046.491] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.infopatheditor.14.1033.hxn.lolkek")) returned 1 [0046.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7920 | out: hHeap=0x5a0000) returned 1 [0046.492] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.492] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.492] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.493] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0046.494] CloseHandle (hObject=0x1ec) returned 1 [0046.494] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0046.494] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x158 [0046.494] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.494] ReadFile (in: hFile=0x1ec, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.494] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.494] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.494] ReadFile (in: hFile=0x1ec, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x158, lpOverlapped=0x0) returned 1 [0046.494] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffea8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.494] WriteFile (in: hFile=0x1ec, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x158, lpOverlapped=0x0) returned 1 [0046.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.495] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.495] WriteFile (in: hFile=0x1ec, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.495] WriteFile (in: hFile=0x1ec, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.495] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.495] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.495] CloseHandle (hObject=0x1ec) returned 1 [0046.495] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.495] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.lolkek") returned 64 [0046.495] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.14.1033.hxn.lolkek")) returned 1 [0046.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ddb980 | out: hHeap=0x5a0000) returned 1 [0046.496] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.496] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.496] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.496] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0046.496] CloseHandle (hObject=0x1ec) returned 1 [0046.496] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0046.496] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x170 [0046.496] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.496] ReadFile (in: hFile=0x1ec, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.497] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.497] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.497] ReadFile (in: hFile=0x1ec, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x170, lpOverlapped=0x0) returned 1 [0046.497] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffe90, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.497] WriteFile (in: hFile=0x1ec, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x170, lpOverlapped=0x0) returned 1 [0046.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.497] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.497] WriteFile (in: hFile=0x1ec, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.497] WriteFile (in: hFile=0x1ec, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.497] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.497] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.497] CloseHandle (hObject=0x1ec) returned 1 [0046.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.498] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.lolkek") returned 68 [0046.498] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.msaccess.dev.14.1033.hxn.lolkek")) returned 1 [0046.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.498] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fb60 | out: hHeap=0x5a0000) returned 1 [0046.498] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.498] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.498] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.498] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ec [0046.498] CloseHandle (hObject=0x1ec) returned 1 [0046.498] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0046.498] GetFileSize (in: hFile=0x1ec, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x146 [0046.499] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.499] ReadFile (in: hFile=0x1ec, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.499] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.499] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.499] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.499] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.499] ReadFile (in: hFile=0x1ec, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x146, lpOverlapped=0x0) returned 1 [0046.499] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0xfffffeba, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.499] WriteFile (in: hFile=0x1ec, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x146, lpOverlapped=0x0) returned 1 [0046.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.499] SetFilePointerEx (in: hFile=0x1ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.499] WriteFile (in: hFile=0x1ec, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.500] WriteFile (in: hFile=0x1ec, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.500] CloseHandle (hObject=0x1ec) returned 1 [0046.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.500] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn.lolkek") returned 61 [0046.500] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.msouc.14.1033.hxn.lolkek")) returned 1 [0046.500] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.500] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb758 | out: hHeap=0x5a0000) returned 1 [0046.500] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.500] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.500] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.502] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0046.502] CloseHandle (hObject=0x1b4) returned 1 [0046.502] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.502] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x146 [0046.502] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.502] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.503] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.503] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.503] ReadFile (in: hFile=0x1b4, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x146, lpOverlapped=0x0) returned 1 [0046.503] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffeba, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.503] WriteFile (in: hFile=0x1b4, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x146, lpOverlapped=0x0) returned 1 [0046.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.503] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.503] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.503] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.503] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.503] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.503] CloseHandle (hObject=0x1b4) returned 1 [0046.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.504] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn.lolkek") returned 61 [0046.504] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.14.1033.hxn.lolkek")) returned 1 [0046.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb840 | out: hHeap=0x5a0000) returned 1 [0046.504] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.504] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.504] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.504] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0046.504] CloseHandle (hObject=0x1b4) returned 1 [0046.505] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.505] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15e [0046.505] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.505] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.505] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.505] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.505] ReadFile (in: hFile=0x1b4, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x15e, lpOverlapped=0x0) returned 1 [0046.506] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffea2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.506] WriteFile (in: hFile=0x1b4, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x15e, lpOverlapped=0x0) returned 1 [0046.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.506] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.506] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.506] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.506] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.506] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.506] CloseHandle (hObject=0x1b4) returned 1 [0046.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.506] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.lolkek") returned 65 [0046.506] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.mspub.dev.14.1033.hxn.lolkek")) returned 1 [0046.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf2dd8 | out: hHeap=0x5a0000) returned 1 [0046.507] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.507] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.507] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.507] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0046.507] CloseHandle (hObject=0x1b4) returned 1 [0046.507] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.507] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14c [0046.507] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.507] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.508] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.508] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.508] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.508] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.508] ReadFile (in: hFile=0x1b4, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x14c, lpOverlapped=0x0) returned 1 [0046.508] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffeb4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.508] WriteFile (in: hFile=0x1b4, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x14c, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x14c, lpOverlapped=0x0) returned 1 [0046.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.508] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.508] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.508] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.508] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.508] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.508] CloseHandle (hObject=0x1b4) returned 1 [0046.508] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.508] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn.lolkek") returned 62 [0046.508] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.mstore.14.1033.hxn.lolkek")) returned 1 [0046.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb928 | out: hHeap=0x5a0000) returned 1 [0046.509] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.509] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.509] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0046.509] CloseHandle (hObject=0x1b4) returned 1 [0046.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.509] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13a [0046.509] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.509] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.510] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.510] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.510] ReadFile (in: hFile=0x1b4, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x13a, lpOverlapped=0x0) returned 1 [0046.510] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffec6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.510] WriteFile (in: hFile=0x1b4, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x13a, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x13a, lpOverlapped=0x0) returned 1 [0046.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.510] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.510] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.510] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.510] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.510] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.511] CloseHandle (hObject=0x1b4) returned 1 [0046.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.511] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn.lolkek") returned 59 [0046.511] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.ois.14.1033.hxn.lolkek")) returned 1 [0046.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b308 | out: hHeap=0x5a0000) returned 1 [0046.511] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.511] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.511] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.511] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4 [0046.511] CloseHandle (hObject=0x1b4) returned 1 [0046.511] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.512] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x152 [0046.512] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.512] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.512] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.512] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.512] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eadb50 [0046.512] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.512] ReadFile (in: hFile=0x1b4, lpBuffer=0x3eadb50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesRead=0x3bce10c*=0x152, lpOverlapped=0x0) returned 1 [0046.512] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffeae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.512] WriteFile (in: hFile=0x1b4, lpBuffer=0x3eadb50*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eadb50*, lpNumberOfBytesWritten=0x3bcfb50*=0x152, lpOverlapped=0x0) returned 1 [0046.512] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb50 | out: hHeap=0x5a0000) returned 1 [0046.512] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.512] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.513] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.513] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.513] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.513] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.513] CloseHandle (hObject=0x1b4) returned 1 [0046.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.513] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.lolkek") returned 63 [0046.513] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.onenote.14.1033.hxn.lolkek")) returned 1 [0046.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61b3e8 | out: hHeap=0x5a0000) returned 1 [0046.513] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.513] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.513] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.519] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.519] CloseHandle (hObject=0x2bc) returned 1 [0046.519] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.519] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x152 [0046.519] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.519] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.520] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.520] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.520] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x152, lpOverlapped=0x0) returned 1 [0046.520] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.520] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x152, lpOverlapped=0x0) returned 1 [0046.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.521] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.521] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.521] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.521] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.521] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.521] CloseHandle (hObject=0x2bc) returned 1 [0046.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.521] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.lolkek") returned 63 [0046.521] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.14.1033.hxn.lolkek")) returned 1 [0046.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43ee0 | out: hHeap=0x5a0000) returned 1 [0046.522] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.522] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.522] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.522] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.522] CloseHandle (hObject=0x2bc) returned 1 [0046.522] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.522] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16a [0046.522] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.522] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.523] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.523] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.523] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x16a, lpOverlapped=0x0) returned 1 [0046.523] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe96, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.523] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x16a, lpOverlapped=0x0) returned 1 [0046.523] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.523] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.523] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.523] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.523] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.523] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.524] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.524] CloseHandle (hObject=0x2bc) returned 1 [0046.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.524] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.lolkek") returned 67 [0046.524] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.outlook.dev.14.1033.hxn.lolkek")) returned 1 [0046.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7b20 | out: hHeap=0x5a0000) returned 1 [0046.524] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.524] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.524] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.529] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.529] CloseHandle (hObject=0x2bc) returned 1 [0046.529] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.529] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x158 [0046.529] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.529] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.530] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.530] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.530] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x158, lpOverlapped=0x0) returned 1 [0046.530] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffea8, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.530] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x158, lpOverlapped=0x0) returned 1 [0046.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.530] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.530] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.530] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.530] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.530] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.530] CloseHandle (hObject=0x2bc) returned 1 [0046.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.530] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.lolkek") returned 64 [0046.531] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.14.1033.hxn.lolkek")) returned 1 [0046.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7750 | out: hHeap=0x5a0000) returned 1 [0046.531] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.531] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.531] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.532] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.532] CloseHandle (hObject=0x2bc) returned 1 [0046.532] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.532] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x170 [0046.532] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.532] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.533] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.533] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.533] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.533] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.533] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x170, lpOverlapped=0x0) returned 1 [0046.533] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe90, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.533] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x170, lpOverlapped=0x0) returned 1 [0046.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.533] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.533] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.534] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.534] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.534] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.534] CloseHandle (hObject=0x2bc) returned 1 [0046.534] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.534] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.lolkek") returned 68 [0046.534] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.powerpnt.dev.14.1033.hxn.lolkek")) returned 1 [0046.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc9da0 | out: hHeap=0x5a0000) returned 1 [0046.534] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.535] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.535] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.535] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.535] CloseHandle (hObject=0x2bc) returned 1 [0046.535] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.535] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x152 [0046.535] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.535] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.536] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.536] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.536] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x152, lpOverlapped=0x0) returned 1 [0046.536] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.536] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x152, lpOverlapped=0x0) returned 1 [0046.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.536] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.536] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.536] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.536] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.536] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.536] CloseHandle (hObject=0x2bc) returned 1 [0046.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.536] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn.lolkek") returned 63 [0046.537] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.setlang.14.1033.hxn.lolkek")) returned 1 [0046.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62e8c0 | out: hHeap=0x5a0000) returned 1 [0046.537] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.537] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.537] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.542] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.542] CloseHandle (hObject=0x2bc) returned 1 [0046.543] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.543] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x146 [0046.543] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.543] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.543] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.543] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.543] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x146, lpOverlapped=0x0) returned 1 [0046.543] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeba, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.543] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x146, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x146, lpOverlapped=0x0) returned 1 [0046.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.544] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.544] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.544] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.544] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.544] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.544] CloseHandle (hObject=0x2bc) returned 1 [0046.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.544] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn.lolkek") returned 61 [0046.544] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.visio.14.1033.hxn.lolkek")) returned 1 [0046.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbba10 | out: hHeap=0x5a0000) returned 1 [0046.544] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.544] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.545] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.545] CloseHandle (hObject=0x2bc) returned 1 [0046.545] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.545] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15e [0046.545] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.545] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.546] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.546] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.546] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x15e, lpOverlapped=0x0) returned 1 [0046.546] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffea2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.546] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x15e, lpOverlapped=0x0) returned 1 [0046.546] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.546] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.546] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.546] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.546] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.546] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.546] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.546] CloseHandle (hObject=0x2bc) returned 1 [0046.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.546] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.lolkek") returned 65 [0046.546] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.visio.dev.14.1033.hxn.lolkek")) returned 1 [0046.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c2078 | out: hHeap=0x5a0000) returned 1 [0046.547] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.547] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.547] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.547] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.547] CloseHandle (hObject=0x2bc) returned 1 [0046.547] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.547] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x188 [0046.547] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.547] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.548] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.548] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.548] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.548] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.548] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x188, lpOverlapped=0x0) returned 1 [0046.548] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe78, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.548] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x188, lpOverlapped=0x0) returned 1 [0046.548] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.548] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.548] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.548] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.548] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.549] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.549] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.549] CloseHandle (hObject=0x2bc) returned 1 [0046.549] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.549] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.lolkek") returned 72 [0046.549] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.visio.shapesheet.14.1033.hxn.lolkek")) returned 1 [0046.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc9ea0 | out: hHeap=0x5a0000) returned 1 [0046.549] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.549] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.549] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.555] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.555] CloseHandle (hObject=0x2bc) returned 1 [0046.555] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.555] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15e [0046.555] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.555] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.556] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.556] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.556] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x15e, lpOverlapped=0x0) returned 1 [0046.556] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffea2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.556] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x15e, lpOverlapped=0x0) returned 1 [0046.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.556] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.556] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.556] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.556] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.556] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.556] CloseHandle (hObject=0x2bc) returned 1 [0046.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.556] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.lolkek") returned 65 [0046.556] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.visio_prm.14.1033.hxn.lolkek")) returned 1 [0046.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x632ed8 | out: hHeap=0x5a0000) returned 1 [0046.557] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.557] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.557] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.557] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.557] CloseHandle (hObject=0x2bc) returned 1 [0046.557] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.557] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x15e [0046.557] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.557] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.558] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.558] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.558] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.558] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.558] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x15e, lpOverlapped=0x0) returned 1 [0046.558] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffea2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.558] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x15e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x15e, lpOverlapped=0x0) returned 1 [0046.558] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.558] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.558] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.558] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.558] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.559] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.559] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.559] CloseHandle (hObject=0x2bc) returned 1 [0046.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.559] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.lolkek") returned 65 [0046.559] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.visio_std.14.1033.hxn.lolkek")) returned 1 [0046.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x633178 | out: hHeap=0x5a0000) returned 1 [0046.559] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.559] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.559] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.559] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.560] CloseHandle (hObject=0x2bc) returned 1 [0046.560] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.560] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x152 [0046.560] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.560] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.560] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.560] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.560] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x152, lpOverlapped=0x0) returned 1 [0046.560] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.560] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x152, lpOverlapped=0x0) returned 1 [0046.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.561] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.561] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.561] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.561] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.561] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.561] CloseHandle (hObject=0x2bc) returned 1 [0046.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.561] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.lolkek") returned 63 [0046.561] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.14.1033.hxn.lolkek")) returned 1 [0046.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x632fd0 | out: hHeap=0x5a0000) returned 1 [0046.561] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.561] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.561] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.567] CloseHandle (hObject=0x2bc) returned 1 [0046.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.567] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16a [0046.567] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.568] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.568] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.568] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.568] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.568] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.568] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x16a, lpOverlapped=0x0) returned 1 [0046.568] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe96, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.568] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x16a, lpOverlapped=0x0) returned 1 [0046.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.569] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.569] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.569] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.569] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.569] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.569] CloseHandle (hObject=0x2bc) returned 1 [0046.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.569] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.lolkek") returned 67 [0046.569] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.winproj.dev.14.1033.hxn.lolkek")) returned 1 [0046.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f5a8 | out: hHeap=0x5a0000) returned 1 [0046.569] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.570] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.570] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.575] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.575] CloseHandle (hObject=0x2bc) returned 1 [0046.575] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.575] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x152 [0046.575] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.575] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.576] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.576] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.576] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.576] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.576] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x152, lpOverlapped=0x0) returned 1 [0046.576] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffeae, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.576] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x152, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x152, lpOverlapped=0x0) returned 1 [0046.576] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.576] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.576] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.576] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.576] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.576] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.576] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.576] CloseHandle (hObject=0x2bc) returned 1 [0046.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.577] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn.lolkek") returned 63 [0046.577] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.winword.14.1033.hxn.lolkek")) returned 1 [0046.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62f6a8 | out: hHeap=0x5a0000) returned 1 [0046.577] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.577] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.577] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn", dwFileAttributes=0x80) returned 1 [0046.577] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.577] CloseHandle (hObject=0x2bc) returned 1 [0046.577] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.577] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x16a [0046.578] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.578] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.578] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3eb1b50 [0046.578] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.578] ReadFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesRead=0x3bce10c*=0x16a, lpOverlapped=0x0) returned 1 [0046.578] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffe96, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.578] WriteFile (in: hFile=0x2bc, lpBuffer=0x3eb1b50*, nNumberOfBytesToWrite=0x16a, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3eb1b50*, lpNumberOfBytesWritten=0x3bcfb50*=0x16a, lpOverlapped=0x0) returned 1 [0046.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb1b50 | out: hHeap=0x5a0000) returned 1 [0046.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.578] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.578] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.579] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.579] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.579] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.579] CloseHandle (hObject=0x2bc) returned 1 [0046.579] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.579] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.lolkek") returned 67 [0046.579] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.lolkek" (normalized: "c:\\programdata\\microsoft help\\ms.winword.dev.14.1033.hxn.lolkek")) returned 1 [0046.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1b70 | out: hHeap=0x5a0000) returned 1 [0046.579] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.579] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.579] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl", dwFileAttributes=0x80) returned 1 [0046.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.580] CloseHandle (hObject=0x2bc) returned 1 [0046.580] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.580] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x21dc [0046.580] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.580] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.586] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.586] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.586] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x21dc, lpOverlapped=0x0) returned 1 [0046.591] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffde24, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.591] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x21dc, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x21dc, lpOverlapped=0x0) returned 1 [0046.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.592] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.592] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.592] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.592] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.592] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.592] CloseHandle (hObject=0x2bc) returned 1 [0046.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.592] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl.lolkek") returned 51 [0046.592] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl"), lpNewFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl.lolkek" (normalized: "c:\\programdata\\microsoft help\\nslist.hxl.lolkek")) returned 1 [0046.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb9018 | out: hHeap=0x5a0000) returned 1 [0046.592] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.592] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.593] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log", dwFileAttributes=0x80) returned 1 [0046.598] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.598] CloseHandle (hObject=0x2bc) returned 1 [0046.598] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.598] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa4 [0046.598] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.598] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.599] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.599] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.599] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0xa4, lpOverlapped=0x0) returned 1 [0046.599] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffff5c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.599] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0xa4, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0xa4, lpOverlapped=0x0) returned 1 [0046.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.600] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.600] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.600] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.600] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.600] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.600] CloseHandle (hObject=0x2bc) returned 1 [0046.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.600] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log.lolkek") returned 69 [0046.600] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log"), lpNewFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log.lolkek" (normalized: "c:\\programdata\\mozilla\\logs\\maintenanceservice-install.log.lolkek")) returned 1 [0046.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.601] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62cf18 | out: hHeap=0x5a0000) returned 1 [0046.601] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.601] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.601] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu", dwFileAttributes=0x80) returned 1 [0046.601] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.602] CloseHandle (hObject=0x2bc) returned 1 [0046.602] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.602] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf7139 [0046.602] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.602] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.608] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.608] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.608] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.614] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.614] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.614] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.614] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.614] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.614] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.614] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.614] CloseHandle (hObject=0x2bc) returned 1 [0046.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.614] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.lolkek") returned 128 [0046.614] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.lolkek" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.lolkek")) returned 1 [0046.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1c70 | out: hHeap=0x5a0000) returned 1 [0046.615] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.615] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.615] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu", dwFileAttributes=0x80) returned 1 [0046.617] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.617] CloseHandle (hObject=0x2bc) returned 1 [0046.617] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.617] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfc93c [0046.617] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.617] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.623] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.623] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.623] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.630] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.630] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.631] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.631] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.631] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.631] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.631] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.631] CloseHandle (hObject=0x2bc) returned 1 [0046.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.631] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.lolkek") returned 128 [0046.631] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.lolkek" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\windows6.1-kb2999226-x64.msu.lolkek")) returned 1 [0046.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x645fb8 | out: hHeap=0x5a0000) returned 1 [0046.632] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.632] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.632] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.634] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.635] CloseHandle (hObject=0x2bc) returned 1 [0046.635] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.635] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xf36be [0046.635] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.635] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.641] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.641] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.641] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.642] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.642] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.642] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.642] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.642] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.642] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.642] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.642] CloseHandle (hObject=0x2bc) returned 1 [0046.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.642] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek") returned 128 [0046.642] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\cab1.cab.lolkek")) returned 1 [0046.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66aa10 | out: hHeap=0x5a0000) returned 1 [0046.644] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.644] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.644] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi", dwFileAttributes=0x80) returned 1 [0046.644] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.645] CloseHandle (hObject=0x2bc) returned 1 [0046.645] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.645] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x23000 [0046.645] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.645] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.648] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.648] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.648] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.649] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.649] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.649] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.650] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.650] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.650] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.650] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.650] CloseHandle (hObject=0x2bc) returned 1 [0046.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.650] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek") returned 145 [0046.650] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\vc_runtimeminimum_x86.msi.lolkek")) returned 1 [0046.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.651] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd5758 | out: hHeap=0x5a0000) returned 1 [0046.651] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.651] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.651] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm", dwFileAttributes=0x80) returned 1 [0046.654] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.654] CloseHandle (hObject=0x2bc) returned 1 [0046.654] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.654] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x28e [0046.654] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.654] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.655] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.655] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.655] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x28e, lpOverlapped=0x0) returned 1 [0046.655] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffd72, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.655] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x28e, lpOverlapped=0x0) returned 1 [0046.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.655] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.655] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.655] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.655] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.655] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.655] CloseHandle (hObject=0x2bc) returned 1 [0046.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.655] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.lolkek") returned 88 [0046.655] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.lolkek" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.lolkek")) returned 1 [0046.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae688 | out: hHeap=0x5a0000) returned 1 [0046.657] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.657] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.657] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe", dwFileAttributes=0x80) returned 1 [0046.657] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.657] CloseHandle (hObject=0x2bc) returned 1 [0046.657] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.658] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6f428 [0046.658] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.658] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.660] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.661] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.661] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.662] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.662] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.662] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.662] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.663] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.663] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.663] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.663] CloseHandle (hObject=0x2bc) returned 1 [0046.663] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.663] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.lolkek") returned 95 [0046.663] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.lolkek" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.lolkek")) returned 1 [0046.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c320 | out: hHeap=0x5a0000) returned 1 [0046.663] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.663] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.663] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.664] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0046.664] CloseHandle (hObject=0x2bc) returned 1 [0046.664] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.664] GetFileSize (in: hFile=0x2bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x588124 [0046.664] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.664] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.669] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.669] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.669] ReadFile (in: hFile=0x2bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.677] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.678] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.678] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.678] SetFilePointerEx (in: hFile=0x2bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.678] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.679] WriteFile (in: hFile=0x2bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.679] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.679] WriteFile (in: hFile=0x2bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.679] CloseHandle (hObject=0x2bc) returned 1 [0046.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.679] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek") returned 133 [0046.679] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\cab1.cab.lolkek")) returned 1 [0046.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c490 | out: hHeap=0x5a0000) returned 1 [0046.680] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.680] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.680] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi", dwFileAttributes=0x80) returned 1 [0046.685] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.685] CloseHandle (hObject=0x1bc) returned 1 [0046.685] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.686] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x25000 [0046.686] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.686] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.687] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.687] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.687] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.688] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.688] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.688] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.688] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.689] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.689] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.689] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.689] CloseHandle (hObject=0x1bc) returned 1 [0046.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.689] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek") returned 153 [0046.689] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\vc_runtimeadditional_x64.msi.lolkek")) returned 1 [0046.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634508 | out: hHeap=0x5a0000) returned 1 [0046.689] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.689] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.689] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm", dwFileAttributes=0x80) returned 1 [0046.690] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.690] CloseHandle (hObject=0x1bc) returned 1 [0046.690] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.690] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x29a [0046.690] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.690] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.691] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.691] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.691] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x29a, lpOverlapped=0x0) returned 1 [0046.691] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffd66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.691] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x29a, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x29a, lpOverlapped=0x0) returned 1 [0046.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.691] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.691] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.691] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.691] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.691] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.691] CloseHandle (hObject=0x1bc) returned 1 [0046.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.691] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.lolkek") returned 88 [0046.692] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.lolkek" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.lolkek")) returned 1 [0046.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae7e0 | out: hHeap=0x5a0000) returned 1 [0046.695] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.695] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.695] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe", dwFileAttributes=0x80) returned 1 [0046.695] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.696] CloseHandle (hObject=0x1bc) returned 1 [0046.696] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.696] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x710a8 [0046.696] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.696] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.698] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.699] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.699] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.700] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.700] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.701] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.701] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.701] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.701] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.701] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.701] CloseHandle (hObject=0x1bc) returned 1 [0046.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.701] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.lolkek") returned 95 [0046.701] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.lolkek" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.lolkek")) returned 1 [0046.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c948d8 | out: hHeap=0x5a0000) returned 1 [0046.702] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.702] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.702] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.705] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.705] CloseHandle (hObject=0x1bc) returned 1 [0046.705] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.705] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x13babb [0046.705] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.705] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.706] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3bd0048 [0046.707] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.707] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bd0048, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.731] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.732] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bd0048*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3bd0048*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.732] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.732] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.732] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.732] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.732] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.732] CloseHandle (hObject=0x1bc) returned 1 [0046.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.733] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek") returned 129 [0046.733] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\cab1.cab.lolkek")) returned 1 [0046.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf0f40 | out: hHeap=0x5a0000) returned 1 [0046.737] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.737] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.737] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.737] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.737] CloseHandle (hObject=0x1bc) returned 1 [0046.737] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.737] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4f699e [0046.737] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.738] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.745] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.745] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.745] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.748] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.748] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.748] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.748] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.748] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.748] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.748] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.748] CloseHandle (hObject=0x1bc) returned 1 [0046.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.749] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.lolkek") returned 132 [0046.749] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\cab1.cab.lolkek")) returned 1 [0046.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.753] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6357c8 | out: hHeap=0x5a0000) returned 1 [0046.753] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.753] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.753] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.753] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.753] CloseHandle (hObject=0x1bc) returned 1 [0046.753] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.753] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x165257 [0046.753] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.753] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.761] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.761] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.761] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.763] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.764] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.764] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.764] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.764] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.764] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.764] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.764] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.764] CloseHandle (hObject=0x1bc) returned 1 [0046.764] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.764] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek") returned 131 [0046.764] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\cab1.cab.lolkek")) returned 1 [0046.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62ca80 | out: hHeap=0x5a0000) returned 1 [0046.768] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.768] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.768] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.777] CloseHandle (hObject=0x1bc) returned 1 [0046.777] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.777] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x554520 [0046.777] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.777] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.780] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.780] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.780] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.781] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.781] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.781] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.782] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.782] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.782] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.782] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.782] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.782] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.782] CloseHandle (hObject=0x1bc) returned 1 [0046.782] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.782] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek") returned 133 [0046.782] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\cab1.cab.lolkek")) returned 1 [0046.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635c18 | out: hHeap=0x5a0000) returned 1 [0046.787] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.787] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.787] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.787] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.787] CloseHandle (hObject=0x1bc) returned 1 [0046.787] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.787] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xfc90a [0046.787] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.787] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.796] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.796] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.796] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.799] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.799] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.799] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.799] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.799] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.799] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.799] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.799] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.799] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.799] CloseHandle (hObject=0x1bc) returned 1 [0046.799] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.799] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek") returned 130 [0046.799] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\cab1.cab.lolkek")) returned 1 [0046.802] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.802] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x634760 | out: hHeap=0x5a0000) returned 1 [0046.802] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.802] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.803] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.803] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.803] CloseHandle (hObject=0x1bc) returned 1 [0046.803] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.803] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4ea418 [0046.803] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.803] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.808] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.808] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.808] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.812] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.812] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.812] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.812] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.812] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.812] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.812] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.812] CloseHandle (hObject=0x1bc) returned 1 [0046.812] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.813] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.lolkek") returned 131 [0046.813] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\cab1.cab.lolkek")) returned 1 [0046.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.814] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf22c0 | out: hHeap=0x5a0000) returned 1 [0046.815] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.815] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.815] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.815] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.815] CloseHandle (hObject=0x1bc) returned 1 [0046.815] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.815] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc89b1 [0046.815] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.815] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.819] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.819] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.820] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.827] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.827] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.828] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.828] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.828] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.828] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.828] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.828] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.828] CloseHandle (hObject=0x1bc) returned 1 [0046.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.828] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek") returned 128 [0046.828] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\cab1.cab.lolkek")) returned 1 [0046.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c608 | out: hHeap=0x5a0000) returned 1 [0046.835] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.835] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.835] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm", dwFileAttributes=0x80) returned 1 [0046.838] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.838] CloseHandle (hObject=0x1bc) returned 1 [0046.838] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.838] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x28e [0046.838] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.838] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.839] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.839] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.839] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x28e, lpOverlapped=0x0) returned 1 [0046.839] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffd72, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.839] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x28e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x28e, lpOverlapped=0x0) returned 1 [0046.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.839] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.839] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.839] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.839] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.839] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.840] CloseHandle (hObject=0x1bc) returned 1 [0046.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.842] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.lolkek") returned 88 [0046.842] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.lolkek" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm.lolkek")) returned 1 [0046.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae938 | out: hHeap=0x5a0000) returned 1 [0046.845] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.845] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.845] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.845] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.845] CloseHandle (hObject=0x1bc) returned 1 [0046.845] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.846] GetFileSize (in: hFile=0x1bc, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc5b25 [0046.846] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.846] ReadFile (in: hFile=0x1bc, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.849] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.849] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.849] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.849] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.849] ReadFile (in: hFile=0x1bc, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.851] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.852] WriteFile (in: hFile=0x1bc, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.852] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.852] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.852] WriteFile (in: hFile=0x1bc, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.852] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.852] WriteFile (in: hFile=0x1bc, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.852] CloseHandle (hObject=0x1bc) returned 1 [0046.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.852] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek") returned 130 [0046.852] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\cab1.cab.lolkek")) returned 1 [0046.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.854] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb170 | out: hHeap=0x5a0000) returned 1 [0046.854] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.854] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.854] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.867] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc [0046.868] CloseHandle (hObject=0x1bc) returned 1 [0046.868] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.870] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x59bde5 [0046.870] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.870] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.871] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.871] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.872] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.876] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.876] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.876] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.876] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.876] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.876] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.876] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.876] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.876] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.877] CloseHandle (hObject=0x210) returned 1 [0046.877] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.877] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek") returned 134 [0046.877] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\cab1.cab.lolkek")) returned 1 [0046.883] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.883] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d020 | out: hHeap=0x5a0000) returned 1 [0046.883] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.883] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.883] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe", dwFileAttributes=0x80) returned 1 [0046.886] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.891] CloseHandle (hObject=0x210) returned 1 [0046.891] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.891] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbee38 [0046.891] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.891] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.897] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.897] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.897] ReadFile (in: hFile=0x210, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.904] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.904] WriteFile (in: hFile=0x210, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.904] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.904] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.904] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.904] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.904] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.904] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.905] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.905] CloseHandle (hObject=0x210) returned 1 [0046.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.905] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.lolkek") returned 96 [0046.905] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe.lolkek" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\vc_redist.x64.exe.lolkek")) returned 1 [0046.905] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.905] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cb20 | out: hHeap=0x5a0000) returned 1 [0046.905] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.905] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.905] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm", dwFileAttributes=0x80) returned 1 [0046.905] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.906] CloseHandle (hObject=0x210) returned 1 [0046.906] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.906] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fe [0046.906] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.906] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.910] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.910] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.910] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x3bce10c*=0x2fe, lpOverlapped=0x0) returned 1 [0046.910] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffd02, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.910] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x2fe, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x3bcfb50*=0x2fe, lpOverlapped=0x0) returned 1 [0046.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.910] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.910] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.910] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.910] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.910] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.910] CloseHandle (hObject=0x210) returned 1 [0046.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.910] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.lolkek") returned 88 [0046.911] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.lolkek" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm.lolkek")) returned 1 [0046.917] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.917] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caed40 | out: hHeap=0x5a0000) returned 1 [0046.917] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.917] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.917] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab", dwFileAttributes=0x80) returned 1 [0046.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.917] CloseHandle (hObject=0x210) returned 1 [0046.917] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.918] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4b4520 [0046.918] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.918] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.922] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.922] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.922] ReadFile (in: hFile=0x210, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0046.938] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.938] WriteFile (in: hFile=0x210, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0046.938] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0046.938] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0046.938] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.938] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.938] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.938] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.938] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.938] CloseHandle (hObject=0x210) returned 1 [0046.938] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.938] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.lolkek") returned 131 [0046.938] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), lpNewFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab.lolkek" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab.lolkek")) returned 1 [0046.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62d480 | out: hHeap=0x5a0000) returned 1 [0046.963] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.963] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.963] SetFileAttributesW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml", dwFileAttributes=0x80) returned 1 [0046.964] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.964] CloseHandle (hObject=0x210) returned 1 [0046.964] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.964] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x77 [0046.964] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.964] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.965] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.965] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0046.965] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0046.965] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.965] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x3bce10c*=0x77, lpOverlapped=0x0) returned 1 [0046.965] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffff89, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.965] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x77, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x3bcfb50*=0x77, lpOverlapped=0x0) returned 1 [0046.965] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0046.965] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0046.965] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.965] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0046.965] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.965] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0046.966] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0046.966] CloseHandle (hObject=0x210) returned 1 [0046.966] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0046.966] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml.lolkek") returned 61 [0046.966] MoveFileW (lpExistingFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml"), lpNewFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml.lolkek" (normalized: "c:\\programdata\\sun\\java\\java update\\jaureglist.xml.lolkek")) returned 1 [0046.966] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0046.966] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbbaf8 | out: hHeap=0x5a0000) returned 1 [0046.966] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0046.966] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.966] SetFileAttributesW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", dwFileAttributes=0x80) returned 1 [0046.966] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0046.967] CloseHandle (hObject=0x210) returned 1 [0046.967] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0046.967] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x306000 [0046.967] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0046.967] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0046.993] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0046.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0046.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e65e50 [0046.993] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0046.993] ReadFile (in: hFile=0x210, lpBuffer=0x3e65e50, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0047.003] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.003] WriteFile (in: hFile=0x210, lpBuffer=0x3e65e50*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e65e50*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0047.003] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e65e50 | out: hHeap=0x5a0000) returned 1 [0047.003] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0047.003] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.003] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0047.003] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0047.003] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0047.003] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0047.003] CloseHandle (hObject=0x210) returned 1 [0047.003] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.003] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.lolkek") returned 68 [0047.004] MoveFileW (lpExistingFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), lpNewFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.lolkek" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi.lolkek")) returned 1 [0047.004] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.004] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66ac00 | out: hHeap=0x5a0000) returned 1 [0047.004] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0047.004] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.004] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst", dwFileAttributes=0x80) returned 1 [0047.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210 [0047.005] CloseHandle (hObject=0x210) returned 1 [0047.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0047.005] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x892c [0047.005] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.005] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0047.051] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0047.051] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0047.051] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3e6de58 [0047.051] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.051] ReadFile (in: hFile=0x210, lpBuffer=0x3e6de58, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0047.054] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.054] WriteFile (in: hFile=0x210, lpBuffer=0x3e6de58*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3e6de58*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0047.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0047.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0047.236] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0047.236] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0047.277] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0047.277] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0047.277] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0047.277] CloseHandle (hObject=0x210) returned 1 [0047.279] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0047.279] wsprintfW (in: param_1=0x3e98c10, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.lolkek") returned 92 [0047.279] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst.lolkek")) returned 1 [0050.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6336f8 | out: hHeap=0x5a0000) returned 1 [0050.474] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.474] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.474] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links", dwFileAttributes=0x80) returned 1 [0050.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c [0050.647] CloseHandle (hObject=0x25c) returned 1 [0050.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.676] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x20000 [0050.676] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.676] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0050.686] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0050.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0050.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x5dafc0 [0050.686] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.686] ReadFile (in: hFile=0x1b4, lpBuffer=0x5dafc0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0050.698] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.698] WriteFile (in: hFile=0x1b4, lpBuffer=0x5dafc0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x5dafc0*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0050.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0050.699] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.699] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0050.699] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0050.699] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0050.699] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0050.699] CloseHandle (hObject=0x1b4) returned 1 [0050.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.721] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links.lolkek") returned 100 [0050.721] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links.lolkek")) returned 1 [0050.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a2f0 | out: hHeap=0x5a0000) returned 1 [0050.824] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.824] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.824] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl", dwFileAttributes=0x80) returned 1 [0050.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268 [0050.881] CloseHandle (hObject=0x268) returned 1 [0050.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.893] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x410 [0050.893] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.894] ReadFile (in: hFile=0x1e0, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0050.895] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0050.895] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0050.895] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0050.895] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.895] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x410, lpOverlapped=0x0) returned 1 [0050.895] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffbf0, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.895] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x410, lpOverlapped=0x0) returned 1 [0050.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0050.895] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0050.895] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0050.895] WriteFile (in: hFile=0x1e0, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0050.895] WriteFile (in: hFile=0x1e0, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0050.895] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0050.895] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0050.896] CloseHandle (hObject=0x1e0) returned 1 [0050.896] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.896] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.lolkek") returned 143 [0050.896] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl.lolkek")) returned 1 [0050.989] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.989] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eadb68 | out: hHeap=0x5a0000) returned 1 [0050.989] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0050.989] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.989] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl", dwFileAttributes=0x80) returned 1 [0051.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0051.068] CloseHandle (hObject=0x27c) returned 1 [0051.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.100] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x401 [0051.100] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.100] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0051.101] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0051.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.101] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.101] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x401, lpOverlapped=0x0) returned 1 [0051.101] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffbff, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.102] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x401, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x401, lpOverlapped=0x0) returned 1 [0051.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.102] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.102] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0051.102] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0051.102] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0051.102] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0051.102] CloseHandle (hObject=0x1b4) returned 1 [0051.104] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.104] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.lolkek") returned 136 [0051.104] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl.lolkek")) returned 1 [0051.276] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.276] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c7aa8 | out: hHeap=0x5a0000) returned 1 [0051.276] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.276] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.276] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg", dwFileAttributes=0x80) returned 1 [0051.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x24c [0051.305] CloseHandle (hObject=0x24c) returned 1 [0051.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.327] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x107e [0051.327] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.327] ReadFile (in: hFile=0x214, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0051.328] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0051.328] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0051.328] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.328] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.329] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x107e, lpOverlapped=0x0) returned 1 [0051.329] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xffffef82, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.329] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x107e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x107e, lpOverlapped=0x0) returned 1 [0051.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.329] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0051.329] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.330] WriteFile (in: hFile=0x214, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0051.330] WriteFile (in: hFile=0x214, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0051.330] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0051.330] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0051.330] CloseHandle (hObject=0x214) returned 1 [0051.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ed7e40 [0051.330] wsprintfW (in: param_1=0x3ed7e40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.lolkek") returned 103 [0051.330] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg.lolkek")) returned 1 [0051.361] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ed7e40 | out: hHeap=0x5a0000) returned 1 [0051.361] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf0f40 | out: hHeap=0x5a0000) returned 1 [0051.361] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.361] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.361] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm", dwFileAttributes=0x80) returned 1 [0051.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0051.593] CloseHandle (hObject=0x258) returned 1 [0051.593] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0051.811] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe6 [0051.811] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.811] ReadFile (in: hFile=0x2b8, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0051.812] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0051.812] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7f78 [0051.812] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0051.812] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.812] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0xe6, lpOverlapped=0x0) returned 1 [0051.812] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0xffffff1a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.812] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0xe6, lpOverlapped=0x0) returned 1 [0051.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0051.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7f78 | out: hHeap=0x5a0000) returned 1 [0051.812] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0051.812] WriteFile (in: hFile=0x2b8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0051.812] WriteFile (in: hFile=0x2b8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0051.813] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0051.813] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0051.813] CloseHandle (hObject=0x2b8) returned 1 [0051.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.897] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.lolkek") returned 98 [0051.897] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm.lolkek")) returned 1 [0051.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x657a90 | out: hHeap=0x5a0000) returned 1 [0051.933] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0051.933] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.933] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", dwFileAttributes=0x80) returned 1 [0052.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0052.005] CloseHandle (hObject=0x2b8) returned 1 [0052.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.019] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x58b [0052.019] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.019] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.020] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.020] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.020] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.020] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.020] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x58b, lpOverlapped=0x0) returned 1 [0052.020] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffa75, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.020] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x58b, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x58b, lpOverlapped=0x0) returned 1 [0052.021] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.021] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.021] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.021] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.021] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.021] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.021] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.021] CloseHandle (hObject=0x210) returned 1 [0052.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0052.021] wsprintfW (in: param_1=0x658950, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.lolkek") returned 158 [0052.021] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d.lolkek")) returned 1 [0052.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0052.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbb000 | out: hHeap=0x5a0000) returned 1 [0052.044] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.044] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.044] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", dwFileAttributes=0x80) returned 1 [0052.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.066] CloseHandle (hObject=0x258) returned 1 [0052.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.079] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1d7 [0052.079] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.079] ReadFile (in: hFile=0x224, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.079] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.079] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.080] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.080] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.080] ReadFile (in: hFile=0x224, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x1d7, lpOverlapped=0x0) returned 1 [0052.080] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffe29, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.080] WriteFile (in: hFile=0x224, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1d7, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x1d7, lpOverlapped=0x0) returned 1 [0052.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.080] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.080] WriteFile (in: hFile=0x224, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.080] WriteFile (in: hFile=0x224, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.080] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.080] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.080] CloseHandle (hObject=0x224) returned 1 [0052.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.081] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.lolkek") returned 158 [0052.081] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6.lolkek")) returned 1 [0052.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.109] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x619270 | out: hHeap=0x5a0000) returned 1 [0052.109] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.109] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.109] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", dwFileAttributes=0x80) returned 1 [0052.120] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0052.126] CloseHandle (hObject=0x228) returned 1 [0052.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.138] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1cf [0052.138] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.139] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.139] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.139] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.139] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x1cf, lpOverlapped=0x0) returned 1 [0052.139] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe31, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.139] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1cf, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x1cf, lpOverlapped=0x0) returned 1 [0052.139] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.139] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.139] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.139] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.140] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.140] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.140] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.140] CloseHandle (hObject=0x210) returned 1 [0052.140] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.140] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.lolkek") returned 158 [0052.140] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778.lolkek")) returned 1 [0052.165] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da87a0 | out: hHeap=0x5a0000) returned 1 [0052.167] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.167] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.167] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", dwFileAttributes=0x80) returned 1 [0052.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.185] CloseHandle (hObject=0x2bc) returned 1 [0052.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.199] GetFileSize (in: hFile=0x214, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5e0 [0052.199] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.199] ReadFile (in: hFile=0x214, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.201] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.201] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.201] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.201] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.201] ReadFile (in: hFile=0x214, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x5e0, lpOverlapped=0x0) returned 1 [0052.201] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffa20, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.202] WriteFile (in: hFile=0x214, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x5e0, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x5e0, lpOverlapped=0x0) returned 1 [0052.202] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.202] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.202] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.202] WriteFile (in: hFile=0x214, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.202] WriteFile (in: hFile=0x214, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.202] WriteFile (in: hFile=0x214, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.202] WriteFile (in: hFile=0x214, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.202] CloseHandle (hObject=0x214) returned 1 [0052.202] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.203] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.lolkek") returned 158 [0052.203] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9.lolkek")) returned 1 [0052.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da9d48 | out: hHeap=0x5a0000) returned 1 [0052.229] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.229] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.229] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", dwFileAttributes=0x80) returned 1 [0052.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0052.248] CloseHandle (hObject=0x258) returned 1 [0052.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0052.263] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6e3 [0052.263] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.263] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.266] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.266] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.266] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.266] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.266] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x6e3, lpOverlapped=0x0) returned 1 [0052.266] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffff91d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.266] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x6e3, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x6e3, lpOverlapped=0x0) returned 1 [0052.266] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.267] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.267] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.267] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.267] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.267] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.267] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.267] CloseHandle (hObject=0x228) returned 1 [0052.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.267] wsprintfW (in: param_1=0x3bd0048, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.lolkek") returned 158 [0052.267] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873.lolkek")) returned 1 [0052.354] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.354] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dab558 | out: hHeap=0x5a0000) returned 1 [0052.354] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.354] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.354] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", dwFileAttributes=0x80) returned 1 [0052.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c [0052.369] CloseHandle (hObject=0x23c) returned 1 [0052.369] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.386] GetFileSize (in: hFile=0x23c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18e [0052.386] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.386] ReadFile (in: hFile=0x23c, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.386] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.386] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.386] ReadFile (in: hFile=0x23c, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x18e, lpOverlapped=0x0) returned 1 [0052.387] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffe72, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.387] WriteFile (in: hFile=0x23c, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x18e, lpOverlapped=0x0) returned 1 [0052.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.387] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.387] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.387] WriteFile (in: hFile=0x23c, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.387] WriteFile (in: hFile=0x23c, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.387] WriteFile (in: hFile=0x23c, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.387] WriteFile (in: hFile=0x23c, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.387] CloseHandle (hObject=0x23c) returned 1 [0052.388] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.388] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.lolkek") returned 159 [0052.388] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4.lolkek")) returned 1 [0052.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.408] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66b6b0 | out: hHeap=0x5a0000) returned 1 [0052.408] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.408] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.408] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", dwFileAttributes=0x80) returned 1 [0052.420] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0052.430] CloseHandle (hObject=0x2bc) returned 1 [0052.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.438] GetFileSize (in: hFile=0x290, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x186 [0052.438] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.438] ReadFile (in: hFile=0x290, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.438] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.439] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.439] ReadFile (in: hFile=0x290, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x186, lpOverlapped=0x0) returned 1 [0052.439] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0xfffffe7a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.439] WriteFile (in: hFile=0x290, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x186, lpOverlapped=0x0) returned 1 [0052.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.439] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.439] WriteFile (in: hFile=0x290, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.439] WriteFile (in: hFile=0x290, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.439] WriteFile (in: hFile=0x290, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.439] WriteFile (in: hFile=0x290, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.439] CloseHandle (hObject=0x290) returned 1 [0052.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.441] wsprintfW (in: param_1=0x3be0d78, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.lolkek") returned 159 [0052.441] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e.lolkek")) returned 1 [0052.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb93c8 | out: hHeap=0x5a0000) returned 1 [0052.459] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.459] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.459] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", dwFileAttributes=0x80) returned 1 [0052.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0052.478] CloseHandle (hObject=0x2a0) returned 1 [0052.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.487] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x188 [0052.487] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.487] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.488] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.488] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.488] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x188, lpOverlapped=0x0) returned 1 [0052.488] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe78, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.489] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x188, lpOverlapped=0x0) returned 1 [0052.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.489] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.489] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.489] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.489] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.489] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.489] CloseHandle (hObject=0x210) returned 1 [0052.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.490] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.lolkek") returned 159 [0052.490] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f.lolkek")) returned 1 [0052.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb89a8 | out: hHeap=0x5a0000) returned 1 [0052.511] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.511] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.511] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", dwFileAttributes=0x80) returned 1 [0052.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x290 [0052.538] CloseHandle (hObject=0x290) returned 1 [0052.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.543] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1a0 [0052.543] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.543] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.544] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0052.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.544] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.544] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x1a0, lpOverlapped=0x0) returned 1 [0052.544] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe60, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.544] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x1a0, lpOverlapped=0x0) returned 1 [0052.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0052.544] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.544] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.545] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.545] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.545] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.545] CloseHandle (hObject=0x210) returned 1 [0052.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.545] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.lolkek") returned 159 [0052.545] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852.lolkek")) returned 1 [0052.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eba580 | out: hHeap=0x5a0000) returned 1 [0052.567] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0052.568] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.568] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", dwFileAttributes=0x80) returned 1 [0052.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b8 [0052.614] CloseHandle (hObject=0x2b8) returned 1 [0052.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.764] GetFileSize (in: hFile=0x210, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18e [0052.764] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.764] ReadFile (in: hFile=0x210, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0052.765] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0052.765] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0052.765] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0052.765] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.765] ReadFile (in: hFile=0x210, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x18e, lpOverlapped=0x0) returned 1 [0052.765] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0xfffffe72, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0052.765] WriteFile (in: hFile=0x210, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x18e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x18e, lpOverlapped=0x0) returned 1 [0052.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0052.765] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0052.765] SetFilePointerEx (in: hFile=0x210, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0052.765] WriteFile (in: hFile=0x210, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0052.765] WriteFile (in: hFile=0x210, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.765] WriteFile (in: hFile=0x210, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0052.766] WriteFile (in: hFile=0x210, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0052.766] CloseHandle (hObject=0x210) returned 1 [0052.768] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.768] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.lolkek") returned 159 [0052.769] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585.lolkek")) returned 1 [0053.061] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.061] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eaad20 | out: hHeap=0x5a0000) returned 1 [0053.061] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.061] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.061] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST", dwFileAttributes=0x80) returned 1 [0053.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.063] CloseHandle (hObject=0x190) returned 1 [0053.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.063] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4c [0053.063] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.064] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.064] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4c, lpOverlapped=0x0) returned 1 [0053.064] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xffffffb4, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.064] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4c, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4c, lpOverlapped=0x0) returned 1 [0053.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.065] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.065] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.065] WriteFile (in: hFile=0x190, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.065] WriteFile (in: hFile=0x190, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.065] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.065] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.065] CloseHandle (hObject=0x190) returned 1 [0053.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.065] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.lolkek") returned 83 [0053.065] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist.lolkek")) returned 1 [0053.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.066] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616998 | out: hHeap=0x5a0000) returned 1 [0053.066] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.066] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.066] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml", dwFileAttributes=0x80) returned 1 [0053.575] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0 [0053.576] CloseHandle (hObject=0x2a0) returned 1 [0053.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0053.576] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa8 [0053.576] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.577] ReadFile (in: hFile=0x2a0, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0053.577] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.584] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.584] ReadFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0xa8, lpOverlapped=0x0) returned 1 [0053.584] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xffffff58, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.584] WriteFile (in: hFile=0x2a0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xa8, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0xa8, lpOverlapped=0x0) returned 1 [0053.584] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.585] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.585] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.585] WriteFile (in: hFile=0x2a0, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.585] WriteFile (in: hFile=0x2a0, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.585] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.585] WriteFile (in: hFile=0x2a0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.585] CloseHandle (hObject=0x2a0) returned 1 [0053.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.585] wsprintfW (in: param_1=0x5dafc0, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.lolkek") returned 109 [0053.585] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml.lolkek")) returned 1 [0053.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0050 | out: hHeap=0x5a0000) returned 1 [0053.587] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.587] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.587] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC", dwFileAttributes=0x80) returned 1 [0053.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224 [0053.627] CloseHandle (hObject=0x224) returned 1 [0053.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0053.628] GetFileSize (in: hFile=0x224, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2 [0053.628] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3c95760 [0053.628] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.628] ReadFile (in: hFile=0x224, lpBuffer=0x3c95760, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesRead=0x3bce10c*=0x2, lpOverlapped=0x0) returned 1 [0053.629] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffffe, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.629] WriteFile (in: hFile=0x224, lpBuffer=0x3c95760*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3c95760*, lpNumberOfBytesWritten=0x3bcfb50*=0x2, lpOverlapped=0x0) returned 1 [0053.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.629] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.629] WriteFile (in: hFile=0x224, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.629] WriteFile (in: hFile=0x224, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.629] WriteFile (in: hFile=0x224, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.629] WriteFile (in: hFile=0x224, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.630] CloseHandle (hObject=0x224) returned 1 [0053.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.630] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.lolkek") returned 84 [0053.630] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic.lolkek")) returned 1 [0053.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617148 | out: hHeap=0x5a0000) returned 1 [0053.631] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.631] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.631] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", dwFileAttributes=0x80) returned 1 [0053.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0053.646] CloseHandle (hObject=0x190) returned 1 [0053.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0053.646] GetFileSize (in: hFile=0x190, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa [0053.646] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.646] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.646] ReadFile (in: hFile=0x190, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0xa, lpOverlapped=0x0) returned 1 [0053.647] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffff6, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.647] WriteFile (in: hFile=0x190, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0xa, lpOverlapped=0x0) returned 1 [0053.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.647] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.647] WriteFile (in: hFile=0x190, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.647] WriteFile (in: hFile=0x190, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.647] WriteFile (in: hFile=0x190, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.647] WriteFile (in: hFile=0x190, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.647] CloseHandle (hObject=0x190) returned 1 [0053.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.648] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.lolkek") returned 112 [0053.648] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332.lolkek")) returned 1 [0053.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.649] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6987c8 | out: hHeap=0x5a0000) returned 1 [0053.649] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.649] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.649] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", dwFileAttributes=0x80) returned 1 [0053.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0053.651] CloseHandle (hObject=0x294) returned 1 [0053.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0053.651] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x10000 [0053.651] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.651] ReadFile (in: hFile=0x294, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0053.653] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.653] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.653] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0053.654] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.654] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0053.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.654] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.654] WriteFile (in: hFile=0x294, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.654] WriteFile (in: hFile=0x294, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.654] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.654] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.654] CloseHandle (hObject=0x294) returned 1 [0053.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.655] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.lolkek") returned 107 [0053.655] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db.lolkek")) returned 1 [0053.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dd7b20 | out: hHeap=0x5a0000) returned 1 [0053.655] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.655] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.655] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", dwFileAttributes=0x80) returned 1 [0053.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0053.656] CloseHandle (hObject=0x294) returned 1 [0053.656] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0053.656] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xce [0053.656] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.656] ReadFile (in: hFile=0x294, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0053.657] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.657] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.657] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0xce, lpOverlapped=0x0) returned 1 [0053.657] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffff32, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.657] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xce, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0xce, lpOverlapped=0x0) returned 1 [0053.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.657] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.657] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.657] WriteFile (in: hFile=0x294, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.658] WriteFile (in: hFile=0x294, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.658] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.658] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.658] CloseHandle (hObject=0x294) returned 1 [0053.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.658] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.lolkek") returned 116 [0053.658] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini.lolkek")) returned 1 [0053.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.658] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f448 | out: hHeap=0x5a0000) returned 1 [0053.659] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.659] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.659] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", dwFileAttributes=0x80) returned 1 [0053.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294 [0053.659] CloseHandle (hObject=0x294) returned 1 [0053.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0053.659] GetFileSize (in: hFile=0x294, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x38000 [0053.659] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.659] ReadFile (in: hFile=0x294, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0053.668] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.668] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.668] ReadFile (in: hFile=0x294, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0053.672] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.672] WriteFile (in: hFile=0x294, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0053.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.672] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.672] WriteFile (in: hFile=0x294, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.673] WriteFile (in: hFile=0x294, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.673] WriteFile (in: hFile=0x294, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.673] WriteFile (in: hFile=0x294, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.673] CloseHandle (hObject=0x294) returned 1 [0053.673] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0053.673] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.lolkek") returned 119 [0053.673] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite.lolkek")) returned 1 [0053.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0053.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e36530 | out: hHeap=0x5a0000) returned 1 [0053.676] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.676] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.676] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", dwFileAttributes=0x80) returned 1 [0053.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0053.703] CloseHandle (hObject=0x228) returned 1 [0053.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0053.703] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18000 [0053.703] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.703] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0053.705] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.705] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.705] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0053.708] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.708] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0053.709] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.710] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.710] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.710] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.710] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.710] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.710] CloseHandle (hObject=0x228) returned 1 [0053.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0053.712] wsprintfW (in: param_1=0x5ec010, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.lolkek") returned 115 [0053.712] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite.lolkek")) returned 1 [0053.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0053.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60f610 | out: hHeap=0x5a0000) returned 1 [0053.754] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.754] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.754] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", dwFileAttributes=0x80) returned 1 [0053.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x258 [0053.775] CloseHandle (hObject=0x258) returned 1 [0053.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0053.788] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x0 [0053.788] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0053.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.788] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.788] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x0, lpOverlapped=0x0) returned 1 [0053.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.788] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0053.788] SetFilePointerEx (in: hFile=0x2b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.789] WriteFile (in: hFile=0x2b8, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.789] WriteFile (in: hFile=0x2b8, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.789] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.789] WriteFile (in: hFile=0x2b8, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.789] CloseHandle (hObject=0x2b8) returned 1 [0053.790] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.790] wsprintfW (in: param_1=0x3c95760, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock.lolkek") returned 110 [0053.790] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock.lolkek")) returned 1 [0053.879] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be08f0 | out: hHeap=0x5a0000) returned 1 [0053.880] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.880] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.880] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", dwFileAttributes=0x80) returned 1 [0053.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0053.881] CloseHandle (hObject=0x280) returned 1 [0053.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0053.881] GetFileSize (in: hFile=0x280, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2 [0053.881] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0053.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7e48 [0053.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0053.881] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.881] ReadFile (in: hFile=0x280, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x2, lpOverlapped=0x0) returned 1 [0053.882] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffffe, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.882] WriteFile (in: hFile=0x280, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x2, lpOverlapped=0x0) returned 1 [0053.882] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0053.882] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7e48 | out: hHeap=0x5a0000) returned 1 [0053.882] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0053.882] WriteFile (in: hFile=0x280, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0053.882] WriteFile (in: hFile=0x280, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.882] WriteFile (in: hFile=0x280, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0053.883] WriteFile (in: hFile=0x280, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0053.883] CloseHandle (hObject=0x280) returned 1 [0053.883] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0053.883] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.lolkek") returned 119 [0053.883] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json.lolkek")) returned 1 [0053.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0053.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e36708 | out: hHeap=0x5a0000) returned 1 [0053.886] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0053.886] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.886] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", dwFileAttributes=0x80) returned 1 [0054.173] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0054.233] CloseHandle (hObject=0x190) returned 1 [0054.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0054.250] GetFileSize (in: hFile=0x270, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x18000 [0054.250] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.250] ReadFile (in: hFile=0x270, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0054.256] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0054.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7ee0 [0054.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.256] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.256] ReadFile (in: hFile=0x270, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0054.259] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.259] WriteFile (in: hFile=0x270, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0054.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7ee0 | out: hHeap=0x5a0000) returned 1 [0054.259] SetFilePointerEx (in: hFile=0x270, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.259] WriteFile (in: hFile=0x270, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0054.259] WriteFile (in: hFile=0x270, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0054.259] WriteFile (in: hFile=0x270, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0054.259] WriteFile (in: hFile=0x270, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0054.259] CloseHandle (hObject=0x270) returned 1 [0054.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ed7e40 [0054.260] wsprintfW (in: param_1=0x3ed7e40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.lolkek") returned 118 [0054.260] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite.lolkek")) returned 1 [0054.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ed7e40 | out: hHeap=0x5a0000) returned 1 [0054.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5eafc8 | out: hHeap=0x5a0000) returned 1 [0054.486] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.486] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.486] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", dwFileAttributes=0x80) returned 1 [0054.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190 [0054.719] CloseHandle (hObject=0x190) returned 1 [0054.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0054.727] GetFileSize (in: hFile=0x1b4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x74e6 [0054.727] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.727] ReadFile (in: hFile=0x1b4, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0054.728] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0054.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc7db0 [0054.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0054.728] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.728] ReadFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0054.731] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.732] WriteFile (in: hFile=0x1b4, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0054.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0054.732] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc7db0 | out: hHeap=0x5a0000) returned 1 [0054.732] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0054.732] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0054.732] WriteFile (in: hFile=0x1b4, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0054.732] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0054.732] WriteFile (in: hFile=0x1b4, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0054.732] CloseHandle (hObject=0x1b4) returned 1 [0054.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.732] wsprintfW (in: param_1=0x6466b8, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.lolkek") returned 80 [0054.732] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.lolkek")) returned 1 [0054.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.742] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca6ef0 | out: hHeap=0x5a0000) returned 1 [0054.742] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0054.742] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.742] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url", dwFileAttributes=0x80) returned 1 [0054.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27c [0055.031] CloseHandle (hObject=0x27c) returned 1 [0055.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0055.142] GetFileSize (in: hFile=0x1e0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x85 [0055.142] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.142] ReadFile (in: hFile=0x1e0, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.143] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc80a8 [0055.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.143] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.143] ReadFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x85, lpOverlapped=0x0) returned 1 [0055.143] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0xffffff7b, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.143] WriteFile (in: hFile=0x1e0, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x85, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x85, lpOverlapped=0x0) returned 1 [0055.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc80a8 | out: hHeap=0x5a0000) returned 1 [0055.144] SetFilePointerEx (in: hFile=0x1e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.144] WriteFile (in: hFile=0x1e0, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.144] WriteFile (in: hFile=0x1e0, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.144] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.144] WriteFile (in: hFile=0x1e0, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.144] CloseHandle (hObject=0x1e0) returned 1 [0055.181] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.225] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.lolkek") returned 85 [0055.225] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.lolkek")) returned 1 [0055.226] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.226] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x615b80 | out: hHeap=0x5a0000) returned 1 [0055.226] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.284] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.284] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png", dwFileAttributes=0x80) returned 1 [0055.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hyetetqgb0gsjyp6fsg.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.285] CloseHandle (hObject=0x228) returned 1 [0055.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hyetetqgb0gsjyp6fsg.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.285] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x46d5 [0055.285] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.285] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.285] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.285] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.285] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.286] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.286] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.286] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.286] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.286] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.287] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.287] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.287] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.287] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.287] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.287] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.288] CloseHandle (hObject=0x228) returned 1 [0055.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.288] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png.lolkek") returned 85 [0055.288] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hyetetqgb0gsjyp6fsg.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\hyetetqgb0gsjyp6fsg.png.lolkek")) returned 1 [0055.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x616ae0 | out: hHeap=0x5a0000) returned 1 [0055.289] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.289] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.289] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif", dwFileAttributes=0x80) returned 1 [0055.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\klqjyzvrj.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.289] CloseHandle (hObject=0x228) returned 1 [0055.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\klqjyzvrj.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.289] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x805d [0055.289] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.289] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.290] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.290] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.290] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.290] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.291] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.291] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.291] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.291] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.291] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.291] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.291] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.291] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.291] CloseHandle (hObject=0x228) returned 1 [0055.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.291] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif.lolkek") returned 75 [0055.291] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\klqjyzvrj.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\klqjyzvrj.gif.lolkek")) returned 1 [0055.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c948d8 | out: hHeap=0x5a0000) returned 1 [0055.292] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.292] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.292] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif", dwFileAttributes=0x80) returned 1 [0055.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\sjxezzk.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.292] CloseHandle (hObject=0x228) returned 1 [0055.292] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\sjxezzk.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.293] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4e7c [0055.293] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.293] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.293] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.293] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.293] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.293] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.293] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.293] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.294] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.294] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.294] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.294] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.294] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.294] CloseHandle (hObject=0x228) returned 1 [0055.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.294] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif.lolkek") returned 73 [0055.294] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\sjxezzk.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\sjxezzk.gif.lolkek")) returned 1 [0055.295] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.295] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611958 | out: hHeap=0x5a0000) returned 1 [0055.295] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.295] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.295] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif", dwFileAttributes=0x80) returned 1 [0055.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\tm-par__cj jd_tuv.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.295] CloseHandle (hObject=0x228) returned 1 [0055.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\tm-par__cj jd_tuv.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.295] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x569b [0055.295] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.295] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.296] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.296] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.296] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.296] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.296] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.296] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.296] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.296] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.296] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.296] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.296] CloseHandle (hObject=0x228) returned 1 [0055.297] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.297] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif.lolkek") returned 83 [0055.297] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\tm-par__cj jd_tuv.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\tm-par__cj jd_tuv.gif.lolkek")) returned 1 [0055.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695c78 | out: hHeap=0x5a0000) returned 1 [0055.297] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.297] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.297] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg", dwFileAttributes=0x80) returned 1 [0055.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\u3jhtvpacucrk3nv-o.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.298] CloseHandle (hObject=0x228) returned 1 [0055.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\u3jhtvpacucrk3nv-o.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.298] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xad5e [0055.298] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.298] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.298] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.298] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.298] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.298] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.298] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.299] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.299] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.299] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.299] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.299] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.299] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.299] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.299] CloseHandle (hObject=0x228) returned 1 [0055.299] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.299] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg.lolkek") returned 84 [0055.299] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\u3jhtvpacucrk3nv-o.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\u3jhtvpacucrk3nv-o.jpg.lolkek")) returned 1 [0055.300] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.300] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6954c8 | out: hHeap=0x5a0000) returned 1 [0055.300] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.300] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.300] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg", dwFileAttributes=0x80) returned 1 [0055.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xhozwgyb.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.300] CloseHandle (hObject=0x228) returned 1 [0055.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xhozwgyb.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.300] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xaf6 [0055.300] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.301] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.301] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.301] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.301] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0xaf6, lpOverlapped=0x0) returned 1 [0055.301] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffff50a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.301] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0xaf6, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0xaf6, lpOverlapped=0x0) returned 1 [0055.301] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.301] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.301] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.301] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.301] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.301] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.302] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.302] CloseHandle (hObject=0x228) returned 1 [0055.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.302] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg.lolkek") returned 74 [0055.302] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xhozwgyb.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xhozwgyb.jpg.lolkek")) returned 1 [0055.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612d08 | out: hHeap=0x5a0000) returned 1 [0055.302] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.302] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.302] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg", dwFileAttributes=0x80) returned 1 [0055.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xwaijnm4dedbadngj.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.303] CloseHandle (hObject=0x228) returned 1 [0055.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xwaijnm4dedbadngj.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.303] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x17c1a [0055.303] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.303] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.304] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.304] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.304] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.304] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.304] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.304] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.304] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.304] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.304] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.305] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.305] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.306] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.306] CloseHandle (hObject=0x228) returned 1 [0055.306] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.306] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg.lolkek") returned 83 [0055.306] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xwaijnm4dedbadngj.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\xwaijnm4dedbadngj.jpg.lolkek")) returned 1 [0055.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.306] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6958a0 | out: hHeap=0x5a0000) returned 1 [0055.306] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.306] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.306] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif", dwFileAttributes=0x80) returned 1 [0055.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\tbhzpx.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.307] CloseHandle (hObject=0x228) returned 1 [0055.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\tbhzpx.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.307] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x41d0 [0055.307] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.307] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.308] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.308] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.308] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.308] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.308] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.308] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.308] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.308] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.308] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.308] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.308] CloseHandle (hObject=0x228) returned 1 [0055.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.308] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif.lolkek") returned 65 [0055.308] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\tbhzpx.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\tbhzpx.gif.lolkek")) returned 1 [0055.309] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.309] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7760 | out: hHeap=0x5a0000) returned 1 [0055.309] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.309] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.309] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png", dwFileAttributes=0x80) returned 1 [0055.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\x4z8qu vceeb.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.310] CloseHandle (hObject=0x228) returned 1 [0055.310] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\x4z8qu vceeb.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.310] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xae55 [0055.310] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.310] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.310] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.310] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.310] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.310] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.310] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.311] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.311] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.311] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.311] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.311] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.311] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.311] CloseHandle (hObject=0x228) returned 1 [0055.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.311] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png.lolkek") returned 71 [0055.311] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\x4z8qu vceeb.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\x4z8qu vceeb.png.lolkek")) returned 1 [0055.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.312] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x611a70 | out: hHeap=0x5a0000) returned 1 [0055.312] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.312] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.312] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif", dwFileAttributes=0x80) returned 1 [0055.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xkzehlfbgxc.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.312] CloseHandle (hObject=0x228) returned 1 [0055.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xkzehlfbgxc.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.312] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd6da [0055.312] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.312] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.313] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.313] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.313] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.313] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.313] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.313] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.313] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.314] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.314] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.314] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.314] CloseHandle (hObject=0x228) returned 1 [0055.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.314] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif.lolkek") returned 70 [0055.314] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xkzehlfbgxc.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xkzehlfbgxc.gif.lolkek")) returned 1 [0055.314] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.314] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4e90 | out: hHeap=0x5a0000) returned 1 [0055.314] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.315] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.315] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png", dwFileAttributes=0x80) returned 1 [0055.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xxzpzzmz8h.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.315] CloseHandle (hObject=0x228) returned 1 [0055.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xxzpzzmz8h.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.315] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc278 [0055.315] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.315] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.316] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.316] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.316] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.316] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.316] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.316] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.316] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.316] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.316] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.316] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.316] CloseHandle (hObject=0x228) returned 1 [0055.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0055.316] wsprintfW (in: param_1=0x3de1f40, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png.lolkek") returned 69 [0055.316] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xxzpzzmz8h.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\xxzpzzmz8h.png.lolkek")) returned 1 [0055.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0055.317] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4f98 | out: hHeap=0x5a0000) returned 1 [0055.317] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.317] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.317] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp", dwFileAttributes=0x80) returned 1 [0055.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\z6zpms1z2wdbzxabowj.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.318] CloseHandle (hObject=0x228) returned 1 [0055.318] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\z6zpms1z2wdbzxabowj.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.318] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb73d [0055.318] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.318] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.318] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.318] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.318] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.318] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.410] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.411] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.411] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.411] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.411] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.411] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.411] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.411] CloseHandle (hObject=0x228) returned 1 [0055.411] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.411] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp.lolkek") returned 78 [0055.411] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\z6zpms1z2wdbzxabowj.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\z6zpms1z2wdbzxabowj.bmp.lolkek")) returned 1 [0055.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f568 | out: hHeap=0x5a0000) returned 1 [0055.412] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.412] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.412] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4", dwFileAttributes=0x80) returned 1 [0055.412] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\1oyegkj.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.413] CloseHandle (hObject=0x228) returned 1 [0055.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\1oyegkj.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.413] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1051 [0055.413] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.413] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.413] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.414] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.414] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x1051, lpOverlapped=0x0) returned 1 [0055.414] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffefaf, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.414] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1051, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x1051, lpOverlapped=0x0) returned 1 [0055.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.414] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.414] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.414] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.414] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.414] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.414] CloseHandle (hObject=0x228) returned 1 [0055.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.414] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4.lolkek") returned 68 [0055.414] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\1oyegkj.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\1oyegkj.mp4.lolkek")) returned 1 [0055.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0460 | out: hHeap=0x5a0000) returned 1 [0055.415] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.415] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.415] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv", dwFileAttributes=0x80) returned 1 [0055.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\iedliwg9ym wzyekl7m.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.416] CloseHandle (hObject=0x228) returned 1 [0055.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\iedliwg9ym wzyekl7m.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.416] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2349 [0055.416] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.416] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.416] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.416] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.416] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.416] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.416] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x2349, lpOverlapped=0x0) returned 1 [0055.416] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffdcb7, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.416] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x2349, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x2349, lpOverlapped=0x0) returned 1 [0055.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.417] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.417] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.417] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.417] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.417] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.417] CloseHandle (hObject=0x228) returned 1 [0055.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.417] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv.lolkek") returned 80 [0055.417] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\iedliwg9ym wzyekl7m.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\iedliwg9ym wzyekl7m.mkv.lolkek")) returned 1 [0055.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab7a0 | out: hHeap=0x5a0000) returned 1 [0055.418] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.418] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.418] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv", dwFileAttributes=0x80) returned 1 [0055.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\m1gzau cx_fn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.418] CloseHandle (hObject=0x228) returned 1 [0055.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\m1gzau cx_fn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.418] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe3a6 [0055.418] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.418] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.419] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.419] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.419] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.419] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.419] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.419] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.419] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.419] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.419] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.419] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.419] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.419] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.420] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.420] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.420] CloseHandle (hObject=0x228) returned 1 [0055.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.420] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv.lolkek") returned 73 [0055.420] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\m1gzau cx_fn.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\m1gzau cx_fn.flv.lolkek")) returned 1 [0055.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x612f38 | out: hHeap=0x5a0000) returned 1 [0055.420] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.420] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.421] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0055.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.421] CloseHandle (hObject=0x228) returned 1 [0055.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.421] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1f8 [0055.421] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.421] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.422] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.422] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.422] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x1f8, lpOverlapped=0x0) returned 1 [0055.422] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffe08, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.422] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x1f8, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x1f8, lpOverlapped=0x0) returned 1 [0055.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.422] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.422] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.422] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.422] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.422] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.422] CloseHandle (hObject=0x228) returned 1 [0055.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.422] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.lolkek") returned 59 [0055.422] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini.lolkek")) returned 1 [0055.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.423] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc01d0 | out: hHeap=0x5a0000) returned 1 [0055.423] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.423] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.423] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv", dwFileAttributes=0x80) returned 1 [0055.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\2ldvwgg.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.423] CloseHandle (hObject=0x228) returned 1 [0055.423] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\2ldvwgg.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.424] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6ca1 [0055.424] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.424] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.424] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.424] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.424] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.424] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.424] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.424] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.425] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.425] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.425] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.425] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.425] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.425] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.425] CloseHandle (hObject=0x228) returned 1 [0055.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.425] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv.lolkek") returned 90 [0055.425] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\2ldvwgg.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\2ldvwgg.mkv.lolkek")) returned 1 [0055.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.426] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cade78 | out: hHeap=0x5a0000) returned 1 [0055.426] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.426] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.426] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4", dwFileAttributes=0x80) returned 1 [0055.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\dg93bndyb-9ukezgcx.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.426] CloseHandle (hObject=0x228) returned 1 [0055.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\dg93bndyb-9ukezgcx.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.426] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb8e9 [0055.426] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.426] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.427] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.427] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.427] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.427] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.427] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.427] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.427] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.427] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.428] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.428] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.428] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.428] CloseHandle (hObject=0x228) returned 1 [0055.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.428] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4.lolkek") returned 101 [0055.428] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\dg93bndyb-9ukezgcx.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\dg93bndyb-9ukezgcx.mp4.lolkek")) returned 1 [0055.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62fd30 | out: hHeap=0x5a0000) returned 1 [0055.429] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.429] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.429] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf", dwFileAttributes=0x80) returned 1 [0055.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\iimfuakvnguf9.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.430] CloseHandle (hObject=0x228) returned 1 [0055.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\iimfuakvnguf9.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.430] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x255e [0055.430] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.430] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.431] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.431] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.431] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.431] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.431] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x255e, lpOverlapped=0x0) returned 1 [0055.431] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffdaa2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.431] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x255e, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x255e, lpOverlapped=0x0) returned 1 [0055.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.431] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.431] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.431] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.431] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.431] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.432] CloseHandle (hObject=0x228) returned 1 [0055.432] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.432] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf.lolkek") returned 96 [0055.432] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\iimfuakvnguf9.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\iimfuakvnguf9.swf.lolkek")) returned 1 [0055.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x617b68 | out: hHeap=0x5a0000) returned 1 [0055.433] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.433] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.433] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi", dwFileAttributes=0x80) returned 1 [0055.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\3l36ehojkzoixazmr.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.434] CloseHandle (hObject=0x228) returned 1 [0055.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\3l36ehojkzoixazmr.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.434] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xbff7 [0055.434] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.434] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.435] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.435] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.435] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.435] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.435] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.436] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.436] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.436] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.436] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.436] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.436] CloseHandle (hObject=0x228) returned 1 [0055.436] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.436] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi.lolkek") returned 89 [0055.436] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\3l36ehojkzoixazmr.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\3l36ehojkzoixazmr.avi.lolkek")) returned 1 [0055.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caebe8 | out: hHeap=0x5a0000) returned 1 [0055.437] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.437] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.437] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv", dwFileAttributes=0x80) returned 1 [0055.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\bmrpaw.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.438] CloseHandle (hObject=0x228) returned 1 [0055.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\bmrpaw.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.438] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x6408 [0055.438] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.438] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.439] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.439] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.439] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.439] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.439] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.439] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.439] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.439] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.439] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.439] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.439] CloseHandle (hObject=0x228) returned 1 [0055.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.439] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv.lolkek") returned 78 [0055.439] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\bmrpaw.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\bmrpaw.flv.lolkek")) returned 1 [0055.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.440] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f1f0 | out: hHeap=0x5a0000) returned 1 [0055.440] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.440] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.440] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi", dwFileAttributes=0x80) returned 1 [0055.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\i7qriggsl-pqsa5ty0.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.441] CloseHandle (hObject=0x228) returned 1 [0055.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\i7qriggsl-pqsa5ty0.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.441] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x31d8 [0055.441] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.441] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.441] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.441] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.441] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x31d8, lpOverlapped=0x0) returned 1 [0055.442] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffce28, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.442] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x31d8, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x31d8, lpOverlapped=0x0) returned 1 [0055.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.442] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.442] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.442] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.442] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.442] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.442] CloseHandle (hObject=0x228) returned 1 [0055.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.442] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi.lolkek") returned 90 [0055.442] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\i7qriggsl-pqsa5ty0.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\i7qriggsl-pqsa5ty0.avi.lolkek")) returned 1 [0055.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.443] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cae3d8 | out: hHeap=0x5a0000) returned 1 [0055.443] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.443] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.443] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi", dwFileAttributes=0x80) returned 1 [0055.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\ilsbgdhv.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.443] CloseHandle (hObject=0x228) returned 1 [0055.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\ilsbgdhv.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.444] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x98bc [0055.444] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.444] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.444] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.445] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.445] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.445] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.445] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.445] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.445] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.445] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.445] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.445] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.445] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.445] CloseHandle (hObject=0x228) returned 1 [0055.445] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.445] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi.lolkek") returned 80 [0055.445] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\ilsbgdhv.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\ilsbgdhv.avi.lolkek")) returned 1 [0055.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.446] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cab668 | out: hHeap=0x5a0000) returned 1 [0055.446] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.446] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.446] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv", dwFileAttributes=0x80) returned 1 [0055.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\pdi0skme8.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.447] CloseHandle (hObject=0x228) returned 1 [0055.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\pdi0skme8.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.447] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x706f [0055.447] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.447] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.447] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.447] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.447] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.448] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.448] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.448] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.448] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.448] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.448] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.448] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.448] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.448] CloseHandle (hObject=0x228) returned 1 [0055.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.448] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv.lolkek") returned 81 [0055.448] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\pdi0skme8.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\pdi0skme8.mkv.lolkek")) returned 1 [0055.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.449] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cabef0 | out: hHeap=0x5a0000) returned 1 [0055.449] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.449] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.449] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv", dwFileAttributes=0x80) returned 1 [0055.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\t6gefyiwpa.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.449] CloseHandle (hObject=0x228) returned 1 [0055.449] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\t6gefyiwpa.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.449] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd426 [0055.449] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.450] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.450] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.450] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.450] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.450] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.450] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.450] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.450] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.450] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.450] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.451] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.451] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.451] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.451] CloseHandle (hObject=0x228) returned 1 [0055.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.451] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv.lolkek") returned 82 [0055.451] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\t6gefyiwpa.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\t6gefyiwpa.mkv.lolkek")) returned 1 [0055.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.451] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cabc80 | out: hHeap=0x5a0000) returned 1 [0055.451] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.451] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.452] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf", dwFileAttributes=0x80) returned 1 [0055.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\aj_3qwdmn.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.452] CloseHandle (hObject=0x228) returned 1 [0055.452] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\aj_3qwdmn.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.452] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x44b3 [0055.452] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.452] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.453] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.453] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.453] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.453] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.453] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.453] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.453] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.453] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.453] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.453] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.453] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.453] CloseHandle (hObject=0x228) returned 1 [0055.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.453] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf.lolkek") returned 71 [0055.453] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\aj_3qwdmn.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\aj_3qwdmn.swf.lolkek")) returned 1 [0055.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.454] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x613050 | out: hHeap=0x5a0000) returned 1 [0055.454] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.454] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.454] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv", dwFileAttributes=0x80) returned 1 [0055.454] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\ap5dc-7e.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.455] CloseHandle (hObject=0x228) returned 1 [0055.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\ap5dc-7e.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.455] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x132cf [0055.455] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.455] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.455] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.455] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.455] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.455] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.455] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.456] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.456] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.456] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.456] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.456] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.456] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.456] CloseHandle (hObject=0x228) returned 1 [0055.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.456] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv.lolkek") returned 70 [0055.456] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\ap5dc-7e.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\ap5dc-7e.mkv.lolkek")) returned 1 [0055.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec4d88 | out: hHeap=0x5a0000) returned 1 [0055.457] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.457] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.457] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi", dwFileAttributes=0x80) returned 1 [0055.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\pygod3teqxht.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.457] CloseHandle (hObject=0x228) returned 1 [0055.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\pygod3teqxht.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.458] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xd86b [0055.458] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.458] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.458] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.458] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.458] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.459] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.459] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.459] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.459] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.465] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.465] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.465] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.465] CloseHandle (hObject=0x228) returned 1 [0055.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.465] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi.lolkek") returned 74 [0055.465] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\pygod3teqxht.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\pygod3teqxht.avi.lolkek")) returned 1 [0055.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.466] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c620 | out: hHeap=0x5a0000) returned 1 [0055.466] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.466] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.466] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4", dwFileAttributes=0x80) returned 1 [0055.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\vizpkm4bxpv.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.467] CloseHandle (hObject=0x228) returned 1 [0055.467] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\vizpkm4bxpv.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.467] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xace3 [0055.467] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.467] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.467] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.467] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.467] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.467] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.467] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.468] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.468] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.468] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.468] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.468] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.468] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.468] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.468] CloseHandle (hObject=0x228) returned 1 [0055.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.468] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4.lolkek") returned 73 [0055.468] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\vizpkm4bxpv.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\vizpkm4bxpv.mp4.lolkek")) returned 1 [0055.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c738 | out: hHeap=0x5a0000) returned 1 [0055.469] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.469] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.469] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4", dwFileAttributes=0x80) returned 1 [0055.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\0dpdidq.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.469] CloseHandle (hObject=0x228) returned 1 [0055.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\0dpdidq.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.469] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8cdf [0055.469] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.469] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.470] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.470] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.470] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.470] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.470] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.470] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.470] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.470] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.470] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.470] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.471] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.471] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.471] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.471] CloseHandle (hObject=0x228) returned 1 [0055.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.471] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4.lolkek") returned 71 [0055.471] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\0dpdidq.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\0dpdidq.mp4.lolkek")) returned 1 [0055.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.472] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c850 | out: hHeap=0x5a0000) returned 1 [0055.472] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.472] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.472] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi", dwFileAttributes=0x80) returned 1 [0055.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\c1eluekxb.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.472] CloseHandle (hObject=0x228) returned 1 [0055.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\c1eluekxb.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.473] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x1829e [0055.473] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.473] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.473] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.473] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.473] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.473] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.473] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.474] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.474] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.474] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.474] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.474] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.474] CloseHandle (hObject=0x228) returned 1 [0055.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.474] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi.lolkek") returned 73 [0055.474] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\c1eluekxb.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\c1eluekxb.avi.lolkek")) returned 1 [0055.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60c968 | out: hHeap=0x5a0000) returned 1 [0055.475] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.475] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.475] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf", dwFileAttributes=0x80) returned 1 [0055.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\gz6bqlqn1ew-xheggc.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.475] CloseHandle (hObject=0x228) returned 1 [0055.475] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\gz6bqlqn1ew-xheggc.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.475] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x106b7 [0055.475] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.476] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.476] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.476] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.476] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.476] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.476] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.476] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.476] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.476] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.477] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.477] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.477] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.477] CloseHandle (hObject=0x228) returned 1 [0055.477] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.477] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf.lolkek") returned 82 [0055.477] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\gz6bqlqn1ew-xheggc.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\gz6bqlqn1ew-xheggc.swf.lolkek")) returned 1 [0055.477] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3caba10 | out: hHeap=0x5a0000) returned 1 [0055.478] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.478] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.478] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi", dwFileAttributes=0x80) returned 1 [0055.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\igefcoai-.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.478] CloseHandle (hObject=0x228) returned 1 [0055.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\igefcoai-.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.478] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xa984 [0055.478] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.478] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.479] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.479] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.479] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.479] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.479] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.479] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.479] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.479] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.479] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.479] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.479] CloseHandle (hObject=0x228) returned 1 [0055.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.479] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi.lolkek") returned 73 [0055.480] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\igefcoai-.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\igefcoai-.avi.lolkek")) returned 1 [0055.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ca80 | out: hHeap=0x5a0000) returned 1 [0055.480] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.480] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.480] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv", dwFileAttributes=0x80) returned 1 [0055.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\l69p4dhdwybwcgzqab.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.481] CloseHandle (hObject=0x228) returned 1 [0055.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\l69p4dhdwybwcgzqab.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.481] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x56bd [0055.481] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.481] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.481] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.481] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.481] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.482] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.482] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.482] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.482] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.482] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.482] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.482] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.482] CloseHandle (hObject=0x228) returned 1 [0055.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.482] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv.lolkek") returned 82 [0055.482] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\l69p4dhdwybwcgzqab.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\l69p4dhdwybwcgzqab.mkv.lolkek")) returned 1 [0055.483] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.483] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cabdb8 | out: hHeap=0x5a0000) returned 1 [0055.483] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.483] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.483] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf", dwFileAttributes=0x80) returned 1 [0055.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\ns isz3liwpoetpvtezb.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.483] CloseHandle (hObject=0x228) returned 1 [0055.484] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\ns isz3liwpoetpvtezb.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.484] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xff1a [0055.484] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.484] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.484] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.484] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.484] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.484] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.484] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.485] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.485] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.485] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.485] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.485] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.485] CloseHandle (hObject=0x228) returned 1 [0055.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.485] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf.lolkek") returned 84 [0055.485] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\ns isz3liwpoetpvtezb.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\ns isz3liwpoetpvtezb.swf.lolkek")) returned 1 [0055.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.486] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695758 | out: hHeap=0x5a0000) returned 1 [0055.486] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.486] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.486] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv", dwFileAttributes=0x80) returned 1 [0055.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\z1zi57ychtdm1i9kuzs-.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.486] CloseHandle (hObject=0x228) returned 1 [0055.486] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\z1zi57ychtdm1i9kuzs-.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.486] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x7cfc [0055.486] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.486] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.487] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.487] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.487] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.487] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.487] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.487] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.487] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.487] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.488] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.488] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.488] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.488] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.488] CloseHandle (hObject=0x228) returned 1 [0055.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.488] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv.lolkek") returned 84 [0055.488] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\z1zi57ychtdm1i9kuzs-.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\z1zi57ychtdm1i9kuzs-.mkv.lolkek")) returned 1 [0055.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.489] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x695610 | out: hHeap=0x5a0000) returned 1 [0055.489] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.489] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.489] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4", dwFileAttributes=0x80) returned 1 [0055.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vkuv1shpn.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.489] CloseHandle (hObject=0x228) returned 1 [0055.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vkuv1shpn.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.489] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x12aac [0055.489] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.489] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.490] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.490] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.490] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.490] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.490] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.491] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.491] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.491] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.491] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.491] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.491] CloseHandle (hObject=0x228) returned 1 [0055.491] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.491] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4.lolkek") returned 74 [0055.491] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vkuv1shpn.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vkuv1shpn.mp4.lolkek")) returned 1 [0055.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cb98 | out: hHeap=0x5a0000) returned 1 [0055.492] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.492] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.492] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi", dwFileAttributes=0x80) returned 1 [0055.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vxv2l-vp5.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.493] CloseHandle (hObject=0x228) returned 1 [0055.493] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vxv2l-vp5.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.493] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x937 [0055.493] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.493] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.493] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.493] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.493] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x937, lpOverlapped=0x0) returned 1 [0055.493] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffff6c9, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.493] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x937, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x937, lpOverlapped=0x0) returned 1 [0055.494] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.494] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.494] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.494] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.494] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.494] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.494] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.494] CloseHandle (hObject=0x228) returned 1 [0055.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.494] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi.lolkek") returned 74 [0055.494] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vxv2l-vp5.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\vxv2l-vp5.avi.lolkek")) returned 1 [0055.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.495] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ccb0 | out: hHeap=0x5a0000) returned 1 [0055.495] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.495] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.495] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4", dwFileAttributes=0x80) returned 1 [0055.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\korh53g.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.495] CloseHandle (hObject=0x228) returned 1 [0055.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\korh53g.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.495] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14563 [0055.495] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.495] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.496] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.496] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.496] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.496] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.496] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.496] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.496] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.496] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.496] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.497] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.497] CloseHandle (hObject=0x228) returned 1 [0055.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.497] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4.lolkek") returned 59 [0055.497] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\korh53g.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\korh53g.mp4.lolkek")) returned 1 [0055.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc02b0 | out: hHeap=0x5a0000) returned 1 [0055.497] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.497] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.497] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4", dwFileAttributes=0x80) returned 1 [0055.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\o_ 4cocv.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.498] CloseHandle (hObject=0x228) returned 1 [0055.498] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\o_ 4cocv.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.498] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3d91 [0055.498] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.498] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.498] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.499] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.499] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.499] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.499] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x3d91, lpOverlapped=0x0) returned 1 [0055.499] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc26f, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.499] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3d91, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x3d91, lpOverlapped=0x0) returned 1 [0055.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.499] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.499] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.499] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.499] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.499] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.499] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.499] CloseHandle (hObject=0x228) returned 1 [0055.499] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.499] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4.lolkek") returned 60 [0055.499] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\o_ 4cocv.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\o_ 4cocv.mp4.lolkek")) returned 1 [0055.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc0390 | out: hHeap=0x5a0000) returned 1 [0055.502] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.502] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.502] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv", dwFileAttributes=0x80) returned 1 [0055.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tv_-dd4ovyn3au9g.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.502] CloseHandle (hObject=0x228) returned 1 [0055.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tv_-dd4ovyn3au9g.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.502] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x3fe6 [0055.502] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.502] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.503] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.503] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.503] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x3fe6, lpOverlapped=0x0) returned 1 [0055.503] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc01a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.503] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x3fe6, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x3fe6, lpOverlapped=0x0) returned 1 [0055.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.503] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.503] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.503] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.503] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.504] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.504] CloseHandle (hObject=0x228) returned 1 [0055.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.504] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv.lolkek") returned 68 [0055.504] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tv_-dd4ovyn3au9g.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\tv_-dd4ovyn3au9g.mkv.lolkek")) returned 1 [0055.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0060 | out: hHeap=0x5a0000) returned 1 [0055.504] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.504] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.504] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv", dwFileAttributes=0x80) returned 1 [0055.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wgefji.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.505] CloseHandle (hObject=0x228) returned 1 [0055.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wgefji.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.505] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x14941 [0055.505] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.505] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.506] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.506] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.506] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.506] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.506] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.506] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.506] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.506] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.506] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.506] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.506] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.506] CloseHandle (hObject=0x228) returned 1 [0055.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.506] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv.lolkek") returned 58 [0055.506] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wgefji.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\wgefji.mkv.lolkek")) returned 1 [0055.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cbe678 | out: hHeap=0x5a0000) returned 1 [0055.507] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.507] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.507] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv", dwFileAttributes=0x80) returned 1 [0055.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\6 hqfjbv5djafn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.508] CloseHandle (hObject=0x228) returned 1 [0055.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\6 hqfjbv5djafn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.508] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x58b2 [0055.508] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.508] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.509] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.509] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.509] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.509] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.509] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.509] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.509] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.509] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.509] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.509] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.509] CloseHandle (hObject=0x228) returned 1 [0055.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.509] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv.lolkek") returned 73 [0055.509] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\6 hqfjbv5djafn.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\6 hqfjbv5djafn.flv.lolkek")) returned 1 [0055.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60cdc8 | out: hHeap=0x5a0000) returned 1 [0055.510] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.510] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.510] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf", dwFileAttributes=0x80) returned 1 [0055.510] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\cnnofkhwz7ltxxad2p.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.511] CloseHandle (hObject=0x228) returned 1 [0055.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\cnnofkhwz7ltxxad2p.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.511] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xe655 [0055.511] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.511] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.511] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.511] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.511] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.511] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.511] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.512] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.512] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.512] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.512] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.512] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.512] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.512] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.512] CloseHandle (hObject=0x228) returned 1 [0055.512] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.512] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf.lolkek") returned 77 [0055.512] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\cnnofkhwz7ltxxad2p.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\cnnofkhwz7ltxxad2p.swf.lolkek")) returned 1 [0055.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e3f318 | out: hHeap=0x5a0000) returned 1 [0055.513] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.513] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.513] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi", dwFileAttributes=0x80) returned 1 [0055.513] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\laxvc4x.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.513] CloseHandle (hObject=0x228) returned 1 [0055.513] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\laxvc4x.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.513] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x429b [0055.513] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.514] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.514] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.514] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.514] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.514] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.514] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.515] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.515] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.515] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.515] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.515] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.515] CloseHandle (hObject=0x228) returned 1 [0055.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.515] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi.lolkek") returned 66 [0055.515] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\laxvc4x.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\laxvc4x.avi.lolkek")) returned 1 [0055.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca85e8 | out: hHeap=0x5a0000) returned 1 [0055.516] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.516] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.516] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi", dwFileAttributes=0x80) returned 1 [0055.516] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\ooulmdp.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.517] CloseHandle (hObject=0x228) returned 1 [0055.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\ooulmdp.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.517] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4629 [0055.517] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.517] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.517] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.517] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.517] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.518] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.518] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.518] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.518] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.518] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.518] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.518] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.518] CloseHandle (hObject=0x228) returned 1 [0055.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.518] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi.lolkek") returned 66 [0055.518] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\ooulmdp.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\ooulmdp.avi.lolkek")) returned 1 [0055.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.519] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8208 | out: hHeap=0x5a0000) returned 1 [0055.519] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.519] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.519] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv", dwFileAttributes=0x80) returned 1 [0055.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\sxtx4.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.519] CloseHandle (hObject=0x228) returned 1 [0055.519] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\sxtx4.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.519] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x5a88 [0055.519] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.519] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.520] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.520] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.520] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.520] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.520] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.520] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.520] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.520] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.520] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.520] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.521] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.521] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.521] CloseHandle (hObject=0x228) returned 1 [0055.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.521] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv.lolkek") returned 64 [0055.521] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\sxtx4.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\sxtx4.mkv.lolkek")) returned 1 [0055.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6461a0 | out: hHeap=0x5a0000) returned 1 [0055.521] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.521] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.521] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv", dwFileAttributes=0x80) returned 1 [0055.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\yl98wwd.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.522] CloseHandle (hObject=0x228) returned 1 [0055.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\yl98wwd.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.522] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xc5b2 [0055.522] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.522] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.523] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.523] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.523] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.523] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.523] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.523] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.523] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.523] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.523] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.523] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.523] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.523] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.523] CloseHandle (hObject=0x228) returned 1 [0055.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.523] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv.lolkek") returned 66 [0055.523] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\yl98wwd.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\yl98wwd.mkv.lolkek")) returned 1 [0055.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca8300 | out: hHeap=0x5a0000) returned 1 [0055.524] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.524] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.524] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf", dwFileAttributes=0x80) returned 1 [0055.524] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\znmvzpkxwivae-hv12jg.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228 [0055.525] CloseHandle (hObject=0x228) returned 1 [0055.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\znmvzpkxwivae-hv12jg.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0055.525] GetFileSize (in: hFile=0x228, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x8a19 [0055.525] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffff3, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.525] ReadFile (in: hFile=0x228, lpBuffer=0x3bcfb50, nNumberOfBytesToRead=0xd, lpNumberOfBytesRead=0x3bce134, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb50*, lpNumberOfBytesRead=0x3bce134*=0xd, lpOverlapped=0x0) returned 1 [0055.525] CryptGenRandom (in: hProv=0x5ba370, dwLen=0x20, pbBuffer=0x3bcfb60 | out: pbBuffer=0x3bcfb60) returned 1 [0055.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x90) returned 0x3cc8140 [0055.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4000) returned 0x3ebbce8 [0055.525] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.525] ReadFile (in: hFile=0x228, lpBuffer=0x3ebbce8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x3bce10c, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesRead=0x3bce10c*=0x4000, lpOverlapped=0x0) returned 1 [0055.525] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xffffc000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0055.525] WriteFile (in: hFile=0x228, lpBuffer=0x3ebbce8*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x3bcfb50, lpOverlapped=0x0 | out: lpBuffer=0x3ebbce8*, lpNumberOfBytesWritten=0x3bcfb50*=0x4000, lpOverlapped=0x0) returned 1 [0055.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ebbce8 | out: hHeap=0x5a0000) returned 1 [0055.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cc8140 | out: hHeap=0x5a0000) returned 1 [0055.526] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0055.526] WriteFile (in: hFile=0x228, lpBuffer=0x3bce114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bce114*, lpNumberOfBytesWritten=0x3bce118*=0x4, lpOverlapped=0x0) returned 1 [0055.526] WriteFile (in: hFile=0x228, lpBuffer=0x3bcfb60*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x3bcfb60*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.526] WriteFile (in: hFile=0x228, lpBuffer=0x30b830*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30b830*, lpNumberOfBytesWritten=0x3bce118*=0x20, lpOverlapped=0x0) returned 1 [0055.526] WriteFile (in: hFile=0x228, lpBuffer=0x30a8ac*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x3bce118, lpOverlapped=0x0 | out: lpBuffer=0x30a8ac*, lpNumberOfBytesWritten=0x3bce118*=0xd, lpOverlapped=0x0) returned 1 [0055.526] CloseHandle (hObject=0x228) returned 1 [0055.526] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0055.526] wsprintfW (in: param_1=0x5c9e88, param_2="%ls%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf.lolkek") returned 72 [0055.526] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\znmvzpkxwivae-hv12jg.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf.lolkek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\znmvzpkxwivae-hv12jg.swf.lolkek")) returned 1 [0055.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 [0055.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6128a8 | out: hHeap=0x5a0000) returned 1 [0055.527] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.527] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.527] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", dwFileAttributes=0x80) returned 0 [0055.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.527] RmStartSession () returned 0x0 [0055.529] RmRegisterResources () returned 0x0 [0055.531] RmGetList () returned 0x0 [0055.645] RmEndSession () returned 0x0 [0055.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61a2a8 | out: hHeap=0x5a0000) returned 1 [0055.665] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.665] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.665] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", dwFileAttributes=0x80) returned 0 [0055.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.665] RmStartSession () returned 0x0 [0055.667] RmRegisterResources () returned 0x0 [0055.669] RmGetList () returned 0x0 [0055.967] RmEndSession () returned 0x0 [0055.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0055.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x62c750 | out: hHeap=0x5a0000) returned 1 [0055.986] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0055.986] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.986] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml", dwFileAttributes=0x80) returned 0 [0055.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0055.986] RmStartSession () returned 0x0 [0055.988] RmRegisterResources () returned 0x0 [0055.990] RmGetList () returned 0x0 [0056.264] RmEndSession () returned 0x0 [0056.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.283] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c94cd0 | out: hHeap=0x5a0000) returned 1 [0056.283] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.283] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.283] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico", dwFileAttributes=0x80) returned 0 [0056.283] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.283] RmStartSession () returned 0x0 [0056.285] RmRegisterResources () returned 0x0 [0056.287] RmGetList () returned 0x0 [0056.588] RmEndSession () returned 0x0 [0056.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0056.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf2af8 | out: hHeap=0x5a0000) returned 1 [0056.702] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0056.702] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0056.702] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf", dwFileAttributes=0x80) returned 1 [0056.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0056.702] RmStartSession () returned 0x0 [0056.704] RmRegisterResources () returned 0x0 [0056.706] RmGetList () returned 0x0 [0057.094] GetCurrentProcessId () returned 0x86c [0057.094] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x9cc) returned 0x0 [0057.094] RmEndSession () returned 0x0 [0057.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\racwmidatabase.sdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.114] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x60ed00 | out: hHeap=0x5a0000) returned 1 [0057.114] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.114] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.114] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp", dwFileAttributes=0x80) returned 0 [0057.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.115] RmStartSession () returned 0x0 [0057.117] RmRegisterResources () returned 0x0 [0057.119] RmGetList () returned 0x0 [0057.372] RmEndSession () returned 0x0 [0057.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile13.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0057.393] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb6108 | out: hHeap=0x5a0000) returned 1 [0057.393] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0057.393] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0057.393] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp", dwFileAttributes=0x80) returned 0 [0057.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0057.393] RmStartSession () returned 0x0 [0057.395] RmRegisterResources () returned 0x0 [0057.401] RmGetList () returned 0x0 [0058.330] RmEndSession () returned 0x0 [0058.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile19.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0058.349] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3eb7080 | out: hHeap=0x5a0000) returned 1 [0058.349] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0058.349] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0058.349] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp", dwFileAttributes=0x80) returned 0 [0058.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0058.349] RmStartSession () returned 0x0 [0058.351] RmRegisterResources () returned 0x0 [0058.353] RmGetList () returned 0x0 [0059.467] RmEndSession () returned 0x0 [0059.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile38.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0059.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da5148 | out: hHeap=0x5a0000) returned 1 [0059.485] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) returned 0x0 [0059.485] ReleaseSemaphore (in: hSemaphore=0xa8, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0059.485] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp", dwFileAttributes=0x80) returned 0 [0059.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0059.485] RmStartSession () returned 0x0 [0059.487] RmRegisterResources () returned 0x0 [0059.492] RmGetList () returned 0x0 [0062.398] RmEndSession () returned 0x0 [0063.062] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\usertile44.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0063.062] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da59b8 | out: hHeap=0x5a0000) returned 1 [0063.062] WaitForSingleObject (hHandle=0xac, dwMilliseconds=0xffffffff) Thread: id = 16 os_tid = 0x968 [0035.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5c9e88 [0035.513] lstrcpyW (in: lpString1=0x5c9e88, lpString2="\\\\?\\C:" | out: lpString1="\\\\?\\C:") returned="\\\\?\\C:" [0035.513] lstrcatW (in: lpString1="\\\\?\\C:", lpString2="\\*" | out: lpString1="\\\\?\\C:\\*") returned="\\\\?\\C:\\*" [0035.513] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x5c1f68 [0035.513] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Windows") returned -1 [0035.513] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Program Files") returned -1 [0035.513] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Program Files (x86)") returned -1 [0035.514] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="$Recycle.bin") returned 0 [0035.514] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0035.514] lstrcmpiW (lpString1="Boot", lpString2="Windows") returned -1 [0035.514] lstrcmpiW (lpString1="Boot", lpString2="Program Files") returned -1 [0035.514] lstrcmpiW (lpString1="Boot", lpString2="Program Files (x86)") returned -1 [0035.514] lstrcmpiW (lpString1="Boot", lpString2="$Recycle.bin") returned 1 [0035.514] lstrcmpiW (lpString1="Boot", lpString2="System Volume Information") returned -1 [0035.514] lstrcmpiW (lpString1="Boot", lpString2=".") returned 1 [0035.514] lstrcmpiW (lpString1="Boot", lpString2="..") returned 1 [0035.514] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot") returned 11 [0035.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0035.514] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Boot" | out: lpString1="\\\\?\\C:\\Boot") returned="\\\\?\\C:\\Boot" [0035.514] lstrcatW (in: lpString1="\\\\?\\C:\\Boot", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\*") returned="\\\\?\\C:\\Boot\\*" [0035.514] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName=".", cAlternateFileName="")) returned 0x5eafc8 [0035.514] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.514] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.514] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.514] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.515] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.515] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.515] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 1 [0035.515] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.515] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.515] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.515] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.515] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.515] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.515] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.515] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="BCD", cAlternateFileName="")) returned 1 [0035.515] lstrcmpiW (lpString1="BCD", lpString2="Windows") returned -1 [0035.515] lstrcmpiW (lpString1="BCD", lpString2="Program Files") returned -1 [0035.515] lstrcmpiW (lpString1="BCD", lpString2="Program Files (x86)") returned -1 [0035.515] lstrcmpiW (lpString1="BCD", lpString2="$Recycle.bin") returned 1 [0035.515] lstrcmpiW (lpString1="BCD", lpString2="System Volume Information") returned -1 [0035.515] lstrcmpiW (lpString1="BCD", lpString2=".") returned 1 [0035.515] lstrcmpiW (lpString1="BCD", lpString2="..") returned 1 [0035.515] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\BCD") returned 15 [0035.515] StrStrIW (lpFirst="BCD", lpSrch=".lolkek") returned 0x0 [0035.515] lstrcmpW (lpString1="BCD", lpString2="LOLKEK.txt") returned -1 [0035.515] lstrlenW (lpString="\\\\?\\C:\\Boot\\BCD") returned 15 [0035.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x40) returned 0x5b8780 [0035.515] lstrcpyW (in: lpString1=0x5b8780, lpString2="\\\\?\\C:\\Boot\\BCD" | out: lpString1="\\\\?\\C:\\Boot\\BCD") returned="\\\\?\\C:\\Boot\\BCD" [0035.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.515] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0035.515] lstrcmpiW (lpString1="BCD.LOG", lpString2="Windows") returned -1 [0035.515] lstrcmpiW (lpString1="BCD.LOG", lpString2="Program Files") returned -1 [0035.515] lstrcmpiW (lpString1="BCD.LOG", lpString2="Program Files (x86)") returned -1 [0035.515] lstrcmpiW (lpString1="BCD.LOG", lpString2="$Recycle.bin") returned 1 [0035.515] lstrcmpiW (lpString1="BCD.LOG", lpString2="System Volume Information") returned -1 [0035.515] lstrcmpiW (lpString1="BCD.LOG", lpString2=".") returned 1 [0035.515] lstrcmpiW (lpString1="BCD.LOG", lpString2="..") returned 1 [0035.515] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\BCD.LOG") returned 19 [0035.515] StrStrIW (lpFirst="BCD.LOG", lpSrch=".lolkek") returned 0x0 [0035.515] lstrcmpW (lpString1="BCD.LOG", lpString2="LOLKEK.txt") returned -1 [0035.515] lstrlenW (lpString="\\\\?\\C:\\Boot\\BCD.LOG") returned 19 [0035.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x50) returned 0x5ec010 [0035.515] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Boot\\BCD.LOG" | out: lpString1="\\\\?\\C:\\Boot\\BCD.LOG") returned="\\\\?\\C:\\Boot\\BCD.LOG" [0035.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.515] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0035.515] lstrcmpiW (lpString1="BCD.LOG1", lpString2="Windows") returned -1 [0035.515] lstrcmpiW (lpString1="BCD.LOG1", lpString2="Program Files") returned -1 [0035.516] lstrcmpiW (lpString1="BCD.LOG1", lpString2="Program Files (x86)") returned -1 [0035.516] lstrcmpiW (lpString1="BCD.LOG1", lpString2="$Recycle.bin") returned 1 [0035.516] lstrcmpiW (lpString1="BCD.LOG1", lpString2="System Volume Information") returned -1 [0035.516] lstrcmpiW (lpString1="BCD.LOG1", lpString2=".") returned 1 [0035.516] lstrcmpiW (lpString1="BCD.LOG1", lpString2="..") returned 1 [0035.516] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\BCD.LOG1") returned 20 [0035.516] StrStrIW (lpFirst="BCD.LOG1", lpSrch=".lolkek") returned 0x0 [0035.516] lstrcmpW (lpString1="BCD.LOG1", lpString2="LOLKEK.txt") returned -1 [0035.516] lstrlenW (lpString="\\\\?\\C:\\Boot\\BCD.LOG1") returned 20 [0035.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x54) returned 0x5ec068 [0035.516] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\BCD.LOG1" | out: lpString1="\\\\?\\C:\\Boot\\BCD.LOG1") returned="\\\\?\\C:\\Boot\\BCD.LOG1" [0035.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.516] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0035.516] lstrcmpiW (lpString1="BCD.LOG2", lpString2="Windows") returned -1 [0035.516] lstrcmpiW (lpString1="BCD.LOG2", lpString2="Program Files") returned -1 [0035.516] lstrcmpiW (lpString1="BCD.LOG2", lpString2="Program Files (x86)") returned -1 [0035.516] lstrcmpiW (lpString1="BCD.LOG2", lpString2="$Recycle.bin") returned 1 [0035.516] lstrcmpiW (lpString1="BCD.LOG2", lpString2="System Volume Information") returned -1 [0035.516] lstrcmpiW (lpString1="BCD.LOG2", lpString2=".") returned 1 [0035.516] lstrcmpiW (lpString1="BCD.LOG2", lpString2="..") returned 1 [0035.516] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\BCD.LOG2") returned 20 [0035.516] StrStrIW (lpFirst="BCD.LOG2", lpSrch=".lolkek") returned 0x0 [0035.516] lstrcmpW (lpString1="BCD.LOG2", lpString2="LOLKEK.txt") returned -1 [0035.516] lstrlenW (lpString="\\\\?\\C:\\Boot\\BCD.LOG2") returned 20 [0035.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x54) returned 0x5ec0c8 [0035.516] lstrcpyW (in: lpString1=0x5ec0c8, lpString2="\\\\?\\C:\\Boot\\BCD.LOG2" | out: lpString1="\\\\?\\C:\\Boot\\BCD.LOG2") returned="\\\\?\\C:\\Boot\\BCD.LOG2" [0035.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.516] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0035.516] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="Windows") returned -1 [0035.516] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="Program Files") returned -1 [0035.516] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="Program Files (x86)") returned -1 [0035.516] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="$Recycle.bin") returned 1 [0035.516] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="System Volume Information") returned -1 [0035.516] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2=".") returned 1 [0035.516] lstrcmpiW (lpString1="BOOTSTAT.DAT", lpString2="..") returned 1 [0035.516] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\BOOTSTAT.DAT") returned 24 [0035.516] StrStrIW (lpFirst="BOOTSTAT.DAT", lpSrch=".lolkek") returned 0x0 [0035.516] lstrcmpW (lpString1="BOOTSTAT.DAT", lpString2="LOLKEK.txt") returned -1 [0035.516] lstrlenW (lpString="\\\\?\\C:\\Boot\\BOOTSTAT.DAT") returned 24 [0035.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x64) returned 0x5ec128 [0035.516] lstrcpyW (in: lpString1=0x5ec128, lpString2="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" | out: lpString1="\\\\?\\C:\\Boot\\BOOTSTAT.DAT") returned="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" [0035.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.516] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0035.517] lstrcmpiW (lpString1="cs-CZ", lpString2="Windows") returned -1 [0035.517] lstrcmpiW (lpString1="cs-CZ", lpString2="Program Files") returned -1 [0035.517] lstrcmpiW (lpString1="cs-CZ", lpString2="Program Files (x86)") returned -1 [0035.517] lstrcmpiW (lpString1="cs-CZ", lpString2="$Recycle.bin") returned 1 [0035.517] lstrcmpiW (lpString1="cs-CZ", lpString2="System Volume Information") returned -1 [0035.517] lstrcmpiW (lpString1="cs-CZ", lpString2=".") returned 1 [0035.517] lstrcmpiW (lpString1="cs-CZ", lpString2="..") returned 1 [0035.517] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\cs-CZ") returned 17 [0035.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec198 [0035.517] lstrcpyW (in: lpString1=0x5ec198, lpString2="\\\\?\\C:\\Boot\\cs-CZ" | out: lpString1="\\\\?\\C:\\Boot\\cs-CZ") returned="\\\\?\\C:\\Boot\\cs-CZ" [0035.517] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\cs-CZ", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\cs-CZ\\*") returned="\\\\?\\C:\\Boot\\cs-CZ\\*" [0035.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x5fc280 [0035.828] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.828] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.828] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.828] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.828] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.828] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.828] FindNextFileW (in: hFindFile=0x5fc280, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.828] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.828] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.828] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.828] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.828] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.828] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.828] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.828] FindNextFileW (in: hFindFile=0x5fc280, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.828] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.828] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.828] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.828] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.828] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.828] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.828] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.828] wsprintfW (in: param_1=0x5ec198, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 33 [0035.828] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.828] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.828] lstrlenW (lpString="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 33 [0035.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x5fc2c0 [0035.828] lstrcpyW (in: lpString1=0x5fc2c0, lpString2="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" [0035.828] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.828] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.828] FindNextFileW (in: hFindFile=0x5fc280, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.828] FindClose (in: hFindFile=0x5fc280 | out: hFindFile=0x5fc280) returned 1 [0035.828] wsprintfW (in: param_1=0x5ec198, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\cs-CZ\\LOLKEK.txt") returned 28 [0035.828] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\LOLKEK.txt" (normalized: "c:\\boot\\cs-cz\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.832] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.832] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.833] CloseHandle (hObject=0x15c) returned 1 [0035.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec198 | out: hHeap=0x5a0000) returned 1 [0035.837] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0035.837] lstrcmpiW (lpString1="da-DK", lpString2="Windows") returned -1 [0035.837] lstrcmpiW (lpString1="da-DK", lpString2="Program Files") returned -1 [0035.837] lstrcmpiW (lpString1="da-DK", lpString2="Program Files (x86)") returned -1 [0035.837] lstrcmpiW (lpString1="da-DK", lpString2="$Recycle.bin") returned 1 [0035.837] lstrcmpiW (lpString1="da-DK", lpString2="System Volume Information") returned -1 [0035.838] lstrcmpiW (lpString1="da-DK", lpString2=".") returned 1 [0035.838] lstrcmpiW (lpString1="da-DK", lpString2="..") returned 1 [0035.838] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\da-DK") returned 17 [0035.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec198 [0035.838] lstrcpyW (in: lpString1=0x5ec198, lpString2="\\\\?\\C:\\Boot\\da-DK" | out: lpString1="\\\\?\\C:\\Boot\\da-DK") returned="\\\\?\\C:\\Boot\\da-DK" [0035.838] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\da-DK", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\da-DK\\*") returned="\\\\?\\C:\\Boot\\da-DK\\*" [0035.838] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62c7e8 [0035.842] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.842] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.842] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.842] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.842] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.842] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.842] FindNextFileW (in: hFindFile=0x62c7e8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.842] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.842] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.842] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.842] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.842] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.842] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.842] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.842] FindNextFileW (in: hFindFile=0x62c7e8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.842] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.842] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.842] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.842] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.842] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.842] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.842] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.842] wsprintfW (in: param_1=0x5ec198, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 33 [0035.843] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.843] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.843] lstrlenW (lpString="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 33 [0035.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62d830 [0035.843] lstrcpyW (in: lpString1=0x62d830, lpString2="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" [0035.843] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.843] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.843] FindNextFileW (in: hFindFile=0x62c7e8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.843] FindClose (in: hFindFile=0x62c7e8 | out: hFindFile=0x62c7e8) returned 1 [0035.843] wsprintfW (in: param_1=0x5ec198, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\da-DK\\LOLKEK.txt") returned 28 [0035.843] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\LOLKEK.txt" (normalized: "c:\\boot\\da-dk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0035.844] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.844] WriteFile (in: hFile=0x168, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.845] CloseHandle (hObject=0x168) returned 1 [0035.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec198 | out: hHeap=0x5a0000) returned 1 [0035.845] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0035.846] lstrcmpiW (lpString1="de-DE", lpString2="Windows") returned -1 [0035.846] lstrcmpiW (lpString1="de-DE", lpString2="Program Files") returned -1 [0035.846] lstrcmpiW (lpString1="de-DE", lpString2="Program Files (x86)") returned -1 [0035.846] lstrcmpiW (lpString1="de-DE", lpString2="$Recycle.bin") returned 1 [0035.846] lstrcmpiW (lpString1="de-DE", lpString2="System Volume Information") returned -1 [0035.846] lstrcmpiW (lpString1="de-DE", lpString2=".") returned 1 [0035.846] lstrcmpiW (lpString1="de-DE", lpString2="..") returned 1 [0035.846] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\de-DE") returned 17 [0035.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec198 [0035.846] lstrcpyW (in: lpString1=0x5ec198, lpString2="\\\\?\\C:\\Boot\\de-DE" | out: lpString1="\\\\?\\C:\\Boot\\de-DE") returned="\\\\?\\C:\\Boot\\de-DE" [0035.846] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\de-DE", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\de-DE\\*") returned="\\\\?\\C:\\Boot\\de-DE\\*" [0035.846] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.847] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.847] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.847] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.847] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.847] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.847] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.847] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.847] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.848] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.848] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.848] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.848] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.848] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.848] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.848] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.848] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.848] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.848] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.848] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.848] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.848] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.848] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.848] wsprintfW (in: param_1=0x5ec198, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 33 [0035.848] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.848] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.848] lstrlenW (lpString="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 33 [0035.848] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x5fc230 [0035.848] lstrcpyW (in: lpString1=0x5fc230, lpString2="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" [0035.848] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.848] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.848] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.848] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.849] wsprintfW (in: param_1=0x5ec198, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\de-DE\\LOLKEK.txt") returned 28 [0035.849] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\LOLKEK.txt" (normalized: "c:\\boot\\de-de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.849] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.849] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.850] CloseHandle (hObject=0x160) returned 1 [0035.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec198 | out: hHeap=0x5a0000) returned 1 [0035.850] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0035.850] lstrcmpiW (lpString1="el-GR", lpString2="Windows") returned -1 [0035.850] lstrcmpiW (lpString1="el-GR", lpString2="Program Files") returned -1 [0035.850] lstrcmpiW (lpString1="el-GR", lpString2="Program Files (x86)") returned -1 [0035.850] lstrcmpiW (lpString1="el-GR", lpString2="$Recycle.bin") returned 1 [0035.850] lstrcmpiW (lpString1="el-GR", lpString2="System Volume Information") returned -1 [0035.850] lstrcmpiW (lpString1="el-GR", lpString2=".") returned 1 [0035.850] lstrcmpiW (lpString1="el-GR", lpString2="..") returned 1 [0035.850] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\el-GR") returned 17 [0035.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.850] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\el-GR" | out: lpString1="\\\\?\\C:\\Boot\\el-GR") returned="\\\\?\\C:\\Boot\\el-GR" [0035.850] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\el-GR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\el-GR\\*") returned="\\\\?\\C:\\Boot\\el-GR\\*" [0035.850] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.850] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.850] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.850] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.850] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.850] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.850] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.850] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.851] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.851] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.851] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.851] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.851] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.851] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.851] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.851] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.851] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.851] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.851] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.851] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.851] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.851] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.851] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.851] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 33 [0035.851] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.851] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.851] lstrlenW (lpString="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 33 [0035.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x5fc070 [0035.851] lstrcpyW (in: lpString1=0x5fc070, lpString2="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" [0035.851] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.851] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.851] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.851] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.851] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\el-GR\\LOLKEK.txt") returned 28 [0035.851] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\LOLKEK.txt" (normalized: "c:\\boot\\el-gr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.851] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.852] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.852] CloseHandle (hObject=0x160) returned 1 [0035.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.852] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="en-US", cAlternateFileName="")) returned 1 [0035.852] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0035.852] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0035.852] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0035.852] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0035.852] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0035.852] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0035.852] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0035.852] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\en-US") returned 17 [0035.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.852] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\en-US" | out: lpString1="\\\\?\\C:\\Boot\\en-US") returned="\\\\?\\C:\\Boot\\en-US" [0035.852] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\en-US\\*") returned="\\\\?\\C:\\Boot\\en-US\\*" [0035.852] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.854] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.854] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.854] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.854] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.854] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.854] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.854] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.854] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.854] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.854] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.854] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.854] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.854] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.854] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.854] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.854] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.854] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.854] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.854] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.854] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.854] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.854] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.854] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui") returned 33 [0035.854] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.854] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.854] lstrlenW (lpString="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui") returned 33 [0035.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x5fc100 [0035.855] lstrcpyW (in: lpString1=0x5fc100, lpString2="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" [0035.855] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.855] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.855] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0035.855] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="Windows") returned -1 [0035.855] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="Program Files") returned -1 [0035.855] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.855] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.855] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="System Volume Information") returned -1 [0035.855] lstrcmpiW (lpString1="memtest.exe.mui", lpString2=".") returned 1 [0035.855] lstrcmpiW (lpString1="memtest.exe.mui", lpString2="..") returned 1 [0035.855] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui") returned 33 [0035.855] StrStrIW (lpFirst="memtest.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.855] lstrcmpW (lpString1="memtest.exe.mui", lpString2="LOLKEK.txt") returned 1 [0035.855] lstrlenW (lpString="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui") returned 33 [0035.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62f8c8 [0035.855] lstrcpyW (in: lpString1=0x62f8c8, lpString2="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui") returned="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" [0035.855] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.855] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.855] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0035.855] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.855] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\en-US\\LOLKEK.txt") returned 28 [0035.855] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\LOLKEK.txt" (normalized: "c:\\boot\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.855] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.855] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.856] CloseHandle (hObject=0x160) returned 1 [0035.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.856] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0035.856] lstrcmpiW (lpString1="es-ES", lpString2="Windows") returned -1 [0035.856] lstrcmpiW (lpString1="es-ES", lpString2="Program Files") returned -1 [0035.856] lstrcmpiW (lpString1="es-ES", lpString2="Program Files (x86)") returned -1 [0035.856] lstrcmpiW (lpString1="es-ES", lpString2="$Recycle.bin") returned 1 [0035.856] lstrcmpiW (lpString1="es-ES", lpString2="System Volume Information") returned -1 [0035.856] lstrcmpiW (lpString1="es-ES", lpString2=".") returned 1 [0035.856] lstrcmpiW (lpString1="es-ES", lpString2="..") returned 1 [0035.856] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\es-ES") returned 17 [0035.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.856] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\es-ES" | out: lpString1="\\\\?\\C:\\Boot\\es-ES") returned="\\\\?\\C:\\Boot\\es-ES" [0035.856] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\es-ES", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\es-ES\\*") returned="\\\\?\\C:\\Boot\\es-ES\\*" [0035.856] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.858] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.858] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.858] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.858] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.858] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.858] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.858] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.858] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.858] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.858] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.858] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.858] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.858] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.858] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.858] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.858] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.858] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.858] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.858] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.858] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.858] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.858] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.858] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui") returned 33 [0035.858] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.858] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.858] lstrlenW (lpString="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui") returned 33 [0035.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62f958 [0035.858] lstrcpyW (in: lpString1=0x62f958, lpString2="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" [0035.858] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.858] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.858] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.859] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.859] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\es-ES\\LOLKEK.txt") returned 28 [0035.859] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\LOLKEK.txt" (normalized: "c:\\boot\\es-es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.859] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.859] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.859] CloseHandle (hObject=0x160) returned 1 [0035.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.860] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0035.860] lstrcmpiW (lpString1="fi-FI", lpString2="Windows") returned -1 [0035.860] lstrcmpiW (lpString1="fi-FI", lpString2="Program Files") returned -1 [0035.860] lstrcmpiW (lpString1="fi-FI", lpString2="Program Files (x86)") returned -1 [0035.860] lstrcmpiW (lpString1="fi-FI", lpString2="$Recycle.bin") returned 1 [0035.860] lstrcmpiW (lpString1="fi-FI", lpString2="System Volume Information") returned -1 [0035.860] lstrcmpiW (lpString1="fi-FI", lpString2=".") returned 1 [0035.860] lstrcmpiW (lpString1="fi-FI", lpString2="..") returned 1 [0035.860] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\fi-FI") returned 17 [0035.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.860] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\fi-FI" | out: lpString1="\\\\?\\C:\\Boot\\fi-FI") returned="\\\\?\\C:\\Boot\\fi-FI" [0035.860] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\fi-FI", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\fi-FI\\*") returned="\\\\?\\C:\\Boot\\fi-FI\\*" [0035.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.860] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.860] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.860] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.860] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.860] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.860] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.860] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.860] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.860] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.860] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.860] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.860] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.860] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.860] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.860] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.860] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.860] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.860] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.860] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.860] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.860] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.860] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.860] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned 33 [0035.860] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.860] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.860] lstrlenW (lpString="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned 33 [0035.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62f9e8 [0035.860] lstrcpyW (in: lpString1=0x62f9e8, lpString2="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" [0035.860] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.861] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.861] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.861] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.861] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\fi-FI\\LOLKEK.txt") returned 28 [0035.861] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\LOLKEK.txt" (normalized: "c:\\boot\\fi-fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.861] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.861] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.861] CloseHandle (hObject=0x160) returned 1 [0035.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.862] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0035.862] lstrcmpiW (lpString1="Fonts", lpString2="Windows") returned -1 [0035.862] lstrcmpiW (lpString1="Fonts", lpString2="Program Files") returned -1 [0035.862] lstrcmpiW (lpString1="Fonts", lpString2="Program Files (x86)") returned -1 [0035.862] lstrcmpiW (lpString1="Fonts", lpString2="$Recycle.bin") returned 1 [0035.862] lstrcmpiW (lpString1="Fonts", lpString2="System Volume Information") returned -1 [0035.862] lstrcmpiW (lpString1="Fonts", lpString2=".") returned 1 [0035.862] lstrcmpiW (lpString1="Fonts", lpString2="..") returned 1 [0035.862] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\Fonts") returned 17 [0035.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.862] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\Fonts" | out: lpString1="\\\\?\\C:\\Boot\\Fonts") returned="\\\\?\\C:\\Boot\\Fonts" [0035.862] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\Fonts", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\Fonts\\*") returned="\\\\?\\C:\\Boot\\Fonts\\*" [0035.862] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.863] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.863] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.863] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.863] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.863] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.863] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.863] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.863] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.863] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.863] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.863] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.863] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.863] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.863] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.863] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0035.863] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="Windows") returned -1 [0035.863] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="Program Files") returned -1 [0035.863] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="Program Files (x86)") returned -1 [0035.863] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="$Recycle.bin") returned 1 [0035.863] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="System Volume Information") returned -1 [0035.863] lstrcmpiW (lpString1="chs_boot.ttf", lpString2=".") returned 1 [0035.863] lstrcmpiW (lpString1="chs_boot.ttf", lpString2="..") returned 1 [0035.863] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf") returned 30 [0035.864] StrStrIW (lpFirst="chs_boot.ttf", lpSrch=".lolkek") returned 0x0 [0035.864] lstrcmpW (lpString1="chs_boot.ttf", lpString2="LOLKEK.txt") returned -1 [0035.864] lstrlenW (lpString="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf") returned 30 [0035.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x7c) returned 0x62fa78 [0035.864] lstrcpyW (in: lpString1=0x62fa78, lpString2="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" | out: lpString1="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf") returned="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" [0035.864] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.864] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.864] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0035.864] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="Windows") returned -1 [0035.864] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="Program Files") returned -1 [0035.864] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="Program Files (x86)") returned -1 [0035.864] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="$Recycle.bin") returned 1 [0035.864] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="System Volume Information") returned -1 [0035.864] lstrcmpiW (lpString1="cht_boot.ttf", lpString2=".") returned 1 [0035.864] lstrcmpiW (lpString1="cht_boot.ttf", lpString2="..") returned 1 [0035.864] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf") returned 30 [0035.864] StrStrIW (lpFirst="cht_boot.ttf", lpSrch=".lolkek") returned 0x0 [0035.864] lstrcmpW (lpString1="cht_boot.ttf", lpString2="LOLKEK.txt") returned -1 [0035.864] lstrlenW (lpString="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf") returned 30 [0035.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x7c) returned 0x62fb00 [0035.864] lstrcpyW (in: lpString1=0x62fb00, lpString2="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" | out: lpString1="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf") returned="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" [0035.864] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.864] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.864] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0035.864] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="Windows") returned -1 [0035.864] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="Program Files") returned -1 [0035.864] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="Program Files (x86)") returned -1 [0035.864] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="$Recycle.bin") returned 1 [0035.864] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="System Volume Information") returned -1 [0035.864] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2=".") returned 1 [0035.864] lstrcmpiW (lpString1="jpn_boot.ttf", lpString2="..") returned 1 [0035.864] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf") returned 30 [0035.864] StrStrIW (lpFirst="jpn_boot.ttf", lpSrch=".lolkek") returned 0x0 [0035.864] lstrcmpW (lpString1="jpn_boot.ttf", lpString2="LOLKEK.txt") returned -1 [0035.864] lstrlenW (lpString="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf") returned 30 [0035.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x7c) returned 0x62fb88 [0035.864] lstrcpyW (in: lpString1=0x62fb88, lpString2="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" | out: lpString1="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf") returned="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" [0035.864] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.864] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.864] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0035.864] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="Windows") returned -1 [0035.864] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="Program Files") returned -1 [0035.864] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="Program Files (x86)") returned -1 [0035.864] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="$Recycle.bin") returned 1 [0035.865] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="System Volume Information") returned -1 [0035.865] lstrcmpiW (lpString1="kor_boot.ttf", lpString2=".") returned 1 [0035.865] lstrcmpiW (lpString1="kor_boot.ttf", lpString2="..") returned 1 [0035.865] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf") returned 30 [0035.865] StrStrIW (lpFirst="kor_boot.ttf", lpSrch=".lolkek") returned 0x0 [0035.865] lstrcmpW (lpString1="kor_boot.ttf", lpString2="LOLKEK.txt") returned -1 [0035.865] lstrlenW (lpString="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf") returned 30 [0035.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x7c) returned 0x62fc10 [0035.865] lstrcpyW (in: lpString1=0x62fc10, lpString2="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" | out: lpString1="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf") returned="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" [0035.865] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.865] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.865] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0035.865] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="Windows") returned -1 [0035.865] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="Program Files") returned 1 [0035.865] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="Program Files (x86)") returned 1 [0035.865] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="$Recycle.bin") returned 1 [0035.865] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="System Volume Information") returned 1 [0035.865] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2=".") returned 1 [0035.865] lstrcmpiW (lpString1="wgl4_boot.ttf", lpString2="..") returned 1 [0035.865] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 31 [0035.865] StrStrIW (lpFirst="wgl4_boot.ttf", lpSrch=".lolkek") returned 0x0 [0035.865] lstrcmpW (lpString1="wgl4_boot.ttf", lpString2="LOLKEK.txt") returned 1 [0035.865] lstrlenW (lpString="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 31 [0035.865] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x62fc98 [0035.865] lstrcpyW (in: lpString1=0x62fc98, lpString2="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" | out: lpString1="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf") returned="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" [0035.865] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.865] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.865] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0035.865] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.865] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\Fonts\\LOLKEK.txt") returned 28 [0035.865] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\LOLKEK.txt" (normalized: "c:\\boot\\fonts\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.869] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.869] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.869] CloseHandle (hObject=0x160) returned 1 [0035.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.870] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0035.870] lstrcmpiW (lpString1="fr-FR", lpString2="Windows") returned -1 [0035.870] lstrcmpiW (lpString1="fr-FR", lpString2="Program Files") returned -1 [0035.870] lstrcmpiW (lpString1="fr-FR", lpString2="Program Files (x86)") returned -1 [0035.870] lstrcmpiW (lpString1="fr-FR", lpString2="$Recycle.bin") returned 1 [0035.870] lstrcmpiW (lpString1="fr-FR", lpString2="System Volume Information") returned -1 [0035.870] lstrcmpiW (lpString1="fr-FR", lpString2=".") returned 1 [0035.870] lstrcmpiW (lpString1="fr-FR", lpString2="..") returned 1 [0035.870] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\fr-FR") returned 17 [0035.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.870] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\fr-FR" | out: lpString1="\\\\?\\C:\\Boot\\fr-FR") returned="\\\\?\\C:\\Boot\\fr-FR" [0035.870] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\fr-FR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\fr-FR\\*") returned="\\\\?\\C:\\Boot\\fr-FR\\*" [0035.870] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.871] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.871] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.871] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.871] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.871] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.871] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.871] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.871] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.871] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.871] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.871] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.871] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.871] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.871] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.871] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.871] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.871] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.871] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.871] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.871] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.871] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.871] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.871] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 33 [0035.871] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.871] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.871] lstrlenW (lpString="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 33 [0035.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62fd20 [0035.871] lstrcpyW (in: lpString1=0x62fd20, lpString2="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" [0035.871] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.871] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.871] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.871] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.871] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\fr-FR\\LOLKEK.txt") returned 28 [0035.871] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\LOLKEK.txt" (normalized: "c:\\boot\\fr-fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.872] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.872] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.872] CloseHandle (hObject=0x160) returned 1 [0035.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.872] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0035.872] lstrcmpiW (lpString1="hu-HU", lpString2="Windows") returned -1 [0035.872] lstrcmpiW (lpString1="hu-HU", lpString2="Program Files") returned -1 [0035.872] lstrcmpiW (lpString1="hu-HU", lpString2="Program Files (x86)") returned -1 [0035.872] lstrcmpiW (lpString1="hu-HU", lpString2="$Recycle.bin") returned 1 [0035.872] lstrcmpiW (lpString1="hu-HU", lpString2="System Volume Information") returned -1 [0035.873] lstrcmpiW (lpString1="hu-HU", lpString2=".") returned 1 [0035.873] lstrcmpiW (lpString1="hu-HU", lpString2="..") returned 1 [0035.873] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\hu-HU") returned 17 [0035.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.873] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\hu-HU" | out: lpString1="\\\\?\\C:\\Boot\\hu-HU") returned="\\\\?\\C:\\Boot\\hu-HU" [0035.873] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\hu-HU", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\hu-HU\\*") returned="\\\\?\\C:\\Boot\\hu-HU\\*" [0035.873] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.873] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.873] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.873] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.873] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.873] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.873] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.873] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.873] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.873] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.873] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.873] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.873] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.873] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.873] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.873] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.873] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.873] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.873] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.873] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.873] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.874] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.874] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.874] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 33 [0035.874] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.874] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.874] lstrlenW (lpString="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 33 [0035.874] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62fdb0 [0035.874] lstrcpyW (in: lpString1=0x62fdb0, lpString2="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" [0035.874] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.874] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.874] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.874] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.874] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\hu-HU\\LOLKEK.txt") returned 28 [0035.874] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\LOLKEK.txt" (normalized: "c:\\boot\\hu-hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.874] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.874] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.875] CloseHandle (hObject=0x160) returned 1 [0035.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.875] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0035.875] lstrcmpiW (lpString1="it-IT", lpString2="Windows") returned -1 [0035.875] lstrcmpiW (lpString1="it-IT", lpString2="Program Files") returned -1 [0035.875] lstrcmpiW (lpString1="it-IT", lpString2="Program Files (x86)") returned -1 [0035.875] lstrcmpiW (lpString1="it-IT", lpString2="$Recycle.bin") returned 1 [0035.875] lstrcmpiW (lpString1="it-IT", lpString2="System Volume Information") returned -1 [0035.875] lstrcmpiW (lpString1="it-IT", lpString2=".") returned 1 [0035.875] lstrcmpiW (lpString1="it-IT", lpString2="..") returned 1 [0035.875] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\it-IT") returned 17 [0035.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.875] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\it-IT" | out: lpString1="\\\\?\\C:\\Boot\\it-IT") returned="\\\\?\\C:\\Boot\\it-IT" [0035.875] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\it-IT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\it-IT\\*") returned="\\\\?\\C:\\Boot\\it-IT\\*" [0035.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.876] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.876] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.876] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.876] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.876] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.876] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.876] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.876] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.876] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.876] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.876] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.876] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.876] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.876] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.876] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.876] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.876] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.876] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.876] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.876] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.876] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.876] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.876] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 33 [0035.876] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.876] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.876] lstrlenW (lpString="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 33 [0035.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62fe40 [0035.876] lstrcpyW (in: lpString1=0x62fe40, lpString2="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" [0035.876] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.877] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.877] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.877] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.877] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\it-IT\\LOLKEK.txt") returned 28 [0035.877] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\LOLKEK.txt" (normalized: "c:\\boot\\it-it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.877] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.877] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.877] CloseHandle (hObject=0x160) returned 1 [0035.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.878] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0035.878] lstrcmpiW (lpString1="ja-JP", lpString2="Windows") returned -1 [0035.878] lstrcmpiW (lpString1="ja-JP", lpString2="Program Files") returned -1 [0035.878] lstrcmpiW (lpString1="ja-JP", lpString2="Program Files (x86)") returned -1 [0035.878] lstrcmpiW (lpString1="ja-JP", lpString2="$Recycle.bin") returned 1 [0035.878] lstrcmpiW (lpString1="ja-JP", lpString2="System Volume Information") returned -1 [0035.878] lstrcmpiW (lpString1="ja-JP", lpString2=".") returned 1 [0035.878] lstrcmpiW (lpString1="ja-JP", lpString2="..") returned 1 [0035.878] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ja-JP") returned 17 [0035.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.878] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\ja-JP" | out: lpString1="\\\\?\\C:\\Boot\\ja-JP") returned="\\\\?\\C:\\Boot\\ja-JP" [0035.878] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\ja-JP", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\ja-JP\\*") returned="\\\\?\\C:\\Boot\\ja-JP\\*" [0035.878] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.878] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.878] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.878] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.878] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.878] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.878] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.878] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.878] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.878] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.878] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.878] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.878] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.878] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.878] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.878] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.878] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.878] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.879] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.879] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.879] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.879] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.879] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.879] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 33 [0035.879] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.879] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.879] lstrlenW (lpString="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 33 [0035.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62fee8 [0035.879] lstrcpyW (in: lpString1=0x62fee8, lpString2="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" [0035.879] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.879] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.879] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.879] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.879] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ja-JP\\LOLKEK.txt") returned 28 [0035.879] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\LOLKEK.txt" (normalized: "c:\\boot\\ja-jp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.879] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.879] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.880] CloseHandle (hObject=0x160) returned 1 [0035.880] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.880] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0035.880] lstrcmpiW (lpString1="ko-KR", lpString2="Windows") returned -1 [0035.880] lstrcmpiW (lpString1="ko-KR", lpString2="Program Files") returned -1 [0035.880] lstrcmpiW (lpString1="ko-KR", lpString2="Program Files (x86)") returned -1 [0035.880] lstrcmpiW (lpString1="ko-KR", lpString2="$Recycle.bin") returned 1 [0035.880] lstrcmpiW (lpString1="ko-KR", lpString2="System Volume Information") returned -1 [0035.880] lstrcmpiW (lpString1="ko-KR", lpString2=".") returned 1 [0035.880] lstrcmpiW (lpString1="ko-KR", lpString2="..") returned 1 [0035.880] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ko-KR") returned 17 [0035.880] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.880] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\ko-KR" | out: lpString1="\\\\?\\C:\\Boot\\ko-KR") returned="\\\\?\\C:\\Boot\\ko-KR" [0035.880] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\ko-KR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\ko-KR\\*") returned="\\\\?\\C:\\Boot\\ko-KR\\*" [0035.880] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.881] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.881] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.881] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.881] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.881] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.881] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.881] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.881] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.881] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.881] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.881] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.881] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.881] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.881] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.881] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.881] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.881] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.881] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.881] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.881] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.881] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.881] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.882] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 33 [0035.882] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.882] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.882] lstrlenW (lpString="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 33 [0035.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x62ff78 [0035.882] lstrcpyW (in: lpString1=0x62ff78, lpString2="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" [0035.882] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.882] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.882] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.882] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.882] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ko-KR\\LOLKEK.txt") returned 28 [0035.882] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\LOLKEK.txt" (normalized: "c:\\boot\\ko-kr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.882] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.882] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.883] CloseHandle (hObject=0x160) returned 1 [0035.883] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.883] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0035.883] lstrcmpiW (lpString1="memtest.exe", lpString2="Windows") returned -1 [0035.883] lstrcmpiW (lpString1="memtest.exe", lpString2="Program Files") returned -1 [0035.883] lstrcmpiW (lpString1="memtest.exe", lpString2="Program Files (x86)") returned -1 [0035.883] lstrcmpiW (lpString1="memtest.exe", lpString2="$Recycle.bin") returned 1 [0035.883] lstrcmpiW (lpString1="memtest.exe", lpString2="System Volume Information") returned -1 [0035.883] lstrcmpiW (lpString1="memtest.exe", lpString2=".") returned 1 [0035.883] lstrcmpiW (lpString1="memtest.exe", lpString2="..") returned 1 [0035.883] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\memtest.exe") returned 23 [0035.883] StrStrIW (lpFirst="memtest.exe", lpSrch=".lolkek") returned 0x0 [0035.883] lstrcmpW (lpString1="memtest.exe", lpString2="LOLKEK.txt") returned 1 [0035.883] lstrlenW (lpString="\\\\?\\C:\\Boot\\memtest.exe") returned 23 [0035.883] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x60) returned 0x62e8c0 [0035.883] lstrcpyW (in: lpString1=0x62e8c0, lpString2="\\\\?\\C:\\Boot\\memtest.exe" | out: lpString1="\\\\?\\C:\\Boot\\memtest.exe") returned="\\\\?\\C:\\Boot\\memtest.exe" [0035.883] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.883] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.883] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0035.883] lstrcmpiW (lpString1="nb-NO", lpString2="Windows") returned -1 [0035.883] lstrcmpiW (lpString1="nb-NO", lpString2="Program Files") returned -1 [0035.883] lstrcmpiW (lpString1="nb-NO", lpString2="Program Files (x86)") returned -1 [0035.883] lstrcmpiW (lpString1="nb-NO", lpString2="$Recycle.bin") returned 1 [0035.883] lstrcmpiW (lpString1="nb-NO", lpString2="System Volume Information") returned -1 [0035.883] lstrcmpiW (lpString1="nb-NO", lpString2=".") returned 1 [0035.883] lstrcmpiW (lpString1="nb-NO", lpString2="..") returned 1 [0035.883] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\nb-NO") returned 17 [0035.883] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.883] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\nb-NO" | out: lpString1="\\\\?\\C:\\Boot\\nb-NO") returned="\\\\?\\C:\\Boot\\nb-NO" [0035.883] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\nb-NO", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\nb-NO\\*") returned="\\\\?\\C:\\Boot\\nb-NO\\*" [0035.883] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.883] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.884] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.884] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.884] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.884] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.884] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.884] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.884] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.884] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.884] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.884] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.884] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.884] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.884] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.884] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.884] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.884] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.884] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.884] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.884] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.884] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.884] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.884] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned 33 [0035.884] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.884] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.884] lstrlenW (lpString="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned 33 [0035.884] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x630008 [0035.884] lstrcpyW (in: lpString1=0x630008, lpString2="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" [0035.884] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.884] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.884] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.884] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.884] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\nb-NO\\LOLKEK.txt") returned 28 [0035.884] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\LOLKEK.txt" (normalized: "c:\\boot\\nb-no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.884] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.884] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.885] CloseHandle (hObject=0x160) returned 1 [0035.885] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.885] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0035.885] lstrcmpiW (lpString1="nl-NL", lpString2="Windows") returned -1 [0035.885] lstrcmpiW (lpString1="nl-NL", lpString2="Program Files") returned -1 [0035.885] lstrcmpiW (lpString1="nl-NL", lpString2="Program Files (x86)") returned -1 [0035.885] lstrcmpiW (lpString1="nl-NL", lpString2="$Recycle.bin") returned 1 [0035.885] lstrcmpiW (lpString1="nl-NL", lpString2="System Volume Information") returned -1 [0035.885] lstrcmpiW (lpString1="nl-NL", lpString2=".") returned 1 [0035.885] lstrcmpiW (lpString1="nl-NL", lpString2="..") returned 1 [0035.885] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\nl-NL") returned 17 [0035.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.885] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\nl-NL" | out: lpString1="\\\\?\\C:\\Boot\\nl-NL") returned="\\\\?\\C:\\Boot\\nl-NL" [0035.885] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\nl-NL", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\nl-NL\\*") returned="\\\\?\\C:\\Boot\\nl-NL\\*" [0035.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.886] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.886] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.886] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.886] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.886] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.886] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.886] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.886] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.886] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.886] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.886] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.886] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.886] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.886] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.886] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.886] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.886] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.886] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.886] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.886] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.886] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.886] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.886] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned 33 [0035.886] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.887] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.887] lstrlenW (lpString="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned 33 [0035.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x630098 [0035.887] lstrcpyW (in: lpString1=0x630098, lpString2="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" [0035.887] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.887] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.887] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.887] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.887] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\nl-NL\\LOLKEK.txt") returned 28 [0035.887] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\LOLKEK.txt" (normalized: "c:\\boot\\nl-nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.887] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.887] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.888] CloseHandle (hObject=0x160) returned 1 [0035.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.888] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0035.888] lstrcmpiW (lpString1="pl-PL", lpString2="Windows") returned -1 [0035.888] lstrcmpiW (lpString1="pl-PL", lpString2="Program Files") returned -1 [0035.888] lstrcmpiW (lpString1="pl-PL", lpString2="Program Files (x86)") returned -1 [0035.888] lstrcmpiW (lpString1="pl-PL", lpString2="$Recycle.bin") returned 1 [0035.888] lstrcmpiW (lpString1="pl-PL", lpString2="System Volume Information") returned -1 [0035.888] lstrcmpiW (lpString1="pl-PL", lpString2=".") returned 1 [0035.888] lstrcmpiW (lpString1="pl-PL", lpString2="..") returned 1 [0035.888] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pl-PL") returned 17 [0035.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.888] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\pl-PL" | out: lpString1="\\\\?\\C:\\Boot\\pl-PL") returned="\\\\?\\C:\\Boot\\pl-PL" [0035.888] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\pl-PL", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\pl-PL\\*") returned="\\\\?\\C:\\Boot\\pl-PL\\*" [0035.888] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.888] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.888] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.888] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.888] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.888] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.888] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.888] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.888] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.888] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.888] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.888] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.888] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.888] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.888] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.888] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.888] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.888] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.888] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.888] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.889] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.889] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.889] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.889] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned 33 [0035.889] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.889] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.889] lstrlenW (lpString="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned 33 [0035.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x630128 [0035.889] lstrcpyW (in: lpString1=0x630128, lpString2="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" [0035.889] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.889] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.889] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.889] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.889] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pl-PL\\LOLKEK.txt") returned 28 [0035.889] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\LOLKEK.txt" (normalized: "c:\\boot\\pl-pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.889] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.889] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.890] CloseHandle (hObject=0x160) returned 1 [0035.890] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.890] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0035.890] lstrcmpiW (lpString1="pt-BR", lpString2="Windows") returned -1 [0035.890] lstrcmpiW (lpString1="pt-BR", lpString2="Program Files") returned 1 [0035.890] lstrcmpiW (lpString1="pt-BR", lpString2="Program Files (x86)") returned 1 [0035.890] lstrcmpiW (lpString1="pt-BR", lpString2="$Recycle.bin") returned 1 [0035.890] lstrcmpiW (lpString1="pt-BR", lpString2="System Volume Information") returned -1 [0035.890] lstrcmpiW (lpString1="pt-BR", lpString2=".") returned 1 [0035.890] lstrcmpiW (lpString1="pt-BR", lpString2="..") returned 1 [0035.890] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pt-BR") returned 17 [0035.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.890] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\pt-BR" | out: lpString1="\\\\?\\C:\\Boot\\pt-BR") returned="\\\\?\\C:\\Boot\\pt-BR" [0035.890] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\pt-BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\pt-BR\\*") returned="\\\\?\\C:\\Boot\\pt-BR\\*" [0035.890] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.891] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.891] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.891] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.891] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.891] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.891] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.891] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.891] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.891] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.891] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.891] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.891] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.891] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.891] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.891] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.891] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.891] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.891] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.891] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.891] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.891] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.891] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.891] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned 33 [0035.891] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.891] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.891] lstrlenW (lpString="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned 33 [0035.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x6301b8 [0035.891] lstrcpyW (in: lpString1=0x6301b8, lpString2="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" [0035.891] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.891] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.891] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.891] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.891] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pt-BR\\LOLKEK.txt") returned 28 [0035.891] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\LOLKEK.txt" (normalized: "c:\\boot\\pt-br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.892] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.892] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.892] CloseHandle (hObject=0x160) returned 1 [0035.892] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.892] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0035.892] lstrcmpiW (lpString1="pt-PT", lpString2="Windows") returned -1 [0035.892] lstrcmpiW (lpString1="pt-PT", lpString2="Program Files") returned 1 [0035.892] lstrcmpiW (lpString1="pt-PT", lpString2="Program Files (x86)") returned 1 [0035.892] lstrcmpiW (lpString1="pt-PT", lpString2="$Recycle.bin") returned 1 [0035.892] lstrcmpiW (lpString1="pt-PT", lpString2="System Volume Information") returned -1 [0035.892] lstrcmpiW (lpString1="pt-PT", lpString2=".") returned 1 [0035.892] lstrcmpiW (lpString1="pt-PT", lpString2="..") returned 1 [0035.892] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pt-PT") returned 17 [0035.893] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.893] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\pt-PT" | out: lpString1="\\\\?\\C:\\Boot\\pt-PT") returned="\\\\?\\C:\\Boot\\pt-PT" [0035.893] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\pt-PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\pt-PT\\*") returned="\\\\?\\C:\\Boot\\pt-PT\\*" [0035.893] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.893] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.893] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.893] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.893] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.893] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.893] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.893] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.893] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.893] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.893] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.893] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.893] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.893] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.893] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.893] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.893] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.893] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.893] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.893] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.893] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.893] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.893] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.893] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned 33 [0035.893] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.893] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.893] lstrlenW (lpString="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned 33 [0035.893] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x630248 [0035.893] lstrcpyW (in: lpString1=0x630248, lpString2="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" [0035.893] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.893] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.893] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.893] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.893] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\pt-PT\\LOLKEK.txt") returned 28 [0035.893] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\LOLKEK.txt" (normalized: "c:\\boot\\pt-pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.894] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.894] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.894] CloseHandle (hObject=0x160) returned 1 [0035.894] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.894] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0035.894] lstrcmpiW (lpString1="ru-RU", lpString2="Windows") returned -1 [0035.894] lstrcmpiW (lpString1="ru-RU", lpString2="Program Files") returned 1 [0035.894] lstrcmpiW (lpString1="ru-RU", lpString2="Program Files (x86)") returned 1 [0035.894] lstrcmpiW (lpString1="ru-RU", lpString2="$Recycle.bin") returned 1 [0035.894] lstrcmpiW (lpString1="ru-RU", lpString2="System Volume Information") returned -1 [0035.895] lstrcmpiW (lpString1="ru-RU", lpString2=".") returned 1 [0035.895] lstrcmpiW (lpString1="ru-RU", lpString2="..") returned 1 [0035.895] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ru-RU") returned 17 [0035.895] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.895] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\ru-RU" | out: lpString1="\\\\?\\C:\\Boot\\ru-RU") returned="\\\\?\\C:\\Boot\\ru-RU" [0035.895] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\ru-RU", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\ru-RU\\*") returned="\\\\?\\C:\\Boot\\ru-RU\\*" [0035.895] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.895] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.895] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.895] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.895] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.895] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.895] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.895] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.895] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.895] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.895] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.895] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.895] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.895] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.896] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.896] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.896] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.896] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.896] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.896] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.896] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.896] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.896] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.896] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned 33 [0035.896] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.896] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.896] lstrlenW (lpString="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned 33 [0035.896] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x6302d8 [0035.896] lstrcpyW (in: lpString1=0x6302d8, lpString2="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" [0035.896] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.896] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.896] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.896] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.896] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\ru-RU\\LOLKEK.txt") returned 28 [0035.896] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\LOLKEK.txt" (normalized: "c:\\boot\\ru-ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.896] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.896] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.897] CloseHandle (hObject=0x160) returned 1 [0035.897] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.897] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0035.897] lstrcmpiW (lpString1="sv-SE", lpString2="Windows") returned -1 [0035.897] lstrcmpiW (lpString1="sv-SE", lpString2="Program Files") returned 1 [0035.897] lstrcmpiW (lpString1="sv-SE", lpString2="Program Files (x86)") returned 1 [0035.897] lstrcmpiW (lpString1="sv-SE", lpString2="$Recycle.bin") returned 1 [0035.897] lstrcmpiW (lpString1="sv-SE", lpString2="System Volume Information") returned -1 [0035.897] lstrcmpiW (lpString1="sv-SE", lpString2=".") returned 1 [0035.897] lstrcmpiW (lpString1="sv-SE", lpString2="..") returned 1 [0035.897] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\sv-SE") returned 17 [0035.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.897] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\sv-SE" | out: lpString1="\\\\?\\C:\\Boot\\sv-SE") returned="\\\\?\\C:\\Boot\\sv-SE" [0035.897] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\sv-SE", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\sv-SE\\*") returned="\\\\?\\C:\\Boot\\sv-SE\\*" [0035.897] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.897] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.897] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.897] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.898] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.898] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.898] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.898] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.898] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.898] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.898] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.898] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.898] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.898] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.898] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.898] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.898] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.898] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.898] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.898] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.898] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.898] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.898] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.898] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned 33 [0035.898] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.898] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.898] lstrlenW (lpString="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned 33 [0035.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x630368 [0035.898] lstrcpyW (in: lpString1=0x630368, lpString2="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" [0035.898] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.898] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.898] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.898] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.898] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\sv-SE\\LOLKEK.txt") returned 28 [0035.898] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\LOLKEK.txt" (normalized: "c:\\boot\\sv-se\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.898] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.898] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.899] CloseHandle (hObject=0x160) returned 1 [0035.899] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.899] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0035.899] lstrcmpiW (lpString1="tr-TR", lpString2="Windows") returned -1 [0035.899] lstrcmpiW (lpString1="tr-TR", lpString2="Program Files") returned 1 [0035.899] lstrcmpiW (lpString1="tr-TR", lpString2="Program Files (x86)") returned 1 [0035.899] lstrcmpiW (lpString1="tr-TR", lpString2="$Recycle.bin") returned 1 [0035.899] lstrcmpiW (lpString1="tr-TR", lpString2="System Volume Information") returned 1 [0035.899] lstrcmpiW (lpString1="tr-TR", lpString2=".") returned 1 [0035.899] lstrcmpiW (lpString1="tr-TR", lpString2="..") returned 1 [0035.899] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\tr-TR") returned 17 [0035.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.899] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\tr-TR" | out: lpString1="\\\\?\\C:\\Boot\\tr-TR") returned="\\\\?\\C:\\Boot\\tr-TR" [0035.899] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\tr-TR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\tr-TR\\*") returned="\\\\?\\C:\\Boot\\tr-TR\\*" [0035.899] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.900] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.900] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.900] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.900] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.900] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.900] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.900] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.900] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.900] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.900] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.900] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.900] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.900] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.900] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.900] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.900] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.900] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.900] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.900] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.900] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.900] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.900] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.900] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned 33 [0035.900] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.900] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.900] lstrlenW (lpString="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned 33 [0035.900] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x6303f8 [0035.900] lstrcpyW (in: lpString1=0x6303f8, lpString2="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" [0035.900] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.901] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.901] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.901] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.901] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\tr-TR\\LOLKEK.txt") returned 28 [0035.901] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\LOLKEK.txt" (normalized: "c:\\boot\\tr-tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.901] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.901] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.901] CloseHandle (hObject=0x160) returned 1 [0035.902] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.902] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0035.902] lstrcmpiW (lpString1="zh-CN", lpString2="Windows") returned 1 [0035.902] lstrcmpiW (lpString1="zh-CN", lpString2="Program Files") returned 1 [0035.902] lstrcmpiW (lpString1="zh-CN", lpString2="Program Files (x86)") returned 1 [0035.902] lstrcmpiW (lpString1="zh-CN", lpString2="$Recycle.bin") returned 1 [0035.902] lstrcmpiW (lpString1="zh-CN", lpString2="System Volume Information") returned 1 [0035.902] lstrcmpiW (lpString1="zh-CN", lpString2=".") returned 1 [0035.902] lstrcmpiW (lpString1="zh-CN", lpString2="..") returned 1 [0035.902] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-CN") returned 17 [0035.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.902] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\zh-CN" | out: lpString1="\\\\?\\C:\\Boot\\zh-CN") returned="\\\\?\\C:\\Boot\\zh-CN" [0035.902] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\zh-CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\zh-CN\\*") returned="\\\\?\\C:\\Boot\\zh-CN\\*" [0035.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.902] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.902] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.902] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.902] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.902] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.902] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.902] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.902] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.902] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.902] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.902] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.902] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.902] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.902] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.902] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.902] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.902] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.902] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.902] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.902] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.902] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.902] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.902] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned 33 [0035.902] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.902] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.903] lstrlenW (lpString="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned 33 [0035.903] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x630488 [0035.903] lstrcpyW (in: lpString1=0x630488, lpString2="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" [0035.903] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.903] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.903] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.903] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.903] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-CN\\LOLKEK.txt") returned 28 [0035.903] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\LOLKEK.txt" (normalized: "c:\\boot\\zh-cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.903] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.903] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.904] CloseHandle (hObject=0x160) returned 1 [0035.904] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.904] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0035.904] lstrcmpiW (lpString1="zh-HK", lpString2="Windows") returned 1 [0035.904] lstrcmpiW (lpString1="zh-HK", lpString2="Program Files") returned 1 [0035.904] lstrcmpiW (lpString1="zh-HK", lpString2="Program Files (x86)") returned 1 [0035.904] lstrcmpiW (lpString1="zh-HK", lpString2="$Recycle.bin") returned 1 [0035.904] lstrcmpiW (lpString1="zh-HK", lpString2="System Volume Information") returned 1 [0035.904] lstrcmpiW (lpString1="zh-HK", lpString2=".") returned 1 [0035.904] lstrcmpiW (lpString1="zh-HK", lpString2="..") returned 1 [0035.904] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-HK") returned 17 [0035.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.904] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\zh-HK" | out: lpString1="\\\\?\\C:\\Boot\\zh-HK") returned="\\\\?\\C:\\Boot\\zh-HK" [0035.904] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\zh-HK", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\zh-HK\\*") returned="\\\\?\\C:\\Boot\\zh-HK\\*" [0035.904] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.905] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.905] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.905] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.905] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.905] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.905] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.905] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.905] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.905] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.905] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.905] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.905] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.905] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.905] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.905] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.905] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.905] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.905] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.905] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.905] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.905] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.905] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.905] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned 33 [0035.905] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.905] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.905] lstrlenW (lpString="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned 33 [0035.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x630518 [0035.905] lstrcpyW (in: lpString1=0x630518, lpString2="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" [0035.905] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.905] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.905] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.905] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.905] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-HK\\LOLKEK.txt") returned 28 [0035.905] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\LOLKEK.txt" (normalized: "c:\\boot\\zh-hk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.905] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.905] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.906] CloseHandle (hObject=0x160) returned 1 [0035.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.906] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0035.906] lstrcmpiW (lpString1="zh-TW", lpString2="Windows") returned 1 [0035.906] lstrcmpiW (lpString1="zh-TW", lpString2="Program Files") returned 1 [0035.906] lstrcmpiW (lpString1="zh-TW", lpString2="Program Files (x86)") returned 1 [0035.906] lstrcmpiW (lpString1="zh-TW", lpString2="$Recycle.bin") returned 1 [0035.906] lstrcmpiW (lpString1="zh-TW", lpString2="System Volume Information") returned 1 [0035.906] lstrcmpiW (lpString1="zh-TW", lpString2=".") returned 1 [0035.906] lstrcmpiW (lpString1="zh-TW", lpString2="..") returned 1 [0035.906] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-TW") returned 17 [0035.906] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.906] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Boot\\zh-TW" | out: lpString1="\\\\?\\C:\\Boot\\zh-TW") returned="\\\\?\\C:\\Boot\\zh-TW" [0035.906] lstrcatW (in: lpString1="\\\\?\\C:\\Boot\\zh-TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Boot\\zh-TW\\*") returned="\\\\?\\C:\\Boot\\zh-TW\\*" [0035.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.907] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.907] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.907] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.907] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.907] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.907] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.907] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.907] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.907] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.907] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.907] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.907] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.907] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.907] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.907] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0035.907] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Windows") returned -1 [0035.907] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files") returned -1 [0035.907] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="Program Files (x86)") returned -1 [0035.907] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="$Recycle.bin") returned 1 [0035.907] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="System Volume Information") returned -1 [0035.907] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2=".") returned 1 [0035.907] lstrcmpiW (lpString1="bootmgr.exe.mui", lpString2="..") returned 1 [0035.907] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned 33 [0035.907] StrStrIW (lpFirst="bootmgr.exe.mui", lpSrch=".lolkek") returned 0x0 [0035.907] lstrcmpW (lpString1="bootmgr.exe.mui", lpString2="LOLKEK.txt") returned -1 [0035.907] lstrlenW (lpString="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned 33 [0035.907] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x88) returned 0x6305a8 [0035.907] lstrcpyW (in: lpString1=0x6305a8, lpString2="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" | out: lpString1="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" [0035.907] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.907] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.907] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0035.907] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.907] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\zh-TW\\LOLKEK.txt") returned 28 [0035.907] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\LOLKEK.txt" (normalized: "c:\\boot\\zh-tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0035.907] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.907] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0035.908] CloseHandle (hObject=0x160) returned 1 [0035.908] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.908] FindNextFileW (in: hFindFile=0x5eafc8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0035.908] FindClose (in: hFindFile=0x5eafc8 | out: hFindFile=0x5eafc8) returned 1 [0035.908] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Boot\\LOLKEK.txt") returned 22 [0035.908] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\LOLKEK.txt" (normalized: "c:\\boot\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0035.909] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.909] WriteFile (in: hFile=0x144, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f604, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f604*=0x10, lpOverlapped=0x0) returned 1 [0035.909] CloseHandle (hObject=0x144) returned 1 [0035.909] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0035.909] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0035.909] lstrcmpiW (lpString1="bootmgr", lpString2="Windows") returned -1 [0035.909] lstrcmpiW (lpString1="bootmgr", lpString2="Program Files") returned -1 [0035.909] lstrcmpiW (lpString1="bootmgr", lpString2="Program Files (x86)") returned -1 [0035.909] lstrcmpiW (lpString1="bootmgr", lpString2="$Recycle.bin") returned 1 [0035.909] lstrcmpiW (lpString1="bootmgr", lpString2="System Volume Information") returned -1 [0035.909] lstrcmpiW (lpString1="bootmgr", lpString2=".") returned 1 [0035.909] lstrcmpiW (lpString1="bootmgr", lpString2="..") returned 1 [0035.909] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\bootmgr") returned 14 [0035.909] StrStrIW (lpFirst="bootmgr", lpSrch=".lolkek") returned 0x0 [0035.909] lstrcmpW (lpString1="bootmgr", lpString2="LOLKEK.txt") returned -1 [0035.909] lstrlenW (lpString="\\\\?\\C:\\bootmgr") returned 14 [0035.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b8858 [0035.909] lstrcpyW (in: lpString1=0x5b8858, lpString2="\\\\?\\C:\\bootmgr" | out: lpString1="\\\\?\\C:\\bootmgr") returned="\\\\?\\C:\\bootmgr" [0035.909] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.910] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.910] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0035.910] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="Windows") returned -1 [0035.910] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="Program Files") returned -1 [0035.910] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="Program Files (x86)") returned -1 [0035.910] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="$Recycle.bin") returned 1 [0035.910] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="System Volume Information") returned -1 [0035.910] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".") returned 1 [0035.910] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="..") returned 1 [0035.910] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0035.910] StrStrIW (lpFirst="BOOTSECT.BAK", lpSrch=".lolkek") returned 0x0 [0035.910] lstrcmpW (lpString1="BOOTSECT.BAK", lpString2="LOLKEK.txt") returned -1 [0035.910] lstrlenW (lpString="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0035.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x50) returned 0x62e928 [0035.910] lstrcpyW (in: lpString1=0x62e928, lpString2="\\\\?\\C:\\BOOTSECT.BAK" | out: lpString1="\\\\?\\C:\\BOOTSECT.BAK") returned="\\\\?\\C:\\BOOTSECT.BAK" [0035.910] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.910] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.910] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0035.910] lstrcmpiW (lpString1="Config.Msi", lpString2="Windows") returned -1 [0035.910] lstrcmpiW (lpString1="Config.Msi", lpString2="Program Files") returned -1 [0035.910] lstrcmpiW (lpString1="Config.Msi", lpString2="Program Files (x86)") returned -1 [0035.910] lstrcmpiW (lpString1="Config.Msi", lpString2="$Recycle.bin") returned 1 [0035.910] lstrcmpiW (lpString1="Config.Msi", lpString2="System Volume Information") returned -1 [0035.910] lstrcmpiW (lpString1="Config.Msi", lpString2=".") returned 1 [0035.910] lstrcmpiW (lpString1="Config.Msi", lpString2="..") returned 1 [0035.910] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Config.Msi") returned 17 [0035.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.910] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Config.Msi" | out: lpString1="\\\\?\\C:\\Config.Msi") returned="\\\\?\\C:\\Config.Msi" [0035.910] lstrcatW (in: lpString1="\\\\?\\C:\\Config.Msi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Config.Msi\\*") returned="\\\\?\\C:\\Config.Msi\\*" [0035.910] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.910] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.910] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.910] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.910] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.910] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.910] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.910] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 1 [0035.910] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.910] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.911] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.911] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.911] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.911] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.911] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.911] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 0 [0035.911] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0035.911] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Config.Msi\\LOLKEK.txt") returned 28 [0035.911] CreateFileW (lpFileName="\\\\?\\C:\\Config.Msi\\LOLKEK.txt" (normalized: "c:\\config.msi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0035.911] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.911] WriteFile (in: hFile=0x144, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f604, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f604*=0x10, lpOverlapped=0x0) returned 1 [0035.912] CloseHandle (hObject=0x144) returned 1 [0035.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.912] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0035.912] lstrcmpiW (lpString1="Documents and Settings", lpString2="Windows") returned -1 [0035.912] lstrcmpiW (lpString1="Documents and Settings", lpString2="Program Files") returned -1 [0035.912] lstrcmpiW (lpString1="Documents and Settings", lpString2="Program Files (x86)") returned -1 [0035.912] lstrcmpiW (lpString1="Documents and Settings", lpString2="$Recycle.bin") returned 1 [0035.912] lstrcmpiW (lpString1="Documents and Settings", lpString2="System Volume Information") returned -1 [0035.912] lstrcmpiW (lpString1="Documents and Settings", lpString2=".") returned 1 [0035.912] lstrcmpiW (lpString1="Documents and Settings", lpString2="..") returned 1 [0035.912] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Documents and Settings") returned 29 [0035.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.912] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\Documents and Settings" | out: lpString1="\\\\?\\C:\\Documents and Settings") returned="\\\\?\\C:\\Documents and Settings" [0035.912] lstrcatW (in: lpString1="\\\\?\\C:\\Documents and Settings", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Documents and Settings\\*") returned="\\\\?\\C:\\Documents and Settings\\*" [0035.912] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="ꐴ瘵ꦣ䛦ͣ疨麈\\纈0ͣ﫨ͣ㊭䚗麈\\﫨ͣ热/麈\\")) returned 0xffffffff [0035.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0035.913] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x52d3b900, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0035.913] lstrcmpiW (lpString1="hiberfil.sys", lpString2="Windows") returned -1 [0035.913] lstrcmpiW (lpString1="hiberfil.sys", lpString2="Program Files") returned -1 [0035.913] lstrcmpiW (lpString1="hiberfil.sys", lpString2="Program Files (x86)") returned -1 [0035.913] lstrcmpiW (lpString1="hiberfil.sys", lpString2="$Recycle.bin") returned 1 [0035.913] lstrcmpiW (lpString1="hiberfil.sys", lpString2="System Volume Information") returned -1 [0035.913] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0035.913] lstrcmpiW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0035.913] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\hiberfil.sys") returned 19 [0035.913] StrStrIW (lpFirst="hiberfil.sys", lpSrch=".lolkek") returned 0x0 [0035.913] lstrcmpW (lpString1="hiberfil.sys", lpString2="LOLKEK.txt") returned -1 [0035.913] lstrlenW (lpString="\\\\?\\C:\\hiberfil.sys") returned 19 [0035.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x50) returned 0x62e980 [0035.913] lstrcpyW (in: lpString1=0x62e980, lpString2="\\\\?\\C:\\hiberfil.sys" | out: lpString1="\\\\?\\C:\\hiberfil.sys") returned="\\\\?\\C:\\hiberfil.sys" [0035.913] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.913] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.913] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0035.913] lstrcmpiW (lpString1="MSOCache", lpString2="Windows") returned -1 [0035.913] lstrcmpiW (lpString1="MSOCache", lpString2="Program Files") returned -1 [0035.913] lstrcmpiW (lpString1="MSOCache", lpString2="Program Files (x86)") returned -1 [0035.913] lstrcmpiW (lpString1="MSOCache", lpString2="$Recycle.bin") returned 1 [0035.913] lstrcmpiW (lpString1="MSOCache", lpString2="System Volume Information") returned -1 [0035.913] lstrcmpiW (lpString1="MSOCache", lpString2=".") returned 1 [0035.913] lstrcmpiW (lpString1="MSOCache", lpString2="..") returned 1 [0035.913] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache") returned 15 [0035.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0035.913] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\MSOCache" | out: lpString1="\\\\?\\C:\\MSOCache") returned="\\\\?\\C:\\MSOCache" [0035.913] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\*") returned="\\\\?\\C:\\MSOCache\\*" [0035.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0035.913] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.913] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.913] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.913] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.914] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.914] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.914] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 1 [0035.914] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.914] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.914] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.914] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.914] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.914] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.914] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.914] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0035.914] lstrcmpiW (lpString1="All Users", lpString2="Windows") returned -1 [0035.914] lstrcmpiW (lpString1="All Users", lpString2="Program Files") returned -1 [0035.914] lstrcmpiW (lpString1="All Users", lpString2="Program Files (x86)") returned -1 [0035.914] lstrcmpiW (lpString1="All Users", lpString2="$Recycle.bin") returned 1 [0035.914] lstrcmpiW (lpString1="All Users", lpString2="System Volume Information") returned -1 [0035.914] lstrcmpiW (lpString1="All Users", lpString2=".") returned 1 [0035.914] lstrcmpiW (lpString1="All Users", lpString2="..") returned 1 [0035.914] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users") returned 25 [0035.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0035.914] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\MSOCache\\All Users" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users") returned="\\\\?\\C:\\MSOCache\\All Users" [0035.914] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\*" [0035.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0035.923] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.923] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.923] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.923] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.923] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.923] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.923] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.924] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.924] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.924] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.924] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.924] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.924] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.924] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.924] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0035.924] lstrcmpiW (lpString1="{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.924] lstrcmpiW (lpString1="{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.924] lstrcmpiW (lpString1="{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.924] lstrcmpiW (lpString1="{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.924] lstrcmpiW (lpString1="{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.924] lstrcmpiW (lpString1="{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.924] lstrcmpiW (lpString1="{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.924] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C") returned 66 [0035.924] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.924] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C" [0035.924] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*" [0035.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d958 [0035.927] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.927] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.927] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.927] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.927] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.927] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.927] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.927] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.927] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.927] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.927] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.927] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.927] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.927] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.927] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0035.927] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="Windows") returned -1 [0035.927] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="Program Files") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="Program Files (x86)") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="$Recycle.bin") returned 1 [0035.928] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="System Volume Information") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelLR.cab", lpString2=".") returned 1 [0035.928] lstrcmpiW (lpString1="ExcelLR.cab", lpString2="..") returned 1 [0035.928] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 78 [0035.928] StrStrIW (lpFirst="ExcelLR.cab", lpSrch=".lolkek") returned 0x0 [0035.928] lstrcmpW (lpString1="ExcelLR.cab", lpString2="LOLKEK.txt") returned -1 [0035.928] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 78 [0035.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x5c2078 [0035.928] lstrcpyW (in: lpString1=0x5c2078, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" [0035.928] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.928] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.928] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xece1ee80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263e00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ExcelMUI.msi", cAlternateFileName="")) returned 1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="Windows") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="Program Files") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="Program Files (x86)") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="System Volume Information") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2=".") returned 1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.msi", lpString2="..") returned 1 [0035.928] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 79 [0035.928] StrStrIW (lpFirst="ExcelMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.928] lstrcmpW (lpString1="ExcelMUI.msi", lpString2="LOLKEK.txt") returned -1 [0035.928] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 79 [0035.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x62f5b8 [0035.928] lstrcpyW (in: lpString1=0x62f5b8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" [0035.928] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.928] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.928] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ExcelMUI.xml", cAlternateFileName="")) returned 1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="Windows") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="Program Files") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="Program Files (x86)") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="System Volume Information") returned -1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2=".") returned 1 [0035.928] lstrcmpiW (lpString1="ExcelMUI.xml", lpString2="..") returned 1 [0035.928] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 79 [0035.928] StrStrIW (lpFirst="ExcelMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.928] lstrcmpW (lpString1="ExcelMUI.xml", lpString2="LOLKEK.txt") returned -1 [0035.928] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 79 [0035.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x62f700 [0035.929] lstrcpyW (in: lpString1=0x62f700, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" [0035.929] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.929] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.929] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.929] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.929] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.929] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.929] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.929] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.929] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.929] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.929] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.929] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.929] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.929] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.929] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x632ed8 [0035.929] lstrcpyW (in: lpString1=0x632ed8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.929] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.929] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.929] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.929] FindClose (in: hFindFile=0x62d958 | out: hFindFile=0x62d958) returned 1 [0035.929] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.929] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.931] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.931] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.931] CloseHandle (hObject=0x15c) returned 1 [0035.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.932] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0035.932] lstrcmpiW (lpString1="{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.932] lstrcmpiW (lpString1="{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.932] lstrcmpiW (lpString1="{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.932] lstrcmpiW (lpString1="{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.932] lstrcmpiW (lpString1="{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.932] lstrcmpiW (lpString1="{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.932] lstrcmpiW (lpString1="{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.932] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C") returned 66 [0035.932] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.932] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C" [0035.932] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*" [0035.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d958 [0035.933] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.933] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.934] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.934] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.934] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.934] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.934] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.934] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.934] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.934] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.934] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.934] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.934] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.934] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.934] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="Windows") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="Program Files") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="Program Files (x86)") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="System Volume Information") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2=".") returned 1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.msi", lpString2="..") returned 1 [0035.934] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 84 [0035.934] StrStrIW (lpFirst="PowerPointMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.934] lstrcmpW (lpString1="PowerPointMUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.934] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 84 [0035.934] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x633018 [0035.934] lstrcpyW (in: lpString1=0x633018, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" [0035.934] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.934] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.934] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PowerPointMUI.xml", cAlternateFileName="POWERP~1.XML")) returned 1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="Windows") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="Program Files") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="Program Files (x86)") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="System Volume Information") returned -1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2=".") returned 1 [0035.934] lstrcmpiW (lpString1="PowerPointMUI.xml", lpString2="..") returned 1 [0035.934] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 84 [0035.934] StrStrIW (lpFirst="PowerPointMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.934] lstrcmpW (lpString1="PowerPointMUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.934] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 84 [0035.934] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x633178 [0035.934] lstrcpyW (in: lpString1=0x633178, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" [0035.934] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.934] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.934] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d523500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2d523500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8b079d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x431a290, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PptLR.cab", cAlternateFileName="")) returned 1 [0035.934] lstrcmpiW (lpString1="PptLR.cab", lpString2="Windows") returned -1 [0035.934] lstrcmpiW (lpString1="PptLR.cab", lpString2="Program Files") returned -1 [0035.935] lstrcmpiW (lpString1="PptLR.cab", lpString2="Program Files (x86)") returned -1 [0035.935] lstrcmpiW (lpString1="PptLR.cab", lpString2="$Recycle.bin") returned 1 [0035.935] lstrcmpiW (lpString1="PptLR.cab", lpString2="System Volume Information") returned -1 [0035.935] lstrcmpiW (lpString1="PptLR.cab", lpString2=".") returned 1 [0035.935] lstrcmpiW (lpString1="PptLR.cab", lpString2="..") returned 1 [0035.935] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 76 [0035.935] StrStrIW (lpFirst="PptLR.cab", lpSrch=".lolkek") returned 0x0 [0035.935] lstrcmpW (lpString1="PptLR.cab", lpString2="LOLKEK.txt") returned 1 [0035.935] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 76 [0035.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6332d8 [0035.935] lstrcpyW (in: lpString1=0x6332d8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" [0035.935] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.935] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.935] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.935] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.935] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.935] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.935] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.935] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.935] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.935] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.935] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.935] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.935] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.935] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x633418 [0035.935] lstrcpyW (in: lpString1=0x633418, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.935] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.935] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.935] FindNextFileW (in: hFindFile=0x62d958, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.935] FindClose (in: hFindFile=0x62d958 | out: hFindFile=0x62d958) returned 1 [0035.936] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.936] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.936] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.936] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.937] CloseHandle (hObject=0x15c) returned 1 [0035.937] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.937] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0035.937] lstrcmpiW (lpString1="{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.937] lstrcmpiW (lpString1="{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.937] lstrcmpiW (lpString1="{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.937] lstrcmpiW (lpString1="{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.937] lstrcmpiW (lpString1="{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.937] lstrcmpiW (lpString1="{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.937] lstrcmpiW (lpString1="{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.937] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C") returned 66 [0035.937] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.938] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C" [0035.938] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*" [0035.938] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.939] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.940] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.940] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.940] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.940] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.940] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.940] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.940] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.940] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.940] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.940] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.940] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.940] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.940] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.940] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="Windows") returned -1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="Program Files") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="Program Files (x86)") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="System Volume Information") returned -1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2=".") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.msi", lpString2="..") returned 1 [0035.940] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 83 [0035.940] StrStrIW (lpFirst="PublisherMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.940] lstrcmpW (lpString1="PublisherMUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.940] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 83 [0035.940] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x62cb28 [0035.940] lstrcpyW (in: lpString1=0x62cb28, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" [0035.940] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.940] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.940] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5aa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PublisherMUI.xml", cAlternateFileName="PUBLIS~1.XML")) returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="Windows") returned -1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="Program Files") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="Program Files (x86)") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="System Volume Information") returned -1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2=".") returned 1 [0035.940] lstrcmpiW (lpString1="PublisherMUI.xml", lpString2="..") returned 1 [0035.940] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 83 [0035.940] StrStrIW (lpFirst="PublisherMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.940] lstrcmpW (lpString1="PublisherMUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.940] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 83 [0035.940] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x62cc80 [0035.940] lstrcpyW (in: lpString1=0x62cc80, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" [0035.940] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.941] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.941] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc47e320, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x97f3f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PubLR.cab", cAlternateFileName="")) returned 1 [0035.941] lstrcmpiW (lpString1="PubLR.cab", lpString2="Windows") returned -1 [0035.941] lstrcmpiW (lpString1="PubLR.cab", lpString2="Program Files") returned 1 [0035.941] lstrcmpiW (lpString1="PubLR.cab", lpString2="Program Files (x86)") returned 1 [0035.941] lstrcmpiW (lpString1="PubLR.cab", lpString2="$Recycle.bin") returned 1 [0035.941] lstrcmpiW (lpString1="PubLR.cab", lpString2="System Volume Information") returned -1 [0035.941] lstrcmpiW (lpString1="PubLR.cab", lpString2=".") returned 1 [0035.941] lstrcmpiW (lpString1="PubLR.cab", lpString2="..") returned 1 [0035.941] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 76 [0035.941] StrStrIW (lpFirst="PubLR.cab", lpSrch=".lolkek") returned 0x0 [0035.941] lstrcmpW (lpString1="PubLR.cab", lpString2="LOLKEK.txt") returned 1 [0035.941] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 76 [0035.941] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x62cdd8 [0035.941] lstrcpyW (in: lpString1=0x62cdd8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" [0035.941] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.941] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.941] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.941] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.941] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.941] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.941] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.941] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.941] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.941] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.941] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.941] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.941] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.941] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.941] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x62cf18 [0035.941] lstrcpyW (in: lpString1=0x62cf18, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.941] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.941] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.941] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.941] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.942] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.942] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.943] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.943] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.943] CloseHandle (hObject=0x15c) returned 1 [0035.943] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.944] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0035.944] lstrcmpiW (lpString1="{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.944] lstrcmpiW (lpString1="{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.944] lstrcmpiW (lpString1="{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.944] lstrcmpiW (lpString1="{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.944] lstrcmpiW (lpString1="{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.944] lstrcmpiW (lpString1="{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.944] lstrcmpiW (lpString1="{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.944] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C") returned 66 [0035.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.944] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C" [0035.944] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*" [0035.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.945] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.946] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.946] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.946] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.946] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.946] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.946] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.946] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.946] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.946] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.946] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.946] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.946] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.946] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.946] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0035.946] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="Windows") returned -1 [0035.946] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="Program Files") returned -1 [0035.946] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="Program Files (x86)") returned -1 [0035.946] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="$Recycle.bin") returned 1 [0035.946] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="System Volume Information") returned -1 [0035.946] lstrcmpiW (lpString1="OutlkLR.cab", lpString2=".") returned 1 [0035.946] lstrcmpiW (lpString1="OutlkLR.cab", lpString2="..") returned 1 [0035.946] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 78 [0035.946] StrStrIW (lpFirst="OutlkLR.cab", lpSrch=".lolkek") returned 0x0 [0035.946] lstrcmpW (lpString1="OutlkLR.cab", lpString2="LOLKEK.txt") returned 1 [0035.946] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 78 [0035.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x62f460 [0035.946] lstrcpyW (in: lpString1=0x62f460, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" [0035.946] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.946] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.946] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2bba00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OutlookMUI.msi", cAlternateFileName="OUTLOO~1.MSI")) returned 1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="Windows") returned -1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="Program Files") returned -1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="Program Files (x86)") returned -1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="System Volume Information") returned -1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2=".") returned 1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.msi", lpString2="..") returned 1 [0035.946] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 81 [0035.946] StrStrIW (lpFirst="OutlookMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.946] lstrcmpW (lpString1="OutlookMUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.946] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 81 [0035.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x62d1a0 [0035.946] lstrcpyW (in: lpString1=0x62d1a0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" [0035.946] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.946] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.946] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OutlookMUI.xml", cAlternateFileName="OUTLOO~1.XML")) returned 1 [0035.946] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="Windows") returned -1 [0035.947] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="Program Files") returned -1 [0035.947] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="Program Files (x86)") returned -1 [0035.947] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.947] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="System Volume Information") returned -1 [0035.947] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2=".") returned 1 [0035.947] lstrcmpiW (lpString1="OutlookMUI.xml", lpString2="..") returned 1 [0035.947] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 81 [0035.947] StrStrIW (lpFirst="OutlookMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.947] lstrcmpW (lpString1="OutlookMUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.947] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 81 [0035.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x62d2f0 [0035.947] lstrcpyW (in: lpString1=0x62d2f0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" [0035.947] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.947] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.947] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.947] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.947] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.947] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.947] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.947] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.947] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.947] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.947] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.947] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.947] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.947] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x62d440 [0035.947] lstrcpyW (in: lpString1=0x62d440, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.947] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.947] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.947] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x106f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.947] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.948] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.948] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.948] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.948] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.949] CloseHandle (hObject=0x15c) returned 1 [0035.949] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.949] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0035.949] lstrcmpiW (lpString1="{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.949] lstrcmpiW (lpString1="{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.949] lstrcmpiW (lpString1="{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.949] lstrcmpiW (lpString1="{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.949] lstrcmpiW (lpString1="{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.949] lstrcmpiW (lpString1="{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.949] lstrcmpiW (lpString1="{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.949] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C") returned 66 [0035.949] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.949] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C" [0035.949] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*" [0035.949] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.950] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.950] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.950] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.950] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.950] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.950] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.950] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.950] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.950] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.950] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.950] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.950] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.950] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.950] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.950] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.950] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.950] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.950] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.950] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.950] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.950] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.950] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.950] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.950] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.950] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.950] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.951] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x62d580 [0035.951] lstrcpyW (in: lpString1=0x62d580, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.951] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.951] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.951] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2fb48f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x2fb48f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc967850, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x29c6dbd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WordLR.cab", cAlternateFileName="")) returned 1 [0035.951] lstrcmpiW (lpString1="WordLR.cab", lpString2="Windows") returned 1 [0035.951] lstrcmpiW (lpString1="WordLR.cab", lpString2="Program Files") returned 1 [0035.951] lstrcmpiW (lpString1="WordLR.cab", lpString2="Program Files (x86)") returned 1 [0035.951] lstrcmpiW (lpString1="WordLR.cab", lpString2="$Recycle.bin") returned 1 [0035.951] lstrcmpiW (lpString1="WordLR.cab", lpString2="System Volume Information") returned 1 [0035.951] lstrcmpiW (lpString1="WordLR.cab", lpString2=".") returned 1 [0035.951] lstrcmpiW (lpString1="WordLR.cab", lpString2="..") returned 1 [0035.951] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 77 [0035.951] StrStrIW (lpFirst="WordLR.cab", lpSrch=".lolkek") returned 0x0 [0035.951] lstrcmpW (lpString1="WordLR.cab", lpString2="LOLKEK.txt") returned 1 [0035.951] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 77 [0035.951] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x62d6c0 [0035.951] lstrcpyW (in: lpString1=0x62d6c0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" [0035.951] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.951] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.951] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x267e00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WordMUI.msi", cAlternateFileName="")) returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.msi", lpString2="Windows") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.msi", lpString2="Program Files") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.msi", lpString2="Program Files (x86)") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.msi", lpString2="System Volume Information") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.msi", lpString2=".") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.msi", lpString2="..") returned 1 [0035.951] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 78 [0035.951] StrStrIW (lpFirst="WordMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.951] lstrcmpW (lpString1="WordMUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.951] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 78 [0035.951] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x634560 [0035.951] lstrcpyW (in: lpString1=0x634560, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" [0035.951] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.951] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.951] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WordMUI.xml", cAlternateFileName="")) returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.xml", lpString2="Windows") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.xml", lpString2="Program Files") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.xml", lpString2="Program Files (x86)") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.xml", lpString2="System Volume Information") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.xml", lpString2=".") returned 1 [0035.951] lstrcmpiW (lpString1="WordMUI.xml", lpString2="..") returned 1 [0035.952] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 78 [0035.952] StrStrIW (lpFirst="WordMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.952] lstrcmpW (lpString1="WordMUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.952] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 78 [0035.952] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x6346a8 [0035.952] lstrcpyW (in: lpString1=0x6346a8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" [0035.952] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.952] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.952] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x708, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WordMUI.xml", cAlternateFileName="")) returned 0 [0035.952] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.952] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.952] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.953] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.953] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.954] CloseHandle (hObject=0x15c) returned 1 [0035.954] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.954] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0035.954] lstrcmpiW (lpString1="{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.954] lstrcmpiW (lpString1="{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.954] lstrcmpiW (lpString1="{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.954] lstrcmpiW (lpString1="{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.954] lstrcmpiW (lpString1="{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.954] lstrcmpiW (lpString1="{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.954] lstrcmpiW (lpString1="{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.954] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C") returned 66 [0035.954] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.954] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C" [0035.954] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*" [0035.954] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.956] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.956] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.956] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.956] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.956] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.956] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.956] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.956] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.956] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.956] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.956] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.956] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.956] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.956] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.956] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0035.956] lstrcmpiW (lpString1="Proof.en", lpString2="Windows") returned -1 [0035.956] lstrcmpiW (lpString1="Proof.en", lpString2="Program Files") returned 1 [0035.956] lstrcmpiW (lpString1="Proof.en", lpString2="Program Files (x86)") returned 1 [0035.956] lstrcmpiW (lpString1="Proof.en", lpString2="$Recycle.bin") returned 1 [0035.956] lstrcmpiW (lpString1="Proof.en", lpString2="System Volume Information") returned -1 [0035.956] lstrcmpiW (lpString1="Proof.en", lpString2=".") returned 1 [0035.956] lstrcmpiW (lpString1="Proof.en", lpString2="..") returned 1 [0035.956] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en") returned 75 [0035.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0035.957] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en" [0035.957] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*" [0035.957] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0035.957] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.957] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.957] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.957] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.957] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.957] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.957] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.957] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.957] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.957] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.957] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.957] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.957] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.957] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.957] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0035.957] lstrcmpiW (lpString1="Proof.cab", lpString2="Windows") returned -1 [0035.957] lstrcmpiW (lpString1="Proof.cab", lpString2="Program Files") returned 1 [0035.957] lstrcmpiW (lpString1="Proof.cab", lpString2="Program Files (x86)") returned 1 [0035.957] lstrcmpiW (lpString1="Proof.cab", lpString2="$Recycle.bin") returned 1 [0035.957] lstrcmpiW (lpString1="Proof.cab", lpString2="System Volume Information") returned -1 [0035.957] lstrcmpiW (lpString1="Proof.cab", lpString2=".") returned 1 [0035.957] lstrcmpiW (lpString1="Proof.cab", lpString2="..") returned 1 [0035.957] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 85 [0035.957] StrStrIW (lpFirst="Proof.cab", lpSrch=".lolkek") returned 0x0 [0035.957] lstrcmpW (lpString1="Proof.cab", lpString2="LOLKEK.txt") returned 1 [0035.957] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 85 [0035.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x6357f8 [0035.957] lstrcpyW (in: lpString1=0x6357f8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" [0035.957] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.957] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.957] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4db6cb00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x4db6cb00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf020c5d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5c00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0035.957] lstrcmpiW (lpString1="Proof.msi", lpString2="Windows") returned -1 [0035.957] lstrcmpiW (lpString1="Proof.msi", lpString2="Program Files") returned 1 [0035.957] lstrcmpiW (lpString1="Proof.msi", lpString2="Program Files (x86)") returned 1 [0035.957] lstrcmpiW (lpString1="Proof.msi", lpString2="$Recycle.bin") returned 1 [0035.957] lstrcmpiW (lpString1="Proof.msi", lpString2="System Volume Information") returned -1 [0035.958] lstrcmpiW (lpString1="Proof.msi", lpString2=".") returned 1 [0035.958] lstrcmpiW (lpString1="Proof.msi", lpString2="..") returned 1 [0035.958] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 85 [0035.958] StrStrIW (lpFirst="Proof.msi", lpSrch=".lolkek") returned 0x0 [0035.958] lstrcmpW (lpString1="Proof.msi", lpString2="LOLKEK.txt") returned 1 [0035.958] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 85 [0035.958] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x635958 [0035.958] lstrcpyW (in: lpString1=0x635958, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" [0035.958] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.958] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.958] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0035.958] lstrcmpiW (lpString1="Proof.xml", lpString2="Windows") returned -1 [0035.958] lstrcmpiW (lpString1="Proof.xml", lpString2="Program Files") returned 1 [0035.958] lstrcmpiW (lpString1="Proof.xml", lpString2="Program Files (x86)") returned 1 [0035.958] lstrcmpiW (lpString1="Proof.xml", lpString2="$Recycle.bin") returned 1 [0035.958] lstrcmpiW (lpString1="Proof.xml", lpString2="System Volume Information") returned -1 [0035.958] lstrcmpiW (lpString1="Proof.xml", lpString2=".") returned 1 [0035.958] lstrcmpiW (lpString1="Proof.xml", lpString2="..") returned 1 [0035.958] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 85 [0035.958] StrStrIW (lpFirst="Proof.xml", lpSrch=".lolkek") returned 0x0 [0035.958] lstrcmpW (lpString1="Proof.xml", lpString2="LOLKEK.txt") returned 1 [0035.958] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 85 [0035.958] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x635ab8 [0035.958] lstrcpyW (in: lpString1=0x635ab8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" [0035.958] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.958] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.958] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa38b7300, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0xa38b7300, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf01be3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0035.958] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0035.958] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\LOLKEK.txt") returned 86 [0035.958] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0035.958] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.958] WriteFile (in: hFile=0x168, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0035.959] CloseHandle (hObject=0x168) returned 1 [0035.959] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0035.959] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0035.959] lstrcmpiW (lpString1="Proof.es", lpString2="Windows") returned -1 [0035.959] lstrcmpiW (lpString1="Proof.es", lpString2="Program Files") returned 1 [0035.959] lstrcmpiW (lpString1="Proof.es", lpString2="Program Files (x86)") returned 1 [0035.959] lstrcmpiW (lpString1="Proof.es", lpString2="$Recycle.bin") returned 1 [0035.959] lstrcmpiW (lpString1="Proof.es", lpString2="System Volume Information") returned -1 [0035.959] lstrcmpiW (lpString1="Proof.es", lpString2=".") returned 1 [0035.959] lstrcmpiW (lpString1="Proof.es", lpString2="..") returned 1 [0035.959] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es") returned 75 [0035.959] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0035.959] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es" [0035.959] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*" [0035.959] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0035.960] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.960] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.960] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.960] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.960] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.960] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.960] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.960] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.960] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.960] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.960] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.960] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.960] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.960] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.960] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0035.960] lstrcmpiW (lpString1="Proof.cab", lpString2="Windows") returned -1 [0035.960] lstrcmpiW (lpString1="Proof.cab", lpString2="Program Files") returned 1 [0035.960] lstrcmpiW (lpString1="Proof.cab", lpString2="Program Files (x86)") returned 1 [0035.960] lstrcmpiW (lpString1="Proof.cab", lpString2="$Recycle.bin") returned 1 [0035.960] lstrcmpiW (lpString1="Proof.cab", lpString2="System Volume Information") returned -1 [0035.960] lstrcmpiW (lpString1="Proof.cab", lpString2=".") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.cab", lpString2="..") returned 1 [0035.961] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 85 [0035.961] StrStrIW (lpFirst="Proof.cab", lpSrch=".lolkek") returned 0x0 [0035.961] lstrcmpW (lpString1="Proof.cab", lpString2="LOLKEK.txt") returned 1 [0035.961] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 85 [0035.961] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x635c18 [0035.961] lstrcpyW (in: lpString1=0x635c18, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" [0035.961] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.961] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.961] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e5c7f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd7200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0035.961] lstrcmpiW (lpString1="Proof.msi", lpString2="Windows") returned -1 [0035.961] lstrcmpiW (lpString1="Proof.msi", lpString2="Program Files") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.msi", lpString2="Program Files (x86)") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.msi", lpString2="$Recycle.bin") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.msi", lpString2="System Volume Information") returned -1 [0035.961] lstrcmpiW (lpString1="Proof.msi", lpString2=".") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.msi", lpString2="..") returned 1 [0035.961] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 85 [0035.961] StrStrIW (lpFirst="Proof.msi", lpSrch=".lolkek") returned 0x0 [0035.961] lstrcmpW (lpString1="Proof.msi", lpString2="LOLKEK.txt") returned 1 [0035.961] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 85 [0035.961] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x635d78 [0035.961] lstrcpyW (in: lpString1=0x635d78, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" [0035.961] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.961] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.961] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0035.961] lstrcmpiW (lpString1="Proof.xml", lpString2="Windows") returned -1 [0035.961] lstrcmpiW (lpString1="Proof.xml", lpString2="Program Files") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.xml", lpString2="Program Files (x86)") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.xml", lpString2="$Recycle.bin") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.xml", lpString2="System Volume Information") returned -1 [0035.961] lstrcmpiW (lpString1="Proof.xml", lpString2=".") returned 1 [0035.961] lstrcmpiW (lpString1="Proof.xml", lpString2="..") returned 1 [0035.961] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 85 [0035.961] StrStrIW (lpFirst="Proof.xml", lpSrch=".lolkek") returned 0x0 [0035.961] lstrcmpW (lpString1="Proof.xml", lpString2="LOLKEK.txt") returned 1 [0035.961] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 85 [0035.961] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x60c608 [0035.961] lstrcpyW (in: lpString1=0x60c608, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" [0035.961] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.961] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.961] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0035.961] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0035.962] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\LOLKEK.txt") returned 86 [0035.962] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0035.962] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.962] WriteFile (in: hFile=0x168, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0035.962] CloseHandle (hObject=0x168) returned 1 [0035.962] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0035.963] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0035.963] lstrcmpiW (lpString1="Proof.fr", lpString2="Windows") returned -1 [0035.963] lstrcmpiW (lpString1="Proof.fr", lpString2="Program Files") returned 1 [0035.963] lstrcmpiW (lpString1="Proof.fr", lpString2="Program Files (x86)") returned 1 [0035.963] lstrcmpiW (lpString1="Proof.fr", lpString2="$Recycle.bin") returned 1 [0035.963] lstrcmpiW (lpString1="Proof.fr", lpString2="System Volume Information") returned -1 [0035.963] lstrcmpiW (lpString1="Proof.fr", lpString2=".") returned 1 [0035.963] lstrcmpiW (lpString1="Proof.fr", lpString2="..") returned 1 [0035.963] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr") returned 75 [0035.963] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0035.963] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr" [0035.963] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*" [0035.963] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0035.964] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.964] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.964] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.964] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.964] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.964] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.964] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.964] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.964] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.964] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.964] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.964] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.964] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.964] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.964] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0035.964] lstrcmpiW (lpString1="Proof.cab", lpString2="Windows") returned -1 [0035.964] lstrcmpiW (lpString1="Proof.cab", lpString2="Program Files") returned 1 [0035.964] lstrcmpiW (lpString1="Proof.cab", lpString2="Program Files (x86)") returned 1 [0035.964] lstrcmpiW (lpString1="Proof.cab", lpString2="$Recycle.bin") returned 1 [0035.964] lstrcmpiW (lpString1="Proof.cab", lpString2="System Volume Information") returned -1 [0035.964] lstrcmpiW (lpString1="Proof.cab", lpString2=".") returned 1 [0035.964] lstrcmpiW (lpString1="Proof.cab", lpString2="..") returned 1 [0035.964] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 85 [0035.964] StrStrIW (lpFirst="Proof.cab", lpSrch=".lolkek") returned 0x0 [0035.964] lstrcmpW (lpString1="Proof.cab", lpString2="LOLKEK.txt") returned 1 [0035.964] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 85 [0035.964] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x60c768 [0035.964] lstrcpyW (in: lpString1=0x60c768, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" [0035.964] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.964] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.964] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2e3b660, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd8400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.msi", cAlternateFileName="")) returned 1 [0035.965] lstrcmpiW (lpString1="Proof.msi", lpString2="Windows") returned -1 [0035.965] lstrcmpiW (lpString1="Proof.msi", lpString2="Program Files") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.msi", lpString2="Program Files (x86)") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.msi", lpString2="$Recycle.bin") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.msi", lpString2="System Volume Information") returned -1 [0035.965] lstrcmpiW (lpString1="Proof.msi", lpString2=".") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.msi", lpString2="..") returned 1 [0035.965] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 85 [0035.965] StrStrIW (lpFirst="Proof.msi", lpSrch=".lolkek") returned 0x0 [0035.965] lstrcmpW (lpString1="Proof.msi", lpString2="LOLKEK.txt") returned 1 [0035.965] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 85 [0035.965] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x60c8c8 [0035.965] lstrcpyW (in: lpString1=0x60c8c8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" [0035.965] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.965] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.965] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.xml", cAlternateFileName="")) returned 1 [0035.965] lstrcmpiW (lpString1="Proof.xml", lpString2="Windows") returned -1 [0035.965] lstrcmpiW (lpString1="Proof.xml", lpString2="Program Files") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.xml", lpString2="Program Files (x86)") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.xml", lpString2="$Recycle.bin") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.xml", lpString2="System Volume Information") returned -1 [0035.965] lstrcmpiW (lpString1="Proof.xml", lpString2=".") returned 1 [0035.965] lstrcmpiW (lpString1="Proof.xml", lpString2="..") returned 1 [0035.965] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 85 [0035.965] StrStrIW (lpFirst="Proof.xml", lpSrch=".lolkek") returned 0x0 [0035.965] lstrcmpW (lpString1="Proof.xml", lpString2="LOLKEK.txt") returned 1 [0035.965] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 85 [0035.965] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x60ca28 [0035.965] lstrcpyW (in: lpString1=0x60ca28, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" [0035.965] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.965] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.965] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf2bd90c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof.xml", cAlternateFileName="")) returned 0 [0035.965] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0035.965] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\LOLKEK.txt") returned 86 [0035.965] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0035.966] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.966] WriteFile (in: hFile=0x168, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0035.966] CloseHandle (hObject=0x168) returned 1 [0035.966] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0035.967] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.msi", lpString2="Windows") returned -1 [0035.967] lstrcmpiW (lpString1="Proofing.msi", lpString2="Program Files") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.msi", lpString2="Program Files (x86)") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.msi", lpString2="$Recycle.bin") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.msi", lpString2="System Volume Information") returned -1 [0035.967] lstrcmpiW (lpString1="Proofing.msi", lpString2=".") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.msi", lpString2="..") returned 1 [0035.967] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 79 [0035.967] StrStrIW (lpFirst="Proofing.msi", lpSrch=".lolkek") returned 0x0 [0035.967] lstrcmpW (lpString1="Proofing.msi", lpString2="LOLKEK.txt") returned 1 [0035.967] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 79 [0035.967] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6347f0 [0035.967] lstrcpyW (in: lpString1=0x6347f0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" [0035.967] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.967] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.967] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf00db300, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x32b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proofing.xml", cAlternateFileName="")) returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.xml", lpString2="Windows") returned -1 [0035.967] lstrcmpiW (lpString1="Proofing.xml", lpString2="Program Files") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.xml", lpString2="Program Files (x86)") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.xml", lpString2="$Recycle.bin") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.xml", lpString2="System Volume Information") returned -1 [0035.967] lstrcmpiW (lpString1="Proofing.xml", lpString2=".") returned 1 [0035.967] lstrcmpiW (lpString1="Proofing.xml", lpString2="..") returned 1 [0035.967] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 79 [0035.967] StrStrIW (lpFirst="Proofing.xml", lpSrch=".lolkek") returned 0x0 [0035.967] lstrcmpW (lpString1="Proofing.xml", lpString2="LOLKEK.txt") returned 1 [0035.967] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 79 [0035.967] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x634938 [0035.967] lstrcpyW (in: lpString1=0x634938, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" [0035.967] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.967] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.967] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.967] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.967] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.967] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.967] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.967] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.967] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.968] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.968] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.968] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.968] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.968] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.968] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x634a80 [0035.968] lstrcpyW (in: lpString1=0x634a80, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.968] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.968] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.968] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58c6830, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x16fc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.968] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.968] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.968] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.968] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.968] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.969] CloseHandle (hObject=0x15c) returned 1 [0035.969] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.969] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0035.969] lstrcmpiW (lpString1="{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.969] lstrcmpiW (lpString1="{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.969] lstrcmpiW (lpString1="{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.969] lstrcmpiW (lpString1="{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.969] lstrcmpiW (lpString1="{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.969] lstrcmpiW (lpString1="{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.969] lstrcmpiW (lpString1="{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.969] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C") returned 66 [0035.969] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.969] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C" [0035.969] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*" [0035.969] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.971] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.971] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.971] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.971] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.971] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.971] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.971] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.971] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.971] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.971] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.971] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.971] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.971] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.971] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.971] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0035.971] lstrcmpiW (lpString1="Office32MUI.msi", lpString2="Windows") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.msi", lpString2="Program Files") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.msi", lpString2="Program Files (x86)") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.msi", lpString2="$Recycle.bin") returned 1 [0035.971] lstrcmpiW (lpString1="Office32MUI.msi", lpString2="System Volume Information") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.msi", lpString2=".") returned 1 [0035.971] lstrcmpiW (lpString1="Office32MUI.msi", lpString2="..") returned 1 [0035.971] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 82 [0035.971] StrStrIW (lpFirst="Office32MUI.msi", lpSrch=".lolkek") returned 0x0 [0035.971] lstrcmpW (lpString1="Office32MUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.971] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 82 [0035.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x634bc0 [0035.971] lstrcpyW (in: lpString1=0x634bc0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" [0035.971] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.971] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.971] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32MUI.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0035.971] lstrcmpiW (lpString1="Office32MUI.xml", lpString2="Windows") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.xml", lpString2="Program Files") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.xml", lpString2="Program Files (x86)") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.xml", lpString2="$Recycle.bin") returned 1 [0035.971] lstrcmpiW (lpString1="Office32MUI.xml", lpString2="System Volume Information") returned -1 [0035.971] lstrcmpiW (lpString1="Office32MUI.xml", lpString2=".") returned 1 [0035.971] lstrcmpiW (lpString1="Office32MUI.xml", lpString2="..") returned 1 [0035.972] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 82 [0035.972] StrStrIW (lpFirst="Office32MUI.xml", lpSrch=".lolkek") returned 0x0 [0035.972] lstrcmpW (lpString1="Office32MUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.972] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 82 [0035.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x634d18 [0035.972] lstrcpyW (in: lpString1=0x634d18, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" [0035.972] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.972] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.972] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc301560, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2cb13b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OWOW32LR.cab", cAlternateFileName="")) returned 1 [0035.972] lstrcmpiW (lpString1="OWOW32LR.cab", lpString2="Windows") returned -1 [0035.972] lstrcmpiW (lpString1="OWOW32LR.cab", lpString2="Program Files") returned -1 [0035.972] lstrcmpiW (lpString1="OWOW32LR.cab", lpString2="Program Files (x86)") returned -1 [0035.972] lstrcmpiW (lpString1="OWOW32LR.cab", lpString2="$Recycle.bin") returned 1 [0035.972] lstrcmpiW (lpString1="OWOW32LR.cab", lpString2="System Volume Information") returned -1 [0035.972] lstrcmpiW (lpString1="OWOW32LR.cab", lpString2=".") returned 1 [0035.972] lstrcmpiW (lpString1="OWOW32LR.cab", lpString2="..") returned 1 [0035.972] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 79 [0035.972] StrStrIW (lpFirst="OWOW32LR.cab", lpSrch=".lolkek") returned 0x0 [0035.972] lstrcmpW (lpString1="OWOW32LR.cab", lpString2="LOLKEK.txt") returned 1 [0035.972] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 79 [0035.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x62d058 [0035.972] lstrcpyW (in: lpString1=0x62d058, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" [0035.972] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.972] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.972] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.972] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.972] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.972] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.972] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.972] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.972] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.972] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.972] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.972] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.972] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.972] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x634e70 [0035.972] lstrcpyW (in: lpString1=0x634e70, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.972] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.972] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.972] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc3e4630, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x93a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.972] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.973] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.973] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.974] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.974] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.974] CloseHandle (hObject=0x15c) returned 1 [0035.975] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.975] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0035.975] lstrcmpiW (lpString1="{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.975] lstrcmpiW (lpString1="{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.975] lstrcmpiW (lpString1="{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.975] lstrcmpiW (lpString1="{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.975] lstrcmpiW (lpString1="{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.975] lstrcmpiW (lpString1="{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.975] lstrcmpiW (lpString1="{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.975] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C") returned 66 [0035.975] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.975] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C" [0035.975] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*" [0035.975] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.976] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.976] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.976] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.976] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.976] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.976] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.976] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.976] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.976] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.976] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.976] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.976] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.976] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.976] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.976] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0035.976] lstrcmpiW (lpString1="InfLR.cab", lpString2="Windows") returned -1 [0035.976] lstrcmpiW (lpString1="InfLR.cab", lpString2="Program Files") returned -1 [0035.976] lstrcmpiW (lpString1="InfLR.cab", lpString2="Program Files (x86)") returned -1 [0035.976] lstrcmpiW (lpString1="InfLR.cab", lpString2="$Recycle.bin") returned 1 [0035.976] lstrcmpiW (lpString1="InfLR.cab", lpString2="System Volume Information") returned -1 [0035.976] lstrcmpiW (lpString1="InfLR.cab", lpString2=".") returned 1 [0035.976] lstrcmpiW (lpString1="InfLR.cab", lpString2="..") returned 1 [0035.976] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 76 [0035.976] StrStrIW (lpFirst="InfLR.cab", lpSrch=".lolkek") returned 0x0 [0035.976] lstrcmpW (lpString1="InfLR.cab", lpString2="LOLKEK.txt") returned -1 [0035.977] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 76 [0035.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x634fb0 [0035.977] lstrcpyW (in: lpString1=0x634fb0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" [0035.977] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.977] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.977] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e58f90, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2fac00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="InfoPathMUI.msi", cAlternateFileName="INFOPA~1.MSI")) returned 1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.msi", lpString2="Windows") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.msi", lpString2="Program Files") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.msi", lpString2="Program Files (x86)") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.msi", lpString2="System Volume Information") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.msi", lpString2=".") returned 1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.msi", lpString2="..") returned 1 [0035.977] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 82 [0035.977] StrStrIW (lpFirst="InfoPathMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.977] lstrcmpW (lpString1="InfoPathMUI.msi", lpString2="LOLKEK.txt") returned -1 [0035.977] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 82 [0035.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x6350f0 [0035.977] lstrcpyW (in: lpString1=0x6350f0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" [0035.977] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.977] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.977] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="InfoPathMUI.xml", cAlternateFileName="INFOPA~1.XML")) returned 1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.xml", lpString2="Windows") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.xml", lpString2="Program Files") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.xml", lpString2="Program Files (x86)") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.xml", lpString2="System Volume Information") returned -1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.xml", lpString2=".") returned 1 [0035.977] lstrcmpiW (lpString1="InfoPathMUI.xml", lpString2="..") returned 1 [0035.977] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 82 [0035.977] StrStrIW (lpFirst="InfoPathMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.977] lstrcmpW (lpString1="InfoPathMUI.xml", lpString2="LOLKEK.txt") returned -1 [0035.977] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 82 [0035.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x635248 [0035.977] lstrcpyW (in: lpString1=0x635248, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" [0035.977] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.977] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.977] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.977] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.977] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.977] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.977] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.977] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.977] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.977] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.977] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.978] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.978] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.978] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.978] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6353a0 [0035.978] lstrcpyW (in: lpString1=0x6353a0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.978] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.978] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.978] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x73c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.978] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.978] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.978] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.979] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.979] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.980] CloseHandle (hObject=0x15c) returned 1 [0035.980] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.980] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0035.980] lstrcmpiW (lpString1="{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.980] lstrcmpiW (lpString1="{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.980] lstrcmpiW (lpString1="{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.980] lstrcmpiW (lpString1="{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.980] lstrcmpiW (lpString1="{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.980] lstrcmpiW (lpString1="{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.980] lstrcmpiW (lpString1="{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.980] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C") returned 66 [0035.980] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.980] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C" [0035.980] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*" [0035.980] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.980] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.980] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.980] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.980] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.980] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.980] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.980] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.980] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.980] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.980] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.980] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.980] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.980] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.980] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.980] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.980] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.980] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.980] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.980] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.980] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.980] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.980] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.981] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.981] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.981] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.981] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.981] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6354e0 [0035.981] lstrcpyW (in: lpString1=0x6354e0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.981] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.981] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.981] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7fb9f9e0, ftCreationTime.dwHighDateTime=0x1cbe575, ftLastAccessTime.dwLowDateTime=0x7fb9f9e0, ftLastAccessTime.dwHighDateTime=0x1cbe575, ftLastWriteTime.dwLowDateTime=0x437179c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x30780dd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisioLR.cab", cAlternateFileName="")) returned 1 [0035.981] lstrcmpiW (lpString1="VisioLR.cab", lpString2="Windows") returned -1 [0035.981] lstrcmpiW (lpString1="VisioLR.cab", lpString2="Program Files") returned 1 [0035.981] lstrcmpiW (lpString1="VisioLR.cab", lpString2="Program Files (x86)") returned 1 [0035.981] lstrcmpiW (lpString1="VisioLR.cab", lpString2="$Recycle.bin") returned 1 [0035.981] lstrcmpiW (lpString1="VisioLR.cab", lpString2="System Volume Information") returned 1 [0035.981] lstrcmpiW (lpString1="VisioLR.cab", lpString2=".") returned 1 [0035.981] lstrcmpiW (lpString1="VisioLR.cab", lpString2="..") returned 1 [0035.981] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 78 [0035.981] StrStrIW (lpFirst="VisioLR.cab", lpSrch=".lolkek") returned 0x0 [0035.981] lstrcmpW (lpString1="VisioLR.cab", lpString2="LOLKEK.txt") returned 1 [0035.981] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 78 [0035.981] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x635620 [0035.981] lstrcpyW (in: lpString1=0x635620, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" [0035.981] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.981] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.981] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x272b1e70, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x272b1e70, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x435c1d00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2ab000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisioMUI.msi", cAlternateFileName="")) returned 1 [0035.981] lstrcmpiW (lpString1="VisioMUI.msi", lpString2="Windows") returned -1 [0035.981] lstrcmpiW (lpString1="VisioMUI.msi", lpString2="Program Files") returned 1 [0035.981] lstrcmpiW (lpString1="VisioMUI.msi", lpString2="Program Files (x86)") returned 1 [0035.981] lstrcmpiW (lpString1="VisioMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.981] lstrcmpiW (lpString1="VisioMUI.msi", lpString2="System Volume Information") returned 1 [0035.981] lstrcmpiW (lpString1="VisioMUI.msi", lpString2=".") returned 1 [0035.981] lstrcmpiW (lpString1="VisioMUI.msi", lpString2="..") returned 1 [0035.981] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 79 [0035.981] StrStrIW (lpFirst="VisioMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.981] lstrcmpW (lpString1="VisioMUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.981] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 79 [0035.981] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60cb88 [0035.982] lstrcpyW (in: lpString1=0x60cb88, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" [0035.982] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.982] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.982] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 1 [0035.982] lstrcmpiW (lpString1="VisioMUI.xml", lpString2="Windows") returned -1 [0035.982] lstrcmpiW (lpString1="VisioMUI.xml", lpString2="Program Files") returned 1 [0035.982] lstrcmpiW (lpString1="VisioMUI.xml", lpString2="Program Files (x86)") returned 1 [0035.982] lstrcmpiW (lpString1="VisioMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.982] lstrcmpiW (lpString1="VisioMUI.xml", lpString2="System Volume Information") returned 1 [0035.982] lstrcmpiW (lpString1="VisioMUI.xml", lpString2=".") returned 1 [0035.982] lstrcmpiW (lpString1="VisioMUI.xml", lpString2="..") returned 1 [0035.982] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 79 [0035.982] StrStrIW (lpFirst="VisioMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.982] lstrcmpW (lpString1="VisioMUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.982] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 79 [0035.982] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60ccd0 [0035.982] lstrcpyW (in: lpString1=0x60ccd0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" [0035.982] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.982] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.982] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f0a8e20, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f0a8e20, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x4359ac00, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x251f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisioMUI.xml", cAlternateFileName="")) returned 0 [0035.982] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.982] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.982] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.983] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.983] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.984] CloseHandle (hObject=0x15c) returned 1 [0035.984] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.984] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0035.984] lstrcmpiW (lpString1="{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.984] lstrcmpiW (lpString1="{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.984] lstrcmpiW (lpString1="{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.984] lstrcmpiW (lpString1="{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.984] lstrcmpiW (lpString1="{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.984] lstrcmpiW (lpString1="{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.984] lstrcmpiW (lpString1="{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.984] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C") returned 66 [0035.984] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.984] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C" [0035.984] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*" [0035.984] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.986] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.986] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.986] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.986] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.986] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.986] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.986] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.986] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.986] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.986] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.986] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.986] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.986] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.986] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.986] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0035.986] lstrcmpiW (lpString1="OneNoteMUI.msi", lpString2="Windows") returned -1 [0035.986] lstrcmpiW (lpString1="OneNoteMUI.msi", lpString2="Program Files") returned -1 [0035.986] lstrcmpiW (lpString1="OneNoteMUI.msi", lpString2="Program Files (x86)") returned -1 [0035.986] lstrcmpiW (lpString1="OneNoteMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.986] lstrcmpiW (lpString1="OneNoteMUI.msi", lpString2="System Volume Information") returned -1 [0035.986] lstrcmpiW (lpString1="OneNoteMUI.msi", lpString2=".") returned 1 [0035.986] lstrcmpiW (lpString1="OneNoteMUI.msi", lpString2="..") returned 1 [0035.986] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 81 [0035.986] StrStrIW (lpFirst="OneNoteMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.986] lstrcmpW (lpString1="OneNoteMUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.986] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 81 [0035.986] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x60ce18 [0035.986] lstrcpyW (in: lpString1=0x60ce18, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" [0035.986] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.986] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.987] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OneNoteMUI.xml", cAlternateFileName="ONENOT~1.XML")) returned 1 [0035.987] lstrcmpiW (lpString1="OneNoteMUI.xml", lpString2="Windows") returned -1 [0035.987] lstrcmpiW (lpString1="OneNoteMUI.xml", lpString2="Program Files") returned -1 [0035.987] lstrcmpiW (lpString1="OneNoteMUI.xml", lpString2="Program Files (x86)") returned -1 [0035.987] lstrcmpiW (lpString1="OneNoteMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.987] lstrcmpiW (lpString1="OneNoteMUI.xml", lpString2="System Volume Information") returned -1 [0035.987] lstrcmpiW (lpString1="OneNoteMUI.xml", lpString2=".") returned 1 [0035.987] lstrcmpiW (lpString1="OneNoteMUI.xml", lpString2="..") returned 1 [0035.987] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 81 [0035.987] StrStrIW (lpFirst="OneNoteMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.987] lstrcmpW (lpString1="OneNoteMUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.987] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 81 [0035.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x60cf68 [0035.987] lstrcpyW (in: lpString1=0x60cf68, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" [0035.987] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.987] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.987] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x36db9d00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x36db9d00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5e95540, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10a5df8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OnoteLR.cab", cAlternateFileName="")) returned 1 [0035.987] lstrcmpiW (lpString1="OnoteLR.cab", lpString2="Windows") returned -1 [0035.987] lstrcmpiW (lpString1="OnoteLR.cab", lpString2="Program Files") returned -1 [0035.987] lstrcmpiW (lpString1="OnoteLR.cab", lpString2="Program Files (x86)") returned -1 [0035.987] lstrcmpiW (lpString1="OnoteLR.cab", lpString2="$Recycle.bin") returned 1 [0035.987] lstrcmpiW (lpString1="OnoteLR.cab", lpString2="System Volume Information") returned -1 [0035.987] lstrcmpiW (lpString1="OnoteLR.cab", lpString2=".") returned 1 [0035.987] lstrcmpiW (lpString1="OnoteLR.cab", lpString2="..") returned 1 [0035.987] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 78 [0035.987] StrStrIW (lpFirst="OnoteLR.cab", lpSrch=".lolkek") returned 0x0 [0035.987] lstrcmpW (lpString1="OnoteLR.cab", lpString2="LOLKEK.txt") returned 1 [0035.987] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 78 [0035.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x60d0b8 [0035.987] lstrcpyW (in: lpString1=0x60d0b8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" [0035.987] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.987] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.987] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.987] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.987] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.987] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.987] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.987] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.987] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.987] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.987] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.987] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.987] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.987] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x60d200 [0035.987] lstrcpyW (in: lpString1=0x60d200, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.988] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.988] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.988] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf6e0d4a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7c4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.988] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.988] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.988] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.989] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.989] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.989] CloseHandle (hObject=0x15c) returned 1 [0035.990] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.990] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0035.990] lstrcmpiW (lpString1="{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.990] lstrcmpiW (lpString1="{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.990] lstrcmpiW (lpString1="{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.990] lstrcmpiW (lpString1="{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.990] lstrcmpiW (lpString1="{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.990] lstrcmpiW (lpString1="{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.990] lstrcmpiW (lpString1="{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.990] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C") returned 66 [0035.990] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.990] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C" [0035.990] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*" [0035.990] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.992] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.992] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.992] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.992] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.992] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.992] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.992] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.992] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.992] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.992] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.992] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.992] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.992] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.992] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.992] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.msi", lpString2="Windows") returned -1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.msi", lpString2="Program Files") returned 1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.msi", lpString2="Program Files (x86)") returned 1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.msi", lpString2="System Volume Information") returned -1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.msi", lpString2=".") returned 1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.msi", lpString2="..") returned 1 [0035.992] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 81 [0035.992] StrStrIW (lpFirst="ProjectMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.992] lstrcmpW (lpString1="ProjectMUI.msi", lpString2="LOLKEK.txt") returned 1 [0035.992] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 81 [0035.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x60d340 [0035.992] lstrcpyW (in: lpString1=0x60d340, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" [0035.992] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.992] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.992] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30a2b7b0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30a2b7b0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b2ebe0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ProjectMUI.xml", cAlternateFileName="PROJEC~1.XML")) returned 1 [0035.992] lstrcmpiW (lpString1="ProjectMUI.xml", lpString2="Windows") returned -1 [0035.993] lstrcmpiW (lpString1="ProjectMUI.xml", lpString2="Program Files") returned 1 [0035.993] lstrcmpiW (lpString1="ProjectMUI.xml", lpString2="Program Files (x86)") returned 1 [0035.993] lstrcmpiW (lpString1="ProjectMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.993] lstrcmpiW (lpString1="ProjectMUI.xml", lpString2="System Volume Information") returned -1 [0035.993] lstrcmpiW (lpString1="ProjectMUI.xml", lpString2=".") returned 1 [0035.993] lstrcmpiW (lpString1="ProjectMUI.xml", lpString2="..") returned 1 [0035.993] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 81 [0035.993] StrStrIW (lpFirst="ProjectMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.993] lstrcmpW (lpString1="ProjectMUI.xml", lpString2="LOLKEK.txt") returned 1 [0035.993] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 81 [0035.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x60d490 [0035.993] lstrcpyW (in: lpString1=0x60d490, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" [0035.993] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.993] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.993] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30306de0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x30306de0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b7cde0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x7e1dcd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ProjLR.cab", cAlternateFileName="")) returned 1 [0035.993] lstrcmpiW (lpString1="ProjLR.cab", lpString2="Windows") returned -1 [0035.993] lstrcmpiW (lpString1="ProjLR.cab", lpString2="Program Files") returned 1 [0035.993] lstrcmpiW (lpString1="ProjLR.cab", lpString2="Program Files (x86)") returned 1 [0035.993] lstrcmpiW (lpString1="ProjLR.cab", lpString2="$Recycle.bin") returned 1 [0035.993] lstrcmpiW (lpString1="ProjLR.cab", lpString2="System Volume Information") returned -1 [0035.993] lstrcmpiW (lpString1="ProjLR.cab", lpString2=".") returned 1 [0035.993] lstrcmpiW (lpString1="ProjLR.cab", lpString2="..") returned 1 [0035.993] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 77 [0035.993] StrStrIW (lpFirst="ProjLR.cab", lpSrch=".lolkek") returned 0x0 [0035.993] lstrcmpW (lpString1="ProjLR.cab", lpString2="LOLKEK.txt") returned 1 [0035.993] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 77 [0035.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x60d5e0 [0035.993] lstrcpyW (in: lpString1=0x60d5e0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" [0035.993] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.993] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.993] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0035.993] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0035.993] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0035.993] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0035.993] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0035.993] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0035.993] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0035.993] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0035.993] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.993] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0035.994] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0035.994] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0035.994] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x60d720 [0035.994] lstrcpyW (in: lpString1=0x60d720, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" [0035.994] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.994] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.994] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x309dfcc0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x309dfcc0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5bc88d0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x750, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0035.994] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0035.994] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0035.994] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0035.995] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0035.995] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0035.996] CloseHandle (hObject=0x15c) returned 1 [0035.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0035.996] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0035.996] lstrcmpiW (lpString1="{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0035.996] lstrcmpiW (lpString1="{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0035.996] lstrcmpiW (lpString1="{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0035.996] lstrcmpiW (lpString1="{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0035.996] lstrcmpiW (lpString1="{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0035.996] lstrcmpiW (lpString1="{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0035.996] lstrcmpiW (lpString1="{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0035.996] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C") returned 66 [0035.996] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0035.996] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C" [0035.996] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*" [0035.996] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0035.998] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0035.998] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0035.998] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0035.998] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0035.998] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0035.998] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0035.998] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0035.998] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0035.998] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0035.998] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0035.998] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0035.998] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0035.998] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0035.998] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0035.998] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0035.998] lstrcmpiW (lpString1="GrooveLR.cab", lpString2="Windows") returned -1 [0035.998] lstrcmpiW (lpString1="GrooveLR.cab", lpString2="Program Files") returned -1 [0035.998] lstrcmpiW (lpString1="GrooveLR.cab", lpString2="Program Files (x86)") returned -1 [0035.998] lstrcmpiW (lpString1="GrooveLR.cab", lpString2="$Recycle.bin") returned 1 [0035.998] lstrcmpiW (lpString1="GrooveLR.cab", lpString2="System Volume Information") returned -1 [0035.998] lstrcmpiW (lpString1="GrooveLR.cab", lpString2=".") returned 1 [0035.998] lstrcmpiW (lpString1="GrooveLR.cab", lpString2="..") returned 1 [0035.998] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 79 [0035.998] StrStrIW (lpFirst="GrooveLR.cab", lpSrch=".lolkek") returned 0x0 [0035.999] lstrcmpW (lpString1="GrooveLR.cab", lpString2="LOLKEK.txt") returned -1 [0035.999] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 79 [0035.999] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60d860 [0035.999] lstrcpyW (in: lpString1=0x60d860, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" [0035.999] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.999] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.999] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee3b15e0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x264400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GrooveMUI.msi", cAlternateFileName="GROOVE~1.MSI")) returned 1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.msi", lpString2="Windows") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.msi", lpString2="Program Files") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.msi", lpString2="Program Files (x86)") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.msi", lpString2="$Recycle.bin") returned 1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.msi", lpString2="System Volume Information") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.msi", lpString2=".") returned 1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.msi", lpString2="..") returned 1 [0035.999] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 80 [0035.999] StrStrIW (lpFirst="GrooveMUI.msi", lpSrch=".lolkek") returned 0x0 [0035.999] lstrcmpW (lpString1="GrooveMUI.msi", lpString2="LOLKEK.txt") returned -1 [0035.999] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 80 [0035.999] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x60d9a8 [0035.999] lstrcpyW (in: lpString1=0x60d9a8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" [0035.999] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.999] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0035.999] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GrooveMUI.xml", cAlternateFileName="GROOVE~1.XML")) returned 1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.xml", lpString2="Windows") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.xml", lpString2="Program Files") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.xml", lpString2="Program Files (x86)") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.xml", lpString2="$Recycle.bin") returned 1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.xml", lpString2="System Volume Information") returned -1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.xml", lpString2=".") returned 1 [0035.999] lstrcmpiW (lpString1="GrooveMUI.xml", lpString2="..") returned 1 [0035.999] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 80 [0035.999] StrStrIW (lpFirst="GrooveMUI.xml", lpSrch=".lolkek") returned 0x0 [0035.999] lstrcmpW (lpString1="GrooveMUI.xml", lpString2="LOLKEK.txt") returned -1 [0035.999] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 80 [0035.999] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x60daf8 [0035.999] lstrcpyW (in: lpString1=0x60daf8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" [0035.999] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0035.999] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.000] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0036.000] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0036.000] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0036.000] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0036.000] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0036.000] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0036.000] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0036.000] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0036.000] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.000] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0036.000] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0036.000] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x60dc48 [0036.000] lstrcpyW (in: lpString1=0x60dc48, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" [0036.000] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.000] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.000] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec1a700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbec1a700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5ac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0036.000] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0036.000] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0036.001] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0036.001] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.001] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.002] CloseHandle (hObject=0x15c) returned 1 [0036.002] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.002] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0036.002] lstrcmpiW (lpString1="{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0036.002] lstrcmpiW (lpString1="{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0036.002] lstrcmpiW (lpString1="{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0036.002] lstrcmpiW (lpString1="{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0036.002] lstrcmpiW (lpString1="{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0036.002] lstrcmpiW (lpString1="{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0036.002] lstrcmpiW (lpString1="{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0036.002] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C") returned 66 [0036.002] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.002] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C" [0036.002] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*" [0036.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d998 [0036.005] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.005] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.005] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.005] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.006] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.006] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.006] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.006] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.006] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.006] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.006] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.006] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.006] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.006] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.006] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1033", cAlternateFileName="")) returned 1 [0036.006] lstrcmpiW (lpString1="1033", lpString2="Windows") returned -1 [0036.006] lstrcmpiW (lpString1="1033", lpString2="Program Files") returned -1 [0036.006] lstrcmpiW (lpString1="1033", lpString2="Program Files (x86)") returned -1 [0036.006] lstrcmpiW (lpString1="1033", lpString2="$Recycle.bin") returned 1 [0036.006] lstrcmpiW (lpString1="1033", lpString2="System Volume Information") returned -1 [0036.006] lstrcmpiW (lpString1="1033", lpString2=".") returned 1 [0036.006] lstrcmpiW (lpString1="1033", lpString2="..") returned 1 [0036.006] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033") returned 71 [0036.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.006] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033" [0036.006] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*" [0036.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.008] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.008] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.008] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.008] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.008] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.008] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.008] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.008] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.008] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.008] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.008] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.008] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.008] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0036.008] lstrcmpiW (lpString1="dwintl20.dll", lpString2="Windows") returned -1 [0036.008] lstrcmpiW (lpString1="dwintl20.dll", lpString2="Program Files") returned -1 [0036.008] lstrcmpiW (lpString1="dwintl20.dll", lpString2="Program Files (x86)") returned -1 [0036.008] lstrcmpiW (lpString1="dwintl20.dll", lpString2="$Recycle.bin") returned 1 [0036.008] lstrcmpiW (lpString1="dwintl20.dll", lpString2="System Volume Information") returned -1 [0036.008] lstrcmpiW (lpString1="dwintl20.dll", lpString2=".") returned 1 [0036.008] lstrcmpiW (lpString1="dwintl20.dll", lpString2="..") returned 1 [0036.008] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 84 [0036.008] StrStrIW (lpFirst="dwintl20.dll", lpSrch=".lolkek") returned 0x0 [0036.008] lstrcmpW (lpString1="dwintl20.dll", lpString2="LOLKEK.txt") returned -1 [0036.008] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 84 [0036.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x634058 [0036.008] lstrcpyW (in: lpString1=0x634058, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" [0036.008] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.008] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.008] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dwintl20.dll", cAlternateFileName="")) returned 0 [0036.008] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.008] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\LOLKEK.txt") returned 82 [0036.008] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0036.009] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.009] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.009] CloseHandle (hObject=0x174) returned 1 [0036.009] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.010] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0036.010] lstrcmpiW (lpString1="branding.xml", lpString2="Windows") returned -1 [0036.010] lstrcmpiW (lpString1="branding.xml", lpString2="Program Files") returned -1 [0036.010] lstrcmpiW (lpString1="branding.xml", lpString2="Program Files (x86)") returned -1 [0036.010] lstrcmpiW (lpString1="branding.xml", lpString2="$Recycle.bin") returned 1 [0036.010] lstrcmpiW (lpString1="branding.xml", lpString2="System Volume Information") returned -1 [0036.010] lstrcmpiW (lpString1="branding.xml", lpString2=".") returned 1 [0036.010] lstrcmpiW (lpString1="branding.xml", lpString2="..") returned 1 [0036.010] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 79 [0036.010] StrStrIW (lpFirst="branding.xml", lpSrch=".lolkek") returned 0x0 [0036.010] lstrcmpW (lpString1="branding.xml", lpString2="LOLKEK.txt") returned -1 [0036.010] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 79 [0036.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6341b8 [0036.010] lstrcpyW (in: lpString1=0x6341b8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" [0036.010] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.010] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.010] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0036.010] lstrcmpiW (lpString1="DW20.EXE", lpString2="Windows") returned -1 [0036.010] lstrcmpiW (lpString1="DW20.EXE", lpString2="Program Files") returned -1 [0036.010] lstrcmpiW (lpString1="DW20.EXE", lpString2="Program Files (x86)") returned -1 [0036.010] lstrcmpiW (lpString1="DW20.EXE", lpString2="$Recycle.bin") returned 1 [0036.010] lstrcmpiW (lpString1="DW20.EXE", lpString2="System Volume Information") returned -1 [0036.010] lstrcmpiW (lpString1="DW20.EXE", lpString2=".") returned 1 [0036.010] lstrcmpiW (lpString1="DW20.EXE", lpString2="..") returned 1 [0036.010] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 75 [0036.010] StrStrIW (lpFirst="DW20.EXE", lpSrch=".lolkek") returned 0x0 [0036.010] lstrcmpW (lpString1="DW20.EXE", lpString2="LOLKEK.txt") returned -1 [0036.010] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 75 [0036.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x634300 [0036.010] lstrcpyW (in: lpString1=0x634300, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" [0036.010] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.011] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.011] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1 [0036.011] lstrcmpiW (lpString1="dwdcw20.dll", lpString2="Windows") returned -1 [0036.011] lstrcmpiW (lpString1="dwdcw20.dll", lpString2="Program Files") returned -1 [0036.011] lstrcmpiW (lpString1="dwdcw20.dll", lpString2="Program Files (x86)") returned -1 [0036.011] lstrcmpiW (lpString1="dwdcw20.dll", lpString2="$Recycle.bin") returned 1 [0036.011] lstrcmpiW (lpString1="dwdcw20.dll", lpString2="System Volume Information") returned -1 [0036.011] lstrcmpiW (lpString1="dwdcw20.dll", lpString2=".") returned 1 [0036.011] lstrcmpiW (lpString1="dwdcw20.dll", lpString2="..") returned 1 [0036.011] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 78 [0036.011] StrStrIW (lpFirst="dwdcw20.dll", lpSrch=".lolkek") returned 0x0 [0036.011] lstrcmpW (lpString1="dwdcw20.dll", lpString2="LOLKEK.txt") returned -1 [0036.011] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 78 [0036.011] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x60ed90 [0036.011] lstrcpyW (in: lpString1=0x60ed90, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" [0036.011] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.011] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.011] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1 [0036.011] lstrcmpiW (lpString1="dwtrig20.exe", lpString2="Windows") returned -1 [0036.011] lstrcmpiW (lpString1="dwtrig20.exe", lpString2="Program Files") returned -1 [0036.011] lstrcmpiW (lpString1="dwtrig20.exe", lpString2="Program Files (x86)") returned -1 [0036.011] lstrcmpiW (lpString1="dwtrig20.exe", lpString2="$Recycle.bin") returned 1 [0036.011] lstrcmpiW (lpString1="dwtrig20.exe", lpString2="System Volume Information") returned -1 [0036.011] lstrcmpiW (lpString1="dwtrig20.exe", lpString2=".") returned 1 [0036.011] lstrcmpiW (lpString1="dwtrig20.exe", lpString2="..") returned 1 [0036.011] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 79 [0036.011] StrStrIW (lpFirst="dwtrig20.exe", lpSrch=".lolkek") returned 0x0 [0036.011] lstrcmpW (lpString1="dwtrig20.exe", lpString2="LOLKEK.txt") returned -1 [0036.011] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 79 [0036.011] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60eef0 [0036.011] lstrcpyW (in: lpString1=0x60eef0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" [0036.011] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.011] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.011] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1 [0036.012] lstrcmpiW (lpString1="Microsoft.VC90.CRT.manifest", lpString2="Windows") returned -1 [0036.012] lstrcmpiW (lpString1="Microsoft.VC90.CRT.manifest", lpString2="Program Files") returned -1 [0036.012] lstrcmpiW (lpString1="Microsoft.VC90.CRT.manifest", lpString2="Program Files (x86)") returned -1 [0036.012] lstrcmpiW (lpString1="Microsoft.VC90.CRT.manifest", lpString2="$Recycle.bin") returned 1 [0036.012] lstrcmpiW (lpString1="Microsoft.VC90.CRT.manifest", lpString2="System Volume Information") returned -1 [0036.012] lstrcmpiW (lpString1="Microsoft.VC90.CRT.manifest", lpString2=".") returned 1 [0036.012] lstrcmpiW (lpString1="Microsoft.VC90.CRT.manifest", lpString2="..") returned 1 [0036.012] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 94 [0036.012] StrStrIW (lpFirst="Microsoft.VC90.CRT.manifest", lpSrch=".lolkek") returned 0x0 [0036.012] lstrcmpW (lpString1="Microsoft.VC90.CRT.manifest", lpString2="LOLKEK.txt") returned 1 [0036.012] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 94 [0036.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x610ed8 [0036.012] lstrcpyW (in: lpString1=0x610ed8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" [0036.012] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.012] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.012] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1 [0036.012] lstrcmpiW (lpString1="msvcr90.dll", lpString2="Windows") returned -1 [0036.012] lstrcmpiW (lpString1="msvcr90.dll", lpString2="Program Files") returned -1 [0036.012] lstrcmpiW (lpString1="msvcr90.dll", lpString2="Program Files (x86)") returned -1 [0036.012] lstrcmpiW (lpString1="msvcr90.dll", lpString2="$Recycle.bin") returned 1 [0036.012] lstrcmpiW (lpString1="msvcr90.dll", lpString2="System Volume Information") returned -1 [0036.012] lstrcmpiW (lpString1="msvcr90.dll", lpString2=".") returned 1 [0036.012] lstrcmpiW (lpString1="msvcr90.dll", lpString2="..") returned 1 [0036.012] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 78 [0036.012] StrStrIW (lpFirst="msvcr90.dll", lpSrch=".lolkek") returned 0x0 [0036.012] lstrcmpW (lpString1="msvcr90.dll", lpString2="LOLKEK.txt") returned 1 [0036.012] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 78 [0036.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x60f038 [0036.012] lstrcpyW (in: lpString1=0x60f038, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" [0036.012] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.012] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.012] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1 [0036.012] lstrcmpiW (lpString1="OfficeLR.cab", lpString2="Windows") returned -1 [0036.012] lstrcmpiW (lpString1="OfficeLR.cab", lpString2="Program Files") returned -1 [0036.012] lstrcmpiW (lpString1="OfficeLR.cab", lpString2="Program Files (x86)") returned -1 [0036.012] lstrcmpiW (lpString1="OfficeLR.cab", lpString2="$Recycle.bin") returned 1 [0036.012] lstrcmpiW (lpString1="OfficeLR.cab", lpString2="System Volume Information") returned -1 [0036.012] lstrcmpiW (lpString1="OfficeLR.cab", lpString2=".") returned 1 [0036.012] lstrcmpiW (lpString1="OfficeLR.cab", lpString2="..") returned 1 [0036.012] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 79 [0036.012] StrStrIW (lpFirst="OfficeLR.cab", lpSrch=".lolkek") returned 0x0 [0036.012] lstrcmpW (lpString1="OfficeLR.cab", lpString2="LOLKEK.txt") returned 1 [0036.012] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 79 [0036.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60f180 [0036.012] lstrcpyW (in: lpString1=0x60f180, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" [0036.012] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.013] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.013] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.msi", lpString2="Windows") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.msi", lpString2="Program Files") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.msi", lpString2="Program Files (x86)") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.msi", lpString2="$Recycle.bin") returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.msi", lpString2="System Volume Information") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.msi", lpString2=".") returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.msi", lpString2="..") returned 1 [0036.013] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 80 [0036.013] StrStrIW (lpFirst="OfficeMUI.msi", lpSrch=".lolkek") returned 0x0 [0036.013] lstrcmpW (lpString1="OfficeMUI.msi", lpString2="LOLKEK.txt") returned 1 [0036.013] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 80 [0036.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x611060 [0036.013] lstrcpyW (in: lpString1=0x611060, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" [0036.013] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.013] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.013] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.xml", lpString2="Windows") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.xml", lpString2="Program Files") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.xml", lpString2="Program Files (x86)") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.xml", lpString2="$Recycle.bin") returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.xml", lpString2="System Volume Information") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.xml", lpString2=".") returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUI.xml", lpString2="..") returned 1 [0036.013] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 80 [0036.013] StrStrIW (lpFirst="OfficeMUI.xml", lpSrch=".lolkek") returned 0x0 [0036.013] lstrcmpW (lpString1="OfficeMUI.xml", lpString2="LOLKEK.txt") returned 1 [0036.013] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 80 [0036.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x6111b0 [0036.013] lstrcpyW (in: lpString1=0x6111b0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" [0036.013] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.013] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.013] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUISet.msi", lpString2="Windows") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUISet.msi", lpString2="Program Files") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUISet.msi", lpString2="Program Files (x86)") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUISet.msi", lpString2="$Recycle.bin") returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUISet.msi", lpString2="System Volume Information") returned -1 [0036.013] lstrcmpiW (lpString1="OfficeMUISet.msi", lpString2=".") returned 1 [0036.013] lstrcmpiW (lpString1="OfficeMUISet.msi", lpString2="..") returned 1 [0036.013] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 83 [0036.013] StrStrIW (lpFirst="OfficeMUISet.msi", lpSrch=".lolkek") returned 0x0 [0036.013] lstrcmpW (lpString1="OfficeMUISet.msi", lpString2="LOLKEK.txt") returned 1 [0036.013] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 83 [0036.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x611300 [0036.014] lstrcpyW (in: lpString1=0x611300, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" [0036.014] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.014] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.014] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0036.014] lstrcmpiW (lpString1="OfficeMUISet.xml", lpString2="Windows") returned -1 [0036.014] lstrcmpiW (lpString1="OfficeMUISet.xml", lpString2="Program Files") returned -1 [0036.014] lstrcmpiW (lpString1="OfficeMUISet.xml", lpString2="Program Files (x86)") returned -1 [0036.014] lstrcmpiW (lpString1="OfficeMUISet.xml", lpString2="$Recycle.bin") returned 1 [0036.014] lstrcmpiW (lpString1="OfficeMUISet.xml", lpString2="System Volume Information") returned -1 [0036.014] lstrcmpiW (lpString1="OfficeMUISet.xml", lpString2=".") returned 1 [0036.014] lstrcmpiW (lpString1="OfficeMUISet.xml", lpString2="..") returned 1 [0036.014] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 83 [0036.014] StrStrIW (lpFirst="OfficeMUISet.xml", lpSrch=".lolkek") returned 0x0 [0036.014] lstrcmpW (lpString1="OfficeMUISet.xml", lpString2="LOLKEK.txt") returned 1 [0036.014] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 83 [0036.014] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x611458 [0036.014] lstrcpyW (in: lpString1=0x611458, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" [0036.014] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.014] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.014] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="osetupui.dll", cAlternateFileName="")) returned 1 [0036.014] lstrcmpiW (lpString1="osetupui.dll", lpString2="Windows") returned -1 [0036.014] lstrcmpiW (lpString1="osetupui.dll", lpString2="Program Files") returned -1 [0036.014] lstrcmpiW (lpString1="osetupui.dll", lpString2="Program Files (x86)") returned -1 [0036.014] lstrcmpiW (lpString1="osetupui.dll", lpString2="$Recycle.bin") returned 1 [0036.014] lstrcmpiW (lpString1="osetupui.dll", lpString2="System Volume Information") returned -1 [0036.014] lstrcmpiW (lpString1="osetupui.dll", lpString2=".") returned 1 [0036.014] lstrcmpiW (lpString1="osetupui.dll", lpString2="..") returned 1 [0036.014] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 79 [0036.014] StrStrIW (lpFirst="osetupui.dll", lpSrch=".lolkek") returned 0x0 [0036.014] lstrcmpW (lpString1="osetupui.dll", lpString2="LOLKEK.txt") returned 1 [0036.014] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 79 [0036.014] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60f2c8 [0036.014] lstrcpyW (in: lpString1=0x60f2c8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" [0036.014] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.014] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.014] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pss10r.chm", cAlternateFileName="")) returned 1 [0036.014] lstrcmpiW (lpString1="pss10r.chm", lpString2="Windows") returned -1 [0036.014] lstrcmpiW (lpString1="pss10r.chm", lpString2="Program Files") returned 1 [0036.014] lstrcmpiW (lpString1="pss10r.chm", lpString2="Program Files (x86)") returned 1 [0036.014] lstrcmpiW (lpString1="pss10r.chm", lpString2="$Recycle.bin") returned 1 [0036.014] lstrcmpiW (lpString1="pss10r.chm", lpString2="System Volume Information") returned -1 [0036.014] lstrcmpiW (lpString1="pss10r.chm", lpString2=".") returned 1 [0036.014] lstrcmpiW (lpString1="pss10r.chm", lpString2="..") returned 1 [0036.014] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 77 [0036.014] StrStrIW (lpFirst="pss10r.chm", lpSrch=".lolkek") returned 0x0 [0036.014] lstrcmpW (lpString1="pss10r.chm", lpString2="LOLKEK.txt") returned 1 [0036.014] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 77 [0036.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x60f410 [0036.015] lstrcpyW (in: lpString1=0x60f410, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" [0036.015] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.015] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.015] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="setup.chm", cAlternateFileName="")) returned 1 [0036.015] lstrcmpiW (lpString1="setup.chm", lpString2="Windows") returned -1 [0036.015] lstrcmpiW (lpString1="setup.chm", lpString2="Program Files") returned 1 [0036.015] lstrcmpiW (lpString1="setup.chm", lpString2="Program Files (x86)") returned 1 [0036.015] lstrcmpiW (lpString1="setup.chm", lpString2="$Recycle.bin") returned 1 [0036.015] lstrcmpiW (lpString1="setup.chm", lpString2="System Volume Information") returned -1 [0036.015] lstrcmpiW (lpString1="setup.chm", lpString2=".") returned 1 [0036.015] lstrcmpiW (lpString1="setup.chm", lpString2="..") returned 1 [0036.015] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 76 [0036.015] StrStrIW (lpFirst="setup.chm", lpSrch=".lolkek") returned 0x0 [0036.015] lstrcmpW (lpString1="setup.chm", lpString2="LOLKEK.txt") returned 1 [0036.015] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 76 [0036.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x60f558 [0036.015] lstrcpyW (in: lpString1=0x60f558, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" [0036.015] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.015] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.015] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0036.015] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0036.015] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0036.015] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0036.015] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0036.015] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0036.015] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0036.015] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0036.015] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.015] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0036.015] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0036.015] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x60f6a0 [0036.015] lstrcpyW (in: lpString1=0x60f6a0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" [0036.015] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.015] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.015] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1 [0036.015] lstrcmpiW (lpString1="ShellUI.MST", lpString2="Windows") returned -1 [0036.015] lstrcmpiW (lpString1="ShellUI.MST", lpString2="Program Files") returned 1 [0036.015] lstrcmpiW (lpString1="ShellUI.MST", lpString2="Program Files (x86)") returned 1 [0036.015] lstrcmpiW (lpString1="ShellUI.MST", lpString2="$Recycle.bin") returned 1 [0036.015] lstrcmpiW (lpString1="ShellUI.MST", lpString2="System Volume Information") returned -1 [0036.015] lstrcmpiW (lpString1="ShellUI.MST", lpString2=".") returned 1 [0036.015] lstrcmpiW (lpString1="ShellUI.MST", lpString2="..") returned 1 [0036.015] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 78 [0036.015] StrStrIW (lpFirst="ShellUI.MST", lpSrch=".lolkek") returned 0x0 [0036.015] lstrcmpW (lpString1="ShellUI.MST", lpString2="LOLKEK.txt") returned 1 [0036.016] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 78 [0036.016] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x60f7e8 [0036.016] lstrcpyW (in: lpString1=0x60f7e8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" [0036.016] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.016] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.016] FindNextFileW (in: hFindFile=0x62d998, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ShellUI.MST", cAlternateFileName="")) returned 0 [0036.016] FindClose (in: hFindFile=0x62d998 | out: hFindFile=0x62d998) returned 1 [0036.016] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0036.016] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0036.016] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.016] WriteFile (in: hFile=0x15c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.017] CloseHandle (hObject=0x15c) returned 1 [0036.017] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.017] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0036.017] lstrcmpiW (lpString1="{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0036.017] lstrcmpiW (lpString1="{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0036.017] lstrcmpiW (lpString1="{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0036.017] lstrcmpiW (lpString1="{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0036.017] lstrcmpiW (lpString1="{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0036.017] lstrcmpiW (lpString1="{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0036.017] lstrcmpiW (lpString1="{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0036.017] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C") returned 66 [0036.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.017] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C" [0036.017] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*" [0036.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.020] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.020] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.020] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.020] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.020] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.021] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.021] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.021] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.021] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.021] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.021] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.021] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.021] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.021] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.021] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0036.021] lstrcmpiW (lpString1="Access.en-us", lpString2="Windows") returned -1 [0036.021] lstrcmpiW (lpString1="Access.en-us", lpString2="Program Files") returned -1 [0036.021] lstrcmpiW (lpString1="Access.en-us", lpString2="Program Files (x86)") returned -1 [0036.021] lstrcmpiW (lpString1="Access.en-us", lpString2="$Recycle.bin") returned 1 [0036.021] lstrcmpiW (lpString1="Access.en-us", lpString2="System Volume Information") returned -1 [0036.021] lstrcmpiW (lpString1="Access.en-us", lpString2=".") returned 1 [0036.021] lstrcmpiW (lpString1="Access.en-us", lpString2="..") returned 1 [0036.021] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us") returned 79 [0036.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.021] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us" [0036.021] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*" [0036.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da18 [0036.025] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.025] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.025] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.026] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.026] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.026] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.026] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.026] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.026] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.026] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.026] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.026] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.026] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.026] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.026] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0036.026] lstrcmpiW (lpString1="AccessMUI.msi", lpString2="Windows") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.msi", lpString2="Program Files") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.msi", lpString2="Program Files (x86)") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.msi", lpString2="$Recycle.bin") returned 1 [0036.026] lstrcmpiW (lpString1="AccessMUI.msi", lpString2="System Volume Information") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.msi", lpString2=".") returned 1 [0036.026] lstrcmpiW (lpString1="AccessMUI.msi", lpString2="..") returned 1 [0036.026] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 93 [0036.026] StrStrIW (lpFirst="AccessMUI.msi", lpSrch=".lolkek") returned 0x0 [0036.026] lstrcmpW (lpString1="AccessMUI.msi", lpString2="LOLKEK.txt") returned -1 [0036.026] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 93 [0036.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x60eb70 [0036.026] lstrcpyW (in: lpString1=0x60eb70, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" [0036.026] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.026] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.026] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0036.026] lstrcmpiW (lpString1="AccessMUI.xml", lpString2="Windows") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.xml", lpString2="Program Files") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.xml", lpString2="Program Files (x86)") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.xml", lpString2="$Recycle.bin") returned 1 [0036.026] lstrcmpiW (lpString1="AccessMUI.xml", lpString2="System Volume Information") returned -1 [0036.026] lstrcmpiW (lpString1="AccessMUI.xml", lpString2=".") returned 1 [0036.026] lstrcmpiW (lpString1="AccessMUI.xml", lpString2="..") returned 1 [0036.026] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 93 [0036.026] StrStrIW (lpFirst="AccessMUI.xml", lpSrch=".lolkek") returned 0x0 [0036.026] lstrcmpW (lpString1="AccessMUI.xml", lpString2="LOLKEK.txt") returned -1 [0036.026] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 93 [0036.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x6135c0 [0036.026] lstrcpyW (in: lpString1=0x6135c0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" [0036.026] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.026] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.026] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AccLR.cab", cAlternateFileName="")) returned 1 [0036.026] lstrcmpiW (lpString1="AccLR.cab", lpString2="Windows") returned -1 [0036.027] lstrcmpiW (lpString1="AccLR.cab", lpString2="Program Files") returned -1 [0036.027] lstrcmpiW (lpString1="AccLR.cab", lpString2="Program Files (x86)") returned -1 [0036.027] lstrcmpiW (lpString1="AccLR.cab", lpString2="$Recycle.bin") returned 1 [0036.027] lstrcmpiW (lpString1="AccLR.cab", lpString2="System Volume Information") returned -1 [0036.027] lstrcmpiW (lpString1="AccLR.cab", lpString2=".") returned 1 [0036.027] lstrcmpiW (lpString1="AccLR.cab", lpString2="..") returned 1 [0036.027] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 89 [0036.027] StrStrIW (lpFirst="AccLR.cab", lpSrch=".lolkek") returned 0x0 [0036.027] lstrcmpW (lpString1="AccLR.cab", lpString2="LOLKEK.txt") returned -1 [0036.027] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 89 [0036.027] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x613740 [0036.027] lstrcpyW (in: lpString1=0x613740, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" [0036.027] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.027] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.027] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0036.027] lstrcmpiW (lpString1="branding.xml", lpString2="Windows") returned -1 [0036.027] lstrcmpiW (lpString1="branding.xml", lpString2="Program Files") returned -1 [0036.027] lstrcmpiW (lpString1="branding.xml", lpString2="Program Files (x86)") returned -1 [0036.027] lstrcmpiW (lpString1="branding.xml", lpString2="$Recycle.bin") returned 1 [0036.027] lstrcmpiW (lpString1="branding.xml", lpString2="System Volume Information") returned -1 [0036.027] lstrcmpiW (lpString1="branding.xml", lpString2=".") returned 1 [0036.027] lstrcmpiW (lpString1="branding.xml", lpString2="..") returned 1 [0036.027] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 92 [0036.027] StrStrIW (lpFirst="branding.xml", lpSrch=".lolkek") returned 0x0 [0036.027] lstrcmpW (lpString1="branding.xml", lpString2="LOLKEK.txt") returned -1 [0036.027] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 92 [0036.027] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x6138b0 [0036.027] lstrcpyW (in: lpString1=0x6138b0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" [0036.027] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.027] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.027] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="branding.xml", cAlternateFileName="")) returned 0 [0036.027] FindClose (in: hFindFile=0x62da18 | out: hFindFile=0x62da18) returned 1 [0036.028] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\LOLKEK.txt") returned 90 [0036.028] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0036.028] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.028] WriteFile (in: hFile=0x188, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.029] CloseHandle (hObject=0x188) returned 1 [0036.029] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.030] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.msi", lpString2="Windows") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.msi", lpString2="Program Files") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.msi", lpString2="Program Files (x86)") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.msi", lpString2="$Recycle.bin") returned 1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.msi", lpString2="System Volume Information") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.msi", lpString2=".") returned 1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.msi", lpString2="..") returned 1 [0036.030] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 83 [0036.030] StrStrIW (lpFirst="AccessMUISet.msi", lpSrch=".lolkek") returned 0x0 [0036.030] lstrcmpW (lpString1="AccessMUISet.msi", lpString2="LOLKEK.txt") returned -1 [0036.030] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 83 [0036.030] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x6125b8 [0036.030] lstrcpyW (in: lpString1=0x6125b8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" [0036.030] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.030] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.030] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.xml", lpString2="Windows") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.xml", lpString2="Program Files") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.xml", lpString2="Program Files (x86)") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.xml", lpString2="$Recycle.bin") returned 1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.xml", lpString2="System Volume Information") returned -1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.xml", lpString2=".") returned 1 [0036.030] lstrcmpiW (lpString1="AccessMUISet.xml", lpString2="..") returned 1 [0036.030] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 83 [0036.030] StrStrIW (lpFirst="AccessMUISet.xml", lpSrch=".lolkek") returned 0x0 [0036.030] lstrcmpW (lpString1="AccessMUISet.xml", lpString2="LOLKEK.txt") returned -1 [0036.030] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 83 [0036.030] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x612710 [0036.030] lstrcpyW (in: lpString1=0x612710, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" [0036.030] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.030] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.030] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0036.030] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0036.030] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0036.030] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0036.030] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0036.030] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0036.030] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0036.030] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0036.030] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.031] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0036.031] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0036.031] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x60f930 [0036.031] lstrcpyW (in: lpString1=0x60f930, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" [0036.031] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.031] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.031] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0036.031] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.031] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0036.031] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0036.031] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.031] WriteFile (in: hFile=0x178, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.032] CloseHandle (hObject=0x178) returned 1 [0036.032] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.032] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0036.032] lstrcmpiW (lpString1="{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0036.032] lstrcmpiW (lpString1="{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0036.032] lstrcmpiW (lpString1="{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0036.032] lstrcmpiW (lpString1="{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0036.032] lstrcmpiW (lpString1="{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0036.032] lstrcmpiW (lpString1="{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0036.032] lstrcmpiW (lpString1="{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0036.032] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C") returned 66 [0036.032] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.032] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C" [0036.032] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*" [0036.032] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.039] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.039] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.039] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.039] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.039] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.039] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.039] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.039] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.039] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.039] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.039] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.039] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.039] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.039] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.039] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0036.039] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Windows") returned -1 [0036.039] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Program Files") returned -1 [0036.039] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Program Files (x86)") returned -1 [0036.039] lstrcmpiW (lpString1="Office32WW.msi", lpString2="$Recycle.bin") returned 1 [0036.039] lstrcmpiW (lpString1="Office32WW.msi", lpString2="System Volume Information") returned -1 [0036.039] lstrcmpiW (lpString1="Office32WW.msi", lpString2=".") returned 1 [0036.039] lstrcmpiW (lpString1="Office32WW.msi", lpString2="..") returned 1 [0036.039] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 81 [0036.039] StrStrIW (lpFirst="Office32WW.msi", lpSrch=".lolkek") returned 0x0 [0036.039] lstrcmpW (lpString1="Office32WW.msi", lpString2="LOLKEK.txt") returned 1 [0036.039] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 81 [0036.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x612868 [0036.039] lstrcpyW (in: lpString1=0x612868, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" [0036.039] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.040] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.040] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0036.040] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Windows") returned -1 [0036.040] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Program Files") returned -1 [0036.040] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Program Files (x86)") returned -1 [0036.040] lstrcmpiW (lpString1="Office32WW.xml", lpString2="$Recycle.bin") returned 1 [0036.040] lstrcmpiW (lpString1="Office32WW.xml", lpString2="System Volume Information") returned -1 [0036.040] lstrcmpiW (lpString1="Office32WW.xml", lpString2=".") returned 1 [0036.040] lstrcmpiW (lpString1="Office32WW.xml", lpString2="..") returned 1 [0036.040] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0036.040] StrStrIW (lpFirst="Office32WW.xml", lpSrch=".lolkek") returned 0x0 [0036.040] lstrcmpW (lpString1="Office32WW.xml", lpString2="LOLKEK.txt") returned 1 [0036.040] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0036.040] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x6129b8 [0036.040] lstrcpyW (in: lpString1=0x6129b8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" [0036.040] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.040] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.040] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0036.040] lstrcmpiW (lpString1="ose.exe", lpString2="Windows") returned -1 [0036.040] lstrcmpiW (lpString1="ose.exe", lpString2="Program Files") returned -1 [0036.040] lstrcmpiW (lpString1="ose.exe", lpString2="Program Files (x86)") returned -1 [0036.040] lstrcmpiW (lpString1="ose.exe", lpString2="$Recycle.bin") returned 1 [0036.040] lstrcmpiW (lpString1="ose.exe", lpString2="System Volume Information") returned -1 [0036.040] lstrcmpiW (lpString1="ose.exe", lpString2=".") returned 1 [0036.040] lstrcmpiW (lpString1="ose.exe", lpString2="..") returned 1 [0036.040] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 74 [0036.040] StrStrIW (lpFirst="ose.exe", lpSrch=".lolkek") returned 0x0 [0036.040] lstrcmpW (lpString1="ose.exe", lpString2="LOLKEK.txt") returned 1 [0036.040] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 74 [0036.040] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x612b08 [0036.040] lstrcpyW (in: lpString1=0x612b08, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" [0036.040] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.040] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.040] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0036.040] lstrcmpiW (lpString1="osetup.dll", lpString2="Windows") returned -1 [0036.040] lstrcmpiW (lpString1="osetup.dll", lpString2="Program Files") returned -1 [0036.040] lstrcmpiW (lpString1="osetup.dll", lpString2="Program Files (x86)") returned -1 [0036.040] lstrcmpiW (lpString1="osetup.dll", lpString2="$Recycle.bin") returned 1 [0036.040] lstrcmpiW (lpString1="osetup.dll", lpString2="System Volume Information") returned -1 [0036.040] lstrcmpiW (lpString1="osetup.dll", lpString2=".") returned 1 [0036.040] lstrcmpiW (lpString1="osetup.dll", lpString2="..") returned 1 [0036.040] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 77 [0036.040] StrStrIW (lpFirst="osetup.dll", lpSrch=".lolkek") returned 0x0 [0036.040] lstrcmpW (lpString1="osetup.dll", lpString2="LOLKEK.txt") returned 1 [0036.040] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 77 [0036.040] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x60fa78 [0036.041] lstrcpyW (in: lpString1=0x60fa78, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" [0036.041] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.041] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.041] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0036.041] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Windows") returned -1 [0036.041] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Program Files") returned -1 [0036.041] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Program Files (x86)") returned -1 [0036.041] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="$Recycle.bin") returned 1 [0036.041] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="System Volume Information") returned -1 [0036.041] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2=".") returned 1 [0036.041] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="..") returned 1 [0036.041] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 79 [0036.041] StrStrIW (lpFirst="OWOW32WW.cab", lpSrch=".lolkek") returned 0x0 [0036.041] lstrcmpW (lpString1="OWOW32WW.cab", lpString2="LOLKEK.txt") returned 1 [0036.041] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 79 [0036.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60fbc0 [0036.041] lstrcpyW (in: lpString1=0x60fbc0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" [0036.041] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.041] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.041] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0036.041] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Windows") returned -1 [0036.041] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Program Files") returned -1 [0036.041] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Program Files (x86)") returned -1 [0036.041] lstrcmpiW (lpString1="PidGenX.dll", lpString2="$Recycle.bin") returned 1 [0036.041] lstrcmpiW (lpString1="PidGenX.dll", lpString2="System Volume Information") returned -1 [0036.041] lstrcmpiW (lpString1="PidGenX.dll", lpString2=".") returned 1 [0036.041] lstrcmpiW (lpString1="PidGenX.dll", lpString2="..") returned 1 [0036.041] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 78 [0036.041] StrStrIW (lpFirst="PidGenX.dll", lpSrch=".lolkek") returned 0x0 [0036.041] lstrcmpW (lpString1="PidGenX.dll", lpString2="LOLKEK.txt") returned 1 [0036.041] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 78 [0036.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x60fd08 [0036.041] lstrcpyW (in: lpString1=0x60fd08, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" [0036.041] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.041] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.041] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0036.041] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Windows") returned -1 [0036.041] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Program Files") returned -1 [0036.041] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Program Files (x86)") returned -1 [0036.041] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="$Recycle.bin") returned 1 [0036.041] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="System Volume Information") returned -1 [0036.041] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2=".") returned 1 [0036.041] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="..") returned 1 [0036.041] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0036.042] StrStrIW (lpFirst="pkeyconfig-office.xrm-ms", lpSrch=".lolkek") returned 0x0 [0036.042] lstrcmpW (lpString1="pkeyconfig-office.xrm-ms", lpString2="LOLKEK.txt") returned 1 [0036.042] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0036.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x612c40 [0036.042] lstrcpyW (in: lpString1=0x612c40, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" [0036.042] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.042] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.042] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.msi", lpString2="Windows") returned -1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.msi", lpString2="Program Files") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.msi", lpString2="Program Files (x86)") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.msi", lpString2="$Recycle.bin") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.msi", lpString2="System Volume Information") returned -1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.msi", lpString2=".") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.msi", lpString2="..") returned 1 [0036.042] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 81 [0036.042] StrStrIW (lpFirst="ProPlusrWW.msi", lpSrch=".lolkek") returned 0x0 [0036.042] lstrcmpW (lpString1="ProPlusrWW.msi", lpString2="LOLKEK.txt") returned 1 [0036.042] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 81 [0036.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x612db8 [0036.042] lstrcpyW (in: lpString1=0x612db8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" [0036.042] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.042] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.042] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.xml", lpString2="Windows") returned -1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.xml", lpString2="Program Files") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.xml", lpString2="Program Files (x86)") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.xml", lpString2="$Recycle.bin") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.xml", lpString2="System Volume Information") returned -1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.xml", lpString2=".") returned 1 [0036.042] lstrcmpiW (lpString1="ProPlusrWW.xml", lpString2="..") returned 1 [0036.042] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 81 [0036.042] StrStrIW (lpFirst="ProPlusrWW.xml", lpSrch=".lolkek") returned 0x0 [0036.042] lstrcmpW (lpString1="ProPlusrWW.xml", lpString2="LOLKEK.txt") returned 1 [0036.042] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 81 [0036.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x612f08 [0036.042] lstrcpyW (in: lpString1=0x612f08, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" [0036.042] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.042] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.042] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1 [0036.042] lstrcmpiW (lpString1="ProPrWW.cab", lpString2="Windows") returned -1 [0036.042] lstrcmpiW (lpString1="ProPrWW.cab", lpString2="Program Files") returned 1 [0036.042] lstrcmpiW (lpString1="ProPrWW.cab", lpString2="Program Files (x86)") returned 1 [0036.042] lstrcmpiW (lpString1="ProPrWW.cab", lpString2="$Recycle.bin") returned 1 [0036.042] lstrcmpiW (lpString1="ProPrWW.cab", lpString2="System Volume Information") returned -1 [0036.043] lstrcmpiW (lpString1="ProPrWW.cab", lpString2=".") returned 1 [0036.043] lstrcmpiW (lpString1="ProPrWW.cab", lpString2="..") returned 1 [0036.043] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 78 [0036.043] StrStrIW (lpFirst="ProPrWW.cab", lpSrch=".lolkek") returned 0x0 [0036.043] lstrcmpW (lpString1="ProPrWW.cab", lpString2="LOLKEK.txt") returned 1 [0036.043] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 78 [0036.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x60fe50 [0036.043] lstrcpyW (in: lpString1=0x60fe50, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" [0036.043] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.043] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.043] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1 [0036.043] lstrcmpiW (lpString1="ProPrWW2.cab", lpString2="Windows") returned -1 [0036.043] lstrcmpiW (lpString1="ProPrWW2.cab", lpString2="Program Files") returned 1 [0036.043] lstrcmpiW (lpString1="ProPrWW2.cab", lpString2="Program Files (x86)") returned 1 [0036.043] lstrcmpiW (lpString1="ProPrWW2.cab", lpString2="$Recycle.bin") returned 1 [0036.043] lstrcmpiW (lpString1="ProPrWW2.cab", lpString2="System Volume Information") returned -1 [0036.043] lstrcmpiW (lpString1="ProPrWW2.cab", lpString2=".") returned 1 [0036.043] lstrcmpiW (lpString1="ProPrWW2.cab", lpString2="..") returned 1 [0036.043] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 79 [0036.043] StrStrIW (lpFirst="ProPrWW2.cab", lpSrch=".lolkek") returned 0x0 [0036.043] lstrcmpW (lpString1="ProPrWW2.cab", lpString2="LOLKEK.txt") returned 1 [0036.043] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 79 [0036.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x60ff98 [0036.043] lstrcpyW (in: lpString1=0x60ff98, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" [0036.043] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.043] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.043] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0036.043] lstrcmpiW (lpString1="setup.exe", lpString2="Windows") returned -1 [0036.043] lstrcmpiW (lpString1="setup.exe", lpString2="Program Files") returned 1 [0036.043] lstrcmpiW (lpString1="setup.exe", lpString2="Program Files (x86)") returned 1 [0036.043] lstrcmpiW (lpString1="setup.exe", lpString2="$Recycle.bin") returned 1 [0036.043] lstrcmpiW (lpString1="setup.exe", lpString2="System Volume Information") returned -1 [0036.043] lstrcmpiW (lpString1="setup.exe", lpString2=".") returned 1 [0036.043] lstrcmpiW (lpString1="setup.exe", lpString2="..") returned 1 [0036.043] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 76 [0036.043] StrStrIW (lpFirst="setup.exe", lpSrch=".lolkek") returned 0x0 [0036.043] lstrcmpW (lpString1="setup.exe", lpString2="LOLKEK.txt") returned 1 [0036.043] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 76 [0036.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6100e0 [0036.043] lstrcpyW (in: lpString1=0x6100e0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" [0036.043] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.043] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.043] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0036.043] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0036.043] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0036.043] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0036.044] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0036.044] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0036.044] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0036.044] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0036.044] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.044] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0036.044] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0036.044] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.044] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x610228 [0036.044] lstrcpyW (in: lpString1=0x610228, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" [0036.044] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.044] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.044] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0036.044] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.044] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0036.044] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0036.045] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.045] WriteFile (in: hFile=0x178, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.046] CloseHandle (hObject=0x178) returned 1 [0036.046] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.046] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1 [0036.046] lstrcmpiW (lpString1="{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0036.046] lstrcmpiW (lpString1="{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0036.046] lstrcmpiW (lpString1="{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0036.046] lstrcmpiW (lpString1="{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0036.046] lstrcmpiW (lpString1="{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0036.046] lstrcmpiW (lpString1="{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0036.046] lstrcmpiW (lpString1="{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0036.046] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C") returned 66 [0036.046] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.046] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C" [0036.046] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*" [0036.046] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.095] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.095] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.095] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.095] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.095] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.095] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.095] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.095] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.095] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.095] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.095] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.095] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.095] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.095] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.095] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87078450, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x87078450, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5d1e590, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0036.095] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Windows") returned -1 [0036.095] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Program Files") returned -1 [0036.095] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Program Files (x86)") returned -1 [0036.095] lstrcmpiW (lpString1="Office32WW.msi", lpString2="$Recycle.bin") returned 1 [0036.095] lstrcmpiW (lpString1="Office32WW.msi", lpString2="System Volume Information") returned -1 [0036.095] lstrcmpiW (lpString1="Office32WW.msi", lpString2=".") returned 1 [0036.095] lstrcmpiW (lpString1="Office32WW.msi", lpString2="..") returned 1 [0036.095] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 81 [0036.095] StrStrIW (lpFirst="Office32WW.msi", lpSrch=".lolkek") returned 0x0 [0036.096] lstrcmpW (lpString1="Office32WW.msi", lpString2="LOLKEK.txt") returned 1 [0036.096] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 81 [0036.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x60e948 [0036.096] lstrcpyW (in: lpString1=0x60e948, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" [0036.096] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.096] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.096] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87abdaa0, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x87abdaa0, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5cd2aa0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0036.096] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Windows") returned -1 [0036.096] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Program Files") returned -1 [0036.096] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Program Files (x86)") returned -1 [0036.096] lstrcmpiW (lpString1="Office32WW.xml", lpString2="$Recycle.bin") returned 1 [0036.096] lstrcmpiW (lpString1="Office32WW.xml", lpString2="System Volume Information") returned -1 [0036.096] lstrcmpiW (lpString1="Office32WW.xml", lpString2=".") returned 1 [0036.096] lstrcmpiW (lpString1="Office32WW.xml", lpString2="..") returned 1 [0036.096] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0036.096] StrStrIW (lpFirst="Office32WW.xml", lpSrch=".lolkek") returned 0x0 [0036.096] lstrcmpW (lpString1="Office32WW.xml", lpString2="LOLKEK.txt") returned 1 [0036.096] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0036.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x613058 [0036.096] lstrcpyW (in: lpString1=0x613058, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" [0036.096] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.096] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.096] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe57f8e0, ftCreationTime.dwHighDateTime=0x1cbe1cb, ftLastAccessTime.dwLowDateTime=0xfe57f8e0, ftLastAccessTime.dwHighDateTime=0x1cbe1cb, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0036.096] lstrcmpiW (lpString1="ose.exe", lpString2="Windows") returned -1 [0036.096] lstrcmpiW (lpString1="ose.exe", lpString2="Program Files") returned -1 [0036.096] lstrcmpiW (lpString1="ose.exe", lpString2="Program Files (x86)") returned -1 [0036.096] lstrcmpiW (lpString1="ose.exe", lpString2="$Recycle.bin") returned 1 [0036.096] lstrcmpiW (lpString1="ose.exe", lpString2="System Volume Information") returned -1 [0036.096] lstrcmpiW (lpString1="ose.exe", lpString2=".") returned 1 [0036.096] lstrcmpiW (lpString1="ose.exe", lpString2="..") returned 1 [0036.096] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 74 [0036.096] StrStrIW (lpFirst="ose.exe", lpSrch=".lolkek") returned 0x0 [0036.096] lstrcmpW (lpString1="ose.exe", lpString2="LOLKEK.txt") returned 1 [0036.096] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 74 [0036.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x6131a8 [0036.096] lstrcpyW (in: lpString1=0x6131a8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" [0036.096] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.096] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.096] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6644b620, ftCreationTime.dwHighDateTime=0x1cb04b2, ftLastAccessTime.dwLowDateTime=0x6644b620, ftLastAccessTime.dwHighDateTime=0x1cb04b2, ftLastWriteTime.dwLowDateTime=0xa81b8770, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0036.096] lstrcmpiW (lpString1="osetup.dll", lpString2="Windows") returned -1 [0036.096] lstrcmpiW (lpString1="osetup.dll", lpString2="Program Files") returned -1 [0036.096] lstrcmpiW (lpString1="osetup.dll", lpString2="Program Files (x86)") returned -1 [0036.097] lstrcmpiW (lpString1="osetup.dll", lpString2="$Recycle.bin") returned 1 [0036.097] lstrcmpiW (lpString1="osetup.dll", lpString2="System Volume Information") returned -1 [0036.097] lstrcmpiW (lpString1="osetup.dll", lpString2=".") returned 1 [0036.097] lstrcmpiW (lpString1="osetup.dll", lpString2="..") returned 1 [0036.097] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 77 [0036.097] StrStrIW (lpFirst="osetup.dll", lpSrch=".lolkek") returned 0x0 [0036.097] lstrcmpW (lpString1="osetup.dll", lpString2="LOLKEK.txt") returned 1 [0036.097] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 77 [0036.097] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x610370 [0036.097] lstrcpyW (in: lpString1=0x610370, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" [0036.097] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.097] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.097] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8238e540, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x8238e540, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5ddcc70, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0036.097] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Windows") returned -1 [0036.097] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Program Files") returned -1 [0036.097] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Program Files (x86)") returned -1 [0036.097] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="$Recycle.bin") returned 1 [0036.097] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="System Volume Information") returned -1 [0036.097] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2=".") returned 1 [0036.097] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="..") returned 1 [0036.097] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 79 [0036.097] StrStrIW (lpFirst="OWOW32WW.cab", lpSrch=".lolkek") returned 0x0 [0036.097] lstrcmpW (lpString1="OWOW32WW.cab", lpString2="LOLKEK.txt") returned 1 [0036.097] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 79 [0036.097] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6104b8 [0036.097] lstrcpyW (in: lpString1=0x6104b8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" [0036.097] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.097] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.097] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7bd91af0, ftCreationTime.dwHighDateTime=0x1cb07b2, ftLastAccessTime.dwLowDateTime=0x7bd91af0, ftLastAccessTime.dwHighDateTime=0x1cb07b2, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0036.097] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Windows") returned -1 [0036.097] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Program Files") returned -1 [0036.097] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Program Files (x86)") returned -1 [0036.097] lstrcmpiW (lpString1="PidGenX.dll", lpString2="$Recycle.bin") returned 1 [0036.097] lstrcmpiW (lpString1="PidGenX.dll", lpString2="System Volume Information") returned -1 [0036.097] lstrcmpiW (lpString1="PidGenX.dll", lpString2=".") returned 1 [0036.097] lstrcmpiW (lpString1="PidGenX.dll", lpString2="..") returned 1 [0036.097] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 78 [0036.097] StrStrIW (lpFirst="PidGenX.dll", lpSrch=".lolkek") returned 0x0 [0036.097] lstrcmpW (lpString1="PidGenX.dll", lpString2="LOLKEK.txt") returned 1 [0036.097] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 78 [0036.097] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x610600 [0036.097] lstrcpyW (in: lpString1=0x610600, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" [0036.097] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.097] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.097] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2a2397e0, ftCreationTime.dwHighDateTime=0x1cbe19a, ftLastAccessTime.dwLowDateTime=0x2a2397e0, ftLastAccessTime.dwHighDateTime=0x1cbe19a, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0036.098] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Windows") returned -1 [0036.098] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Program Files") returned -1 [0036.098] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Program Files (x86)") returned -1 [0036.098] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="$Recycle.bin") returned 1 [0036.098] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="System Volume Information") returned -1 [0036.098] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2=".") returned 1 [0036.098] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="..") returned 1 [0036.098] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0036.098] StrStrIW (lpFirst="pkeyconfig-office.xrm-ms", lpSrch=".lolkek") returned 0x0 [0036.098] lstrcmpW (lpString1="pkeyconfig-office.xrm-ms", lpString2="LOLKEK.txt") returned 1 [0036.098] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0036.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x6132e0 [0036.098] lstrcpyW (in: lpString1=0x6132e0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" [0036.098] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.098] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.098] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c1614f0, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7c1614f0, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa60fd8f0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xa4c400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PrjProrWW.msi", cAlternateFileName="PRJPRO~1.MSI")) returned 1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.msi", lpString2="Windows") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.msi", lpString2="Program Files") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.msi", lpString2="Program Files (x86)") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.msi", lpString2="$Recycle.bin") returned 1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.msi", lpString2="System Volume Information") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.msi", lpString2=".") returned 1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.msi", lpString2="..") returned 1 [0036.098] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 80 [0036.098] StrStrIW (lpFirst="PrjProrWW.msi", lpSrch=".lolkek") returned 0x0 [0036.098] lstrcmpW (lpString1="PrjProrWW.msi", lpString2="LOLKEK.txt") returned 1 [0036.098] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 80 [0036.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x613458 [0036.098] lstrcpyW (in: lpString1=0x613458, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" [0036.098] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.098] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.098] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cabec50, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7cabec50, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa60fd8f0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1915, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PrjProrWW.xml", cAlternateFileName="PRJPRO~1.XML")) returned 1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.xml", lpString2="Windows") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.xml", lpString2="Program Files") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.xml", lpString2="Program Files (x86)") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.xml", lpString2="$Recycle.bin") returned 1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.xml", lpString2="System Volume Information") returned -1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.xml", lpString2=".") returned 1 [0036.098] lstrcmpiW (lpString1="PrjProrWW.xml", lpString2="..") returned 1 [0036.098] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 80 [0036.098] StrStrIW (lpFirst="PrjProrWW.xml", lpSrch=".lolkek") returned 0x0 [0036.098] lstrcmpW (lpString1="PrjProrWW.xml", lpString2="LOLKEK.txt") returned 1 [0036.098] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 80 [0036.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x613a48 [0036.099] lstrcpyW (in: lpString1=0x613a48, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" [0036.099] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.099] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.099] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c87b0c0, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x6c87b0c0, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa6b67930, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x9b6ba9f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PrjPrrWW.cab", cAlternateFileName="")) returned 1 [0036.099] lstrcmpiW (lpString1="PrjPrrWW.cab", lpString2="Windows") returned -1 [0036.099] lstrcmpiW (lpString1="PrjPrrWW.cab", lpString2="Program Files") returned -1 [0036.099] lstrcmpiW (lpString1="PrjPrrWW.cab", lpString2="Program Files (x86)") returned -1 [0036.099] lstrcmpiW (lpString1="PrjPrrWW.cab", lpString2="$Recycle.bin") returned 1 [0036.099] lstrcmpiW (lpString1="PrjPrrWW.cab", lpString2="System Volume Information") returned -1 [0036.099] lstrcmpiW (lpString1="PrjPrrWW.cab", lpString2=".") returned 1 [0036.099] lstrcmpiW (lpString1="PrjPrrWW.cab", lpString2="..") returned 1 [0036.099] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 79 [0036.099] StrStrIW (lpFirst="PrjPrrWW.cab", lpSrch=".lolkek") returned 0x0 [0036.099] lstrcmpW (lpString1="PrjPrrWW.cab", lpString2="LOLKEK.txt") returned 1 [0036.099] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 79 [0036.099] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x610748 [0036.099] lstrcpyW (in: lpString1=0x610748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" [0036.099] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.099] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.099] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69dde270, ftCreationTime.dwHighDateTime=0x1cb04b2, ftLastAccessTime.dwLowDateTime=0x69dde270, ftLastAccessTime.dwHighDateTime=0x1cb04b2, ftLastWriteTime.dwLowDateTime=0xa8191670, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0036.099] lstrcmpiW (lpString1="setup.exe", lpString2="Windows") returned -1 [0036.099] lstrcmpiW (lpString1="setup.exe", lpString2="Program Files") returned 1 [0036.099] lstrcmpiW (lpString1="setup.exe", lpString2="Program Files (x86)") returned 1 [0036.099] lstrcmpiW (lpString1="setup.exe", lpString2="$Recycle.bin") returned 1 [0036.099] lstrcmpiW (lpString1="setup.exe", lpString2="System Volume Information") returned -1 [0036.099] lstrcmpiW (lpString1="setup.exe", lpString2=".") returned 1 [0036.099] lstrcmpiW (lpString1="setup.exe", lpString2="..") returned 1 [0036.099] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 76 [0036.100] StrStrIW (lpFirst="setup.exe", lpSrch=".lolkek") returned 0x0 [0036.100] lstrcmpW (lpString1="setup.exe", lpString2="LOLKEK.txt") returned 1 [0036.100] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 76 [0036.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x610890 [0036.100] lstrcpyW (in: lpString1=0x610890, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" [0036.100] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.100] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.100] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca00570, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca00570, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa8c227b0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x412b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0036.100] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0036.100] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0036.100] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0036.100] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0036.100] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0036.100] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0036.100] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0036.100] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.100] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0036.100] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0036.100] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6109d8 [0036.100] lstrcpyW (in: lpString1=0x6109d8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" [0036.100] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.100] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.100] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca00570, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca00570, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa8c227b0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x412b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0036.100] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.101] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0036.101] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x18c [0036.101] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.101] WriteFile (in: hFile=0x18c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.102] CloseHandle (hObject=0x18c) returned 1 [0036.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.102] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1 [0036.102] lstrcmpiW (lpString1="{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2="Windows") returned -1 [0036.102] lstrcmpiW (lpString1="{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2="Program Files") returned -1 [0036.102] lstrcmpiW (lpString1="{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2="Program Files (x86)") returned -1 [0036.102] lstrcmpiW (lpString1="{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2="$Recycle.bin") returned 1 [0036.102] lstrcmpiW (lpString1="{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2="System Volume Information") returned -1 [0036.102] lstrcmpiW (lpString1="{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2=".") returned 1 [0036.102] lstrcmpiW (lpString1="{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2="..") returned 1 [0036.102] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C") returned 66 [0036.102] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.102] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C" [0036.102] lstrcatW (in: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*" [0036.102] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.105] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.105] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.105] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.105] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.105] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.105] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.105] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.106] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.106] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.106] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.106] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.106] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.106] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.106] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.106] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5ed9630, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xe5ed9630, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x4655d500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0036.106] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Windows") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Program Files") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.msi", lpString2="Program Files (x86)") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.msi", lpString2="$Recycle.bin") returned 1 [0036.106] lstrcmpiW (lpString1="Office32WW.msi", lpString2="System Volume Information") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.msi", lpString2=".") returned 1 [0036.106] lstrcmpiW (lpString1="Office32WW.msi", lpString2="..") returned 1 [0036.106] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 81 [0036.106] StrStrIW (lpFirst="Office32WW.msi", lpSrch=".lolkek") returned 0x0 [0036.106] lstrcmpW (lpString1="Office32WW.msi", lpString2="LOLKEK.txt") returned 1 [0036.106] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 81 [0036.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x613ba0 [0036.106] lstrcpyW (in: lpString1=0x613ba0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" [0036.106] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.106] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.106] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16771fb0, ftCreationTime.dwHighDateTime=0x1cb12b4, ftLastAccessTime.dwLowDateTime=0x16771fb0, ftLastAccessTime.dwHighDateTime=0x1cb12b4, ftLastWriteTime.dwLowDateTime=0x46536400, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0036.106] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Windows") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Program Files") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.xml", lpString2="Program Files (x86)") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.xml", lpString2="$Recycle.bin") returned 1 [0036.106] lstrcmpiW (lpString1="Office32WW.xml", lpString2="System Volume Information") returned -1 [0036.106] lstrcmpiW (lpString1="Office32WW.xml", lpString2=".") returned 1 [0036.106] lstrcmpiW (lpString1="Office32WW.xml", lpString2="..") returned 1 [0036.106] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0036.106] StrStrIW (lpFirst="Office32WW.xml", lpSrch=".lolkek") returned 0x0 [0036.106] lstrcmpW (lpString1="Office32WW.xml", lpString2="LOLKEK.txt") returned 1 [0036.106] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0036.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x613cf8 [0036.106] lstrcpyW (in: lpString1=0x613cf8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" [0036.106] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.106] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.106] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec54b6b0, ftCreationTime.dwHighDateTime=0x1cb04a9, ftLastAccessTime.dwLowDateTime=0xec54b6b0, ftLastAccessTime.dwHighDateTime=0x1cb04a9, ftLastWriteTime.dwLowDateTime=0x4a687710, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0036.106] lstrcmpiW (lpString1="ose.exe", lpString2="Windows") returned -1 [0036.106] lstrcmpiW (lpString1="ose.exe", lpString2="Program Files") returned -1 [0036.106] lstrcmpiW (lpString1="ose.exe", lpString2="Program Files (x86)") returned -1 [0036.106] lstrcmpiW (lpString1="ose.exe", lpString2="$Recycle.bin") returned 1 [0036.106] lstrcmpiW (lpString1="ose.exe", lpString2="System Volume Information") returned -1 [0036.107] lstrcmpiW (lpString1="ose.exe", lpString2=".") returned 1 [0036.107] lstrcmpiW (lpString1="ose.exe", lpString2="..") returned 1 [0036.107] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 74 [0036.107] StrStrIW (lpFirst="ose.exe", lpSrch=".lolkek") returned 0x0 [0036.107] lstrcmpW (lpString1="ose.exe", lpString2="LOLKEK.txt") returned 1 [0036.107] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 74 [0036.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x615a30 [0036.107] lstrcpyW (in: lpString1=0x615a30, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" [0036.107] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.107] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.107] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xde72fbf0, ftCreationTime.dwHighDateTime=0x1cb0d0b, ftLastAccessTime.dwLowDateTime=0xde72fbf0, ftLastAccessTime.dwHighDateTime=0x1cb0d0b, ftLastWriteTime.dwLowDateTime=0x49c902c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0036.107] lstrcmpiW (lpString1="osetup.dll", lpString2="Windows") returned -1 [0036.107] lstrcmpiW (lpString1="osetup.dll", lpString2="Program Files") returned -1 [0036.107] lstrcmpiW (lpString1="osetup.dll", lpString2="Program Files (x86)") returned -1 [0036.107] lstrcmpiW (lpString1="osetup.dll", lpString2="$Recycle.bin") returned 1 [0036.107] lstrcmpiW (lpString1="osetup.dll", lpString2="System Volume Information") returned -1 [0036.107] lstrcmpiW (lpString1="osetup.dll", lpString2=".") returned 1 [0036.107] lstrcmpiW (lpString1="osetup.dll", lpString2="..") returned 1 [0036.107] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 77 [0036.107] StrStrIW (lpFirst="osetup.dll", lpSrch=".lolkek") returned 0x0 [0036.107] lstrcmpW (lpString1="osetup.dll", lpString2="LOLKEK.txt") returned 1 [0036.107] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 77 [0036.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x610b20 [0036.107] lstrcpyW (in: lpString1=0x610b20, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" [0036.107] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.107] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.107] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9c380f0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xc9c380f0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x465d00f0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0036.107] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Windows") returned -1 [0036.107] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Program Files") returned -1 [0036.107] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="Program Files (x86)") returned -1 [0036.107] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="$Recycle.bin") returned 1 [0036.107] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="System Volume Information") returned -1 [0036.107] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2=".") returned 1 [0036.107] lstrcmpiW (lpString1="OWOW32WW.cab", lpString2="..") returned 1 [0036.107] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 79 [0036.107] StrStrIW (lpFirst="OWOW32WW.cab", lpSrch=".lolkek") returned 0x0 [0036.107] lstrcmpW (lpString1="OWOW32WW.cab", lpString2="LOLKEK.txt") returned 1 [0036.107] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 79 [0036.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x610c68 [0036.107] lstrcpyW (in: lpString1=0x610c68, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" [0036.107] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.107] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.107] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe7c66670, ftCreationTime.dwHighDateTime=0x1cb0ee5, ftLastAccessTime.dwLowDateTime=0xe7c66670, ftLastAccessTime.dwHighDateTime=0x1cb0ee5, ftLastWriteTime.dwLowDateTime=0x4a6ac100, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0036.107] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Windows") returned -1 [0036.107] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Program Files") returned -1 [0036.107] lstrcmpiW (lpString1="PidGenX.dll", lpString2="Program Files (x86)") returned -1 [0036.108] lstrcmpiW (lpString1="PidGenX.dll", lpString2="$Recycle.bin") returned 1 [0036.108] lstrcmpiW (lpString1="PidGenX.dll", lpString2="System Volume Information") returned -1 [0036.108] lstrcmpiW (lpString1="PidGenX.dll", lpString2=".") returned 1 [0036.108] lstrcmpiW (lpString1="PidGenX.dll", lpString2="..") returned 1 [0036.108] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 78 [0036.108] StrStrIW (lpFirst="PidGenX.dll", lpSrch=".lolkek") returned 0x0 [0036.108] lstrcmpW (lpString1="PidGenX.dll", lpString2="LOLKEK.txt") returned 1 [0036.108] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 78 [0036.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x615b80 [0036.108] lstrcpyW (in: lpString1=0x615b80, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" [0036.108] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.108] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.108] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95261510, ftCreationTime.dwHighDateTime=0x1cb048a, ftLastAccessTime.dwLowDateTime=0x95261510, ftLastAccessTime.dwHighDateTime=0x1cb048a, ftLastWriteTime.dwLowDateTime=0x4a6ac100, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0036.108] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Windows") returned -1 [0036.108] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Program Files") returned -1 [0036.108] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="Program Files (x86)") returned -1 [0036.108] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="$Recycle.bin") returned 1 [0036.108] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="System Volume Information") returned -1 [0036.108] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2=".") returned 1 [0036.108] lstrcmpiW (lpString1="pkeyconfig-office.xrm-ms", lpString2="..") returned 1 [0036.108] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0036.108] StrStrIW (lpFirst="pkeyconfig-office.xrm-ms", lpSrch=".lolkek") returned 0x0 [0036.108] lstrcmpW (lpString1="pkeyconfig-office.xrm-ms", lpString2="LOLKEK.txt") returned 1 [0036.108] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0036.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x617b68 [0036.108] lstrcpyW (in: lpString1=0x617b68, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" [0036.108] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.108] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.108] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb7e7af0, ftCreationTime.dwHighDateTime=0x1cb04a9, ftLastAccessTime.dwLowDateTime=0xeb7e7af0, ftLastAccessTime.dwHighDateTime=0x1cb04a9, ftLastWriteTime.dwLowDateTime=0x49c691c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0036.108] lstrcmpiW (lpString1="setup.exe", lpString2="Windows") returned -1 [0036.108] lstrcmpiW (lpString1="setup.exe", lpString2="Program Files") returned 1 [0036.108] lstrcmpiW (lpString1="setup.exe", lpString2="Program Files (x86)") returned 1 [0036.108] lstrcmpiW (lpString1="setup.exe", lpString2="$Recycle.bin") returned 1 [0036.108] lstrcmpiW (lpString1="setup.exe", lpString2="System Volume Information") returned -1 [0036.108] lstrcmpiW (lpString1="setup.exe", lpString2=".") returned 1 [0036.108] lstrcmpiW (lpString1="setup.exe", lpString2="..") returned 1 [0036.108] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 76 [0036.108] StrStrIW (lpFirst="setup.exe", lpSrch=".lolkek") returned 0x0 [0036.108] lstrcmpW (lpString1="setup.exe", lpString2="LOLKEK.txt") returned 1 [0036.108] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 76 [0036.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x615cc8 [0036.108] lstrcpyW (in: lpString1=0x615cc8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" [0036.108] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.109] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.109] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80aa51d0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80aa51d0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x4a6d3200, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x5061, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0036.109] lstrcmpiW (lpString1="Setup.xml", lpString2="Windows") returned -1 [0036.109] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files") returned 1 [0036.109] lstrcmpiW (lpString1="Setup.xml", lpString2="Program Files (x86)") returned 1 [0036.109] lstrcmpiW (lpString1="Setup.xml", lpString2="$Recycle.bin") returned 1 [0036.109] lstrcmpiW (lpString1="Setup.xml", lpString2="System Volume Information") returned -1 [0036.109] lstrcmpiW (lpString1="Setup.xml", lpString2=".") returned 1 [0036.109] lstrcmpiW (lpString1="Setup.xml", lpString2="..") returned 1 [0036.109] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.109] StrStrIW (lpFirst="Setup.xml", lpSrch=".lolkek") returned 0x0 [0036.109] lstrcmpW (lpString1="Setup.xml", lpString2="LOLKEK.txt") returned 1 [0036.109] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0036.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x615e10 [0036.109] lstrcpyW (in: lpString1=0x615e10, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" [0036.109] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.109] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.109] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749b0240, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x749b0240, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x46a46a30, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xb9fa2f7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisiorWW.cab", cAlternateFileName="")) returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.cab", lpString2="Windows") returned -1 [0036.109] lstrcmpiW (lpString1="VisiorWW.cab", lpString2="Program Files") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.cab", lpString2="Program Files (x86)") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.cab", lpString2="$Recycle.bin") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.cab", lpString2="System Volume Information") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.cab", lpString2=".") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.cab", lpString2="..") returned 1 [0036.109] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 79 [0036.109] StrStrIW (lpFirst="VisiorWW.cab", lpSrch=".lolkek") returned 0x0 [0036.109] lstrcmpW (lpString1="VisiorWW.cab", lpString2="LOLKEK.txt") returned 1 [0036.109] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 79 [0036.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x615f58 [0036.109] lstrcpyW (in: lpString1=0x615f58, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" [0036.109] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.109] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.109] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80711960, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80711960, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468ee660, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xb80800, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisiorWW.msi", cAlternateFileName="")) returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.msi", lpString2="Windows") returned -1 [0036.109] lstrcmpiW (lpString1="VisiorWW.msi", lpString2="Program Files") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.msi", lpString2="Program Files (x86)") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.msi", lpString2="$Recycle.bin") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.msi", lpString2="System Volume Information") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.msi", lpString2=".") returned 1 [0036.109] lstrcmpiW (lpString1="VisiorWW.msi", lpString2="..") returned 1 [0036.109] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 79 [0036.109] StrStrIW (lpFirst="VisiorWW.msi", lpSrch=".lolkek") returned 0x0 [0036.109] lstrcmpW (lpString1="VisiorWW.msi", lpString2="LOLKEK.txt") returned 1 [0036.109] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 79 [0036.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6160a0 [0036.109] lstrcpyW (in: lpString1=0x6160a0, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" [0036.110] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.110] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.110] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80b17dc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80b17dc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468a2b70, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2213, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisiorWW.xml", cAlternateFileName="")) returned 1 [0036.110] lstrcmpiW (lpString1="VisiorWW.xml", lpString2="Windows") returned -1 [0036.110] lstrcmpiW (lpString1="VisiorWW.xml", lpString2="Program Files") returned 1 [0036.110] lstrcmpiW (lpString1="VisiorWW.xml", lpString2="Program Files (x86)") returned 1 [0036.110] lstrcmpiW (lpString1="VisiorWW.xml", lpString2="$Recycle.bin") returned 1 [0036.110] lstrcmpiW (lpString1="VisiorWW.xml", lpString2="System Volume Information") returned 1 [0036.110] lstrcmpiW (lpString1="VisiorWW.xml", lpString2=".") returned 1 [0036.110] lstrcmpiW (lpString1="VisiorWW.xml", lpString2="..") returned 1 [0036.110] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 79 [0036.110] StrStrIW (lpFirst="VisiorWW.xml", lpSrch=".lolkek") returned 0x0 [0036.110] lstrcmpW (lpString1="VisiorWW.xml", lpString2="LOLKEK.txt") returned 1 [0036.110] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 79 [0036.110] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6161e8 [0036.110] lstrcpyW (in: lpString1=0x6161e8, lpString2="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" | out: lpString1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" [0036.110] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.110] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.110] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80b17dc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80b17dc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468a2b70, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2213, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VisiorWW.xml", cAlternateFileName="")) returned 0 [0036.110] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.110] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\LOLKEK.txt") returned 77 [0036.110] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x18c [0036.111] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.111] WriteFile (in: hFile=0x18c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.112] CloseHandle (hObject=0x18c) returned 1 [0036.112] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.112] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 0 [0036.112] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0036.112] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\All Users\\LOLKEK.txt") returned 36 [0036.112] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\LOLKEK.txt" (normalized: "c:\\msocache\\all users\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0036.113] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.113] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0036.113] CloseHandle (hObject=0x160) returned 1 [0036.113] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0036.113] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 0 [0036.113] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0036.113] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\MSOCache\\LOLKEK.txt") returned 26 [0036.114] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\LOLKEK.txt" (normalized: "c:\\msocache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0036.114] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.114] WriteFile (in: hFile=0x144, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f604, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f604*=0x10, lpOverlapped=0x0) returned 1 [0036.114] CloseHandle (hObject=0x144) returned 1 [0036.114] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0036.114] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x5305b5e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0036.114] lstrcmpiW (lpString1="pagefile.sys", lpString2="Windows") returned -1 [0036.114] lstrcmpiW (lpString1="pagefile.sys", lpString2="Program Files") returned -1 [0036.114] lstrcmpiW (lpString1="pagefile.sys", lpString2="Program Files (x86)") returned -1 [0036.114] lstrcmpiW (lpString1="pagefile.sys", lpString2="$Recycle.bin") returned 1 [0036.115] lstrcmpiW (lpString1="pagefile.sys", lpString2="System Volume Information") returned -1 [0036.115] lstrcmpiW (lpString1="pagefile.sys", lpString2=".") returned 1 [0036.115] lstrcmpiW (lpString1="pagefile.sys", lpString2="..") returned 1 [0036.115] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\pagefile.sys") returned 19 [0036.115] StrStrIW (lpFirst="pagefile.sys", lpSrch=".lolkek") returned 0x0 [0036.115] lstrcmpW (lpString1="pagefile.sys", lpString2="LOLKEK.txt") returned 1 [0036.115] lstrlenW (lpString="\\\\?\\C:\\pagefile.sys") returned 19 [0036.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x50) returned 0x5c21c0 [0036.115] lstrcpyW (in: lpString1=0x5c21c0, lpString2="\\\\?\\C:\\pagefile.sys" | out: lpString1="\\\\?\\C:\\pagefile.sys") returned="\\\\?\\C:\\pagefile.sys" [0036.115] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.115] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.115] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0036.115] lstrcmpiW (lpString1="PerfLogs", lpString2="Windows") returned -1 [0036.115] lstrcmpiW (lpString1="PerfLogs", lpString2="Program Files") returned -1 [0036.115] lstrcmpiW (lpString1="PerfLogs", lpString2="Program Files (x86)") returned -1 [0036.115] lstrcmpiW (lpString1="PerfLogs", lpString2="$Recycle.bin") returned 1 [0036.115] lstrcmpiW (lpString1="PerfLogs", lpString2="System Volume Information") returned -1 [0036.115] lstrcmpiW (lpString1="PerfLogs", lpString2=".") returned 1 [0036.115] lstrcmpiW (lpString1="PerfLogs", lpString2="..") returned 1 [0036.115] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\PerfLogs") returned 15 [0036.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0036.115] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\PerfLogs" | out: lpString1="\\\\?\\C:\\PerfLogs") returned="\\\\?\\C:\\PerfLogs" [0036.115] lstrcatW (in: lpString1="\\\\?\\C:\\PerfLogs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\PerfLogs\\*") returned="\\\\?\\C:\\PerfLogs\\*" [0036.115] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0036.115] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.115] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.115] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.115] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.115] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.115] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.115] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 1 [0036.115] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.115] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.115] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.115] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.115] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.115] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.115] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.115] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="Admin", cAlternateFileName="")) returned 1 [0036.115] lstrcmpiW (lpString1="Admin", lpString2="Windows") returned -1 [0036.116] lstrcmpiW (lpString1="Admin", lpString2="Program Files") returned -1 [0036.116] lstrcmpiW (lpString1="Admin", lpString2="Program Files (x86)") returned -1 [0036.116] lstrcmpiW (lpString1="Admin", lpString2="$Recycle.bin") returned 1 [0036.116] lstrcmpiW (lpString1="Admin", lpString2="System Volume Information") returned -1 [0036.116] lstrcmpiW (lpString1="Admin", lpString2=".") returned 1 [0036.116] lstrcmpiW (lpString1="Admin", lpString2="..") returned 1 [0036.116] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\PerfLogs\\Admin") returned 21 [0036.116] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.116] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\PerfLogs\\Admin" | out: lpString1="\\\\?\\C:\\PerfLogs\\Admin") returned="\\\\?\\C:\\PerfLogs\\Admin" [0036.116] lstrcatW (in: lpString1="\\\\?\\C:\\PerfLogs\\Admin", lpString2="\\*" | out: lpString1="\\\\?\\C:\\PerfLogs\\Admin\\*") returned="\\\\?\\C:\\PerfLogs\\Admin\\*" [0036.116] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0036.116] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.116] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.116] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.116] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.116] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.116] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.116] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.116] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.116] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.116] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.116] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.116] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.116] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.116] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.116] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.116] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0036.116] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\PerfLogs\\Admin\\LOLKEK.txt") returned 32 [0036.116] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\LOLKEK.txt" (normalized: "c:\\perflogs\\admin\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0036.117] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.117] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0036.117] CloseHandle (hObject=0x160) returned 1 [0036.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.118] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="Admin", cAlternateFileName="")) returned 0 [0036.118] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0036.118] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\PerfLogs\\LOLKEK.txt") returned 26 [0036.118] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\LOLKEK.txt" (normalized: "c:\\perflogs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0036.118] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.118] WriteFile (in: hFile=0x144, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f604, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f604*=0x10, lpOverlapped=0x0) returned 1 [0036.118] CloseHandle (hObject=0x144) returned 1 [0036.119] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0036.119] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x849f4800, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x849f4800, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0036.119] lstrcmpiW (lpString1="Program Files", lpString2="Windows") returned -1 [0036.119] lstrcmpiW (lpString1="Program Files", lpString2="Program Files") returned 0 [0036.119] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0036.119] lstrcmpiW (lpString1="Program Files (x86)", lpString2="Windows") returned -1 [0036.119] lstrcmpiW (lpString1="Program Files (x86)", lpString2="Program Files") returned 1 [0036.119] lstrcmpiW (lpString1="Program Files (x86)", lpString2="Program Files (x86)") returned 0 [0036.119] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0036.119] lstrcmpiW (lpString1="ProgramData", lpString2="Windows") returned -1 [0036.119] lstrcmpiW (lpString1="ProgramData", lpString2="Program Files") returned 1 [0036.119] lstrcmpiW (lpString1="ProgramData", lpString2="Program Files (x86)") returned 1 [0036.119] lstrcmpiW (lpString1="ProgramData", lpString2="$Recycle.bin") returned 1 [0036.119] lstrcmpiW (lpString1="ProgramData", lpString2="System Volume Information") returned -1 [0036.119] lstrcmpiW (lpString1="ProgramData", lpString2=".") returned 1 [0036.119] lstrcmpiW (lpString1="ProgramData", lpString2="..") returned 1 [0036.119] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData") returned 18 [0036.119] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec068 [0036.119] lstrcpyW (in: lpString1=0x5ec068, lpString2="\\\\?\\C:\\ProgramData" | out: lpString1="\\\\?\\C:\\ProgramData") returned="\\\\?\\C:\\ProgramData" [0036.119] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\*") returned="\\\\?\\C:\\ProgramData\\*" [0036.119] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0036.119] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.119] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.119] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.119] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.119] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.119] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.119] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 1 [0036.119] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.119] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.119] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.119] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.119] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.119] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.119] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.119] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5bb700, dwReserved1=0x5a38f0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0036.119] lstrcmpiW (lpString1="Adobe", lpString2="Windows") returned -1 [0036.119] lstrcmpiW (lpString1="Adobe", lpString2="Program Files") returned -1 [0036.119] lstrcmpiW (lpString1="Adobe", lpString2="Program Files (x86)") returned -1 [0036.119] lstrcmpiW (lpString1="Adobe", lpString2="$Recycle.bin") returned 1 [0036.119] lstrcmpiW (lpString1="Adobe", lpString2="System Volume Information") returned -1 [0036.119] lstrcmpiW (lpString1="Adobe", lpString2=".") returned 1 [0036.119] lstrcmpiW (lpString1="Adobe", lpString2="..") returned 1 [0036.120] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe") returned 24 [0036.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.120] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Adobe" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe") returned="\\\\?\\C:\\ProgramData\\Adobe" [0036.120] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Adobe", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\*") returned="\\\\?\\C:\\ProgramData\\Adobe\\*" [0036.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0036.120] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.120] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.120] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.120] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.120] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.120] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.120] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.120] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.120] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.120] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.120] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.120] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.120] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.120] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.120] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0036.120] lstrcmpiW (lpString1="Acrobat", lpString2="Windows") returned -1 [0036.120] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files") returned -1 [0036.120] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files (x86)") returned -1 [0036.120] lstrcmpiW (lpString1="Acrobat", lpString2="$Recycle.bin") returned 1 [0036.120] lstrcmpiW (lpString1="Acrobat", lpString2="System Volume Information") returned -1 [0036.120] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0036.120] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0036.120] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat") returned 32 [0036.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.121] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat" [0036.121] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\*") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\*" [0036.121] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.121] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.121] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.121] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.121] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.121] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.121] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.121] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.121] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.121] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.121] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.121] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.121] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.121] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.121] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.121] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 1 [0036.121] lstrcmpiW (lpString1="10.0", lpString2="Windows") returned -1 [0036.121] lstrcmpiW (lpString1="10.0", lpString2="Program Files") returned -1 [0036.121] lstrcmpiW (lpString1="10.0", lpString2="Program Files (x86)") returned -1 [0036.121] lstrcmpiW (lpString1="10.0", lpString2="$Recycle.bin") returned 1 [0036.121] lstrcmpiW (lpString1="10.0", lpString2="System Volume Information") returned -1 [0036.121] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0036.122] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0036.122] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0") returned 37 [0036.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0036.122] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0" [0036.122] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*" [0036.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da18 [0036.122] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.122] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.122] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.122] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.122] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.122] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.122] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.122] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.122] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.122] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.122] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.122] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.122] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.122] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.122] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0036.122] lstrcmpiW (lpString1="Replicate", lpString2="Windows") returned -1 [0036.122] lstrcmpiW (lpString1="Replicate", lpString2="Program Files") returned 1 [0036.122] lstrcmpiW (lpString1="Replicate", lpString2="Program Files (x86)") returned 1 [0036.122] lstrcmpiW (lpString1="Replicate", lpString2="$Recycle.bin") returned 1 [0036.122] lstrcmpiW (lpString1="Replicate", lpString2="System Volume Information") returned -1 [0036.122] lstrcmpiW (lpString1="Replicate", lpString2=".") returned 1 [0036.122] lstrcmpiW (lpString1="Replicate", lpString2="..") returned 1 [0036.122] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate") returned 47 [0036.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.123] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate" [0036.123] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*" [0036.123] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da58 [0036.130] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.130] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.130] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.130] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.130] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.130] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.130] FindNextFileW (in: hFindFile=0x62da58, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.130] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.130] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.130] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.131] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.131] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.131] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.131] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.131] FindNextFileW (in: hFindFile=0x62da58, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Security", cAlternateFileName="")) returned 1 [0036.131] lstrcmpiW (lpString1="Security", lpString2="Windows") returned -1 [0036.131] lstrcmpiW (lpString1="Security", lpString2="Program Files") returned 1 [0036.131] lstrcmpiW (lpString1="Security", lpString2="Program Files (x86)") returned 1 [0036.131] lstrcmpiW (lpString1="Security", lpString2="$Recycle.bin") returned 1 [0036.131] lstrcmpiW (lpString1="Security", lpString2="System Volume Information") returned -1 [0036.131] lstrcmpiW (lpString1="Security", lpString2=".") returned 1 [0036.131] lstrcmpiW (lpString1="Security", lpString2="..") returned 1 [0036.131] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 56 [0036.131] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x646fc0 [0036.131] lstrcpyW (in: lpString1=0x646fc0, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0036.131] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*" [0036.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da98 [0036.131] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.131] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.132] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.132] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.132] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.132] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.132] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.132] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.132] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.132] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.132] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.132] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.132] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.132] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.132] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 1 [0036.132] lstrcmpiW (lpString1="directories.acrodata", lpString2="Windows") returned -1 [0036.132] lstrcmpiW (lpString1="directories.acrodata", lpString2="Program Files") returned -1 [0036.132] lstrcmpiW (lpString1="directories.acrodata", lpString2="Program Files (x86)") returned -1 [0036.132] lstrcmpiW (lpString1="directories.acrodata", lpString2="$Recycle.bin") returned 1 [0036.132] lstrcmpiW (lpString1="directories.acrodata", lpString2="System Volume Information") returned -1 [0036.132] lstrcmpiW (lpString1="directories.acrodata", lpString2=".") returned 1 [0036.132] lstrcmpiW (lpString1="directories.acrodata", lpString2="..") returned 1 [0036.132] wsprintfW (in: param_1=0x646fc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata") returned 77 [0036.132] StrStrIW (lpFirst="directories.acrodata", lpSrch=".lolkek") returned 0x0 [0036.132] lstrcmpW (lpString1="directories.acrodata", lpString2="LOLKEK.txt") returned -1 [0036.132] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata") returned 77 [0036.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x616330 [0036.132] lstrcpyW (in: lpString1=0x616330, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata") returned="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata" [0036.132] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.132] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.132] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x93de7300, ftLastWriteTime.dwHighDateTime=0x1cb84b4, nFileSizeHigh=0x0, nFileSizeLow=0x1df, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="directories.acrodata", cAlternateFileName="DIRECT~1.ACR")) returned 0 [0036.132] FindClose (in: hFindFile=0x62da98 | out: hFindFile=0x62da98) returned 1 [0036.132] wsprintfW (in: param_1=0x646fc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\LOLKEK.txt") returned 67 [0036.132] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\LOLKEK.txt" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0036.133] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.133] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.133] CloseHandle (hObject=0x190) returned 1 [0036.134] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x646fc0 | out: hHeap=0x5a0000) returned 1 [0036.134] FindNextFileW (in: hFindFile=0x62da58, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Security", cAlternateFileName="")) returned 0 [0036.134] FindClose (in: hFindFile=0x62da58 | out: hFindFile=0x62da58) returned 1 [0036.134] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\LOLKEK.txt") returned 58 [0036.134] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\LOLKEK.txt" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0036.134] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.134] WriteFile (in: hFile=0x178, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.134] CloseHandle (hObject=0x178) returned 1 [0036.135] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.135] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0036.135] FindClose (in: hFindFile=0x62da18 | out: hFindFile=0x62da18) returned 1 [0036.135] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\LOLKEK.txt") returned 48 [0036.135] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\10.0\\LOLKEK.txt" (normalized: "c:\\programdata\\adobe\\acrobat\\10.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0036.135] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.135] WriteFile (in: hFile=0x188, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.136] CloseHandle (hObject=0x188) returned 1 [0036.136] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0036.136] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x8000ce40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 0 [0036.136] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.137] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\LOLKEK.txt") returned 43 [0036.137] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\Acrobat\\LOLKEK.txt" (normalized: "c:\\programdata\\adobe\\acrobat\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x18c [0036.137] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.137] WriteFile (in: hFile=0x18c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.137] CloseHandle (hObject=0x18c) returned 1 [0036.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.138] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ARM", cAlternateFileName="")) returned 1 [0036.138] lstrcmpiW (lpString1="ARM", lpString2="Windows") returned -1 [0036.138] lstrcmpiW (lpString1="ARM", lpString2="Program Files") returned -1 [0036.138] lstrcmpiW (lpString1="ARM", lpString2="Program Files (x86)") returned -1 [0036.138] lstrcmpiW (lpString1="ARM", lpString2="$Recycle.bin") returned 1 [0036.138] lstrcmpiW (lpString1="ARM", lpString2="System Volume Information") returned -1 [0036.138] lstrcmpiW (lpString1="ARM", lpString2=".") returned 1 [0036.138] lstrcmpiW (lpString1="ARM", lpString2="..") returned 1 [0036.138] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM") returned 28 [0036.138] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.138] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\ARM" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM") returned="\\\\?\\C:\\ProgramData\\Adobe\\ARM" [0036.139] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\*") returned="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\*" [0036.139] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.139] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.139] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.139] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.139] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.139] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.139] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.139] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.139] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.139] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.139] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.139] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.139] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.139] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.139] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.139] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0036.139] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="Windows") returned -1 [0036.139] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="Program Files") returned 1 [0036.139] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="Program Files (x86)") returned 1 [0036.140] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="$Recycle.bin") returned 1 [0036.140] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="System Volume Information") returned -1 [0036.140] lstrcmpiW (lpString1="Reader_10.0.0", lpString2=".") returned 1 [0036.140] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="..") returned 1 [0036.140] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0") returned 42 [0036.140] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0036.140] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0") returned="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0" [0036.140] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*") returned="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*" [0036.140] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da18 [0036.143] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.143] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.143] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.143] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.143] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.143] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.143] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.143] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.143] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.143] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.143] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.143] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.143] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.143] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.143] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x7e186d00, ftLastWriteTime.dwHighDateTime=0x1cfb543, nFileSizeHigh=0x0, nFileSizeLow=0x3d800, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdbeRdrSecUpd10111.msp", cAlternateFileName="ADBERD~2.MSP")) returned 1 [0036.143] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp", lpString2="Windows") returned -1 [0036.143] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp", lpString2="Program Files") returned -1 [0036.143] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp", lpString2="Program Files (x86)") returned -1 [0036.143] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp", lpString2="$Recycle.bin") returned 1 [0036.143] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp", lpString2="System Volume Information") returned -1 [0036.143] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp", lpString2=".") returned 1 [0036.143] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp", lpString2="..") returned 1 [0036.143] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp") returned 65 [0036.143] StrStrIW (lpFirst="AdbeRdrSecUpd10111.msp", lpSrch=".lolkek") returned 0x0 [0036.143] lstrcmpW (lpString1="AdbeRdrSecUpd10111.msp", lpString2="LOLKEK.txt") returned -1 [0036.143] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp") returned 65 [0036.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x618ce8 [0036.143] lstrcpyW (in: lpString1=0x618ce8, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp") returned="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp" [0036.144] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.144] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.144] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0xb4450880, ftLastWriteTime.dwHighDateTime=0x1cf6c45, nFileSizeHigh=0x0, nFileSizeLow=0x10e3000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdbeRdrUpd10110_MUI.msp", cAlternateFileName="ADBERD~1.MSP")) returned 1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="Windows") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="Program Files") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="Program Files (x86)") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="$Recycle.bin") returned 1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="System Volume Information") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2=".") returned 1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="..") returned 1 [0036.144] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp") returned 66 [0036.144] StrStrIW (lpFirst="AdbeRdrUpd10110_MUI.msp", lpSrch=".lolkek") returned 0x0 [0036.144] lstrcmpW (lpString1="AdbeRdrUpd10110_MUI.msp", lpString2="LOLKEK.txt") returned -1 [0036.144] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp") returned 66 [0036.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x618df8 [0036.144] lstrcpyW (in: lpString1=0x618df8, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp") returned="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp" [0036.144] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.144] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.144] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="Windows") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="Program Files") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="Program Files (x86)") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="$Recycle.bin") returned 1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="System Volume Information") returned -1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2=".") returned 1 [0036.144] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="..") returned 1 [0036.144] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp") returned 66 [0036.144] StrStrIW (lpFirst="AdbeRdrUpd10116_MUI.msp", lpSrch=".lolkek") returned 0x0 [0036.144] lstrcmpW (lpString1="AdbeRdrUpd10116_MUI.msp", lpString2="LOLKEK.txt") returned -1 [0036.144] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp") returned 66 [0036.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x618f10 [0036.144] lstrcpyW (in: lpString1=0x618f10, lpString2="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" | out: lpString1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp") returned="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp" [0036.144] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.145] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.145] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x2540cc00, ftLastWriteTime.dwHighDateTime=0x1d1056e, nFileSizeHigh=0x0, nFileSizeLow=0x109d000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdbeRdrUpd10116_MUI.msp", cAlternateFileName="ADBERD~3.MSP")) returned 0 [0036.145] FindClose (in: hFindFile=0x62da18 | out: hFindFile=0x62da18) returned 1 [0036.145] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\LOLKEK.txt") returned 53 [0036.145] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\LOLKEK.txt" (normalized: "c:\\programdata\\adobe\\arm\\reader_10.0.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0036.146] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.146] WriteFile (in: hFile=0x188, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.147] CloseHandle (hObject=0x188) returned 1 [0036.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0036.147] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf2028d90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xf2028d90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0036.147] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.147] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\LOLKEK.txt") returned 39 [0036.147] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\ARM\\LOLKEK.txt" (normalized: "c:\\programdata\\adobe\\arm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x18c [0036.151] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.151] WriteFile (in: hFile=0x18c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.152] CloseHandle (hObject=0x18c) returned 1 [0036.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.153] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ARM", cAlternateFileName="")) returned 0 [0036.153] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0036.153] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Adobe\\LOLKEK.txt") returned 35 [0036.153] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Adobe\\LOLKEK.txt" (normalized: "c:\\programdata\\adobe\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0036.153] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.153] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0036.154] CloseHandle (hObject=0x160) returned 1 [0036.154] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.154] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0036.154] lstrcmpiW (lpString1="Application Data", lpString2="Windows") returned -1 [0036.154] lstrcmpiW (lpString1="Application Data", lpString2="Program Files") returned -1 [0036.154] lstrcmpiW (lpString1="Application Data", lpString2="Program Files (x86)") returned -1 [0036.154] lstrcmpiW (lpString1="Application Data", lpString2="$Recycle.bin") returned 1 [0036.154] lstrcmpiW (lpString1="Application Data", lpString2="System Volume Information") returned -1 [0036.154] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0036.154] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0036.154] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Application Data") returned 35 [0036.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.154] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Application Data" | out: lpString1="\\\\?\\C:\\ProgramData\\Application Data") returned="\\\\?\\C:\\ProgramData\\Application Data" [0036.154] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Application Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Application Data\\*") returned="\\\\?\\C:\\ProgramData\\Application Data\\*" [0036.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Application Data\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ARM", cAlternateFileName="ꐴ瘵ꐣ䛦ͣ疨쁨^纈0ͣͣ㼭䚗쁨^ͣ热/쁨^麈\\庠\\헍皮咽瑆?b麈\\␖")) returned 0xffffffff [0036.154] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.154] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0036.154] lstrcmpiW (lpString1="Desktop", lpString2="Windows") returned -1 [0036.154] lstrcmpiW (lpString1="Desktop", lpString2="Program Files") returned -1 [0036.154] lstrcmpiW (lpString1="Desktop", lpString2="Program Files (x86)") returned -1 [0036.154] lstrcmpiW (lpString1="Desktop", lpString2="$Recycle.bin") returned 1 [0036.155] lstrcmpiW (lpString1="Desktop", lpString2="System Volume Information") returned -1 [0036.155] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0036.155] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0036.155] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Desktop") returned 26 [0036.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.155] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Desktop" | out: lpString1="\\\\?\\C:\\ProgramData\\Desktop") returned="\\\\?\\C:\\ProgramData\\Desktop" [0036.155] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Desktop", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Desktop\\*") returned="\\\\?\\C:\\ProgramData\\Desktop\\*" [0036.155] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Desktop\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ARM", cAlternateFileName="ꐴ瘵ꐣ䛦ͣ疨쁨^纈0ͣͣ㼭䚗쁨^ͣ热/쁨^麈\\庠\\헍皮咽瑆?b麈\\␖")) returned 0xffffffff [0036.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.155] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0036.155] lstrcmpiW (lpString1="Documents", lpString2="Windows") returned -1 [0036.155] lstrcmpiW (lpString1="Documents", lpString2="Program Files") returned -1 [0036.155] lstrcmpiW (lpString1="Documents", lpString2="Program Files (x86)") returned -1 [0036.155] lstrcmpiW (lpString1="Documents", lpString2="$Recycle.bin") returned 1 [0036.155] lstrcmpiW (lpString1="Documents", lpString2="System Volume Information") returned -1 [0036.155] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0036.155] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0036.155] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Documents") returned 28 [0036.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.155] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Documents" | out: lpString1="\\\\?\\C:\\ProgramData\\Documents") returned="\\\\?\\C:\\ProgramData\\Documents" [0036.155] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Documents", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Documents\\*") returned="\\\\?\\C:\\ProgramData\\Documents\\*" [0036.155] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Documents\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ARM", cAlternateFileName="ꐴ瘵ꐣ䛦ͣ疨쁨^纈0ͣͣ㼭䚗쁨^ͣ热/쁨^麈\\庠\\헍皮咽瑆?b麈\\␖")) returned 0xffffffff [0036.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.155] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0036.155] lstrcmpiW (lpString1="Favorites", lpString2="Windows") returned -1 [0036.155] lstrcmpiW (lpString1="Favorites", lpString2="Program Files") returned -1 [0036.155] lstrcmpiW (lpString1="Favorites", lpString2="Program Files (x86)") returned -1 [0036.155] lstrcmpiW (lpString1="Favorites", lpString2="$Recycle.bin") returned 1 [0036.155] lstrcmpiW (lpString1="Favorites", lpString2="System Volume Information") returned -1 [0036.155] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0036.155] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0036.155] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Favorites") returned 28 [0036.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.155] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Favorites" | out: lpString1="\\\\?\\C:\\ProgramData\\Favorites") returned="\\\\?\\C:\\ProgramData\\Favorites" [0036.155] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Favorites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Favorites\\*") returned="\\\\?\\C:\\ProgramData\\Favorites\\*" [0036.156] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Favorites\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ARM", cAlternateFileName="ꐴ瘵ꐣ䛦ͣ疨쁨^纈0ͣͣ㼭䚗쁨^ͣ热/쁨^麈\\庠\\헍皮咽瑆?b麈\\␖")) returned 0xffffffff [0036.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0036.156] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0036.156] lstrcmpiW (lpString1="Microsoft", lpString2="Windows") returned -1 [0036.156] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files") returned -1 [0036.156] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files (x86)") returned -1 [0036.156] lstrcmpiW (lpString1="Microsoft", lpString2="$Recycle.bin") returned 1 [0036.156] lstrcmpiW (lpString1="Microsoft", lpString2="System Volume Information") returned -1 [0036.156] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0036.156] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0036.156] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft") returned 28 [0036.156] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0036.156] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Microsoft" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft") returned="\\\\?\\C:\\ProgramData\\Microsoft" [0036.156] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\*" [0036.156] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0036.156] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.156] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.156] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.156] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.156] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.156] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.156] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.156] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.156] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.156] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.156] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.156] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.156] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.156] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.156] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Assistance", cAlternateFileName="ASSIST~1")) returned 1 [0036.156] lstrcmpiW (lpString1="Assistance", lpString2="Windows") returned -1 [0036.156] lstrcmpiW (lpString1="Assistance", lpString2="Program Files") returned -1 [0036.156] lstrcmpiW (lpString1="Assistance", lpString2="Program Files (x86)") returned -1 [0036.157] lstrcmpiW (lpString1="Assistance", lpString2="$Recycle.bin") returned 1 [0036.157] lstrcmpiW (lpString1="Assistance", lpString2="System Volume Information") returned -1 [0036.157] lstrcmpiW (lpString1="Assistance", lpString2=".") returned 1 [0036.157] lstrcmpiW (lpString1="Assistance", lpString2="..") returned 1 [0036.157] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance") returned 39 [0036.157] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.157] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance" [0036.157] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\*" [0036.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d9d8 [0036.157] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.157] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.157] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.157] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.157] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.157] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.157] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.157] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.157] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.157] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.158] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.158] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.158] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.158] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.158] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Client", cAlternateFileName="")) returned 1 [0036.158] lstrcmpiW (lpString1="Client", lpString2="Windows") returned -1 [0036.158] lstrcmpiW (lpString1="Client", lpString2="Program Files") returned -1 [0036.158] lstrcmpiW (lpString1="Client", lpString2="Program Files (x86)") returned -1 [0036.158] lstrcmpiW (lpString1="Client", lpString2="$Recycle.bin") returned 1 [0036.158] lstrcmpiW (lpString1="Client", lpString2="System Volume Information") returned -1 [0036.158] lstrcmpiW (lpString1="Client", lpString2=".") returned 1 [0036.158] lstrcmpiW (lpString1="Client", lpString2="..") returned 1 [0036.158] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client") returned 46 [0036.158] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0036.158] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client" [0036.158] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\*" [0036.158] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da18 [0036.158] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.158] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.158] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.158] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.158] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.158] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.158] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.158] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.158] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.159] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.159] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.159] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.159] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.159] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.159] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.0", cAlternateFileName="")) returned 1 [0036.159] lstrcmpiW (lpString1="1.0", lpString2="Windows") returned -1 [0036.159] lstrcmpiW (lpString1="1.0", lpString2="Program Files") returned -1 [0036.159] lstrcmpiW (lpString1="1.0", lpString2="Program Files (x86)") returned -1 [0036.159] lstrcmpiW (lpString1="1.0", lpString2="$Recycle.bin") returned 1 [0036.159] lstrcmpiW (lpString1="1.0", lpString2="System Volume Information") returned -1 [0036.159] lstrcmpiW (lpString1="1.0", lpString2=".") returned 1 [0036.159] lstrcmpiW (lpString1="1.0", lpString2="..") returned 1 [0036.159] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0") returned 50 [0036.159] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.159] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0" [0036.159] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*" [0036.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da58 [0036.159] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.159] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.160] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.160] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.160] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.160] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.160] FindNextFileW (in: hFindFile=0x62da58, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.160] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.160] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.160] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.160] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.160] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.160] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.160] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.160] FindNextFileW (in: hFindFile=0x62da58, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0036.160] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0036.160] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0036.160] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0036.160] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0036.160] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0036.160] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0036.160] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0036.160] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned 56 [0036.160] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x645fb8 [0036.160] lstrcpyW (in: lpString1=0x645fb8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0036.160] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*" [0036.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da98 [0036.167] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.167] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.167] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.167] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.167] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.167] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.167] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.167] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.167] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.168] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.168] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.168] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.168] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.168] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.168] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2436abaa, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xabde2c6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xa65a8bbf, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x2f22, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_CValidator.H1D", cAlternateFileName="HELP_C~1.H1D")) returned 1 [0036.168] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="Windows") returned -1 [0036.168] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="Program Files") returned -1 [0036.168] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="Program Files (x86)") returned -1 [0036.168] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="$Recycle.bin") returned 1 [0036.168] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="System Volume Information") returned -1 [0036.168] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2=".") returned 1 [0036.168] lstrcmpiW (lpString1="Help_CValidator.H1D", lpString2="..") returned 1 [0036.168] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D") returned 76 [0036.168] StrStrIW (lpFirst="Help_CValidator.H1D", lpSrch=".lolkek") returned 0x0 [0036.168] lstrcmpW (lpString1="Help_CValidator.H1D", lpString2="LOLKEK.txt") returned -1 [0036.168] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D") returned 76 [0036.168] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616478 [0036.168] lstrcpyW (in: lpString1=0x616478, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D" [0036.168] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.168] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.168] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae2660aa, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x365fc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MKWD_AssetId.H1W", cAlternateFileName="HELP_M~1.H1W")) returned 1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="Windows") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="Program Files") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="Program Files (x86)") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="$Recycle.bin") returned 1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="System Volume Information") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2=".") returned 1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_AssetId.H1W", lpString2="..") returned 1 [0036.168] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W") returned 78 [0036.168] StrStrIW (lpFirst="Help_MKWD_AssetId.H1W", lpSrch=".lolkek") returned 0x0 [0036.168] lstrcmpW (lpString1="Help_MKWD_AssetId.H1W", lpString2="LOLKEK.txt") returned -1 [0036.168] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W") returned 78 [0036.168] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x6165c0 [0036.168] lstrcpyW (in: lpString1=0x6165c0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W" [0036.168] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.168] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.168] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae409b6f, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x325ec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MKWD_BestBet.H1W", cAlternateFileName="HELP_M~2.H1W")) returned 1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="Windows") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="Program Files") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="Program Files (x86)") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="$Recycle.bin") returned 1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="System Volume Information") returned -1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2=".") returned 1 [0036.168] lstrcmpiW (lpString1="Help_MKWD_BestBet.H1W", lpString2="..") returned 1 [0036.168] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W") returned 78 [0036.169] StrStrIW (lpFirst="Help_MKWD_BestBet.H1W", lpSrch=".lolkek") returned 0x0 [0036.169] lstrcmpW (lpString1="Help_MKWD_BestBet.H1W", lpString2="LOLKEK.txt") returned -1 [0036.169] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W") returned 78 [0036.169] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616708 [0036.169] lstrcpyW (in: lpString1=0x616708, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W" [0036.169] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.169] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.169] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x79f1a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MTOC_help.H1H", cAlternateFileName="HELP_M~1.H1H")) returned 1 [0036.169] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="Windows") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="Program Files") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="Program Files (x86)") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="$Recycle.bin") returned 1 [0036.169] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="System Volume Information") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2=".") returned 1 [0036.169] lstrcmpiW (lpString1="Help_MTOC_help.H1H", lpString2="..") returned 1 [0036.169] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H") returned 75 [0036.169] StrStrIW (lpFirst="Help_MTOC_help.H1H", lpSrch=".lolkek") returned 0x0 [0036.169] lstrcmpW (lpString1="Help_MTOC_help.H1H", lpString2="LOLKEK.txt") returned -1 [0036.169] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H") returned 75 [0036.169] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x61c040 [0036.169] lstrcpyW (in: lpString1=0x61c040, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H" [0036.169] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.169] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.169] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x3944, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MValidator.H1D", cAlternateFileName="HELP_M~1.H1D")) returned 1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="Windows") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="Program Files") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="Program Files (x86)") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="$Recycle.bin") returned 1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="System Volume Information") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2=".") returned 1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.H1D", lpString2="..") returned 1 [0036.169] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D") returned 76 [0036.169] StrStrIW (lpFirst="Help_MValidator.H1D", lpSrch=".lolkek") returned 0x0 [0036.169] lstrcmpW (lpString1="Help_MValidator.H1D", lpString2="LOLKEK.txt") returned -1 [0036.169] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D") returned 76 [0036.169] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616850 [0036.169] lstrcpyW (in: lpString1=0x616850, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D" [0036.169] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.169] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.169] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae45604d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MValidator.Lck", cAlternateFileName="HELP_M~1.LCK")) returned 1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="Windows") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="Program Files") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="Program Files (x86)") returned -1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="$Recycle.bin") returned 1 [0036.169] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="System Volume Information") returned -1 [0036.170] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2=".") returned 1 [0036.170] lstrcmpiW (lpString1="Help_MValidator.Lck", lpString2="..") returned 1 [0036.170] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck") returned 76 [0036.170] StrStrIW (lpFirst="Help_MValidator.Lck", lpSrch=".lolkek") returned 0x0 [0036.170] lstrcmpW (lpString1="Help_MValidator.Lck", lpString2="LOLKEK.txt") returned -1 [0036.170] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck") returned 76 [0036.170] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616998 [0036.170] lstrcpyW (in: lpString1=0x616998, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck" [0036.170] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.170] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.170] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 1 [0036.170] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="Windows") returned -1 [0036.170] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="Program Files") returned -1 [0036.170] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="Program Files (x86)") returned -1 [0036.170] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="$Recycle.bin") returned 1 [0036.170] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="System Volume Information") returned -1 [0036.170] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2=".") returned 1 [0036.170] lstrcmpiW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="..") returned 1 [0036.170] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q") returned 103 [0036.170] StrStrIW (lpFirst="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpSrch=".lolkek") returned 0x0 [0036.170] lstrcmpW (lpString1="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", lpString2="LOLKEK.txt") returned -1 [0036.170] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q") returned 103 [0036.170] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x61c178 [0036.170] lstrcpyW (in: lpString1=0x61c178, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q" [0036.170] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.170] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.170] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xd5310, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q", cAlternateFileName="HELP{9~1.H1Q")) returned 0 [0036.170] FindClose (in: hFindFile=0x62da98 | out: hFindFile=0x62da98) returned 1 [0036.171] wsprintfW (in: param_1=0x645fb8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\LOLKEK.txt") returned 67 [0036.171] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0036.171] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.171] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.172] CloseHandle (hObject=0x190) returned 1 [0036.172] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x645fb8 | out: hHeap=0x5a0000) returned 1 [0036.172] FindNextFileW (in: hFindFile=0x62da58, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xae0e8854, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 0 [0036.172] FindClose (in: hFindFile=0x62da58 | out: hFindFile=0x62da58) returned 1 [0036.172] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\LOLKEK.txt") returned 61 [0036.172] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\1.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a0 [0036.190] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.190] WriteFile (in: hFile=0x1a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.190] CloseHandle (hObject=0x1a0) returned 1 [0036.190] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.190] FindNextFileW (in: hFindFile=0x62da18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa8f17049, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x243448f1, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.0", cAlternateFileName="")) returned 0 [0036.190] FindClose (in: hFindFile=0x62da18 | out: hFindFile=0x62da18) returned 1 [0036.191] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\LOLKEK.txt") returned 57 [0036.191] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\Client\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\assistance\\client\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0036.191] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.191] WriteFile (in: hFile=0x188, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.191] CloseHandle (hObject=0x188) returned 1 [0036.191] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0036.194] FindNextFileW (in: hFindFile=0x62d9d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x3fc949a4, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3fc949a4, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Client", cAlternateFileName="")) returned 0 [0036.194] FindClose (in: hFindFile=0x62d9d8 | out: hFindFile=0x62d9d8) returned 1 [0036.194] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\LOLKEK.txt") returned 50 [0036.194] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Assistance\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\assistance\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a8 [0036.223] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.223] WriteFile (in: hFile=0x1a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.224] CloseHandle (hObject=0x1a8) returned 1 [0036.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.227] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Crypto", cAlternateFileName="")) returned 1 [0036.227] lstrcmpiW (lpString1="Crypto", lpString2="Windows") returned -1 [0036.227] lstrcmpiW (lpString1="Crypto", lpString2="Program Files") returned -1 [0036.227] lstrcmpiW (lpString1="Crypto", lpString2="Program Files (x86)") returned -1 [0036.227] lstrcmpiW (lpString1="Crypto", lpString2="$Recycle.bin") returned 1 [0036.227] lstrcmpiW (lpString1="Crypto", lpString2="System Volume Information") returned -1 [0036.227] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1 [0036.227] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1 [0036.227] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto") returned 35 [0036.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.227] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto" [0036.227] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\*" [0036.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62db18 [0036.227] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.227] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.227] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.227] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.227] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.227] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.227] FindNextFileW (in: hFindFile=0x62db18, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.228] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.228] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.228] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.228] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.228] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.228] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.228] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.228] FindNextFileW (in: hFindFile=0x62db18, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DSS", cAlternateFileName="")) returned 1 [0036.228] lstrcmpiW (lpString1="DSS", lpString2="Windows") returned -1 [0036.228] lstrcmpiW (lpString1="DSS", lpString2="Program Files") returned -1 [0036.228] lstrcmpiW (lpString1="DSS", lpString2="Program Files (x86)") returned -1 [0036.228] lstrcmpiW (lpString1="DSS", lpString2="$Recycle.bin") returned 1 [0036.228] lstrcmpiW (lpString1="DSS", lpString2="System Volume Information") returned -1 [0036.228] lstrcmpiW (lpString1="DSS", lpString2=".") returned 1 [0036.228] lstrcmpiW (lpString1="DSS", lpString2="..") returned 1 [0036.228] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS") returned 39 [0036.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be1f40 [0036.228] lstrcpyW (in: lpString1=0x3be1f40, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS" [0036.228] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*" [0036.228] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62db58 [0036.228] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.228] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.229] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.229] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.229] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.229] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.229] FindNextFileW (in: hFindFile=0x62db58, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd943744, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.229] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.229] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.229] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.229] FindNextFileW (in: hFindFile=0x62db58, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0036.229] lstrcmpiW (lpString1="MachineKeys", lpString2="Windows") returned -1 [0036.229] lstrcmpiW (lpString1="MachineKeys", lpString2="Program Files") returned -1 [0036.229] lstrcmpiW (lpString1="MachineKeys", lpString2="Program Files (x86)") returned -1 [0036.229] lstrcmpiW (lpString1="MachineKeys", lpString2="$Recycle.bin") returned 1 [0036.229] lstrcmpiW (lpString1="MachineKeys", lpString2="System Volume Information") returned -1 [0036.229] lstrcmpiW (lpString1="MachineKeys", lpString2=".") returned 1 [0036.229] lstrcmpiW (lpString1="MachineKeys", lpString2="..") returned 1 [0036.229] wsprintfW (in: param_1=0x3be1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys") returned 51 [0036.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bf2f50 [0036.229] lstrcpyW (in: lpString1=0x3bf2f50, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys" [0036.229] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*" [0036.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62db98 [0036.229] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.229] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.229] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.229] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.229] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.229] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.229] FindNextFileW (in: hFindFile=0x62db98, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.229] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.229] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.229] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.229] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.230] FindNextFileW (in: hFindFile=0x62db98, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.230] FindClose (in: hFindFile=0x62db98 | out: hFindFile=0x62db98) returned 1 [0036.230] wsprintfW (in: param_1=0x3bf2f50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\LOLKEK.txt") returned 62 [0036.230] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\crypto\\dss\\machinekeys\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0036.230] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.230] WriteFile (in: hFile=0x1b0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.231] CloseHandle (hObject=0x1b0) returned 1 [0036.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bf2f50 | out: hHeap=0x5a0000) returned 1 [0036.231] FindNextFileW (in: hFindFile=0x62db58, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd943744, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0036.231] FindClose (in: hFindFile=0x62db58 | out: hFindFile=0x62db58) returned 1 [0036.231] wsprintfW (in: param_1=0x3be1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\LOLKEK.txt") returned 50 [0036.231] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\DSS\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\crypto\\dss\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0036.231] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.231] WriteFile (in: hFile=0x1ac, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.232] CloseHandle (hObject=0x1ac) returned 1 [0036.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be1f40 | out: hHeap=0x5a0000) returned 1 [0036.232] FindNextFileW (in: hFindFile=0x62db18, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Keys", cAlternateFileName="")) returned 1 [0036.232] lstrcmpiW (lpString1="Keys", lpString2="Windows") returned -1 [0036.232] lstrcmpiW (lpString1="Keys", lpString2="Program Files") returned -1 [0036.232] lstrcmpiW (lpString1="Keys", lpString2="Program Files (x86)") returned -1 [0036.232] lstrcmpiW (lpString1="Keys", lpString2="$Recycle.bin") returned 1 [0036.232] lstrcmpiW (lpString1="Keys", lpString2="System Volume Information") returned -1 [0036.232] lstrcmpiW (lpString1="Keys", lpString2=".") returned 1 [0036.232] lstrcmpiW (lpString1="Keys", lpString2="..") returned 1 [0036.232] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys") returned 40 [0036.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be1f40 [0036.232] lstrcpyW (in: lpString1=0x3be1f40, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys" [0036.232] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*" [0036.232] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dc18 [0036.252] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.252] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.252] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.252] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.252] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.252] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.252] FindNextFileW (in: hFindFile=0x62dc18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.252] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.252] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.252] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.252] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.252] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.252] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.253] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.253] FindNextFileW (in: hFindFile=0x62dc18, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.253] FindClose (in: hFindFile=0x62dc18 | out: hFindFile=0x62dc18) returned 1 [0036.253] wsprintfW (in: param_1=0x3be1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\LOLKEK.txt") returned 51 [0036.253] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\Keys\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\crypto\\keys\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0036.279] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.279] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.279] CloseHandle (hObject=0x1e0) returned 1 [0036.279] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be1f40 | out: hHeap=0x5a0000) returned 1 [0036.281] FindNextFileW (in: hFindFile=0x62db18, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 1 [0036.281] lstrcmpiW (lpString1="RSA", lpString2="Windows") returned -1 [0036.281] lstrcmpiW (lpString1="RSA", lpString2="Program Files") returned 1 [0036.281] lstrcmpiW (lpString1="RSA", lpString2="Program Files (x86)") returned 1 [0036.281] lstrcmpiW (lpString1="RSA", lpString2="$Recycle.bin") returned 1 [0036.281] lstrcmpiW (lpString1="RSA", lpString2="System Volume Information") returned -1 [0036.281] lstrcmpiW (lpString1="RSA", lpString2=".") returned 1 [0036.281] lstrcmpiW (lpString1="RSA", lpString2="..") returned 1 [0036.281] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA") returned 39 [0036.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be1f40 [0036.282] lstrcpyW (in: lpString1=0x3be1f40, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA" [0036.282] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*" [0036.282] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dcd8 [0036.282] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.282] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.282] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.282] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.282] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.282] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.282] FindNextFileW (in: hFindFile=0x62dcd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.282] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.282] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.282] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.282] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.282] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.282] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.282] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.282] FindNextFileW (in: hFindFile=0x62dcd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0036.283] lstrcmpiW (lpString1="MachineKeys", lpString2="Windows") returned -1 [0036.283] lstrcmpiW (lpString1="MachineKeys", lpString2="Program Files") returned -1 [0036.283] lstrcmpiW (lpString1="MachineKeys", lpString2="Program Files (x86)") returned -1 [0036.283] lstrcmpiW (lpString1="MachineKeys", lpString2="$Recycle.bin") returned 1 [0036.283] lstrcmpiW (lpString1="MachineKeys", lpString2="System Volume Information") returned -1 [0036.283] lstrcmpiW (lpString1="MachineKeys", lpString2=".") returned 1 [0036.283] lstrcmpiW (lpString1="MachineKeys", lpString2="..") returned 1 [0036.283] wsprintfW (in: param_1=0x3be1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys") returned 51 [0036.283] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc4cc8 [0036.283] lstrcpyW (in: lpString1=0x3dc4cc8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys" [0036.283] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*" [0036.283] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd18 [0036.283] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.283] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.283] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.283] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.283] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.283] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.283] FindNextFileW (in: hFindFile=0x62dd18, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.283] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.283] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.283] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.283] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.283] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.283] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.283] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.283] FindNextFileW (in: hFindFile=0x62dd18, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xb66d81ea, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.283] FindClose (in: hFindFile=0x62dd18 | out: hFindFile=0x62dd18) returned 1 [0036.283] wsprintfW (in: param_1=0x3dc4cc8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\LOLKEK.txt") returned 62 [0036.283] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\machinekeys\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0036.284] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.284] WriteFile (in: hFile=0x1e4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.284] CloseHandle (hObject=0x1e4) returned 1 [0036.284] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc4cc8 | out: hHeap=0x5a0000) returned 1 [0036.284] FindNextFileW (in: hFindFile=0x62dcd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0036.284] lstrcmpiW (lpString1="S-1-5-18", lpString2="Windows") returned -1 [0036.284] lstrcmpiW (lpString1="S-1-5-18", lpString2="Program Files") returned 1 [0036.284] lstrcmpiW (lpString1="S-1-5-18", lpString2="Program Files (x86)") returned 1 [0036.284] lstrcmpiW (lpString1="S-1-5-18", lpString2="$Recycle.bin") returned 1 [0036.284] lstrcmpiW (lpString1="S-1-5-18", lpString2="System Volume Information") returned -1 [0036.284] lstrcmpiW (lpString1="S-1-5-18", lpString2=".") returned 1 [0036.284] lstrcmpiW (lpString1="S-1-5-18", lpString2="..") returned 1 [0036.284] wsprintfW (in: param_1=0x3be1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned 48 [0036.284] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc4cc8 [0036.284] lstrcpyW (in: lpString1=0x3dc4cc8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0036.285] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*" [0036.285] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0036.305] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.305] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.305] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.305] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.305] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.305] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.305] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.305] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.305] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.305] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.305] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.305] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.305] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.305] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.305] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xfc767af0, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xfc767af0, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc767af0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x2f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="6D14E4~1")) returned 1 [0036.305] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Windows") returned -1 [0036.305] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files") returned -1 [0036.305] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files (x86)") returned -1 [0036.305] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="$Recycle.bin") returned 1 [0036.305] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="System Volume Information") returned -1 [0036.305] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".") returned 1 [0036.305] lstrcmpiW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="..") returned 1 [0036.305] wsprintfW (in: param_1=0x3dc4cc8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 118 [0036.305] StrStrIW (lpFirst="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpSrch=".lolkek") returned 0x0 [0036.305] lstrcmpW (lpString1="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="LOLKEK.txt") returned -1 [0036.305] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 118 [0036.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3bf2558 [0036.305] lstrcpyW (in: lpString1=0x3bf2558, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0036.305] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.305] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.305] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 1 [0036.305] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Windows") returned -1 [0036.305] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files") returned -1 [0036.305] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files (x86)") returned -1 [0036.305] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="$Recycle.bin") returned 1 [0036.305] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="System Volume Information") returned -1 [0036.305] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".") returned 1 [0036.305] lstrcmpiW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="..") returned 1 [0036.305] wsprintfW (in: param_1=0x3dc4cc8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 118 [0036.305] StrStrIW (lpFirst="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpSrch=".lolkek") returned 0x0 [0036.305] lstrcmpW (lpString1="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="LOLKEK.txt") returned -1 [0036.305] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 118 [0036.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3de12f0 [0036.305] lstrcpyW (in: lpString1=0x3de12f0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0036.305] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.306] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.306] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x41d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="D42CC0~1")) returned 0 [0036.306] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0036.306] wsprintfW (in: param_1=0x3dc4cc8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\LOLKEK.txt") returned 59 [0036.306] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0036.340] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.340] WriteFile (in: hFile=0x214, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.341] CloseHandle (hObject=0x214) returned 1 [0036.341] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc4cc8 | out: hHeap=0x5a0000) returned 1 [0036.343] FindNextFileW (in: hFindFile=0x62dcd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe5bc2f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0036.343] FindClose (in: hFindFile=0x62dcd8 | out: hFindFile=0x62dcd8) returned 1 [0036.344] wsprintfW (in: param_1=0x3be1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\LOLKEK.txt") returned 50 [0036.344] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\RSA\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\crypto\\rsa\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0036.344] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.344] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.344] CloseHandle (hObject=0x1e0) returned 1 [0036.345] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be1f40 | out: hHeap=0x5a0000) returned 1 [0036.345] FindNextFileW (in: hFindFile=0x62db18, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfc65d150, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xfc65d150, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 0 [0036.345] FindClose (in: hFindFile=0x62db18 | out: hFindFile=0x62db18) returned 1 [0036.345] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\LOLKEK.txt") returned 46 [0036.345] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Crypto\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\crypto\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0036.366] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.366] WriteFile (in: hFile=0x21c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.367] CloseHandle (hObject=0x21c) returned 1 [0036.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.370] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0036.370] lstrcmpiW (lpString1="Device Stage", lpString2="Windows") returned -1 [0036.370] lstrcmpiW (lpString1="Device Stage", lpString2="Program Files") returned -1 [0036.370] lstrcmpiW (lpString1="Device Stage", lpString2="Program Files (x86)") returned -1 [0036.370] lstrcmpiW (lpString1="Device Stage", lpString2="$Recycle.bin") returned 1 [0036.370] lstrcmpiW (lpString1="Device Stage", lpString2="System Volume Information") returned -1 [0036.370] lstrcmpiW (lpString1="Device Stage", lpString2=".") returned 1 [0036.370] lstrcmpiW (lpString1="Device Stage", lpString2="..") returned 1 [0036.370] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage") returned 41 [0036.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.370] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage" [0036.370] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\*" [0036.370] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.370] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.370] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.370] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.370] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.370] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.370] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.370] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.371] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.371] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.371] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.371] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.371] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.371] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.371] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.371] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Device", cAlternateFileName="")) returned 1 [0036.371] lstrcmpiW (lpString1="Device", lpString2="Windows") returned -1 [0036.371] lstrcmpiW (lpString1="Device", lpString2="Program Files") returned -1 [0036.371] lstrcmpiW (lpString1="Device", lpString2="Program Files (x86)") returned -1 [0036.371] lstrcmpiW (lpString1="Device", lpString2="$Recycle.bin") returned 1 [0036.371] lstrcmpiW (lpString1="Device", lpString2="System Volume Information") returned -1 [0036.371] lstrcmpiW (lpString1="Device", lpString2=".") returned 1 [0036.371] lstrcmpiW (lpString1="Device", lpString2="..") returned 1 [0036.371] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device") returned 48 [0036.371] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.371] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device" [0036.371] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*" [0036.371] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.400] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.400] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.400] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.400] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.400] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.400] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.401] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.401] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.401] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.401] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.401] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.401] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.401] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.401] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.401] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0036.401] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="Windows") returned -1 [0036.401] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="Program Files") returned -1 [0036.401] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="Program Files (x86)") returned -1 [0036.401] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="$Recycle.bin") returned 1 [0036.401] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="System Volume Information") returned -1 [0036.401] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2=".") returned 1 [0036.401] lstrcmpiW (lpString1="{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="..") returned 1 [0036.401] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned 87 [0036.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df2e30 [0036.401] lstrcpyW (in: lpString1=0x3df2e30, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0036.401] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*" [0036.401] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e0d8 [0036.424] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.424] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.424] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.424] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.424] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.424] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.424] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.424] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.424] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.424] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.424] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.424] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.424] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.424] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.424] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="background.png", cAlternateFileName="")) returned 1 [0036.424] lstrcmpiW (lpString1="background.png", lpString2="Windows") returned -1 [0036.424] lstrcmpiW (lpString1="background.png", lpString2="Program Files") returned -1 [0036.424] lstrcmpiW (lpString1="background.png", lpString2="Program Files (x86)") returned -1 [0036.424] lstrcmpiW (lpString1="background.png", lpString2="$Recycle.bin") returned 1 [0036.424] lstrcmpiW (lpString1="background.png", lpString2="System Volume Information") returned -1 [0036.424] lstrcmpiW (lpString1="background.png", lpString2=".") returned 1 [0036.424] lstrcmpiW (lpString1="background.png", lpString2="..") returned 1 [0036.425] wsprintfW (in: param_1=0x3df2e30, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png") returned 102 [0036.425] StrStrIW (lpFirst="background.png", lpSrch=".lolkek") returned 0x0 [0036.425] lstrcmpW (lpString1="background.png", lpString2="LOLKEK.txt") returned -1 [0036.425] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png") returned 102 [0036.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3dded50 [0036.425] lstrcpyW (in: lpString1=0x3dded50, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" [0036.425] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.425] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.425] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0036.425] lstrcmpiW (lpString1="behavior.xml", lpString2="Windows") returned -1 [0036.425] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files") returned -1 [0036.425] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files (x86)") returned -1 [0036.425] lstrcmpiW (lpString1="behavior.xml", lpString2="$Recycle.bin") returned 1 [0036.425] lstrcmpiW (lpString1="behavior.xml", lpString2="System Volume Information") returned -1 [0036.425] lstrcmpiW (lpString1="behavior.xml", lpString2=".") returned 1 [0036.425] lstrcmpiW (lpString1="behavior.xml", lpString2="..") returned 1 [0036.425] wsprintfW (in: param_1=0x3df2e30, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml") returned 100 [0036.425] StrStrIW (lpFirst="behavior.xml", lpSrch=".lolkek") returned 0x0 [0036.425] lstrcmpW (lpString1="behavior.xml", lpString2="LOLKEK.txt") returned -1 [0036.425] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml") returned 100 [0036.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3ddeef8 [0036.425] lstrcpyW (in: lpString1=0x3ddeef8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" [0036.425] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.425] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.425] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="device.png", cAlternateFileName="")) returned 1 [0036.425] lstrcmpiW (lpString1="device.png", lpString2="Windows") returned -1 [0036.425] lstrcmpiW (lpString1="device.png", lpString2="Program Files") returned -1 [0036.425] lstrcmpiW (lpString1="device.png", lpString2="Program Files (x86)") returned -1 [0036.425] lstrcmpiW (lpString1="device.png", lpString2="$Recycle.bin") returned 1 [0036.425] lstrcmpiW (lpString1="device.png", lpString2="System Volume Information") returned -1 [0036.425] lstrcmpiW (lpString1="device.png", lpString2=".") returned 1 [0036.425] lstrcmpiW (lpString1="device.png", lpString2="..") returned 1 [0036.425] wsprintfW (in: param_1=0x3df2e30, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png") returned 98 [0036.425] StrStrIW (lpFirst="device.png", lpSrch=".lolkek") returned 0x0 [0036.425] lstrcmpW (lpString1="device.png", lpString2="LOLKEK.txt") returned -1 [0036.425] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png") returned 98 [0036.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3ddf098 [0036.425] lstrcpyW (in: lpString1=0x3ddf098, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" [0036.425] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.425] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.425] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0036.425] lstrcmpiW (lpString1="overlay.png", lpString2="Windows") returned -1 [0036.425] lstrcmpiW (lpString1="overlay.png", lpString2="Program Files") returned -1 [0036.426] lstrcmpiW (lpString1="overlay.png", lpString2="Program Files (x86)") returned -1 [0036.426] lstrcmpiW (lpString1="overlay.png", lpString2="$Recycle.bin") returned 1 [0036.426] lstrcmpiW (lpString1="overlay.png", lpString2="System Volume Information") returned -1 [0036.426] lstrcmpiW (lpString1="overlay.png", lpString2=".") returned 1 [0036.426] lstrcmpiW (lpString1="overlay.png", lpString2="..") returned 1 [0036.426] wsprintfW (in: param_1=0x3df2e30, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png") returned 99 [0036.426] StrStrIW (lpFirst="overlay.png", lpSrch=".lolkek") returned 0x0 [0036.426] lstrcmpW (lpString1="overlay.png", lpString2="LOLKEK.txt") returned 1 [0036.426] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png") returned 99 [0036.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x3ddf230 [0036.426] lstrcpyW (in: lpString1=0x3ddf230, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" [0036.426] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.426] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.426] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0036.426] lstrcmpiW (lpString1="superbar.png", lpString2="Windows") returned -1 [0036.426] lstrcmpiW (lpString1="superbar.png", lpString2="Program Files") returned 1 [0036.426] lstrcmpiW (lpString1="superbar.png", lpString2="Program Files (x86)") returned 1 [0036.426] lstrcmpiW (lpString1="superbar.png", lpString2="$Recycle.bin") returned 1 [0036.426] lstrcmpiW (lpString1="superbar.png", lpString2="System Volume Information") returned -1 [0036.426] lstrcmpiW (lpString1="superbar.png", lpString2=".") returned 1 [0036.426] lstrcmpiW (lpString1="superbar.png", lpString2="..") returned 1 [0036.426] wsprintfW (in: param_1=0x3df2e30, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png") returned 100 [0036.426] StrStrIW (lpFirst="superbar.png", lpSrch=".lolkek") returned 0x0 [0036.426] lstrcmpW (lpString1="superbar.png", lpString2="LOLKEK.txt") returned 1 [0036.426] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png") returned 100 [0036.426] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3ddf3c8 [0036.426] lstrcpyW (in: lpString1=0x3ddf3c8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" [0036.426] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.426] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.426] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0036.426] FindClose (in: hFindFile=0x62e0d8 | out: hFindFile=0x62e0d8) returned 1 [0036.427] wsprintfW (in: param_1=0x3df2e30, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\LOLKEK.txt") returned 98 [0036.427] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x244 [0036.427] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.427] WriteFile (in: hFile=0x244, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.428] CloseHandle (hObject=0x244) returned 1 [0036.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df2e30 | out: hHeap=0x5a0000) returned 1 [0036.428] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0036.428] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="Windows") returned -1 [0036.428] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="Program Files") returned -1 [0036.428] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="Program Files (x86)") returned -1 [0036.428] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="$Recycle.bin") returned 1 [0036.428] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="System Volume Information") returned -1 [0036.428] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2=".") returned 1 [0036.428] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="..") returned 1 [0036.428] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned 87 [0036.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.428] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0036.428] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*" [0036.428] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e0d8 [0036.429] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.429] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.429] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.429] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.429] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.429] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.429] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.429] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.429] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.429] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.429] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.429] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.429] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.429] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.429] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="background.png", cAlternateFileName="")) returned 1 [0036.429] lstrcmpiW (lpString1="background.png", lpString2="Windows") returned -1 [0036.429] lstrcmpiW (lpString1="background.png", lpString2="Program Files") returned -1 [0036.429] lstrcmpiW (lpString1="background.png", lpString2="Program Files (x86)") returned -1 [0036.429] lstrcmpiW (lpString1="background.png", lpString2="$Recycle.bin") returned 1 [0036.429] lstrcmpiW (lpString1="background.png", lpString2="System Volume Information") returned -1 [0036.429] lstrcmpiW (lpString1="background.png", lpString2=".") returned 1 [0036.429] lstrcmpiW (lpString1="background.png", lpString2="..") returned 1 [0036.429] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png") returned 102 [0036.429] StrStrIW (lpFirst="background.png", lpSrch=".lolkek") returned 0x0 [0036.429] lstrcmpW (lpString1="background.png", lpString2="LOLKEK.txt") returned -1 [0036.429] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png") returned 102 [0036.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3ddf568 [0036.429] lstrcpyW (in: lpString1=0x3ddf568, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" [0036.429] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.429] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.429] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0036.429] lstrcmpiW (lpString1="behavior.xml", lpString2="Windows") returned -1 [0036.429] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files") returned -1 [0036.429] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files (x86)") returned -1 [0036.429] lstrcmpiW (lpString1="behavior.xml", lpString2="$Recycle.bin") returned 1 [0036.429] lstrcmpiW (lpString1="behavior.xml", lpString2="System Volume Information") returned -1 [0036.429] lstrcmpiW (lpString1="behavior.xml", lpString2=".") returned 1 [0036.429] lstrcmpiW (lpString1="behavior.xml", lpString2="..") returned 1 [0036.429] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml") returned 100 [0036.429] StrStrIW (lpFirst="behavior.xml", lpSrch=".lolkek") returned 0x0 [0036.429] lstrcmpW (lpString1="behavior.xml", lpString2="LOLKEK.txt") returned -1 [0036.429] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml") returned 100 [0036.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3ddf710 [0036.430] lstrcpyW (in: lpString1=0x3ddf710, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" [0036.430] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.430] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.430] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0036.430] lstrcmpiW (lpString1="watermark.png", lpString2="Windows") returned -1 [0036.430] lstrcmpiW (lpString1="watermark.png", lpString2="Program Files") returned 1 [0036.430] lstrcmpiW (lpString1="watermark.png", lpString2="Program Files (x86)") returned 1 [0036.430] lstrcmpiW (lpString1="watermark.png", lpString2="$Recycle.bin") returned 1 [0036.430] lstrcmpiW (lpString1="watermark.png", lpString2="System Volume Information") returned 1 [0036.430] lstrcmpiW (lpString1="watermark.png", lpString2=".") returned 1 [0036.430] lstrcmpiW (lpString1="watermark.png", lpString2="..") returned 1 [0036.430] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png") returned 101 [0036.430] StrStrIW (lpFirst="watermark.png", lpSrch=".lolkek") returned 0x0 [0036.430] lstrcmpW (lpString1="watermark.png", lpString2="LOLKEK.txt") returned 1 [0036.430] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png") returned 101 [0036.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x198) returned 0x3ddf8b0 [0036.430] lstrcpyW (in: lpString1=0x3ddf8b0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" [0036.430] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.430] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.430] FindNextFileW (in: hFindFile=0x62e0d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0036.430] FindClose (in: hFindFile=0x62e0d8 | out: hFindFile=0x62e0d8) returned 1 [0036.430] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\LOLKEK.txt") returned 98 [0036.430] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x244 [0036.430] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.430] WriteFile (in: hFile=0x244, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.431] CloseHandle (hObject=0x244) returned 1 [0036.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.431] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd96989e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd96989e, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0036.431] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.431] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\LOLKEK.txt") returned 59 [0036.431] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Device\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\device\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0036.431] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.431] WriteFile (in: hFile=0x240, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.432] CloseHandle (hObject=0x240) returned 1 [0036.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.435] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Task", cAlternateFileName="")) returned 1 [0036.435] lstrcmpiW (lpString1="Task", lpString2="Windows") returned -1 [0036.435] lstrcmpiW (lpString1="Task", lpString2="Program Files") returned 1 [0036.435] lstrcmpiW (lpString1="Task", lpString2="Program Files (x86)") returned 1 [0036.435] lstrcmpiW (lpString1="Task", lpString2="$Recycle.bin") returned 1 [0036.435] lstrcmpiW (lpString1="Task", lpString2="System Volume Information") returned 1 [0036.435] lstrcmpiW (lpString1="Task", lpString2=".") returned 1 [0036.435] lstrcmpiW (lpString1="Task", lpString2="..") returned 1 [0036.435] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task") returned 46 [0036.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.435] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task" [0036.435] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*" [0036.435] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.435] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.435] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.435] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.435] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.435] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.435] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.436] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.436] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.436] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.436] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.436] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.436] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.436] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.436] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.436] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0036.436] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="Windows") returned -1 [0036.436] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="Program Files") returned -1 [0036.436] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="Program Files (x86)") returned -1 [0036.436] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="$Recycle.bin") returned 1 [0036.436] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="System Volume Information") returned -1 [0036.436] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2=".") returned 1 [0036.436] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="..") returned 1 [0036.436] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned 85 [0036.436] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.437] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0036.437] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*" [0036.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0036.505] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.505] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.505] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.505] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.505] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.505] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.505] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.507] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.507] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.507] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.507] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.507] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.507] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.507] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.507] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0036.507] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0036.507] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0036.507] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0036.507] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0036.507] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0036.507] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0036.507] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0036.507] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned 91 [0036.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x66cff0 [0036.507] lstrcpyW (in: lpString1=0x66cff0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0036.507] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*" [0036.507] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0036.507] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.507] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.507] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.507] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.507] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.507] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.507] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.508] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.508] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.508] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.508] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.508] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.508] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.508] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.508] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0036.508] lstrcmpiW (lpString1="resource.xml", lpString2="Windows") returned -1 [0036.508] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files") returned 1 [0036.508] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files (x86)") returned 1 [0036.508] lstrcmpiW (lpString1="resource.xml", lpString2="$Recycle.bin") returned 1 [0036.508] lstrcmpiW (lpString1="resource.xml", lpString2="System Volume Information") returned -1 [0036.508] lstrcmpiW (lpString1="resource.xml", lpString2=".") returned 1 [0036.508] lstrcmpiW (lpString1="resource.xml", lpString2="..") returned 1 [0036.508] wsprintfW (in: param_1=0x66cff0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml") returned 104 [0036.508] StrStrIW (lpFirst="resource.xml", lpSrch=".lolkek") returned 0x0 [0036.508] lstrcmpW (lpString1="resource.xml", lpString2="LOLKEK.txt") returned 1 [0036.508] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml") returned 104 [0036.508] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3df2e30 [0036.508] lstrcpyW (in: lpString1=0x3df2e30, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" [0036.508] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.508] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.508] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0036.508] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0036.509] wsprintfW (in: param_1=0x66cff0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\LOLKEK.txt") returned 102 [0036.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0036.512] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.512] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.512] CloseHandle (hObject=0x290) returned 1 [0036.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x66cff0 | out: hHeap=0x5a0000) returned 1 [0036.513] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0036.513] lstrcmpiW (lpString1="folder.ico", lpString2="Windows") returned -1 [0036.513] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files") returned -1 [0036.513] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files (x86)") returned -1 [0036.513] lstrcmpiW (lpString1="folder.ico", lpString2="$Recycle.bin") returned 1 [0036.513] lstrcmpiW (lpString1="folder.ico", lpString2="System Volume Information") returned -1 [0036.513] lstrcmpiW (lpString1="folder.ico", lpString2=".") returned 1 [0036.513] lstrcmpiW (lpString1="folder.ico", lpString2="..") returned 1 [0036.513] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico") returned 96 [0036.513] StrStrIW (lpFirst="folder.ico", lpSrch=".lolkek") returned 0x0 [0036.513] lstrcmpW (lpString1="folder.ico", lpString2="LOLKEK.txt") returned -1 [0036.513] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico") returned 96 [0036.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x184) returned 0x66cff0 [0036.513] lstrcpyW (in: lpString1=0x66cff0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" [0036.513] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.513] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.513] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0036.513] lstrcmpiW (lpString1="netfol.ico", lpString2="Windows") returned -1 [0036.513] lstrcmpiW (lpString1="netfol.ico", lpString2="Program Files") returned -1 [0036.513] lstrcmpiW (lpString1="netfol.ico", lpString2="Program Files (x86)") returned -1 [0036.513] lstrcmpiW (lpString1="netfol.ico", lpString2="$Recycle.bin") returned 1 [0036.513] lstrcmpiW (lpString1="netfol.ico", lpString2="System Volume Information") returned -1 [0036.513] lstrcmpiW (lpString1="netfol.ico", lpString2=".") returned 1 [0036.513] lstrcmpiW (lpString1="netfol.ico", lpString2="..") returned 1 [0036.513] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico") returned 96 [0036.513] StrStrIW (lpFirst="netfol.ico", lpSrch=".lolkek") returned 0x0 [0036.513] lstrcmpW (lpString1="netfol.ico", lpString2="LOLKEK.txt") returned 1 [0036.513] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico") returned 96 [0036.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x184) returned 0x66d180 [0036.513] lstrcpyW (in: lpString1=0x66d180, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" [0036.513] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.513] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.513] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0036.514] lstrcmpiW (lpString1="pictures.ico", lpString2="Windows") returned -1 [0036.514] lstrcmpiW (lpString1="pictures.ico", lpString2="Program Files") returned -1 [0036.514] lstrcmpiW (lpString1="pictures.ico", lpString2="Program Files (x86)") returned -1 [0036.514] lstrcmpiW (lpString1="pictures.ico", lpString2="$Recycle.bin") returned 1 [0036.514] lstrcmpiW (lpString1="pictures.ico", lpString2="System Volume Information") returned -1 [0036.514] lstrcmpiW (lpString1="pictures.ico", lpString2=".") returned 1 [0036.514] lstrcmpiW (lpString1="pictures.ico", lpString2="..") returned 1 [0036.514] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico") returned 98 [0036.514] StrStrIW (lpFirst="pictures.ico", lpSrch=".lolkek") returned 0x0 [0036.514] lstrcmpW (lpString1="pictures.ico", lpString2="LOLKEK.txt") returned 1 [0036.514] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico") returned 98 [0036.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x66d310 [0036.514] lstrcpyW (in: lpString1=0x66d310, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" [0036.514] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.514] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.514] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0036.514] lstrcmpiW (lpString1="resource.xml", lpString2="Windows") returned -1 [0036.514] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files") returned 1 [0036.514] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files (x86)") returned 1 [0036.514] lstrcmpiW (lpString1="resource.xml", lpString2="$Recycle.bin") returned 1 [0036.514] lstrcmpiW (lpString1="resource.xml", lpString2="System Volume Information") returned -1 [0036.514] lstrcmpiW (lpString1="resource.xml", lpString2=".") returned 1 [0036.514] lstrcmpiW (lpString1="resource.xml", lpString2="..") returned 1 [0036.514] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml") returned 98 [0036.514] StrStrIW (lpFirst="resource.xml", lpSrch=".lolkek") returned 0x0 [0036.514] lstrcmpW (lpString1="resource.xml", lpString2="LOLKEK.txt") returned 1 [0036.514] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml") returned 98 [0036.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x66d4a8 [0036.514] lstrcpyW (in: lpString1=0x66d4a8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" [0036.514] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.514] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.514] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0036.514] lstrcmpiW (lpString1="ringtones.ico", lpString2="Windows") returned -1 [0036.514] lstrcmpiW (lpString1="ringtones.ico", lpString2="Program Files") returned 1 [0036.514] lstrcmpiW (lpString1="ringtones.ico", lpString2="Program Files (x86)") returned 1 [0036.514] lstrcmpiW (lpString1="ringtones.ico", lpString2="$Recycle.bin") returned 1 [0036.514] lstrcmpiW (lpString1="ringtones.ico", lpString2="System Volume Information") returned -1 [0036.514] lstrcmpiW (lpString1="ringtones.ico", lpString2=".") returned 1 [0036.514] lstrcmpiW (lpString1="ringtones.ico", lpString2="..") returned 1 [0036.514] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico") returned 99 [0036.514] StrStrIW (lpFirst="ringtones.ico", lpSrch=".lolkek") returned 0x0 [0036.515] lstrcmpW (lpString1="ringtones.ico", lpString2="LOLKEK.txt") returned 1 [0036.515] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico") returned 99 [0036.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x66d640 [0036.515] lstrcpyW (in: lpString1=0x66d640, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" [0036.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.515] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0036.515] lstrcmpiW (lpString1="settings.ico", lpString2="Windows") returned -1 [0036.515] lstrcmpiW (lpString1="settings.ico", lpString2="Program Files") returned 1 [0036.515] lstrcmpiW (lpString1="settings.ico", lpString2="Program Files (x86)") returned 1 [0036.515] lstrcmpiW (lpString1="settings.ico", lpString2="$Recycle.bin") returned 1 [0036.515] lstrcmpiW (lpString1="settings.ico", lpString2="System Volume Information") returned -1 [0036.515] lstrcmpiW (lpString1="settings.ico", lpString2=".") returned 1 [0036.515] lstrcmpiW (lpString1="settings.ico", lpString2="..") returned 1 [0036.515] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico") returned 98 [0036.515] StrStrIW (lpFirst="settings.ico", lpSrch=".lolkek") returned 0x0 [0036.515] lstrcmpW (lpString1="settings.ico", lpString2="LOLKEK.txt") returned 1 [0036.515] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico") returned 98 [0036.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x66d7d8 [0036.515] lstrcpyW (in: lpString1=0x66d7d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" [0036.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.515] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0036.515] lstrcmpiW (lpString1="sync.ico", lpString2="Windows") returned -1 [0036.515] lstrcmpiW (lpString1="sync.ico", lpString2="Program Files") returned 1 [0036.515] lstrcmpiW (lpString1="sync.ico", lpString2="Program Files (x86)") returned 1 [0036.515] lstrcmpiW (lpString1="sync.ico", lpString2="$Recycle.bin") returned 1 [0036.515] lstrcmpiW (lpString1="sync.ico", lpString2="System Volume Information") returned -1 [0036.515] lstrcmpiW (lpString1="sync.ico", lpString2=".") returned 1 [0036.515] lstrcmpiW (lpString1="sync.ico", lpString2="..") returned 1 [0036.515] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico") returned 94 [0036.515] StrStrIW (lpFirst="sync.ico", lpSrch=".lolkek") returned 0x0 [0036.515] lstrcmpW (lpString1="sync.ico", lpString2="LOLKEK.txt") returned 1 [0036.515] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico") returned 94 [0036.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x66d970 [0036.515] lstrcpyW (in: lpString1=0x66d970, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" [0036.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.516] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0036.516] lstrcmpiW (lpString1="tasks.xml", lpString2="Windows") returned -1 [0036.516] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files") returned 1 [0036.516] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files (x86)") returned 1 [0036.516] lstrcmpiW (lpString1="tasks.xml", lpString2="$Recycle.bin") returned 1 [0036.516] lstrcmpiW (lpString1="tasks.xml", lpString2="System Volume Information") returned 1 [0036.516] lstrcmpiW (lpString1="tasks.xml", lpString2=".") returned 1 [0036.516] lstrcmpiW (lpString1="tasks.xml", lpString2="..") returned 1 [0036.516] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml") returned 95 [0036.516] StrStrIW (lpFirst="tasks.xml", lpSrch=".lolkek") returned 0x0 [0036.516] lstrcmpW (lpString1="tasks.xml", lpString2="LOLKEK.txt") returned 1 [0036.516] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml") returned 95 [0036.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x66daf8 [0036.516] lstrcpyW (in: lpString1=0x66daf8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" [0036.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.516] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0036.516] lstrcmpiW (lpString1="wmp.ico", lpString2="Windows") returned 1 [0036.516] lstrcmpiW (lpString1="wmp.ico", lpString2="Program Files") returned 1 [0036.516] lstrcmpiW (lpString1="wmp.ico", lpString2="Program Files (x86)") returned 1 [0036.516] lstrcmpiW (lpString1="wmp.ico", lpString2="$Recycle.bin") returned 1 [0036.516] lstrcmpiW (lpString1="wmp.ico", lpString2="System Volume Information") returned 1 [0036.516] lstrcmpiW (lpString1="wmp.ico", lpString2=".") returned 1 [0036.516] lstrcmpiW (lpString1="wmp.ico", lpString2="..") returned 1 [0036.516] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico") returned 93 [0036.516] StrStrIW (lpFirst="wmp.ico", lpSrch=".lolkek") returned 0x0 [0036.516] lstrcmpW (lpString1="wmp.ico", lpString2="LOLKEK.txt") returned 1 [0036.516] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico") returned 93 [0036.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x66dc80 [0036.516] lstrcpyW (in: lpString1=0x66dc80, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" [0036.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.516] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0036.517] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0036.517] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\LOLKEK.txt") returned 96 [0036.517] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0036.517] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.517] WriteFile (in: hFile=0x274, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.518] CloseHandle (hObject=0x274) returned 1 [0036.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.518] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0036.518] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="Windows") returned -1 [0036.518] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="Program Files") returned -1 [0036.518] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="Program Files (x86)") returned -1 [0036.518] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="$Recycle.bin") returned 1 [0036.518] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="System Volume Information") returned -1 [0036.518] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2=".") returned 1 [0036.518] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="..") returned 1 [0036.518] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned 85 [0036.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.518] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0036.518] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*" [0036.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.565] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.565] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.565] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.565] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.565] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.565] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.565] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.565] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.565] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.565] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.565] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.565] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.565] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.565] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.565] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0036.565] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0036.565] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0036.565] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0036.565] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0036.565] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0036.565] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0036.565] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0036.565] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned 91 [0036.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ca7650 [0036.566] lstrcpyW (in: lpString1=0x3ca7650, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0036.566] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*" [0036.566] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0036.566] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.566] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.566] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.566] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.566] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.566] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.566] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22f23962, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.566] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.566] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.566] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.566] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.566] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.566] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.566] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.566] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0036.566] lstrcmpiW (lpString1="resource.xml", lpString2="Windows") returned -1 [0036.566] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files") returned 1 [0036.566] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files (x86)") returned 1 [0036.566] lstrcmpiW (lpString1="resource.xml", lpString2="$Recycle.bin") returned 1 [0036.566] lstrcmpiW (lpString1="resource.xml", lpString2="System Volume Information") returned -1 [0036.566] lstrcmpiW (lpString1="resource.xml", lpString2=".") returned 1 [0036.566] lstrcmpiW (lpString1="resource.xml", lpString2="..") returned 1 [0036.566] wsprintfW (in: param_1=0x3ca7650, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml") returned 104 [0036.567] StrStrIW (lpFirst="resource.xml", lpSrch=".lolkek") returned 0x0 [0036.567] lstrcmpW (lpString1="resource.xml", lpString2="LOLKEK.txt") returned 1 [0036.567] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml") returned 104 [0036.567] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3c94aa8 [0036.567] lstrcpyW (in: lpString1=0x3c94aa8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" [0036.567] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.567] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.567] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0036.567] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0036.567] wsprintfW (in: param_1=0x3ca7650, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\LOLKEK.txt") returned 102 [0036.567] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0036.567] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.567] WriteFile (in: hFile=0x2ac, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.568] CloseHandle (hObject=0x2ac) returned 1 [0036.568] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ca7650 | out: hHeap=0x5a0000) returned 1 [0036.569] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0036.569] lstrcmpiW (lpString1="folder.ico", lpString2="Windows") returned -1 [0036.569] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files") returned -1 [0036.569] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files (x86)") returned -1 [0036.569] lstrcmpiW (lpString1="folder.ico", lpString2="$Recycle.bin") returned 1 [0036.569] lstrcmpiW (lpString1="folder.ico", lpString2="System Volume Information") returned -1 [0036.569] lstrcmpiW (lpString1="folder.ico", lpString2=".") returned 1 [0036.569] lstrcmpiW (lpString1="folder.ico", lpString2="..") returned 1 [0036.569] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico") returned 96 [0036.569] StrStrIW (lpFirst="folder.ico", lpSrch=".lolkek") returned 0x0 [0036.569] lstrcmpW (lpString1="folder.ico", lpString2="LOLKEK.txt") returned -1 [0036.569] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico") returned 96 [0036.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x184) returned 0x3c94c58 [0036.569] lstrcpyW (in: lpString1=0x3c94c58, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" [0036.569] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.569] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.569] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0036.569] lstrcmpiW (lpString1="print_pref.ico", lpString2="Windows") returned -1 [0036.569] lstrcmpiW (lpString1="print_pref.ico", lpString2="Program Files") returned -1 [0036.569] lstrcmpiW (lpString1="print_pref.ico", lpString2="Program Files (x86)") returned -1 [0036.569] lstrcmpiW (lpString1="print_pref.ico", lpString2="$Recycle.bin") returned 1 [0036.569] lstrcmpiW (lpString1="print_pref.ico", lpString2="System Volume Information") returned -1 [0036.569] lstrcmpiW (lpString1="print_pref.ico", lpString2=".") returned 1 [0036.569] lstrcmpiW (lpString1="print_pref.ico", lpString2="..") returned 1 [0036.569] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico") returned 100 [0036.569] StrStrIW (lpFirst="print_pref.ico", lpSrch=".lolkek") returned 0x0 [0036.569] lstrcmpW (lpString1="print_pref.ico", lpString2="LOLKEK.txt") returned 1 [0036.569] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico") returned 100 [0036.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x676e08 [0036.570] lstrcpyW (in: lpString1=0x676e08, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" [0036.570] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.570] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.570] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0036.570] lstrcmpiW (lpString1="print_property.ico", lpString2="Windows") returned -1 [0036.570] lstrcmpiW (lpString1="print_property.ico", lpString2="Program Files") returned -1 [0036.570] lstrcmpiW (lpString1="print_property.ico", lpString2="Program Files (x86)") returned -1 [0036.570] lstrcmpiW (lpString1="print_property.ico", lpString2="$Recycle.bin") returned 1 [0036.570] lstrcmpiW (lpString1="print_property.ico", lpString2="System Volume Information") returned -1 [0036.570] lstrcmpiW (lpString1="print_property.ico", lpString2=".") returned 1 [0036.570] lstrcmpiW (lpString1="print_property.ico", lpString2="..") returned 1 [0036.570] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico") returned 104 [0036.570] StrStrIW (lpFirst="print_property.ico", lpSrch=".lolkek") returned 0x0 [0036.570] lstrcmpW (lpString1="print_property.ico", lpString2="LOLKEK.txt") returned 1 [0036.570] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico") returned 104 [0036.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x676fa8 [0036.570] lstrcpyW (in: lpString1=0x676fa8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" [0036.570] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.570] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.570] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0036.570] lstrcmpiW (lpString1="print_queue.ico", lpString2="Windows") returned -1 [0036.570] lstrcmpiW (lpString1="print_queue.ico", lpString2="Program Files") returned -1 [0036.570] lstrcmpiW (lpString1="print_queue.ico", lpString2="Program Files (x86)") returned -1 [0036.570] lstrcmpiW (lpString1="print_queue.ico", lpString2="$Recycle.bin") returned 1 [0036.570] lstrcmpiW (lpString1="print_queue.ico", lpString2="System Volume Information") returned -1 [0036.570] lstrcmpiW (lpString1="print_queue.ico", lpString2=".") returned 1 [0036.570] lstrcmpiW (lpString1="print_queue.ico", lpString2="..") returned 1 [0036.570] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico") returned 101 [0036.570] StrStrIW (lpFirst="print_queue.ico", lpSrch=".lolkek") returned 0x0 [0036.570] lstrcmpW (lpString1="print_queue.ico", lpString2="LOLKEK.txt") returned 1 [0036.570] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico") returned 101 [0036.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x198) returned 0x677158 [0036.570] lstrcpyW (in: lpString1=0x677158, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" [0036.570] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.570] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.570] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0036.571] lstrcmpiW (lpString1="scan_.ico", lpString2="Windows") returned -1 [0036.571] lstrcmpiW (lpString1="scan_.ico", lpString2="Program Files") returned 1 [0036.571] lstrcmpiW (lpString1="scan_.ico", lpString2="Program Files (x86)") returned 1 [0036.571] lstrcmpiW (lpString1="scan_.ico", lpString2="$Recycle.bin") returned 1 [0036.571] lstrcmpiW (lpString1="scan_.ico", lpString2="System Volume Information") returned -1 [0036.571] lstrcmpiW (lpString1="scan_.ico", lpString2=".") returned 1 [0036.571] lstrcmpiW (lpString1="scan_.ico", lpString2="..") returned 1 [0036.571] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico") returned 95 [0036.571] StrStrIW (lpFirst="scan_.ico", lpSrch=".lolkek") returned 0x0 [0036.571] lstrcmpW (lpString1="scan_.ico", lpString2="LOLKEK.txt") returned 1 [0036.571] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico") returned 95 [0036.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x6772f8 [0036.571] lstrcpyW (in: lpString1=0x6772f8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" [0036.571] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.571] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.571] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0036.571] lstrcmpiW (lpString1="scan_property.ico", lpString2="Windows") returned -1 [0036.571] lstrcmpiW (lpString1="scan_property.ico", lpString2="Program Files") returned 1 [0036.571] lstrcmpiW (lpString1="scan_property.ico", lpString2="Program Files (x86)") returned 1 [0036.571] lstrcmpiW (lpString1="scan_property.ico", lpString2="$Recycle.bin") returned 1 [0036.571] lstrcmpiW (lpString1="scan_property.ico", lpString2="System Volume Information") returned -1 [0036.571] lstrcmpiW (lpString1="scan_property.ico", lpString2=".") returned 1 [0036.571] lstrcmpiW (lpString1="scan_property.ico", lpString2="..") returned 1 [0036.571] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico") returned 103 [0036.571] StrStrIW (lpFirst="scan_property.ico", lpSrch=".lolkek") returned 0x0 [0036.571] lstrcmpW (lpString1="scan_property.ico", lpString2="LOLKEK.txt") returned 1 [0036.571] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico") returned 103 [0036.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x677480 [0036.571] lstrcpyW (in: lpString1=0x677480, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" [0036.571] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.571] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.571] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0036.571] lstrcmpiW (lpString1="scan_settings.ico", lpString2="Windows") returned -1 [0036.571] lstrcmpiW (lpString1="scan_settings.ico", lpString2="Program Files") returned 1 [0036.571] lstrcmpiW (lpString1="scan_settings.ico", lpString2="Program Files (x86)") returned 1 [0036.571] lstrcmpiW (lpString1="scan_settings.ico", lpString2="$Recycle.bin") returned 1 [0036.571] lstrcmpiW (lpString1="scan_settings.ico", lpString2="System Volume Information") returned -1 [0036.571] lstrcmpiW (lpString1="scan_settings.ico", lpString2=".") returned 1 [0036.572] lstrcmpiW (lpString1="scan_settings.ico", lpString2="..") returned 1 [0036.572] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico") returned 103 [0036.572] StrStrIW (lpFirst="scan_settings.ico", lpSrch=".lolkek") returned 0x0 [0036.572] lstrcmpW (lpString1="scan_settings.ico", lpString2="LOLKEK.txt") returned 1 [0036.572] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico") returned 103 [0036.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x677628 [0036.572] lstrcpyW (in: lpString1=0x677628, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" [0036.572] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.572] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.572] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0036.572] lstrcmpiW (lpString1="tasks.xml", lpString2="Windows") returned -1 [0036.572] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files") returned 1 [0036.572] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files (x86)") returned 1 [0036.572] lstrcmpiW (lpString1="tasks.xml", lpString2="$Recycle.bin") returned 1 [0036.572] lstrcmpiW (lpString1="tasks.xml", lpString2="System Volume Information") returned 1 [0036.572] lstrcmpiW (lpString1="tasks.xml", lpString2=".") returned 1 [0036.572] lstrcmpiW (lpString1="tasks.xml", lpString2="..") returned 1 [0036.572] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml") returned 95 [0036.572] StrStrIW (lpFirst="tasks.xml", lpSrch=".lolkek") returned 0x0 [0036.572] lstrcmpW (lpString1="tasks.xml", lpString2="LOLKEK.txt") returned 1 [0036.572] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml") returned 95 [0036.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x6777d0 [0036.572] lstrcpyW (in: lpString1=0x6777d0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" [0036.572] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.572] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.572] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tasks.xml", cAlternateFileName="")) returned 0 [0036.572] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.572] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\LOLKEK.txt") returned 96 [0036.572] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0036.573] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.573] WriteFile (in: hFile=0x274, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.573] CloseHandle (hObject=0x274) returned 1 [0036.573] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.573] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0036.573] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.573] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\LOLKEK.txt") returned 57 [0036.573] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\Task\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\task\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0036.574] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.574] WriteFile (in: hFile=0x240, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.575] CloseHandle (hObject=0x240) returned 1 [0036.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.575] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Task", cAlternateFileName="")) returned 0 [0036.575] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.575] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\LOLKEK.txt") returned 52 [0036.575] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Device Stage\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\device stage\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0036.575] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.575] WriteFile (in: hFile=0x21c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.576] CloseHandle (hObject=0x21c) returned 1 [0036.576] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.577] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0036.577] lstrcmpiW (lpString1="DeviceSync", lpString2="Windows") returned -1 [0036.577] lstrcmpiW (lpString1="DeviceSync", lpString2="Program Files") returned -1 [0036.577] lstrcmpiW (lpString1="DeviceSync", lpString2="Program Files (x86)") returned -1 [0036.577] lstrcmpiW (lpString1="DeviceSync", lpString2="$Recycle.bin") returned 1 [0036.577] lstrcmpiW (lpString1="DeviceSync", lpString2="System Volume Information") returned -1 [0036.577] lstrcmpiW (lpString1="DeviceSync", lpString2=".") returned 1 [0036.577] lstrcmpiW (lpString1="DeviceSync", lpString2="..") returned 1 [0036.577] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync") returned 39 [0036.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.577] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync") returned="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync" [0036.577] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\*" [0036.577] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.578] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.578] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.578] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.578] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.578] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.578] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.578] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.578] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.578] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.578] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.578] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.578] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.578] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.578] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.578] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd789d88f, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.578] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.578] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\LOLKEK.txt") returned 50 [0036.578] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DeviceSync\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\devicesync\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0036.579] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.579] WriteFile (in: hFile=0x21c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.579] CloseHandle (hObject=0x21c) returned 1 [0036.579] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.579] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DRM", cAlternateFileName="")) returned 1 [0036.579] lstrcmpiW (lpString1="DRM", lpString2="Windows") returned -1 [0036.579] lstrcmpiW (lpString1="DRM", lpString2="Program Files") returned -1 [0036.579] lstrcmpiW (lpString1="DRM", lpString2="Program Files (x86)") returned -1 [0036.579] lstrcmpiW (lpString1="DRM", lpString2="$Recycle.bin") returned 1 [0036.579] lstrcmpiW (lpString1="DRM", lpString2="System Volume Information") returned -1 [0036.579] lstrcmpiW (lpString1="DRM", lpString2=".") returned 1 [0036.579] lstrcmpiW (lpString1="DRM", lpString2="..") returned 1 [0036.579] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM") returned 32 [0036.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.580] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\DRM" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM") returned="\\\\?\\C:\\ProgramData\\Microsoft\\DRM" [0036.580] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\*" [0036.580] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.580] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.580] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.580] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.580] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.580] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.580] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.580] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd98f9f8, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.580] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.580] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.580] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.580] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.580] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.580] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.580] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.580] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Server", cAlternateFileName="")) returned 1 [0036.580] lstrcmpiW (lpString1="Server", lpString2="Windows") returned -1 [0036.580] lstrcmpiW (lpString1="Server", lpString2="Program Files") returned 1 [0036.580] lstrcmpiW (lpString1="Server", lpString2="Program Files (x86)") returned 1 [0036.580] lstrcmpiW (lpString1="Server", lpString2="$Recycle.bin") returned 1 [0036.580] lstrcmpiW (lpString1="Server", lpString2="System Volume Information") returned -1 [0036.580] lstrcmpiW (lpString1="Server", lpString2=".") returned 1 [0036.580] lstrcmpiW (lpString1="Server", lpString2="..") returned 1 [0036.580] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server") returned 39 [0036.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.581] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server") returned="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server" [0036.581] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\*" [0036.581] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.581] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.581] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.581] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.581] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.581] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.581] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.581] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.581] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.581] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.581] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.581] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.581] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.581] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.581] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.581] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.581] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.581] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\LOLKEK.txt") returned 50 [0036.581] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\Server\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\drm\\server\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0036.582] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.582] WriteFile (in: hFile=0x240, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.582] CloseHandle (hObject=0x240) returned 1 [0036.582] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.582] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd98f9f8, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xba6f6d7d, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Server", cAlternateFileName="")) returned 0 [0036.582] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.582] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\LOLKEK.txt") returned 43 [0036.582] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\DRM\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\drm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0036.583] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.583] WriteFile (in: hFile=0x21c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.583] CloseHandle (hObject=0x21c) returned 1 [0036.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.583] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eHome", cAlternateFileName="")) returned 1 [0036.583] lstrcmpiW (lpString1="eHome", lpString2="Windows") returned -1 [0036.583] lstrcmpiW (lpString1="eHome", lpString2="Program Files") returned -1 [0036.584] lstrcmpiW (lpString1="eHome", lpString2="Program Files (x86)") returned -1 [0036.584] lstrcmpiW (lpString1="eHome", lpString2="$Recycle.bin") returned 1 [0036.584] lstrcmpiW (lpString1="eHome", lpString2="System Volume Information") returned -1 [0036.584] lstrcmpiW (lpString1="eHome", lpString2=".") returned 1 [0036.584] lstrcmpiW (lpString1="eHome", lpString2="..") returned 1 [0036.584] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome") returned 34 [0036.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.584] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\eHome" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome") returned="\\\\?\\C:\\ProgramData\\Microsoft\\eHome" [0036.584] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\*" [0036.584] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.584] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.584] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.584] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.584] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.584] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.584] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.584] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.584] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.584] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.584] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.584] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.584] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.584] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.584] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.584] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="logs", cAlternateFileName="")) returned 1 [0036.584] lstrcmpiW (lpString1="logs", lpString2="Windows") returned -1 [0036.584] lstrcmpiW (lpString1="logs", lpString2="Program Files") returned -1 [0036.584] lstrcmpiW (lpString1="logs", lpString2="Program Files (x86)") returned -1 [0036.584] lstrcmpiW (lpString1="logs", lpString2="$Recycle.bin") returned 1 [0036.584] lstrcmpiW (lpString1="logs", lpString2="System Volume Information") returned -1 [0036.584] lstrcmpiW (lpString1="logs", lpString2=".") returned 1 [0036.584] lstrcmpiW (lpString1="logs", lpString2="..") returned 1 [0036.584] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs") returned 39 [0036.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.585] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs") returned="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs" [0036.585] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\*" [0036.585] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.585] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.585] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.585] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.585] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.585] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.585] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.585] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.585] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.585] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.585] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.585] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.585] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.585] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.585] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.585] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.585] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.585] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\LOLKEK.txt") returned 50 [0036.585] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\logs\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\ehome\\logs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0036.585] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.586] WriteFile (in: hFile=0x240, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.586] CloseHandle (hObject=0x240) returned 1 [0036.586] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.586] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9182055d, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="logs", cAlternateFileName="")) returned 0 [0036.586] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.586] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\LOLKEK.txt") returned 45 [0036.586] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\eHome\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\ehome\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.589] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.589] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.589] CloseHandle (hObject=0x2a8) returned 1 [0036.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.590] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0036.590] lstrcmpiW (lpString1="Event Viewer", lpString2="Windows") returned -1 [0036.590] lstrcmpiW (lpString1="Event Viewer", lpString2="Program Files") returned -1 [0036.590] lstrcmpiW (lpString1="Event Viewer", lpString2="Program Files (x86)") returned -1 [0036.590] lstrcmpiW (lpString1="Event Viewer", lpString2="$Recycle.bin") returned 1 [0036.590] lstrcmpiW (lpString1="Event Viewer", lpString2="System Volume Information") returned -1 [0036.590] lstrcmpiW (lpString1="Event Viewer", lpString2=".") returned 1 [0036.590] lstrcmpiW (lpString1="Event Viewer", lpString2="..") returned 1 [0036.590] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer") returned 41 [0036.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.590] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer" [0036.590] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\*" [0036.590] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.590] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.590] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.590] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.591] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.591] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.591] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.591] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3a6c7630, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x3a6c7630, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.591] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.591] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.591] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.591] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.591] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.591] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.591] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.591] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Views", cAlternateFileName="")) returned 1 [0036.591] lstrcmpiW (lpString1="Views", lpString2="Windows") returned -1 [0036.591] lstrcmpiW (lpString1="Views", lpString2="Program Files") returned 1 [0036.591] lstrcmpiW (lpString1="Views", lpString2="Program Files (x86)") returned 1 [0036.591] lstrcmpiW (lpString1="Views", lpString2="$Recycle.bin") returned 1 [0036.591] lstrcmpiW (lpString1="Views", lpString2="System Volume Information") returned 1 [0036.591] lstrcmpiW (lpString1="Views", lpString2=".") returned 1 [0036.591] lstrcmpiW (lpString1="Views", lpString2="..") returned 1 [0036.591] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views") returned 47 [0036.591] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.591] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views" [0036.591] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*" [0036.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.591] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.591] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.591] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.591] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.591] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.591] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.591] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.591] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.591] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.591] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.592] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.592] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.592] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0036.592] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="Windows") returned -1 [0036.592] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="Program Files") returned -1 [0036.592] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="Program Files (x86)") returned -1 [0036.592] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="$Recycle.bin") returned 1 [0036.592] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="System Volume Information") returned -1 [0036.592] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2=".") returned 1 [0036.592] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="..") returned 1 [0036.592] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned 72 [0036.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.592] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0036.592] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*" [0036.592] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.592] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.592] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.592] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.592] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.592] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.592] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.592] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.592] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.593] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.593] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.593] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.593] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.593] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.593] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.593] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.593] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.593] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\LOLKEK.txt") returned 83 [0036.593] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\event viewer\\views\\applicationviewsrootnode\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.593] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.593] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.594] CloseHandle (hObject=0x270) returned 1 [0036.594] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.594] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 0 [0036.594] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.594] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\LOLKEK.txt") returned 58 [0036.594] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\Views\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\event viewer\\views\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.594] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.594] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.595] CloseHandle (hObject=0x2a0) returned 1 [0036.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.595] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3235c810, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3235c810, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Views", cAlternateFileName="")) returned 0 [0036.595] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.595] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\LOLKEK.txt") returned 52 [0036.595] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Event Viewer\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\event viewer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.595] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.595] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.596] CloseHandle (hObject=0x2a8) returned 1 [0036.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.596] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0036.596] lstrcmpiW (lpString1="IdentityCRL", lpString2="Windows") returned -1 [0036.596] lstrcmpiW (lpString1="IdentityCRL", lpString2="Program Files") returned -1 [0036.596] lstrcmpiW (lpString1="IdentityCRL", lpString2="Program Files (x86)") returned -1 [0036.596] lstrcmpiW (lpString1="IdentityCRL", lpString2="$Recycle.bin") returned 1 [0036.596] lstrcmpiW (lpString1="IdentityCRL", lpString2="System Volume Information") returned -1 [0036.596] lstrcmpiW (lpString1="IdentityCRL", lpString2=".") returned 1 [0036.596] lstrcmpiW (lpString1="IdentityCRL", lpString2="..") returned 1 [0036.596] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL") returned 40 [0036.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.596] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL") returned="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL" [0036.596] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\*" [0036.596] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.596] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.596] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.596] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.597] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.597] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.597] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.597] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.597] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.597] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.597] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.597] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.597] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.597] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.597] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.597] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac29de1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3d00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ppcrlconfig.dll", cAlternateFileName="PPCRLC~1.DLL")) returned 1 [0036.597] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="Windows") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="Program Files") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="Program Files (x86)") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="$Recycle.bin") returned 1 [0036.597] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="System Volume Information") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2=".") returned 1 [0036.597] lstrcmpiW (lpString1="ppcrlconfig.dll", lpString2="..") returned 1 [0036.597] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll") returned 56 [0036.597] StrStrIW (lpFirst="ppcrlconfig.dll", lpSrch=".lolkek") returned 0x0 [0036.597] lstrcmpW (lpString1="ppcrlconfig.dll", lpString2="LOLKEK.txt") returned 1 [0036.597] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll") returned 56 [0036.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x3c94de8 [0036.597] lstrcpyW (in: lpString1=0x3c94de8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlconfig.dll" [0036.597] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.597] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.597] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 1 [0036.597] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="Windows") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="Program Files") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="Program Files (x86)") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="$Recycle.bin") returned 1 [0036.597] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="System Volume Information") returned -1 [0036.597] lstrcmpiW (lpString1="ppcrlui.dll", lpString2=".") returned 1 [0036.597] lstrcmpiW (lpString1="ppcrlui.dll", lpString2="..") returned 1 [0036.597] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll") returned 52 [0036.597] StrStrIW (lpFirst="ppcrlui.dll", lpSrch=".lolkek") returned 0x0 [0036.597] lstrcmpW (lpString1="ppcrlui.dll", lpString2="LOLKEK.txt") returned 1 [0036.597] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll") returned 52 [0036.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x67ca98 [0036.598] lstrcpyW (in: lpString1=0x67ca98, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\ppcrlui.dll" [0036.598] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.598] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.598] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x6ac4ff3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3e108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ppcrlui.dll", cAlternateFileName="")) returned 0 [0036.598] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.598] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\LOLKEK.txt") returned 51 [0036.598] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\IdentityCRL\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\identitycrl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.598] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.598] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.599] CloseHandle (hObject=0x2a8) returned 1 [0036.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.599] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0036.599] lstrcmpiW (lpString1="Media Player", lpString2="Windows") returned -1 [0036.599] lstrcmpiW (lpString1="Media Player", lpString2="Program Files") returned -1 [0036.599] lstrcmpiW (lpString1="Media Player", lpString2="Program Files (x86)") returned -1 [0036.599] lstrcmpiW (lpString1="Media Player", lpString2="$Recycle.bin") returned 1 [0036.599] lstrcmpiW (lpString1="Media Player", lpString2="System Volume Information") returned -1 [0036.599] lstrcmpiW (lpString1="Media Player", lpString2=".") returned 1 [0036.599] lstrcmpiW (lpString1="Media Player", lpString2="..") returned 1 [0036.599] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player") returned 41 [0036.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.599] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player" [0036.599] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\*" [0036.600] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.600] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.600] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.600] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.600] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.600] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.600] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.600] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.600] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.600] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.600] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.600] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.600] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.600] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.600] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.600] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3ee349fc, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3ee349fc, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.600] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.600] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\LOLKEK.txt") returned 52 [0036.600] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Media Player\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\media player\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.601] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.601] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.601] CloseHandle (hObject=0x2a8) returned 1 [0036.602] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.602] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MF", cAlternateFileName="")) returned 1 [0036.602] lstrcmpiW (lpString1="MF", lpString2="Windows") returned -1 [0036.602] lstrcmpiW (lpString1="MF", lpString2="Program Files") returned -1 [0036.602] lstrcmpiW (lpString1="MF", lpString2="Program Files (x86)") returned -1 [0036.602] lstrcmpiW (lpString1="MF", lpString2="$Recycle.bin") returned 1 [0036.602] lstrcmpiW (lpString1="MF", lpString2="System Volume Information") returned -1 [0036.602] lstrcmpiW (lpString1="MF", lpString2=".") returned 1 [0036.602] lstrcmpiW (lpString1="MF", lpString2="..") returned 1 [0036.602] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MF") returned 31 [0036.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.602] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\MF" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MF") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MF" [0036.602] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MF", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\*" [0036.602] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.602] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.602] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.602] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.602] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.602] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.602] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.602] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.602] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.602] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.602] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.602] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.602] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.602] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.602] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.602] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Active.GRL", cAlternateFileName="")) returned 1 [0036.602] lstrcmpiW (lpString1="Active.GRL", lpString2="Windows") returned -1 [0036.602] lstrcmpiW (lpString1="Active.GRL", lpString2="Program Files") returned -1 [0036.602] lstrcmpiW (lpString1="Active.GRL", lpString2="Program Files (x86)") returned -1 [0036.602] lstrcmpiW (lpString1="Active.GRL", lpString2="$Recycle.bin") returned 1 [0036.602] lstrcmpiW (lpString1="Active.GRL", lpString2="System Volume Information") returned -1 [0036.602] lstrcmpiW (lpString1="Active.GRL", lpString2=".") returned 1 [0036.603] lstrcmpiW (lpString1="Active.GRL", lpString2="..") returned 1 [0036.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL") returned 42 [0036.603] StrStrIW (lpFirst="Active.GRL", lpSrch=".lolkek") returned 0x0 [0036.603] lstrcmpW (lpString1="Active.GRL", lpString2="LOLKEK.txt") returned -1 [0036.603] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL") returned 42 [0036.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xac) returned 0x61b7d8 [0036.603] lstrcpyW (in: lpString1=0x61b7d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Active.GRL" [0036.603] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.603] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.603] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pending.GRL", cAlternateFileName="")) returned 1 [0036.603] lstrcmpiW (lpString1="Pending.GRL", lpString2="Windows") returned -1 [0036.603] lstrcmpiW (lpString1="Pending.GRL", lpString2="Program Files") returned -1 [0036.603] lstrcmpiW (lpString1="Pending.GRL", lpString2="Program Files (x86)") returned -1 [0036.603] lstrcmpiW (lpString1="Pending.GRL", lpString2="$Recycle.bin") returned 1 [0036.603] lstrcmpiW (lpString1="Pending.GRL", lpString2="System Volume Information") returned -1 [0036.603] lstrcmpiW (lpString1="Pending.GRL", lpString2=".") returned 1 [0036.603] lstrcmpiW (lpString1="Pending.GRL", lpString2="..") returned 1 [0036.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL") returned 43 [0036.603] StrStrIW (lpFirst="Pending.GRL", lpSrch=".lolkek") returned 0x0 [0036.603] lstrcmpW (lpString1="Pending.GRL", lpString2="LOLKEK.txt") returned 1 [0036.603] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL") returned 43 [0036.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb0) returned 0x3bf1b80 [0036.603] lstrcpyW (in: lpString1=0x3bf1b80, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\Pending.GRL" [0036.603] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.603] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.603] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3a7c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pending.GRL", cAlternateFileName="")) returned 0 [0036.603] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\LOLKEK.txt") returned 42 [0036.603] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MF\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\mf\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.603] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.604] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.604] CloseHandle (hObject=0x2a8) returned 1 [0036.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.604] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSDN", cAlternateFileName="")) returned 1 [0036.604] lstrcmpiW (lpString1="MSDN", lpString2="Windows") returned -1 [0036.604] lstrcmpiW (lpString1="MSDN", lpString2="Program Files") returned -1 [0036.604] lstrcmpiW (lpString1="MSDN", lpString2="Program Files (x86)") returned -1 [0036.604] lstrcmpiW (lpString1="MSDN", lpString2="$Recycle.bin") returned 1 [0036.604] lstrcmpiW (lpString1="MSDN", lpString2="System Volume Information") returned -1 [0036.604] lstrcmpiW (lpString1="MSDN", lpString2=".") returned 1 [0036.604] lstrcmpiW (lpString1="MSDN", lpString2="..") returned 1 [0036.604] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN") returned 33 [0036.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.604] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN" [0036.605] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\*" [0036.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.605] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.605] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.605] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.605] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.605] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.605] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.605] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.605] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.605] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.605] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.605] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.605] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.605] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.605] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.605] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8.0", cAlternateFileName="")) returned 1 [0036.605] lstrcmpiW (lpString1="8.0", lpString2="Windows") returned -1 [0036.605] lstrcmpiW (lpString1="8.0", lpString2="Program Files") returned -1 [0036.605] lstrcmpiW (lpString1="8.0", lpString2="Program Files (x86)") returned -1 [0036.605] lstrcmpiW (lpString1="8.0", lpString2="$Recycle.bin") returned 1 [0036.605] lstrcmpiW (lpString1="8.0", lpString2="System Volume Information") returned -1 [0036.605] lstrcmpiW (lpString1="8.0", lpString2=".") returned 1 [0036.605] lstrcmpiW (lpString1="8.0", lpString2="..") returned 1 [0036.605] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0") returned 37 [0036.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.605] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0" [0036.605] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*" [0036.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.606] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.606] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.606] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.606] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.606] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.606] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.606] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.606] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.606] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.606] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.606] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.606] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.606] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.606] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.606] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.606] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.606] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\LOLKEK.txt") returned 48 [0036.606] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\8.0\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\msdn\\8.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.606] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.606] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.607] CloseHandle (hObject=0x2a0) returned 1 [0036.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.607] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8.0", cAlternateFileName="")) returned 0 [0036.607] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.607] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\LOLKEK.txt") returned 44 [0036.607] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\MSDN\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\msdn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.608] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.608] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.608] CloseHandle (hObject=0x2a8) returned 1 [0036.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.608] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0036.608] lstrcmpiW (lpString1="NetFramework", lpString2="Windows") returned -1 [0036.608] lstrcmpiW (lpString1="NetFramework", lpString2="Program Files") returned -1 [0036.608] lstrcmpiW (lpString1="NetFramework", lpString2="Program Files (x86)") returned -1 [0036.608] lstrcmpiW (lpString1="NetFramework", lpString2="$Recycle.bin") returned 1 [0036.608] lstrcmpiW (lpString1="NetFramework", lpString2="System Volume Information") returned -1 [0036.609] lstrcmpiW (lpString1="NetFramework", lpString2=".") returned 1 [0036.609] lstrcmpiW (lpString1="NetFramework", lpString2="..") returned 1 [0036.609] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework") returned 41 [0036.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.609] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework") returned="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework" [0036.609] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\*" [0036.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.609] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.609] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.609] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.609] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.609] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.609] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.609] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.609] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.609] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.609] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.610] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.610] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.610] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.610] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.610] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 1 [0036.610] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="Windows") returned -1 [0036.610] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="Program Files") returned -1 [0036.610] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="Program Files (x86)") returned -1 [0036.610] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="$Recycle.bin") returned 1 [0036.610] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="System Volume Information") returned -1 [0036.610] lstrcmpiW (lpString1="BreadcrumbStore", lpString2=".") returned 1 [0036.610] lstrcmpiW (lpString1="BreadcrumbStore", lpString2="..") returned 1 [0036.610] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore") returned 57 [0036.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.610] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore") returned="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore" [0036.610] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*" [0036.610] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.610] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.610] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.610] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.610] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.610] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.610] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.610] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.610] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.610] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.610] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.610] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.610] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.610] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.610] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.610] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.611] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.611] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\LOLKEK.txt") returned 68 [0036.611] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\BreadcrumbStore\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\netframework\\breadcrumbstore\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.612] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.612] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.613] CloseHandle (hObject=0x2a0) returned 1 [0036.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.613] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56ac2f60, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56ac2f60, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BreadcrumbStore", cAlternateFileName="BREADC~1")) returned 0 [0036.613] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.613] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\LOLKEK.txt") returned 52 [0036.613] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\NetFramework\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\netframework\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.613] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.613] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.614] CloseHandle (hObject=0x2a8) returned 1 [0036.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.614] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Network", cAlternateFileName="")) returned 1 [0036.614] lstrcmpiW (lpString1="Network", lpString2="Windows") returned -1 [0036.614] lstrcmpiW (lpString1="Network", lpString2="Program Files") returned -1 [0036.614] lstrcmpiW (lpString1="Network", lpString2="Program Files (x86)") returned -1 [0036.614] lstrcmpiW (lpString1="Network", lpString2="$Recycle.bin") returned 1 [0036.614] lstrcmpiW (lpString1="Network", lpString2="System Volume Information") returned -1 [0036.614] lstrcmpiW (lpString1="Network", lpString2=".") returned 1 [0036.614] lstrcmpiW (lpString1="Network", lpString2="..") returned 1 [0036.614] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network") returned 36 [0036.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.614] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Network" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network" [0036.614] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\*" [0036.614] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.615] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.615] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.615] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.615] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.615] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.615] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.615] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.615] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.615] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.615] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.615] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.615] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.615] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.615] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.615] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0036.615] lstrcmpiW (lpString1="Connections", lpString2="Windows") returned -1 [0036.615] lstrcmpiW (lpString1="Connections", lpString2="Program Files") returned -1 [0036.615] lstrcmpiW (lpString1="Connections", lpString2="Program Files (x86)") returned -1 [0036.615] lstrcmpiW (lpString1="Connections", lpString2="$Recycle.bin") returned 1 [0036.615] lstrcmpiW (lpString1="Connections", lpString2="System Volume Information") returned -1 [0036.615] lstrcmpiW (lpString1="Connections", lpString2=".") returned 1 [0036.615] lstrcmpiW (lpString1="Connections", lpString2="..") returned 1 [0036.615] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections") returned 48 [0036.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.615] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections" [0036.615] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\*" [0036.615] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.615] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.615] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.616] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.616] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.616] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.616] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.616] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.616] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.616] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.616] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.616] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.616] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.616] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.616] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.616] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xa68726b4, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.616] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.616] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\LOLKEK.txt") returned 59 [0036.616] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Connections\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\network\\connections\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.616] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.616] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.617] CloseHandle (hObject=0x2a0) returned 1 [0036.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.617] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0036.617] lstrcmpiW (lpString1="Downloader", lpString2="Windows") returned -1 [0036.617] lstrcmpiW (lpString1="Downloader", lpString2="Program Files") returned -1 [0036.617] lstrcmpiW (lpString1="Downloader", lpString2="Program Files (x86)") returned -1 [0036.617] lstrcmpiW (lpString1="Downloader", lpString2="$Recycle.bin") returned 1 [0036.617] lstrcmpiW (lpString1="Downloader", lpString2="System Volume Information") returned -1 [0036.617] lstrcmpiW (lpString1="Downloader", lpString2=".") returned 1 [0036.617] lstrcmpiW (lpString1="Downloader", lpString2="..") returned 1 [0036.617] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader") returned 47 [0036.617] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.617] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader" [0036.617] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\*" [0036.617] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.618] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.618] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.618] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.618] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.618] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.618] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.618] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.618] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.618] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.618] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.618] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.618] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.618] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.618] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.618] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xe0118910, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qmgr0.dat", cAlternateFileName="")) returned 1 [0036.618] lstrcmpiW (lpString1="qmgr0.dat", lpString2="Windows") returned -1 [0036.618] lstrcmpiW (lpString1="qmgr0.dat", lpString2="Program Files") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr0.dat", lpString2="Program Files (x86)") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr0.dat", lpString2="$Recycle.bin") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr0.dat", lpString2="System Volume Information") returned -1 [0036.618] lstrcmpiW (lpString1="qmgr0.dat", lpString2=".") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr0.dat", lpString2="..") returned 1 [0036.618] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat") returned 57 [0036.618] StrStrIW (lpFirst="qmgr0.dat", lpSrch=".lolkek") returned 0x0 [0036.618] lstrcmpW (lpString1="qmgr0.dat", lpString2="LOLKEK.txt") returned 1 [0036.618] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat") returned 57 [0036.618] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x67cb78 [0036.618] lstrcpyW (in: lpString1=0x67cb78, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr0.dat" [0036.618] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.618] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.618] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qmgr1.dat", cAlternateFileName="")) returned 1 [0036.618] lstrcmpiW (lpString1="qmgr1.dat", lpString2="Windows") returned -1 [0036.618] lstrcmpiW (lpString1="qmgr1.dat", lpString2="Program Files") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr1.dat", lpString2="Program Files (x86)") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr1.dat", lpString2="$Recycle.bin") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr1.dat", lpString2="System Volume Information") returned -1 [0036.618] lstrcmpiW (lpString1="qmgr1.dat", lpString2=".") returned 1 [0036.618] lstrcmpiW (lpString1="qmgr1.dat", lpString2="..") returned 1 [0036.618] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat") returned 57 [0036.619] StrStrIW (lpFirst="qmgr1.dat", lpSrch=".lolkek") returned 0x0 [0036.619] lstrcmpW (lpString1="qmgr1.dat", lpString2="LOLKEK.txt") returned 1 [0036.619] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat") returned 57 [0036.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x67cc68 [0036.619] lstrcpyW (in: lpString1=0x67cc68, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\qmgr1.dat" [0036.619] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.619] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.619] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0xdd404870, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qmgr1.dat", cAlternateFileName="")) returned 0 [0036.619] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.619] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\LOLKEK.txt") returned 58 [0036.619] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\Downloader\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\network\\downloader\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.620] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.620] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.620] CloseHandle (hObject=0x2a0) returned 1 [0036.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.620] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7606ea15, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 0 [0036.620] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.620] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\LOLKEK.txt") returned 47 [0036.620] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Network\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\network\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.621] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.621] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.621] CloseHandle (hObject=0x2a8) returned 1 [0036.621] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.621] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0036.621] lstrcmpiW (lpString1="OFFICE", lpString2="Windows") returned -1 [0036.621] lstrcmpiW (lpString1="OFFICE", lpString2="Program Files") returned -1 [0036.622] lstrcmpiW (lpString1="OFFICE", lpString2="Program Files (x86)") returned -1 [0036.622] lstrcmpiW (lpString1="OFFICE", lpString2="$Recycle.bin") returned 1 [0036.622] lstrcmpiW (lpString1="OFFICE", lpString2="System Volume Information") returned -1 [0036.622] lstrcmpiW (lpString1="OFFICE", lpString2=".") returned 1 [0036.622] lstrcmpiW (lpString1="OFFICE", lpString2="..") returned 1 [0036.622] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE") returned 35 [0036.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.622] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE" [0036.622] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\*" [0036.622] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.623] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.623] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.623] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.623] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.623] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.623] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.623] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.623] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.624] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.624] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.624] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.624] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.624] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.624] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.624] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0036.624] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="Windows") returned -1 [0036.624] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="Program Files") returned -1 [0036.624] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="Program Files (x86)") returned -1 [0036.624] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="$Recycle.bin") returned 1 [0036.624] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="System Volume Information") returned -1 [0036.624] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2=".") returned 1 [0036.624] lstrcmpiW (lpString1="AssetLibrary.ico", lpString2="..") returned 1 [0036.624] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico") returned 52 [0036.624] StrStrIW (lpFirst="AssetLibrary.ico", lpSrch=".lolkek") returned 0x0 [0036.624] lstrcmpW (lpString1="AssetLibrary.ico", lpString2="LOLKEK.txt") returned -1 [0036.624] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico") returned 52 [0036.624] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x67cd58 [0036.624] lstrcpyW (in: lpString1=0x67cd58, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\AssetLibrary.ico" [0036.624] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.624] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.624] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0036.624] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="Windows") returned -1 [0036.624] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="Program Files") returned -1 [0036.624] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="Program Files (x86)") returned -1 [0036.624] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="$Recycle.bin") returned 1 [0036.624] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="System Volume Information") returned -1 [0036.624] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2=".") returned 1 [0036.624] lstrcmpiW (lpString1="DocumentRepository.ico", lpString2="..") returned 1 [0036.624] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico") returned 58 [0036.624] StrStrIW (lpFirst="DocumentRepository.ico", lpSrch=".lolkek") returned 0x0 [0036.624] lstrcmpW (lpString1="DocumentRepository.ico", lpString2="LOLKEK.txt") returned -1 [0036.624] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico") returned 58 [0036.624] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x67ce38 [0036.624] lstrcpyW (in: lpString1=0x67ce38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\DocumentRepository.ico" [0036.624] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.624] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.625] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0036.625] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="Windows") returned -1 [0036.625] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="Program Files") returned -1 [0036.625] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="Program Files (x86)") returned -1 [0036.625] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="$Recycle.bin") returned 1 [0036.625] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="System Volume Information") returned -1 [0036.625] lstrcmpiW (lpString1="MySharePoints.ico", lpString2=".") returned 1 [0036.625] lstrcmpiW (lpString1="MySharePoints.ico", lpString2="..") returned 1 [0036.625] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico") returned 53 [0036.625] StrStrIW (lpFirst="MySharePoints.ico", lpSrch=".lolkek") returned 0x0 [0036.625] lstrcmpW (lpString1="MySharePoints.ico", lpString2="LOLKEK.txt") returned 1 [0036.625] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico") returned 53 [0036.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x67cf30 [0036.625] lstrcpyW (in: lpString1=0x67cf30, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySharePoints.ico" [0036.625] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.625] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.625] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0036.625] lstrcmpiW (lpString1="MySite.ico", lpString2="Windows") returned -1 [0036.625] lstrcmpiW (lpString1="MySite.ico", lpString2="Program Files") returned -1 [0036.625] lstrcmpiW (lpString1="MySite.ico", lpString2="Program Files (x86)") returned -1 [0036.625] lstrcmpiW (lpString1="MySite.ico", lpString2="$Recycle.bin") returned 1 [0036.625] lstrcmpiW (lpString1="MySite.ico", lpString2="System Volume Information") returned -1 [0036.625] lstrcmpiW (lpString1="MySite.ico", lpString2=".") returned 1 [0036.625] lstrcmpiW (lpString1="MySite.ico", lpString2="..") returned 1 [0036.625] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico") returned 46 [0036.625] StrStrIW (lpFirst="MySite.ico", lpSrch=".lolkek") returned 0x0 [0036.625] lstrcmpW (lpString1="MySite.ico", lpString2="LOLKEK.txt") returned 1 [0036.625] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico") returned 46 [0036.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xbc) returned 0x67d010 [0036.625] lstrcpyW (in: lpString1=0x67d010, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\MySite.ico" [0036.625] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.625] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.625] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0036.625] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="Windows") returned -1 [0036.625] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="Program Files") returned 1 [0036.625] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="Program Files (x86)") returned 1 [0036.625] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="$Recycle.bin") returned 1 [0036.625] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="System Volume Information") returned -1 [0036.626] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2=".") returned 1 [0036.626] lstrcmpiW (lpString1="SharePointPortalSite.ico", lpString2="..") returned 1 [0036.626] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico") returned 60 [0036.626] StrStrIW (lpFirst="SharePointPortalSite.ico", lpSrch=".lolkek") returned 0x0 [0036.626] lstrcmpW (lpString1="SharePointPortalSite.ico", lpString2="LOLKEK.txt") returned 1 [0036.626] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico") returned 60 [0036.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x67d0d8 [0036.626] lstrcpyW (in: lpString1=0x67d0d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointPortalSite.ico" [0036.626] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.626] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.626] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0036.626] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="Windows") returned -1 [0036.626] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="Program Files") returned 1 [0036.626] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="Program Files (x86)") returned 1 [0036.626] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="$Recycle.bin") returned 1 [0036.626] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="System Volume Information") returned -1 [0036.626] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2=".") returned 1 [0036.626] lstrcmpiW (lpString1="SharePointTeamSite.ico", lpString2="..") returned 1 [0036.626] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico") returned 58 [0036.626] StrStrIW (lpFirst="SharePointTeamSite.ico", lpSrch=".lolkek") returned 0x0 [0036.626] lstrcmpW (lpString1="SharePointTeamSite.ico", lpString2="LOLKEK.txt") returned 1 [0036.626] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico") returned 58 [0036.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x67d1d8 [0036.626] lstrcpyW (in: lpString1=0x67d1d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\SharePointTeamSite.ico" [0036.626] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.626] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.626] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0036.626] lstrcmpiW (lpString1="UICaptions", lpString2="Windows") returned -1 [0036.626] lstrcmpiW (lpString1="UICaptions", lpString2="Program Files") returned 1 [0036.626] lstrcmpiW (lpString1="UICaptions", lpString2="Program Files (x86)") returned 1 [0036.626] lstrcmpiW (lpString1="UICaptions", lpString2="$Recycle.bin") returned 1 [0036.626] lstrcmpiW (lpString1="UICaptions", lpString2="System Volume Information") returned 1 [0036.626] lstrcmpiW (lpString1="UICaptions", lpString2=".") returned 1 [0036.626] lstrcmpiW (lpString1="UICaptions", lpString2="..") returned 1 [0036.626] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions") returned 46 [0036.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.626] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions" [0036.626] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*" [0036.627] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.627] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.627] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.627] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.627] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.627] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.627] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.627] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.627] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.627] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.627] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.627] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.627] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.627] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.627] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.627] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1036", cAlternateFileName="")) returned 1 [0036.627] lstrcmpiW (lpString1="1036", lpString2="Windows") returned -1 [0036.627] lstrcmpiW (lpString1="1036", lpString2="Program Files") returned -1 [0036.627] lstrcmpiW (lpString1="1036", lpString2="Program Files (x86)") returned -1 [0036.628] lstrcmpiW (lpString1="1036", lpString2="$Recycle.bin") returned 1 [0036.628] lstrcmpiW (lpString1="1036", lpString2="System Volume Information") returned -1 [0036.628] lstrcmpiW (lpString1="1036", lpString2=".") returned 1 [0036.628] lstrcmpiW (lpString1="1036", lpString2="..") returned 1 [0036.628] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036") returned 51 [0036.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.628] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036" [0036.628] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*" [0036.628] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.629] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.629] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.629] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.629] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.629] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.629] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.629] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.630] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.630] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.630] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.630] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.630] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.630] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.630] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.631] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0036.631] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="Windows") returned -1 [0036.631] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.631] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.631] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.631] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.631] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".") returned 1 [0036.631] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="..") returned 1 [0036.631] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll") returned 72 [0036.631] StrStrIW (lpFirst="ENVELOPR.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.631] lstrcmpW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="LOLKEK.txt") returned -1 [0036.631] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll") returned 72 [0036.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x67d2d0 [0036.631] lstrcpyW (in: lpString1=0x67d2d0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll" [0036.631] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.631] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.631] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0036.631] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="Windows") returned -1 [0036.631] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.631] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.631] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.631] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.631] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".") returned 1 [0036.631] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="..") returned 1 [0036.631] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll") returned 72 [0036.631] StrStrIW (lpFirst="GRINTL32.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.631] lstrcmpW (lpString1="GRINTL32.DLL.trx_dll", lpString2="LOLKEK.txt") returned -1 [0036.631] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll") returned 72 [0036.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x6954b0 [0036.631] lstrcpyW (in: lpString1=0x6954b0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll" [0036.631] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.631] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.631] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0036.631] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="Windows") returned -1 [0036.631] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="Program Files") returned -1 [0036.631] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.631] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.631] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.632] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".") returned 1 [0036.632] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="..") returned 1 [0036.632] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll") returned 73 [0036.632] StrStrIW (lpFirst="GRINTL32.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.632] lstrcmpW (lpString1="GRINTL32.REST.trx_dll", lpString2="LOLKEK.txt") returned -1 [0036.632] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll") returned 73 [0036.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x6955e0 [0036.632] lstrcpyW (in: lpString1=0x6955e0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll" [0036.632] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.632] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.632] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0036.632] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="Windows") returned -1 [0036.632] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.632] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.632] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.632] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.632] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".") returned 1 [0036.632] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="..") returned 1 [0036.632] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll") returned 69 [0036.632] StrStrIW (lpFirst="MAPIR.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.632] lstrcmpW (lpString1="MAPIR.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.632] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll") returned 69 [0036.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x695710 [0036.632] lstrcpyW (in: lpString1=0x695710, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll" [0036.632] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.632] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.632] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0036.632] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="Windows") returned -1 [0036.632] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="Program Files") returned -1 [0036.632] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.632] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.632] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.632] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".") returned 1 [0036.632] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="..") returned 1 [0036.632] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll") returned 72 [0036.632] StrStrIW (lpFirst="MOR6INT.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.632] lstrcmpW (lpString1="MOR6INT.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.632] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll") returned 72 [0036.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x695830 [0036.633] lstrcpyW (in: lpString1=0x695830, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll" [0036.633] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.633] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.633] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0036.633] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.633] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.633] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.633] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll") returned 71 [0036.633] StrStrIW (lpFirst="MSOINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.633] lstrcmpW (lpString1="MSOINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.633] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll") returned 71 [0036.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x695960 [0036.633] lstrcpyW (in: lpString1=0x695960, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll" [0036.633] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.633] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.633] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0036.633] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="Program Files") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.633] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.633] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".") returned 1 [0036.633] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="..") returned 1 [0036.633] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll") returned 72 [0036.633] StrStrIW (lpFirst="MSOINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.633] lstrcmpW (lpString1="MSOINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.633] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll") returned 72 [0036.633] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x695a88 [0036.633] lstrcpyW (in: lpString1=0x695a88, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll" [0036.633] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.633] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.633] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0036.634] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.634] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.634] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.634] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.634] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.634] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.634] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.634] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll") returned 71 [0036.634] StrStrIW (lpFirst="OMSINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.634] lstrcmpW (lpString1="OMSINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.634] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll") returned 71 [0036.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x695bb8 [0036.634] lstrcpyW (in: lpString1=0x695bb8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll" [0036.634] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.634] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.634] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0036.634] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.634] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.634] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.634] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll") returned 70 [0036.634] StrStrIW (lpFirst="ONINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.634] lstrcmpW (lpString1="ONINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.634] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll") returned 70 [0036.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x695ce0 [0036.634] lstrcpyW (in: lpString1=0x695ce0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll" [0036.634] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.634] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.634] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0036.634] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="Program Files") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.634] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.634] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".") returned 1 [0036.634] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="..") returned 1 [0036.634] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll") returned 71 [0036.635] StrStrIW (lpFirst="ONINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.635] lstrcmpW (lpString1="ONINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.635] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll") returned 71 [0036.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x695e08 [0036.635] lstrcpyW (in: lpString1=0x695e08, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll" [0036.635] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.635] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.635] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="Windows") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".") returned 1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="..") returned 1 [0036.635] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll") returned 72 [0036.635] StrStrIW (lpFirst="OUTLLIBR.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.635] lstrcmpW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.635] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll") returned 72 [0036.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x695f30 [0036.635] lstrcpyW (in: lpString1=0x695f30, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll" [0036.635] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.635] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.635] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="Windows") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="Program Files") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".") returned 1 [0036.635] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="..") returned 1 [0036.635] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll") returned 73 [0036.635] StrStrIW (lpFirst="OUTLLIBR.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.635] lstrcmpW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.635] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll") returned 73 [0036.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x696060 [0036.635] lstrcpyW (in: lpString1=0x696060, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll" [0036.635] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.636] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.636] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0036.636] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="Windows") returned -1 [0036.636] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.636] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.636] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.636] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.636] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".") returned 1 [0036.636] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="..") returned 1 [0036.636] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll") returned 71 [0036.636] StrStrIW (lpFirst="OUTLWVW.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.636] lstrcmpW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.636] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll") returned 71 [0036.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x696190 [0036.636] lstrcpyW (in: lpString1=0x696190, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll" [0036.636] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.636] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.636] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0036.636] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.636] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.636] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.636] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.636] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.636] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.636] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.636] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll") returned 70 [0036.636] StrStrIW (lpFirst="PPINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.636] lstrcmpW (lpString1="PPINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.636] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll") returned 70 [0036.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x6962b8 [0036.636] lstrcpyW (in: lpString1=0x6962b8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll" [0036.636] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.636] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.636] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0036.636] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.637] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="Program Files") returned -1 [0036.637] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.637] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.637] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.637] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".") returned 1 [0036.637] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="..") returned 1 [0036.637] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll") returned 71 [0036.637] StrStrIW (lpFirst="PPINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.637] lstrcmpW (lpString1="PPINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.637] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll") returned 71 [0036.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x6963e0 [0036.637] lstrcpyW (in: lpString1=0x6963e0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll" [0036.637] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.637] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.637] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="..") returned 1 [0036.637] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll") returned 72 [0036.637] StrStrIW (lpFirst="PUB6INTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.637] lstrcmpW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.637] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll") returned 72 [0036.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x696508 [0036.637] lstrcpyW (in: lpString1=0x696508, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll" [0036.637] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.637] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.637] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="Program Files") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".") returned 1 [0036.637] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="..") returned 1 [0036.638] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll") returned 73 [0036.638] StrStrIW (lpFirst="PUB6INTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.638] lstrcmpW (lpString1="PUB6INTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.638] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll") returned 73 [0036.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x696638 [0036.638] lstrcpyW (in: lpString1=0x696638, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll" [0036.638] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.638] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.638] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0036.638] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="Windows") returned -1 [0036.638] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="Program Files") returned 1 [0036.638] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.638] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.638] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.638] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".") returned 1 [0036.638] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="..") returned 1 [0036.638] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll") returned 73 [0036.638] StrStrIW (lpFirst="PUBWZINT.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.638] lstrcmpW (lpString1="PUBWZINT.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.638] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll") returned 73 [0036.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x696768 [0036.638] lstrcpyW (in: lpString1=0x696768, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll" [0036.638] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.638] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.638] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0036.638] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="Windows") returned -1 [0036.638] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.638] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.638] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.638] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.638] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".") returned 1 [0036.638] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="..") returned 1 [0036.638] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll") returned 69 [0036.638] StrStrIW (lpFirst="SGRES.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.638] lstrcmpW (lpString1="SGRES.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.638] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll") returned 69 [0036.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x696898 [0036.638] lstrcpyW (in: lpString1=0x696898, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll" [0036.639] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.639] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.639] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0036.639] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.639] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.639] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.639] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.639] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.639] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.639] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.639] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll") returned 70 [0036.639] StrStrIW (lpFirst="STINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.639] lstrcmpW (lpString1="STINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.639] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll") returned 70 [0036.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x6969b8 [0036.639] lstrcpyW (in: lpString1=0x6969b8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll" [0036.639] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.639] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.639] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0036.639] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="Windows") returned -1 [0036.639] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.639] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.639] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.639] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.639] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".") returned 1 [0036.639] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="..") returned 1 [0036.639] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll") returned 72 [0036.639] StrStrIW (lpFirst="VISBRRES.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.639] lstrcmpW (lpString1="VISBRRES.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.639] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll") returned 72 [0036.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x696ae0 [0036.639] lstrcpyW (in: lpString1=0x696ae0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll" [0036.639] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.639] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.639] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0036.639] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.640] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.640] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.640] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.640] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.640] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.640] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.640] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll") returned 71 [0036.640] StrStrIW (lpFirst="VISINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.640] lstrcmpW (lpString1="VISINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.640] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll") returned 71 [0036.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x696c10 [0036.640] lstrcpyW (in: lpString1=0x696c10, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll" [0036.640] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.640] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.640] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x25b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="Windows") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.640] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll") returned 70 [0036.640] StrStrIW (lpFirst="WWINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.640] lstrcmpW (lpString1="WWINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.640] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll") returned 70 [0036.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x696d38 [0036.640] lstrcpyW (in: lpString1=0x696d38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll" [0036.640] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.640] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.640] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xcb31c100, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x115b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="Windows") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="Program Files") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="System Volume Information") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".") returned 1 [0036.640] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="..") returned 1 [0036.641] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll") returned 71 [0036.641] StrStrIW (lpFirst="WWINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.641] lstrcmpW (lpString1="WWINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.641] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll") returned 71 [0036.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x696e60 [0036.641] lstrcpyW (in: lpString1=0x696e60, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll" [0036.641] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.641] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.641] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6b688100, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x25360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="Windows") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="..") returned 1 [0036.641] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll") returned 72 [0036.641] StrStrIW (lpFirst="XLINTL32.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.641] lstrcmpW (lpString1="XLINTL32.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.641] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll") returned 72 [0036.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x696f88 [0036.641] lstrcpyW (in: lpString1=0x696f88, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll" [0036.641] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.641] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.641] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a375400, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x137960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="Windows") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="Program Files") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="System Volume Information") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".") returned 1 [0036.641] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="..") returned 1 [0036.641] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll") returned 73 [0036.641] StrStrIW (lpFirst="XLINTL32.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.641] lstrcmpW (lpString1="XLINTL32.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.641] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll") returned 73 [0036.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x6970b8 [0036.642] lstrcpyW (in: lpString1=0x6970b8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll" [0036.642] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.642] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.642] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0036.642] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="Windows") returned 1 [0036.642] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.642] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.642] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.642] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.642] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".") returned 1 [0036.642] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="..") returned 1 [0036.642] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll") returned 72 [0036.642] StrStrIW (lpFirst="XLSLICER.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.642] lstrcmpW (lpString1="XLSLICER.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.642] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll") returned 72 [0036.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x6971e8 [0036.642] lstrcpyW (in: lpString1=0x6971e8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll" [0036.642] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.642] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.642] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe092000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0036.642] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.643] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\LOLKEK.txt") returned 62 [0036.643] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\1036\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\1036\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.643] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.643] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.644] CloseHandle (hObject=0x270) returned 1 [0036.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.644] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3082", cAlternateFileName="")) returned 1 [0036.644] lstrcmpiW (lpString1="3082", lpString2="Windows") returned -1 [0036.644] lstrcmpiW (lpString1="3082", lpString2="Program Files") returned -1 [0036.644] lstrcmpiW (lpString1="3082", lpString2="Program Files (x86)") returned -1 [0036.644] lstrcmpiW (lpString1="3082", lpString2="$Recycle.bin") returned 1 [0036.644] lstrcmpiW (lpString1="3082", lpString2="System Volume Information") returned -1 [0036.644] lstrcmpiW (lpString1="3082", lpString2=".") returned 1 [0036.644] lstrcmpiW (lpString1="3082", lpString2="..") returned 1 [0036.644] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082") returned 51 [0036.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.644] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082" [0036.644] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*" [0036.644] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.648] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.648] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.648] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.648] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.648] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.648] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.648] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.649] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.649] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.649] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.649] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.649] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.649] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.649] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.649] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0036.649] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="Windows") returned -1 [0036.649] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.649] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.649] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.649] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.649] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2=".") returned 1 [0036.649] lstrcmpiW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="..") returned 1 [0036.649] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll") returned 72 [0036.649] StrStrIW (lpFirst="ENVELOPR.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.649] lstrcmpW (lpString1="ENVELOPR.DLL.trx_dll", lpString2="LOLKEK.txt") returned -1 [0036.649] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll") returned 72 [0036.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x697318 [0036.650] lstrcpyW (in: lpString1=0x697318, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll" [0036.650] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.650] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.650] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0036.650] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="Windows") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.650] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2=".") returned 1 [0036.650] lstrcmpiW (lpString1="GRINTL32.DLL.trx_dll", lpString2="..") returned 1 [0036.650] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll") returned 72 [0036.650] StrStrIW (lpFirst="GRINTL32.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.650] lstrcmpW (lpString1="GRINTL32.DLL.trx_dll", lpString2="LOLKEK.txt") returned -1 [0036.650] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll") returned 72 [0036.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x697448 [0036.650] lstrcpyW (in: lpString1=0x697448, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll" [0036.650] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.650] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.650] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0036.650] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="Windows") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="Program Files") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.650] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.650] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2=".") returned 1 [0036.650] lstrcmpiW (lpString1="GRINTL32.REST.trx_dll", lpString2="..") returned 1 [0036.650] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll") returned 73 [0036.650] StrStrIW (lpFirst="GRINTL32.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.650] lstrcmpW (lpString1="GRINTL32.REST.trx_dll", lpString2="LOLKEK.txt") returned -1 [0036.650] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll") returned 73 [0036.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x697578 [0036.650] lstrcpyW (in: lpString1=0x697578, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll" [0036.650] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.650] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.650] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0036.651] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="Windows") returned -1 [0036.651] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.651] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.651] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.651] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.651] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2=".") returned 1 [0036.651] lstrcmpiW (lpString1="MAPIR.DLL.trx_dll", lpString2="..") returned 1 [0036.651] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll") returned 69 [0036.651] StrStrIW (lpFirst="MAPIR.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.651] lstrcmpW (lpString1="MAPIR.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.651] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll") returned 69 [0036.651] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x6976a8 [0036.651] lstrcpyW (in: lpString1=0x6976a8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll" [0036.651] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.651] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.651] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0036.651] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="Windows") returned -1 [0036.651] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="Program Files") returned -1 [0036.651] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.651] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.651] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.651] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2=".") returned 1 [0036.651] lstrcmpiW (lpString1="MOR6INT.REST.trx_dll", lpString2="..") returned 1 [0036.651] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll") returned 72 [0036.651] StrStrIW (lpFirst="MOR6INT.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.651] lstrcmpW (lpString1="MOR6INT.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.651] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll") returned 72 [0036.651] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca7668 [0036.652] lstrcpyW (in: lpString1=0x3ca7668, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll" [0036.652] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.652] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.652] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0036.652] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.652] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.652] lstrcmpiW (lpString1="MSOINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.652] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll") returned 71 [0036.652] StrStrIW (lpFirst="MSOINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.652] lstrcmpW (lpString1="MSOINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.652] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll") returned 71 [0036.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x6977c8 [0036.652] lstrcpyW (in: lpString1=0x6977c8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll" [0036.652] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.652] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.652] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0036.652] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="Program Files") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.652] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.652] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2=".") returned 1 [0036.652] lstrcmpiW (lpString1="MSOINTL.REST.trx_dll", lpString2="..") returned 1 [0036.652] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll") returned 72 [0036.652] StrStrIW (lpFirst="MSOINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.652] lstrcmpW (lpString1="MSOINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.652] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll") returned 72 [0036.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca77a0 [0036.652] lstrcpyW (in: lpString1=0x3ca77a0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll" [0036.652] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.652] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.653] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0036.653] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.653] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.653] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.653] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.653] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.653] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.653] lstrcmpiW (lpString1="OMSINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.653] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll") returned 71 [0036.653] StrStrIW (lpFirst="OMSINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.653] lstrcmpW (lpString1="OMSINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.653] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll") returned 71 [0036.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x6978f0 [0036.653] lstrcpyW (in: lpString1=0x6978f0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll" [0036.653] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.653] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.653] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0036.653] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.653] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.653] lstrcmpiW (lpString1="ONINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.653] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll") returned 70 [0036.653] StrStrIW (lpFirst="ONINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.653] lstrcmpW (lpString1="ONINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.653] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll") returned 70 [0036.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x697a18 [0036.653] lstrcpyW (in: lpString1=0x697a18, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll" [0036.653] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.653] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.653] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0036.653] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="Program Files") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.653] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.653] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2=".") returned 1 [0036.654] lstrcmpiW (lpString1="ONINTL.REST.trx_dll", lpString2="..") returned 1 [0036.654] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll") returned 71 [0036.654] StrStrIW (lpFirst="ONINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.654] lstrcmpW (lpString1="ONINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.654] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll") returned 71 [0036.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x697b40 [0036.654] lstrcpyW (in: lpString1=0x697b40, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll" [0036.654] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.654] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.654] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="Windows") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2=".") returned 1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="..") returned 1 [0036.654] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll") returned 72 [0036.654] StrStrIW (lpFirst="OUTLLIBR.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.654] lstrcmpW (lpString1="OUTLLIBR.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.654] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll") returned 72 [0036.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca78d8 [0036.654] lstrcpyW (in: lpString1=0x3ca78d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll" [0036.654] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.654] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.654] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="Windows") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="Program Files") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2=".") returned 1 [0036.654] lstrcmpiW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="..") returned 1 [0036.654] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll") returned 73 [0036.654] StrStrIW (lpFirst="OUTLLIBR.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.654] lstrcmpW (lpString1="OUTLLIBR.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.654] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll") returned 73 [0036.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca7a10 [0036.654] lstrcpyW (in: lpString1=0x3ca7a10, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll" [0036.654] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.655] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.655] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0036.655] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="Windows") returned -1 [0036.655] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.655] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.655] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.655] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.655] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2=".") returned 1 [0036.655] lstrcmpiW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="..") returned 1 [0036.655] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll") returned 71 [0036.655] StrStrIW (lpFirst="OUTLWVW.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.655] lstrcmpW (lpString1="OUTLWVW.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.655] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll") returned 71 [0036.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3ca9668 [0036.655] lstrcpyW (in: lpString1=0x3ca9668, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll" [0036.655] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.655] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.655] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0036.655] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.655] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="Program Files") returned -1 [0036.655] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.655] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.655] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.655] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.655] lstrcmpiW (lpString1="PPINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.655] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll") returned 70 [0036.655] StrStrIW (lpFirst="PPINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.655] lstrcmpW (lpString1="PPINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.655] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll") returned 70 [0036.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3ca9790 [0036.655] lstrcpyW (in: lpString1=0x3ca9790, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll" [0036.655] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.655] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.655] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0036.655] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.655] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="Program Files") returned -1 [0036.656] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="Program Files (x86)") returned -1 [0036.656] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.656] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.656] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2=".") returned 1 [0036.656] lstrcmpiW (lpString1="PPINTL.REST.trx_dll", lpString2="..") returned 1 [0036.656] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll") returned 71 [0036.656] StrStrIW (lpFirst="PPINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.656] lstrcmpW (lpString1="PPINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.656] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll") returned 71 [0036.656] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3ca98b8 [0036.656] lstrcpyW (in: lpString1=0x3ca98b8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll" [0036.656] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.656] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.656] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2=".") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="..") returned 1 [0036.656] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll") returned 72 [0036.656] StrStrIW (lpFirst="PUB6INTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.656] lstrcmpW (lpString1="PUB6INTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.656] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll") returned 72 [0036.656] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca7b48 [0036.656] lstrcpyW (in: lpString1=0x3ca7b48, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll" [0036.656] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.656] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.656] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="Windows") returned -1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="Program Files") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2=".") returned 1 [0036.656] lstrcmpiW (lpString1="PUB6INTL.REST.trx_dll", lpString2="..") returned 1 [0036.656] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll") returned 73 [0036.656] StrStrIW (lpFirst="PUB6INTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.657] lstrcmpW (lpString1="PUB6INTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.657] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll") returned 73 [0036.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca7c80 [0036.657] lstrcpyW (in: lpString1=0x3ca7c80, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll" [0036.657] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.657] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.657] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0036.657] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="Windows") returned -1 [0036.657] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="Program Files") returned 1 [0036.657] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.657] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.657] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="System Volume Information") returned -1 [0036.657] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2=".") returned 1 [0036.657] lstrcmpiW (lpString1="PUBWZINT.REST.trx_dll", lpString2="..") returned 1 [0036.657] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll") returned 73 [0036.657] StrStrIW (lpFirst="PUBWZINT.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.657] lstrcmpW (lpString1="PUBWZINT.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.657] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll") returned 73 [0036.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca7db8 [0036.657] lstrcpyW (in: lpString1=0x3ca7db8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll" [0036.657] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.657] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.657] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0036.657] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="Windows") returned -1 [0036.657] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.657] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.657] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.657] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.657] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2=".") returned 1 [0036.657] lstrcmpiW (lpString1="SGRES.DLL.trx_dll", lpString2="..") returned 1 [0036.657] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll") returned 69 [0036.657] StrStrIW (lpFirst="SGRES.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.657] lstrcmpW (lpString1="SGRES.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.657] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll") returned 69 [0036.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x697c68 [0036.657] lstrcpyW (in: lpString1=0x697c68, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll" [0036.657] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.657] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.658] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0036.658] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.658] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.658] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.658] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.658] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="System Volume Information") returned -1 [0036.658] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.658] lstrcmpiW (lpString1="STINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.658] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll") returned 70 [0036.658] StrStrIW (lpFirst="STINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.658] lstrcmpW (lpString1="STINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.658] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll") returned 70 [0036.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3ca99e0 [0036.658] lstrcpyW (in: lpString1=0x3ca99e0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll" [0036.658] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.658] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.658] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0036.658] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="Windows") returned -1 [0036.658] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.658] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.658] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.658] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.658] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2=".") returned 1 [0036.658] lstrcmpiW (lpString1="VISBRRES.DLL.trx_dll", lpString2="..") returned 1 [0036.658] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll") returned 72 [0036.658] StrStrIW (lpFirst="VISBRRES.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.658] lstrcmpW (lpString1="VISBRRES.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.658] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll") returned 72 [0036.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca7ef0 [0036.658] lstrcpyW (in: lpString1=0x3ca7ef0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll" [0036.658] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.658] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.658] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0036.658] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="Windows") returned -1 [0036.658] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.658] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.658] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.658] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.658] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.658] lstrcmpiW (lpString1="VISINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.658] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll") returned 71 [0036.659] StrStrIW (lpFirst="VISINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.659] lstrcmpW (lpString1="VISINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.659] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll") returned 71 [0036.659] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3ca9b08 [0036.659] lstrcpyW (in: lpString1=0x3ca9b08, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll" [0036.659] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.659] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.659] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="Windows") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2=".") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.DLL.trx_dll", lpString2="..") returned 1 [0036.659] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll") returned 70 [0036.659] StrStrIW (lpFirst="WWINTL.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.659] lstrcmpW (lpString1="WWINTL.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.659] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll") returned 70 [0036.659] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3ca9c30 [0036.659] lstrcpyW (in: lpString1=0x3ca9c30, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll" [0036.659] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.659] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.659] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="Windows") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="Program Files") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="System Volume Information") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2=".") returned 1 [0036.659] lstrcmpiW (lpString1="WWINTL.REST.trx_dll", lpString2="..") returned 1 [0036.659] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll") returned 71 [0036.659] StrStrIW (lpFirst="WWINTL.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.659] lstrcmpW (lpString1="WWINTL.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.659] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll") returned 71 [0036.659] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3ca9d58 [0036.659] lstrcpyW (in: lpString1=0x3ca9d58, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll" [0036.659] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.659] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.660] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="Windows") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2=".") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.DLL.trx_dll", lpString2="..") returned 1 [0036.660] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll") returned 72 [0036.660] StrStrIW (lpFirst="XLINTL32.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.660] lstrcmpW (lpString1="XLINTL32.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.660] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll") returned 72 [0036.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca8028 [0036.660] lstrcpyW (in: lpString1=0x3ca8028, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll" [0036.660] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.660] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.660] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="Windows") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="Program Files") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="System Volume Information") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2=".") returned 1 [0036.660] lstrcmpiW (lpString1="XLINTL32.REST.trx_dll", lpString2="..") returned 1 [0036.660] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll") returned 73 [0036.660] StrStrIW (lpFirst="XLINTL32.REST.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.660] lstrcmpW (lpString1="XLINTL32.REST.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.660] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll") returned 73 [0036.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca8160 [0036.660] lstrcpyW (in: lpString1=0x3ca8160, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll" [0036.660] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.660] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.660] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0036.660] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="Windows") returned 1 [0036.660] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="Program Files") returned 1 [0036.660] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="Program Files (x86)") returned 1 [0036.660] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="$Recycle.bin") returned 1 [0036.660] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="System Volume Information") returned 1 [0036.661] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2=".") returned 1 [0036.661] lstrcmpiW (lpString1="XLSLICER.DLL.trx_dll", lpString2="..") returned 1 [0036.661] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll") returned 72 [0036.661] StrStrIW (lpFirst="XLSLICER.DLL.trx_dll", lpSrch=".lolkek") returned 0x0 [0036.661] lstrcmpW (lpString1="XLSLICER.DLL.trx_dll", lpString2="LOLKEK.txt") returned 1 [0036.661] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll") returned 72 [0036.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca8298 [0036.661] lstrcpyW (in: lpString1=0x3ca8298, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll" [0036.661] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.661] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.661] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0036.661] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.662] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\LOLKEK.txt") returned 62 [0036.662] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\3082\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\3082\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.662] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.662] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.663] CloseHandle (hObject=0x270) returned 1 [0036.663] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.663] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3082", cAlternateFileName="")) returned 0 [0036.663] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.663] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\LOLKEK.txt") returned 57 [0036.663] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\UICaptions\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\office\\uicaptions\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.664] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.664] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.665] CloseHandle (hObject=0x2a0) returned 1 [0036.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.665] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0036.665] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.665] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\LOLKEK.txt") returned 46 [0036.665] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OFFICE\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\office\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.665] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.665] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.666] CloseHandle (hObject=0x2a8) returned 1 [0036.666] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.666] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0036.666] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="Windows") returned -1 [0036.666] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="Program Files") returned -1 [0036.666] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="Program Files (x86)") returned -1 [0036.666] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="$Recycle.bin") returned 1 [0036.666] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="System Volume Information") returned -1 [0036.666] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2=".") returned 1 [0036.666] lstrcmpiW (lpString1="OfficeSoftwareProtectionPlatform", lpString2="..") returned 1 [0036.666] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform") returned 61 [0036.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.666] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform" [0036.666] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*" [0036.666] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.666] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.666] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.666] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.666] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.666] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.666] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.666] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.666] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.667] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.667] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.667] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Cache", cAlternateFileName="")) returned 1 [0036.667] lstrcmpiW (lpString1="Cache", lpString2="Windows") returned -1 [0036.667] lstrcmpiW (lpString1="Cache", lpString2="Program Files") returned -1 [0036.667] lstrcmpiW (lpString1="Cache", lpString2="Program Files (x86)") returned -1 [0036.667] lstrcmpiW (lpString1="Cache", lpString2="$Recycle.bin") returned 1 [0036.667] lstrcmpiW (lpString1="Cache", lpString2="System Volume Information") returned -1 [0036.667] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0036.667] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0036.667] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned 67 [0036.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.667] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0036.667] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*" [0036.667] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.667] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.667] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.667] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.667] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.667] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.667] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.667] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.667] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.667] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.667] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.667] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.667] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0036.668] lstrcmpiW (lpString1="cache.dat", lpString2="Windows") returned -1 [0036.668] lstrcmpiW (lpString1="cache.dat", lpString2="Program Files") returned -1 [0036.668] lstrcmpiW (lpString1="cache.dat", lpString2="Program Files (x86)") returned -1 [0036.668] lstrcmpiW (lpString1="cache.dat", lpString2="$Recycle.bin") returned 1 [0036.668] lstrcmpiW (lpString1="cache.dat", lpString2="System Volume Information") returned -1 [0036.668] lstrcmpiW (lpString1="cache.dat", lpString2=".") returned 1 [0036.668] lstrcmpiW (lpString1="cache.dat", lpString2="..") returned 1 [0036.668] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat") returned 77 [0036.668] StrStrIW (lpFirst="cache.dat", lpSrch=".lolkek") returned 0x0 [0036.668] lstrcmpW (lpString1="cache.dat", lpString2="LOLKEK.txt") returned -1 [0036.668] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat") returned 77 [0036.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x3cab668 [0036.668] lstrcpyW (in: lpString1=0x3cab668, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" [0036.668] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.668] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.668] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cache.dat", cAlternateFileName="")) returned 0 [0036.668] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.668] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\LOLKEK.txt") returned 78 [0036.668] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.668] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.668] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.669] CloseHandle (hObject=0x2a0) returned 1 [0036.669] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.669] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0036.669] lstrcmpiW (lpString1="tokens.dat", lpString2="Windows") returned -1 [0036.669] lstrcmpiW (lpString1="tokens.dat", lpString2="Program Files") returned 1 [0036.669] lstrcmpiW (lpString1="tokens.dat", lpString2="Program Files (x86)") returned 1 [0036.669] lstrcmpiW (lpString1="tokens.dat", lpString2="$Recycle.bin") returned 1 [0036.669] lstrcmpiW (lpString1="tokens.dat", lpString2="System Volume Information") returned 1 [0036.669] lstrcmpiW (lpString1="tokens.dat", lpString2=".") returned 1 [0036.669] lstrcmpiW (lpString1="tokens.dat", lpString2="..") returned 1 [0036.669] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat") returned 72 [0036.669] StrStrIW (lpFirst="tokens.dat", lpSrch=".lolkek") returned 0x0 [0036.669] lstrcmpW (lpString1="tokens.dat", lpString2="LOLKEK.txt") returned 1 [0036.669] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat") returned 72 [0036.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca83d0 [0036.669] lstrcpyW (in: lpString1=0x3ca83d0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat") returned="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" [0036.669] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.669] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.670] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0036.670] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.670] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\LOLKEK.txt") returned 72 [0036.670] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\OfficeSoftwareProtectionPlatform\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\officesoftwareprotectionplatform\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.670] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.670] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.670] CloseHandle (hObject=0x2a8) returned 1 [0036.671] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.671] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RAC", cAlternateFileName="")) returned 1 [0036.671] lstrcmpiW (lpString1="RAC", lpString2="Windows") returned -1 [0036.671] lstrcmpiW (lpString1="RAC", lpString2="Program Files") returned 1 [0036.671] lstrcmpiW (lpString1="RAC", lpString2="Program Files (x86)") returned 1 [0036.671] lstrcmpiW (lpString1="RAC", lpString2="$Recycle.bin") returned 1 [0036.671] lstrcmpiW (lpString1="RAC", lpString2="System Volume Information") returned -1 [0036.671] lstrcmpiW (lpString1="RAC", lpString2=".") returned 1 [0036.671] lstrcmpiW (lpString1="RAC", lpString2="..") returned 1 [0036.671] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC") returned 32 [0036.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.671] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC" [0036.671] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\*" [0036.671] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.671] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.671] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.671] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.671] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.671] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.671] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.671] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.671] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.671] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.671] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.671] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.671] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.671] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.671] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.671] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outbound", cAlternateFileName="")) returned 1 [0036.671] lstrcmpiW (lpString1="Outbound", lpString2="Windows") returned -1 [0036.671] lstrcmpiW (lpString1="Outbound", lpString2="Program Files") returned -1 [0036.671] lstrcmpiW (lpString1="Outbound", lpString2="Program Files (x86)") returned -1 [0036.671] lstrcmpiW (lpString1="Outbound", lpString2="$Recycle.bin") returned 1 [0036.671] lstrcmpiW (lpString1="Outbound", lpString2="System Volume Information") returned -1 [0036.671] lstrcmpiW (lpString1="Outbound", lpString2=".") returned 1 [0036.671] lstrcmpiW (lpString1="Outbound", lpString2="..") returned 1 [0036.671] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound") returned 41 [0036.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.672] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound" [0036.672] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*" [0036.672] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.672] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.672] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.672] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.672] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.672] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.672] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.672] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.672] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.672] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.672] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.672] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.672] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.672] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.672] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.672] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.672] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.672] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\LOLKEK.txt") returned 52 [0036.672] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Outbound\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\rac\\outbound\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.673] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.673] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.674] CloseHandle (hObject=0x2a0) returned 1 [0036.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.674] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x284e41c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0036.674] lstrcmpiW (lpString1="PublishedData", lpString2="Windows") returned -1 [0036.674] lstrcmpiW (lpString1="PublishedData", lpString2="Program Files") returned 1 [0036.674] lstrcmpiW (lpString1="PublishedData", lpString2="Program Files (x86)") returned 1 [0036.674] lstrcmpiW (lpString1="PublishedData", lpString2="$Recycle.bin") returned 1 [0036.674] lstrcmpiW (lpString1="PublishedData", lpString2="System Volume Information") returned -1 [0036.674] lstrcmpiW (lpString1="PublishedData", lpString2=".") returned 1 [0036.674] lstrcmpiW (lpString1="PublishedData", lpString2="..") returned 1 [0036.674] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData") returned 46 [0036.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.674] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData" [0036.674] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*" [0036.674] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x284e41c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.674] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.674] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.674] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.674] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.674] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.674] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.674] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x284e41c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.674] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.674] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.674] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.674] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.674] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.674] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.674] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.674] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x2850a320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0036.674] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="Windows") returned -1 [0036.674] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="Program Files") returned 1 [0036.674] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="Program Files (x86)") returned 1 [0036.675] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="$Recycle.bin") returned 1 [0036.675] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="System Volume Information") returned -1 [0036.675] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2=".") returned 1 [0036.675] lstrcmpiW (lpString1="RacWmiDatabase.sdf", lpString2="..") returned 1 [0036.675] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf") returned 65 [0036.675] StrStrIW (lpFirst="RacWmiDatabase.sdf", lpSrch=".lolkek") returned 0x0 [0036.675] lstrcmpW (lpString1="RacWmiDatabase.sdf", lpString2="LOLKEK.txt") returned 1 [0036.675] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf") returned 65 [0036.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x675e00 [0036.675] lstrcpyW (in: lpString1=0x675e00, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" [0036.675] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.675] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.675] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x2850a320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0036.675] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.675] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\LOLKEK.txt") returned 57 [0036.675] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\PublishedData\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\rac\\publisheddata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.675] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.675] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.676] CloseHandle (hObject=0x2a0) returned 1 [0036.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.676] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x284e41c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0036.676] lstrcmpiW (lpString1="StateData", lpString2="Windows") returned -1 [0036.676] lstrcmpiW (lpString1="StateData", lpString2="Program Files") returned 1 [0036.676] lstrcmpiW (lpString1="StateData", lpString2="Program Files (x86)") returned 1 [0036.676] lstrcmpiW (lpString1="StateData", lpString2="$Recycle.bin") returned 1 [0036.676] lstrcmpiW (lpString1="StateData", lpString2="System Volume Information") returned -1 [0036.676] lstrcmpiW (lpString1="StateData", lpString2=".") returned 1 [0036.676] lstrcmpiW (lpString1="StateData", lpString2="..") returned 1 [0036.676] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData") returned 42 [0036.676] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.676] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData" [0036.676] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\*" [0036.676] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x284e41c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.676] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.676] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.676] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.676] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.676] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.676] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.677] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x284e41c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.677] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.677] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.677] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.677] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.677] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.677] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.677] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.677] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xbddb7d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0036.677] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="Windows") returned -1 [0036.677] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="Program Files") returned 1 [0036.677] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="Program Files (x86)") returned 1 [0036.677] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="$Recycle.bin") returned 1 [0036.677] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="System Volume Information") returned -1 [0036.677] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".") returned 1 [0036.677] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="..") returned 1 [0036.677] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf") returned 58 [0036.677] StrStrIW (lpFirst="RacDatabase.sdf", lpSrch=".lolkek") returned 0x0 [0036.677] lstrcmpW (lpString1="RacDatabase.sdf", lpString2="LOLKEK.txt") returned 1 [0036.677] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf") returned 58 [0036.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x675f10 [0036.677] lstrcpyW (in: lpString1=0x675f10, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" [0036.677] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.677] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.677] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0036.677] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="Windows") returned -1 [0036.677] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="Program Files") returned 1 [0036.677] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="Program Files (x86)") returned 1 [0036.677] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="$Recycle.bin") returned 1 [0036.677] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="System Volume Information") returned -1 [0036.677] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".") returned 1 [0036.677] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="..") returned 1 [0036.677] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat") returned 58 [0036.677] StrStrIW (lpFirst="RacMetaData.dat", lpSrch=".lolkek") returned 0x0 [0036.677] lstrcmpW (lpString1="RacMetaData.dat", lpString2="LOLKEK.txt") returned 1 [0036.677] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat") returned 58 [0036.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x676008 [0036.677] lstrcpyW (in: lpString1=0x676008, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\RacMetaData.dat" [0036.677] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.678] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.678] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0036.678] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.678] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\LOLKEK.txt") returned 53 [0036.678] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\StateData\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\rac\\statedata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.678] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.678] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.678] CloseHandle (hObject=0x2a0) returned 1 [0036.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.679] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 1 [0036.679] lstrcmpiW (lpString1="Temp", lpString2="Windows") returned -1 [0036.679] lstrcmpiW (lpString1="Temp", lpString2="Program Files") returned 1 [0036.679] lstrcmpiW (lpString1="Temp", lpString2="Program Files (x86)") returned 1 [0036.679] lstrcmpiW (lpString1="Temp", lpString2="$Recycle.bin") returned 1 [0036.679] lstrcmpiW (lpString1="Temp", lpString2="System Volume Information") returned 1 [0036.679] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0036.679] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0036.679] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp") returned 37 [0036.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.679] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp" [0036.679] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\*" [0036.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.679] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.679] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.679] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.679] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.679] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.679] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.679] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.679] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.679] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.679] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.679] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.679] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.679] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.679] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.679] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285a28a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x285a28a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285a28a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sql64AB.tmp", cAlternateFileName="")) returned 1 [0036.679] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="Windows") returned -1 [0036.679] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="Program Files") returned 1 [0036.679] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="Program Files (x86)") returned 1 [0036.679] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="$Recycle.bin") returned 1 [0036.679] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="System Volume Information") returned -1 [0036.680] lstrcmpiW (lpString1="sql64AB.tmp", lpString2=".") returned 1 [0036.680] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="..") returned 1 [0036.680] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp") returned 49 [0036.680] StrStrIW (lpFirst="sql64AB.tmp", lpSrch=".lolkek") returned 0x0 [0036.680] lstrcmpW (lpString1="sql64AB.tmp", lpString2="LOLKEK.txt") returned 1 [0036.680] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp") returned 49 [0036.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc8) returned 0x676100 [0036.680] lstrcpyW (in: lpString1=0x676100, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64AB.tmp" [0036.680] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.680] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.680] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285c8a00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sql64BB.tmp", cAlternateFileName="")) returned 1 [0036.680] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="Windows") returned -1 [0036.680] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="Program Files") returned 1 [0036.680] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="Program Files (x86)") returned 1 [0036.680] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="$Recycle.bin") returned 1 [0036.680] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="System Volume Information") returned -1 [0036.680] lstrcmpiW (lpString1="sql64BB.tmp", lpString2=".") returned 1 [0036.680] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="..") returned 1 [0036.680] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp") returned 49 [0036.680] StrStrIW (lpFirst="sql64BB.tmp", lpSrch=".lolkek") returned 0x0 [0036.680] lstrcmpW (lpString1="sql64BB.tmp", lpString2="LOLKEK.txt") returned 1 [0036.680] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp") returned 49 [0036.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc8) returned 0x6761d0 [0036.680] lstrcpyW (in: lpString1=0x6761d0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\sql64BB.tmp" [0036.680] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.680] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.680] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285c8a00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sql64BB.tmp", cAlternateFileName="")) returned 0 [0036.680] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.680] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\LOLKEK.txt") returned 48 [0036.680] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\Temp\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\rac\\temp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.681] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.681] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.681] CloseHandle (hObject=0x2a0) returned 1 [0036.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.681] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 0 [0036.681] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.681] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\LOLKEK.txt") returned 43 [0036.681] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\RAC\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\rac\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.683] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.683] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.683] CloseHandle (hObject=0x2a8) returned 1 [0036.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.684] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Search", cAlternateFileName="")) returned 1 [0036.684] lstrcmpiW (lpString1="Search", lpString2="Windows") returned -1 [0036.684] lstrcmpiW (lpString1="Search", lpString2="Program Files") returned 1 [0036.684] lstrcmpiW (lpString1="Search", lpString2="Program Files (x86)") returned 1 [0036.684] lstrcmpiW (lpString1="Search", lpString2="$Recycle.bin") returned 1 [0036.684] lstrcmpiW (lpString1="Search", lpString2="System Volume Information") returned -1 [0036.684] lstrcmpiW (lpString1="Search", lpString2=".") returned 1 [0036.684] lstrcmpiW (lpString1="Search", lpString2="..") returned 1 [0036.684] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search") returned 35 [0036.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.684] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Search" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search" [0036.684] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\*" [0036.684] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.685] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.685] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.685] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27df8b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27df8b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.685] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.685] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.685] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.685] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.685] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.685] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.685] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.685] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Data", cAlternateFileName="")) returned 1 [0036.685] lstrcmpiW (lpString1="Data", lpString2="Windows") returned -1 [0036.685] lstrcmpiW (lpString1="Data", lpString2="Program Files") returned -1 [0036.685] lstrcmpiW (lpString1="Data", lpString2="Program Files (x86)") returned -1 [0036.685] lstrcmpiW (lpString1="Data", lpString2="$Recycle.bin") returned 1 [0036.685] lstrcmpiW (lpString1="Data", lpString2="System Volume Information") returned -1 [0036.685] lstrcmpiW (lpString1="Data", lpString2=".") returned 1 [0036.685] lstrcmpiW (lpString1="Data", lpString2="..") returned 1 [0036.685] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data") returned 40 [0036.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.685] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data" [0036.685] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\*" [0036.685] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.685] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.685] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.685] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.686] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.686] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.686] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.686] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.686] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.686] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.686] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.686] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.686] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Applications", cAlternateFileName="APPLIC~1")) returned 1 [0036.686] lstrcmpiW (lpString1="Applications", lpString2="Windows") returned -1 [0036.686] lstrcmpiW (lpString1="Applications", lpString2="Program Files") returned -1 [0036.686] lstrcmpiW (lpString1="Applications", lpString2="Program Files (x86)") returned -1 [0036.686] lstrcmpiW (lpString1="Applications", lpString2="$Recycle.bin") returned 1 [0036.686] lstrcmpiW (lpString1="Applications", lpString2="System Volume Information") returned -1 [0036.686] lstrcmpiW (lpString1="Applications", lpString2=".") returned 1 [0036.686] lstrcmpiW (lpString1="Applications", lpString2="..") returned 1 [0036.686] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications") returned 53 [0036.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.686] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications" [0036.686] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\*" [0036.686] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.687] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.687] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.687] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.687] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.687] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.687] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.687] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.687] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.687] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.687] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.687] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.687] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.687] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.687] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.687] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0036.687] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0036.687] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 0 [0036.687] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.687] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\LOLKEK.txt") returned 64 [0036.687] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Applications\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\search\\data\\applications\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.688] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.688] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.688] CloseHandle (hObject=0x270) returned 1 [0036.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.689] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e1ecc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 1 [0036.689] lstrcmpiW (lpString1="Temp", lpString2="Windows") returned -1 [0036.689] lstrcmpiW (lpString1="Temp", lpString2="Program Files") returned 1 [0036.689] lstrcmpiW (lpString1="Temp", lpString2="Program Files (x86)") returned 1 [0036.689] lstrcmpiW (lpString1="Temp", lpString2="$Recycle.bin") returned 1 [0036.689] lstrcmpiW (lpString1="Temp", lpString2="System Volume Information") returned 1 [0036.689] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0036.689] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0036.689] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp") returned 45 [0036.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.689] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp" [0036.689] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\*" [0036.689] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.689] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.689] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.689] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.689] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.689] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.689] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.689] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.689] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.689] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.689] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.689] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.689] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.689] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.689] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.689] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.689] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.690] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\LOLKEK.txt") returned 56 [0036.690] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\search\\data\\temp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.690] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.690] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.690] CloseHandle (hObject=0x270) returned 1 [0036.690] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.690] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e1ecc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e1ecc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 0 [0036.691] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.691] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\LOLKEK.txt") returned 51 [0036.691] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\Data\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\search\\data\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.691] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.691] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.691] CloseHandle (hObject=0x2a0) returned 1 [0036.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.692] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Data", cAlternateFileName="")) returned 0 [0036.692] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.692] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\LOLKEK.txt") returned 46 [0036.692] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Search\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\search\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.694] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.694] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.695] CloseHandle (hObject=0x2a8) returned 1 [0036.695] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.695] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0036.695] lstrcmpiW (lpString1="User Account Pictures", lpString2="Windows") returned -1 [0036.695] lstrcmpiW (lpString1="User Account Pictures", lpString2="Program Files") returned 1 [0036.695] lstrcmpiW (lpString1="User Account Pictures", lpString2="Program Files (x86)") returned 1 [0036.695] lstrcmpiW (lpString1="User Account Pictures", lpString2="$Recycle.bin") returned 1 [0036.695] lstrcmpiW (lpString1="User Account Pictures", lpString2="System Volume Information") returned 1 [0036.695] lstrcmpiW (lpString1="User Account Pictures", lpString2=".") returned 1 [0036.695] lstrcmpiW (lpString1="User Account Pictures", lpString2="..") returned 1 [0036.695] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures") returned 50 [0036.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.695] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures" [0036.695] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\*" [0036.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.695] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.695] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.695] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.695] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.695] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.695] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.695] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.695] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.695] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.695] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.696] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.696] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.696] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.696] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.696] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29423840, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29423840, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5p5NrGJn0jS HALPmcxz.dat", cAlternateFileName="5P5NRG~1.DAT")) returned 1 [0036.696] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2="Windows") returned -1 [0036.696] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2="Program Files") returned -1 [0036.696] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2="Program Files (x86)") returned -1 [0036.696] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2="$Recycle.bin") returned 1 [0036.696] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2="System Volume Information") returned -1 [0036.696] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2=".") returned 1 [0036.696] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2="..") returned 1 [0036.696] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat") returned 75 [0036.696] StrStrIW (lpFirst="5p5NrGJn0jS HALPmcxz.dat", lpSrch=".lolkek") returned 0x0 [0036.696] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz.dat", lpString2="LOLKEK.txt") returned -1 [0036.696] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat") returned 75 [0036.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x6762a0 [0036.696] lstrcpyW (in: lpString1=0x6762a0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat" [0036.696] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.696] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.696] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0036.696] lstrcmpiW (lpString1="Default Pictures", lpString2="Windows") returned -1 [0036.696] lstrcmpiW (lpString1="Default Pictures", lpString2="Program Files") returned -1 [0036.696] lstrcmpiW (lpString1="Default Pictures", lpString2="Program Files (x86)") returned -1 [0036.696] lstrcmpiW (lpString1="Default Pictures", lpString2="$Recycle.bin") returned 1 [0036.696] lstrcmpiW (lpString1="Default Pictures", lpString2="System Volume Information") returned -1 [0036.696] lstrcmpiW (lpString1="Default Pictures", lpString2=".") returned 1 [0036.696] lstrcmpiW (lpString1="Default Pictures", lpString2="..") returned 1 [0036.696] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures") returned 67 [0036.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.696] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures" [0036.696] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*" [0036.696] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.699] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.699] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.699] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.699] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.699] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.699] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.699] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80366a76, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80366a76, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.699] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.699] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.699] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.699] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.699] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.699] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.699] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.699] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xda0a8861, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile10.bmp", cAlternateFileName="")) returned 1 [0036.699] lstrcmpiW (lpString1="usertile10.bmp", lpString2="Windows") returned -1 [0036.699] lstrcmpiW (lpString1="usertile10.bmp", lpString2="Program Files") returned 1 [0036.699] lstrcmpiW (lpString1="usertile10.bmp", lpString2="Program Files (x86)") returned 1 [0036.699] lstrcmpiW (lpString1="usertile10.bmp", lpString2="$Recycle.bin") returned 1 [0036.699] lstrcmpiW (lpString1="usertile10.bmp", lpString2="System Volume Information") returned 1 [0036.699] lstrcmpiW (lpString1="usertile10.bmp", lpString2=".") returned 1 [0036.699] lstrcmpiW (lpString1="usertile10.bmp", lpString2="..") returned 1 [0036.699] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp") returned 82 [0036.699] StrStrIW (lpFirst="usertile10.bmp", lpSrch=".lolkek") returned 0x0 [0036.699] lstrcmpW (lpString1="usertile10.bmp", lpString2="LOLKEK.txt") returned 1 [0036.699] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp") returned 82 [0036.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x6763d8 [0036.699] lstrcpyW (in: lpString1=0x6763d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" [0036.699] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.699] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.699] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb5a2927, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile11.bmp", cAlternateFileName="")) returned 1 [0036.699] lstrcmpiW (lpString1="usertile11.bmp", lpString2="Windows") returned -1 [0036.699] lstrcmpiW (lpString1="usertile11.bmp", lpString2="Program Files") returned 1 [0036.699] lstrcmpiW (lpString1="usertile11.bmp", lpString2="Program Files (x86)") returned 1 [0036.699] lstrcmpiW (lpString1="usertile11.bmp", lpString2="$Recycle.bin") returned 1 [0036.699] lstrcmpiW (lpString1="usertile11.bmp", lpString2="System Volume Information") returned 1 [0036.700] lstrcmpiW (lpString1="usertile11.bmp", lpString2=".") returned 1 [0036.700] lstrcmpiW (lpString1="usertile11.bmp", lpString2="..") returned 1 [0036.700] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp") returned 82 [0036.700] StrStrIW (lpFirst="usertile11.bmp", lpSrch=".lolkek") returned 0x0 [0036.700] lstrcmpW (lpString1="usertile11.bmp", lpString2="LOLKEK.txt") returned 1 [0036.700] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp") returned 82 [0036.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x676530 [0036.700] lstrcpyW (in: lpString1=0x676530, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" [0036.700] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.700] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.700] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2755d1, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2755d1, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb6d3417, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile12.bmp", cAlternateFileName="")) returned 1 [0036.700] lstrcmpiW (lpString1="usertile12.bmp", lpString2="Windows") returned -1 [0036.700] lstrcmpiW (lpString1="usertile12.bmp", lpString2="Program Files") returned 1 [0036.700] lstrcmpiW (lpString1="usertile12.bmp", lpString2="Program Files (x86)") returned 1 [0036.700] lstrcmpiW (lpString1="usertile12.bmp", lpString2="$Recycle.bin") returned 1 [0036.700] lstrcmpiW (lpString1="usertile12.bmp", lpString2="System Volume Information") returned 1 [0036.700] lstrcmpiW (lpString1="usertile12.bmp", lpString2=".") returned 1 [0036.700] lstrcmpiW (lpString1="usertile12.bmp", lpString2="..") returned 1 [0036.700] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp") returned 82 [0036.700] StrStrIW (lpFirst="usertile12.bmp", lpSrch=".lolkek") returned 0x0 [0036.700] lstrcmpW (lpString1="usertile12.bmp", lpString2="LOLKEK.txt") returned 1 [0036.700] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp") returned 82 [0036.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x676688 [0036.700] lstrcpyW (in: lpString1=0x676688, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" [0036.700] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.700] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.700] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae29b72e, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae29b72e, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb76b98f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xbeb8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile13.bmp", cAlternateFileName="")) returned 1 [0036.700] lstrcmpiW (lpString1="usertile13.bmp", lpString2="Windows") returned -1 [0036.700] lstrcmpiW (lpString1="usertile13.bmp", lpString2="Program Files") returned 1 [0036.700] lstrcmpiW (lpString1="usertile13.bmp", lpString2="Program Files (x86)") returned 1 [0036.700] lstrcmpiW (lpString1="usertile13.bmp", lpString2="$Recycle.bin") returned 1 [0036.700] lstrcmpiW (lpString1="usertile13.bmp", lpString2="System Volume Information") returned 1 [0036.700] lstrcmpiW (lpString1="usertile13.bmp", lpString2=".") returned 1 [0036.700] lstrcmpiW (lpString1="usertile13.bmp", lpString2="..") returned 1 [0036.700] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp") returned 82 [0036.700] StrStrIW (lpFirst="usertile13.bmp", lpSrch=".lolkek") returned 0x0 [0036.700] lstrcmpW (lpString1="usertile13.bmp", lpString2="LOLKEK.txt") returned 1 [0036.700] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp") returned 82 [0036.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x6767e0 [0036.701] lstrcpyW (in: lpString1=0x6767e0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" [0036.701] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.701] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.701] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb82a065, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile14.bmp", cAlternateFileName="")) returned 1 [0036.701] lstrcmpiW (lpString1="usertile14.bmp", lpString2="Windows") returned -1 [0036.701] lstrcmpiW (lpString1="usertile14.bmp", lpString2="Program Files") returned 1 [0036.701] lstrcmpiW (lpString1="usertile14.bmp", lpString2="Program Files (x86)") returned 1 [0036.701] lstrcmpiW (lpString1="usertile14.bmp", lpString2="$Recycle.bin") returned 1 [0036.701] lstrcmpiW (lpString1="usertile14.bmp", lpString2="System Volume Information") returned 1 [0036.701] lstrcmpiW (lpString1="usertile14.bmp", lpString2=".") returned 1 [0036.701] lstrcmpiW (lpString1="usertile14.bmp", lpString2="..") returned 1 [0036.701] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp") returned 82 [0036.701] StrStrIW (lpFirst="usertile14.bmp", lpSrch=".lolkek") returned 0x0 [0036.701] lstrcmpW (lpString1="usertile14.bmp", lpString2="LOLKEK.txt") returned 1 [0036.701] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp") returned 82 [0036.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x676938 [0036.701] lstrcpyW (in: lpString1=0x676938, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" [0036.701] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.701] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.701] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdbb95fd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile15.bmp", cAlternateFileName="")) returned 1 [0036.701] lstrcmpiW (lpString1="usertile15.bmp", lpString2="Windows") returned -1 [0036.701] lstrcmpiW (lpString1="usertile15.bmp", lpString2="Program Files") returned 1 [0036.701] lstrcmpiW (lpString1="usertile15.bmp", lpString2="Program Files (x86)") returned 1 [0036.701] lstrcmpiW (lpString1="usertile15.bmp", lpString2="$Recycle.bin") returned 1 [0036.701] lstrcmpiW (lpString1="usertile15.bmp", lpString2="System Volume Information") returned 1 [0036.701] lstrcmpiW (lpString1="usertile15.bmp", lpString2=".") returned 1 [0036.701] lstrcmpiW (lpString1="usertile15.bmp", lpString2="..") returned 1 [0036.701] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp") returned 82 [0036.701] StrStrIW (lpFirst="usertile15.bmp", lpSrch=".lolkek") returned 0x0 [0036.701] lstrcmpW (lpString1="usertile15.bmp", lpString2="LOLKEK.txt") returned 1 [0036.701] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp") returned 82 [0036.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x676a90 [0036.701] lstrcpyW (in: lpString1=0x676a90, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" [0036.701] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.701] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.702] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae30db45, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae30db45, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdca9c9ed, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile16.bmp", cAlternateFileName="")) returned 1 [0036.702] lstrcmpiW (lpString1="usertile16.bmp", lpString2="Windows") returned -1 [0036.702] lstrcmpiW (lpString1="usertile16.bmp", lpString2="Program Files") returned 1 [0036.702] lstrcmpiW (lpString1="usertile16.bmp", lpString2="Program Files (x86)") returned 1 [0036.702] lstrcmpiW (lpString1="usertile16.bmp", lpString2="$Recycle.bin") returned 1 [0036.702] lstrcmpiW (lpString1="usertile16.bmp", lpString2="System Volume Information") returned 1 [0036.702] lstrcmpiW (lpString1="usertile16.bmp", lpString2=".") returned 1 [0036.702] lstrcmpiW (lpString1="usertile16.bmp", lpString2="..") returned 1 [0036.702] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp") returned 82 [0036.702] StrStrIW (lpFirst="usertile16.bmp", lpSrch=".lolkek") returned 0x0 [0036.702] lstrcmpW (lpString1="usertile16.bmp", lpString2="LOLKEK.txt") returned 1 [0036.702] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp") returned 82 [0036.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x676be8 [0036.702] lstrcpyW (in: lpString1=0x676be8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" [0036.702] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.702] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.702] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc3f8f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile17.bmp", cAlternateFileName="")) returned 1 [0036.702] lstrcmpiW (lpString1="usertile17.bmp", lpString2="Windows") returned -1 [0036.702] lstrcmpiW (lpString1="usertile17.bmp", lpString2="Program Files") returned 1 [0036.702] lstrcmpiW (lpString1="usertile17.bmp", lpString2="Program Files (x86)") returned 1 [0036.702] lstrcmpiW (lpString1="usertile17.bmp", lpString2="$Recycle.bin") returned 1 [0036.702] lstrcmpiW (lpString1="usertile17.bmp", lpString2="System Volume Information") returned 1 [0036.702] lstrcmpiW (lpString1="usertile17.bmp", lpString2=".") returned 1 [0036.702] lstrcmpiW (lpString1="usertile17.bmp", lpString2="..") returned 1 [0036.702] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp") returned 82 [0036.702] StrStrIW (lpFirst="usertile17.bmp", lpSrch=".lolkek") returned 0x0 [0036.702] lstrcmpW (lpString1="usertile17.bmp", lpString2="LOLKEK.txt") returned 1 [0036.702] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp") returned 82 [0036.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x613e50 [0036.702] lstrcpyW (in: lpString1=0x613e50, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" [0036.702] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.702] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.702] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc65a55, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile18.bmp", cAlternateFileName="")) returned 1 [0036.702] lstrcmpiW (lpString1="usertile18.bmp", lpString2="Windows") returned -1 [0036.702] lstrcmpiW (lpString1="usertile18.bmp", lpString2="Program Files") returned 1 [0036.702] lstrcmpiW (lpString1="usertile18.bmp", lpString2="Program Files (x86)") returned 1 [0036.702] lstrcmpiW (lpString1="usertile18.bmp", lpString2="$Recycle.bin") returned 1 [0036.702] lstrcmpiW (lpString1="usertile18.bmp", lpString2="System Volume Information") returned 1 [0036.703] lstrcmpiW (lpString1="usertile18.bmp", lpString2=".") returned 1 [0036.703] lstrcmpiW (lpString1="usertile18.bmp", lpString2="..") returned 1 [0036.703] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp") returned 82 [0036.703] StrStrIW (lpFirst="usertile18.bmp", lpSrch=".lolkek") returned 0x0 [0036.703] lstrcmpW (lpString1="usertile18.bmp", lpString2="LOLKEK.txt") returned 1 [0036.703] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp") returned 82 [0036.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x613fa8 [0036.703] lstrcpyW (in: lpString1=0x613fa8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" [0036.703] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.703] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.703] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae359dff, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae359dff, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc8bbb3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile19.bmp", cAlternateFileName="")) returned 1 [0036.703] lstrcmpiW (lpString1="usertile19.bmp", lpString2="Windows") returned -1 [0036.703] lstrcmpiW (lpString1="usertile19.bmp", lpString2="Program Files") returned 1 [0036.703] lstrcmpiW (lpString1="usertile19.bmp", lpString2="Program Files (x86)") returned 1 [0036.703] lstrcmpiW (lpString1="usertile19.bmp", lpString2="$Recycle.bin") returned 1 [0036.703] lstrcmpiW (lpString1="usertile19.bmp", lpString2="System Volume Information") returned 1 [0036.703] lstrcmpiW (lpString1="usertile19.bmp", lpString2=".") returned 1 [0036.703] lstrcmpiW (lpString1="usertile19.bmp", lpString2="..") returned 1 [0036.703] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp") returned 82 [0036.703] StrStrIW (lpFirst="usertile19.bmp", lpSrch=".lolkek") returned 0x0 [0036.703] lstrcmpW (lpString1="usertile19.bmp", lpString2="LOLKEK.txt") returned 1 [0036.703] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp") returned 82 [0036.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614100 [0036.703] lstrcpyW (in: lpString1=0x614100, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" [0036.703] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.703] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.703] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae37ff5c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae37ff5c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdccb1d11, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile20.bmp", cAlternateFileName="")) returned 1 [0036.703] lstrcmpiW (lpString1="usertile20.bmp", lpString2="Windows") returned -1 [0036.703] lstrcmpiW (lpString1="usertile20.bmp", lpString2="Program Files") returned 1 [0036.703] lstrcmpiW (lpString1="usertile20.bmp", lpString2="Program Files (x86)") returned 1 [0036.703] lstrcmpiW (lpString1="usertile20.bmp", lpString2="$Recycle.bin") returned 1 [0036.703] lstrcmpiW (lpString1="usertile20.bmp", lpString2="System Volume Information") returned 1 [0036.703] lstrcmpiW (lpString1="usertile20.bmp", lpString2=".") returned 1 [0036.703] lstrcmpiW (lpString1="usertile20.bmp", lpString2="..") returned 1 [0036.703] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp") returned 82 [0036.703] StrStrIW (lpFirst="usertile20.bmp", lpSrch=".lolkek") returned 0x0 [0036.703] lstrcmpW (lpString1="usertile20.bmp", lpString2="LOLKEK.txt") returned 1 [0036.703] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp") returned 82 [0036.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614258 [0036.704] lstrcpyW (in: lpString1=0x614258, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" [0036.704] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.704] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.704] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd069f3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile21.bmp", cAlternateFileName="")) returned 1 [0036.704] lstrcmpiW (lpString1="usertile21.bmp", lpString2="Windows") returned -1 [0036.704] lstrcmpiW (lpString1="usertile21.bmp", lpString2="Program Files") returned 1 [0036.704] lstrcmpiW (lpString1="usertile21.bmp", lpString2="Program Files (x86)") returned 1 [0036.704] lstrcmpiW (lpString1="usertile21.bmp", lpString2="$Recycle.bin") returned 1 [0036.704] lstrcmpiW (lpString1="usertile21.bmp", lpString2="System Volume Information") returned 1 [0036.704] lstrcmpiW (lpString1="usertile21.bmp", lpString2=".") returned 1 [0036.704] lstrcmpiW (lpString1="usertile21.bmp", lpString2="..") returned 1 [0036.704] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp") returned 82 [0036.704] StrStrIW (lpFirst="usertile21.bmp", lpSrch=".lolkek") returned 0x0 [0036.704] lstrcmpW (lpString1="usertile21.bmp", lpString2="LOLKEK.txt") returned 1 [0036.704] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp") returned 82 [0036.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x6143b0 [0036.704] lstrcpyW (in: lpString1=0x6143b0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" [0036.704] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.704] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.704] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd09009d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile22.bmp", cAlternateFileName="")) returned 1 [0036.704] lstrcmpiW (lpString1="usertile22.bmp", lpString2="Windows") returned -1 [0036.704] lstrcmpiW (lpString1="usertile22.bmp", lpString2="Program Files") returned 1 [0036.704] lstrcmpiW (lpString1="usertile22.bmp", lpString2="Program Files (x86)") returned 1 [0036.704] lstrcmpiW (lpString1="usertile22.bmp", lpString2="$Recycle.bin") returned 1 [0036.704] lstrcmpiW (lpString1="usertile22.bmp", lpString2="System Volume Information") returned 1 [0036.704] lstrcmpiW (lpString1="usertile22.bmp", lpString2=".") returned 1 [0036.704] lstrcmpiW (lpString1="usertile22.bmp", lpString2="..") returned 1 [0036.704] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp") returned 82 [0036.704] StrStrIW (lpFirst="usertile22.bmp", lpSrch=".lolkek") returned 0x0 [0036.704] lstrcmpW (lpString1="usertile22.bmp", lpString2="LOLKEK.txt") returned 1 [0036.704] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp") returned 82 [0036.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614508 [0036.704] lstrcpyW (in: lpString1=0x614508, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" [0036.704] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.705] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.705] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3cc216, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3cc216, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd0b61fb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile23.bmp", cAlternateFileName="")) returned 1 [0036.705] lstrcmpiW (lpString1="usertile23.bmp", lpString2="Windows") returned -1 [0036.705] lstrcmpiW (lpString1="usertile23.bmp", lpString2="Program Files") returned 1 [0036.705] lstrcmpiW (lpString1="usertile23.bmp", lpString2="Program Files (x86)") returned 1 [0036.705] lstrcmpiW (lpString1="usertile23.bmp", lpString2="$Recycle.bin") returned 1 [0036.705] lstrcmpiW (lpString1="usertile23.bmp", lpString2="System Volume Information") returned 1 [0036.705] lstrcmpiW (lpString1="usertile23.bmp", lpString2=".") returned 1 [0036.705] lstrcmpiW (lpString1="usertile23.bmp", lpString2="..") returned 1 [0036.705] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp") returned 82 [0036.705] StrStrIW (lpFirst="usertile23.bmp", lpSrch=".lolkek") returned 0x0 [0036.705] lstrcmpW (lpString1="usertile23.bmp", lpString2="LOLKEK.txt") returned 1 [0036.705] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp") returned 82 [0036.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614660 [0036.705] lstrcpyW (in: lpString1=0x614660, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" [0036.705] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.705] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.705] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd232fa7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile24.bmp", cAlternateFileName="")) returned 1 [0036.705] lstrcmpiW (lpString1="usertile24.bmp", lpString2="Windows") returned -1 [0036.705] lstrcmpiW (lpString1="usertile24.bmp", lpString2="Program Files") returned 1 [0036.705] lstrcmpiW (lpString1="usertile24.bmp", lpString2="Program Files (x86)") returned 1 [0036.705] lstrcmpiW (lpString1="usertile24.bmp", lpString2="$Recycle.bin") returned 1 [0036.705] lstrcmpiW (lpString1="usertile24.bmp", lpString2="System Volume Information") returned 1 [0036.705] lstrcmpiW (lpString1="usertile24.bmp", lpString2=".") returned 1 [0036.705] lstrcmpiW (lpString1="usertile24.bmp", lpString2="..") returned 1 [0036.705] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp") returned 82 [0036.705] StrStrIW (lpFirst="usertile24.bmp", lpSrch=".lolkek") returned 0x0 [0036.705] lstrcmpW (lpString1="usertile24.bmp", lpString2="LOLKEK.txt") returned 1 [0036.705] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp") returned 82 [0036.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x6147b8 [0036.705] lstrcpyW (in: lpString1=0x6147b8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" [0036.705] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.705] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.705] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd259105, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile25.bmp", cAlternateFileName="")) returned 1 [0036.705] lstrcmpiW (lpString1="usertile25.bmp", lpString2="Windows") returned -1 [0036.705] lstrcmpiW (lpString1="usertile25.bmp", lpString2="Program Files") returned 1 [0036.705] lstrcmpiW (lpString1="usertile25.bmp", lpString2="Program Files (x86)") returned 1 [0036.705] lstrcmpiW (lpString1="usertile25.bmp", lpString2="$Recycle.bin") returned 1 [0036.706] lstrcmpiW (lpString1="usertile25.bmp", lpString2="System Volume Information") returned 1 [0036.706] lstrcmpiW (lpString1="usertile25.bmp", lpString2=".") returned 1 [0036.706] lstrcmpiW (lpString1="usertile25.bmp", lpString2="..") returned 1 [0036.706] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp") returned 82 [0036.706] StrStrIW (lpFirst="usertile25.bmp", lpSrch=".lolkek") returned 0x0 [0036.706] lstrcmpW (lpString1="usertile25.bmp", lpString2="LOLKEK.txt") returned 1 [0036.706] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp") returned 82 [0036.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614910 [0036.706] lstrcpyW (in: lpString1=0x614910, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" [0036.706] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.706] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.706] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd27f263, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile26.bmp", cAlternateFileName="")) returned 1 [0036.706] lstrcmpiW (lpString1="usertile26.bmp", lpString2="Windows") returned -1 [0036.706] lstrcmpiW (lpString1="usertile26.bmp", lpString2="Program Files") returned 1 [0036.706] lstrcmpiW (lpString1="usertile26.bmp", lpString2="Program Files (x86)") returned 1 [0036.706] lstrcmpiW (lpString1="usertile26.bmp", lpString2="$Recycle.bin") returned 1 [0036.706] lstrcmpiW (lpString1="usertile26.bmp", lpString2="System Volume Information") returned 1 [0036.706] lstrcmpiW (lpString1="usertile26.bmp", lpString2=".") returned 1 [0036.706] lstrcmpiW (lpString1="usertile26.bmp", lpString2="..") returned 1 [0036.706] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp") returned 82 [0036.706] StrStrIW (lpFirst="usertile26.bmp", lpSrch=".lolkek") returned 0x0 [0036.706] lstrcmpW (lpString1="usertile26.bmp", lpString2="LOLKEK.txt") returned 1 [0036.706] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp") returned 82 [0036.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614a68 [0036.706] lstrcpyW (in: lpString1=0x614a68, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" [0036.706] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.706] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.706] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4184d0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4184d0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd2a53c1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile27.bmp", cAlternateFileName="")) returned 1 [0036.706] lstrcmpiW (lpString1="usertile27.bmp", lpString2="Windows") returned -1 [0036.706] lstrcmpiW (lpString1="usertile27.bmp", lpString2="Program Files") returned 1 [0036.706] lstrcmpiW (lpString1="usertile27.bmp", lpString2="Program Files (x86)") returned 1 [0036.706] lstrcmpiW (lpString1="usertile27.bmp", lpString2="$Recycle.bin") returned 1 [0036.706] lstrcmpiW (lpString1="usertile27.bmp", lpString2="System Volume Information") returned 1 [0036.706] lstrcmpiW (lpString1="usertile27.bmp", lpString2=".") returned 1 [0036.706] lstrcmpiW (lpString1="usertile27.bmp", lpString2="..") returned 1 [0036.706] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp") returned 82 [0036.706] StrStrIW (lpFirst="usertile27.bmp", lpSrch=".lolkek") returned 0x0 [0036.706] lstrcmpW (lpString1="usertile27.bmp", lpString2="LOLKEK.txt") returned 1 [0036.707] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp") returned 82 [0036.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614bc0 [0036.707] lstrcpyW (in: lpString1=0x614bc0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" [0036.707] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.707] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.707] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3177db, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile28.bmp", cAlternateFileName="")) returned 1 [0036.707] lstrcmpiW (lpString1="usertile28.bmp", lpString2="Windows") returned -1 [0036.707] lstrcmpiW (lpString1="usertile28.bmp", lpString2="Program Files") returned 1 [0036.707] lstrcmpiW (lpString1="usertile28.bmp", lpString2="Program Files (x86)") returned 1 [0036.707] lstrcmpiW (lpString1="usertile28.bmp", lpString2="$Recycle.bin") returned 1 [0036.707] lstrcmpiW (lpString1="usertile28.bmp", lpString2="System Volume Information") returned 1 [0036.707] lstrcmpiW (lpString1="usertile28.bmp", lpString2=".") returned 1 [0036.707] lstrcmpiW (lpString1="usertile28.bmp", lpString2="..") returned 1 [0036.707] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp") returned 82 [0036.707] StrStrIW (lpFirst="usertile28.bmp", lpSrch=".lolkek") returned 0x0 [0036.707] lstrcmpW (lpString1="usertile28.bmp", lpString2="LOLKEK.txt") returned 1 [0036.707] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp") returned 82 [0036.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614d18 [0036.707] lstrcpyW (in: lpString1=0x614d18, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" [0036.707] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.707] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.707] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd33d939, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile29.bmp", cAlternateFileName="")) returned 1 [0036.707] lstrcmpiW (lpString1="usertile29.bmp", lpString2="Windows") returned -1 [0036.707] lstrcmpiW (lpString1="usertile29.bmp", lpString2="Program Files") returned 1 [0036.707] lstrcmpiW (lpString1="usertile29.bmp", lpString2="Program Files (x86)") returned 1 [0036.707] lstrcmpiW (lpString1="usertile29.bmp", lpString2="$Recycle.bin") returned 1 [0036.707] lstrcmpiW (lpString1="usertile29.bmp", lpString2="System Volume Information") returned 1 [0036.707] lstrcmpiW (lpString1="usertile29.bmp", lpString2=".") returned 1 [0036.707] lstrcmpiW (lpString1="usertile29.bmp", lpString2="..") returned 1 [0036.707] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp") returned 82 [0036.707] StrStrIW (lpFirst="usertile29.bmp", lpSrch=".lolkek") returned 0x0 [0036.707] lstrcmpW (lpString1="usertile29.bmp", lpString2="LOLKEK.txt") returned 1 [0036.707] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp") returned 82 [0036.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614e70 [0036.707] lstrcpyW (in: lpString1=0x614e70, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" [0036.707] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.707] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.708] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae46478a, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae46478a, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile30.bmp", cAlternateFileName="")) returned 1 [0036.708] lstrcmpiW (lpString1="usertile30.bmp", lpString2="Windows") returned -1 [0036.708] lstrcmpiW (lpString1="usertile30.bmp", lpString2="Program Files") returned 1 [0036.708] lstrcmpiW (lpString1="usertile30.bmp", lpString2="Program Files (x86)") returned 1 [0036.708] lstrcmpiW (lpString1="usertile30.bmp", lpString2="$Recycle.bin") returned 1 [0036.708] lstrcmpiW (lpString1="usertile30.bmp", lpString2="System Volume Information") returned 1 [0036.708] lstrcmpiW (lpString1="usertile30.bmp", lpString2=".") returned 1 [0036.708] lstrcmpiW (lpString1="usertile30.bmp", lpString2="..") returned 1 [0036.708] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp") returned 82 [0036.708] StrStrIW (lpFirst="usertile30.bmp", lpSrch=".lolkek") returned 0x0 [0036.708] lstrcmpW (lpString1="usertile30.bmp", lpString2="LOLKEK.txt") returned 1 [0036.708] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp") returned 82 [0036.708] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x614fc8 [0036.708] lstrcpyW (in: lpString1=0x614fc8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" [0036.708] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.708] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.708] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile31.bmp", cAlternateFileName="")) returned 1 [0036.708] lstrcmpiW (lpString1="usertile31.bmp", lpString2="Windows") returned -1 [0036.708] lstrcmpiW (lpString1="usertile31.bmp", lpString2="Program Files") returned 1 [0036.708] lstrcmpiW (lpString1="usertile31.bmp", lpString2="Program Files (x86)") returned 1 [0036.708] lstrcmpiW (lpString1="usertile31.bmp", lpString2="$Recycle.bin") returned 1 [0036.708] lstrcmpiW (lpString1="usertile31.bmp", lpString2="System Volume Information") returned 1 [0036.708] lstrcmpiW (lpString1="usertile31.bmp", lpString2=".") returned 1 [0036.708] lstrcmpiW (lpString1="usertile31.bmp", lpString2="..") returned 1 [0036.708] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp") returned 82 [0036.708] StrStrIW (lpFirst="usertile31.bmp", lpSrch=".lolkek") returned 0x0 [0036.708] lstrcmpW (lpString1="usertile31.bmp", lpString2="LOLKEK.txt") returned 1 [0036.708] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp") returned 82 [0036.708] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x615120 [0036.708] lstrcpyW (in: lpString1=0x615120, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" [0036.708] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.708] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.708] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd42216d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile32.bmp", cAlternateFileName="")) returned 1 [0036.708] lstrcmpiW (lpString1="usertile32.bmp", lpString2="Windows") returned -1 [0036.708] lstrcmpiW (lpString1="usertile32.bmp", lpString2="Program Files") returned 1 [0036.708] lstrcmpiW (lpString1="usertile32.bmp", lpString2="Program Files (x86)") returned 1 [0036.709] lstrcmpiW (lpString1="usertile32.bmp", lpString2="$Recycle.bin") returned 1 [0036.709] lstrcmpiW (lpString1="usertile32.bmp", lpString2="System Volume Information") returned 1 [0036.709] lstrcmpiW (lpString1="usertile32.bmp", lpString2=".") returned 1 [0036.709] lstrcmpiW (lpString1="usertile32.bmp", lpString2="..") returned 1 [0036.709] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp") returned 82 [0036.709] StrStrIW (lpFirst="usertile32.bmp", lpSrch=".lolkek") returned 0x0 [0036.709] lstrcmpW (lpString1="usertile32.bmp", lpString2="LOLKEK.txt") returned 1 [0036.709] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp") returned 82 [0036.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x615278 [0036.709] lstrcpyW (in: lpString1=0x615278, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" [0036.709] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.709] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.709] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4b0a44, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4b0a44, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd4482cb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile33.bmp", cAlternateFileName="")) returned 1 [0036.709] lstrcmpiW (lpString1="usertile33.bmp", lpString2="Windows") returned -1 [0036.709] lstrcmpiW (lpString1="usertile33.bmp", lpString2="Program Files") returned 1 [0036.709] lstrcmpiW (lpString1="usertile33.bmp", lpString2="Program Files (x86)") returned 1 [0036.709] lstrcmpiW (lpString1="usertile33.bmp", lpString2="$Recycle.bin") returned 1 [0036.709] lstrcmpiW (lpString1="usertile33.bmp", lpString2="System Volume Information") returned 1 [0036.709] lstrcmpiW (lpString1="usertile33.bmp", lpString2=".") returned 1 [0036.709] lstrcmpiW (lpString1="usertile33.bmp", lpString2="..") returned 1 [0036.709] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp") returned 82 [0036.709] StrStrIW (lpFirst="usertile33.bmp", lpSrch=".lolkek") returned 0x0 [0036.709] lstrcmpW (lpString1="usertile33.bmp", lpString2="LOLKEK.txt") returned 1 [0036.709] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp") returned 82 [0036.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x6153d0 [0036.709] lstrcpyW (in: lpString1=0x6153d0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" [0036.709] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.709] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.709] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9c9561, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile34.bmp", cAlternateFileName="")) returned 1 [0036.709] lstrcmpiW (lpString1="usertile34.bmp", lpString2="Windows") returned -1 [0036.709] lstrcmpiW (lpString1="usertile34.bmp", lpString2="Program Files") returned 1 [0036.709] lstrcmpiW (lpString1="usertile34.bmp", lpString2="Program Files (x86)") returned 1 [0036.709] lstrcmpiW (lpString1="usertile34.bmp", lpString2="$Recycle.bin") returned 1 [0036.709] lstrcmpiW (lpString1="usertile34.bmp", lpString2="System Volume Information") returned 1 [0036.709] lstrcmpiW (lpString1="usertile34.bmp", lpString2=".") returned 1 [0036.709] lstrcmpiW (lpString1="usertile34.bmp", lpString2="..") returned 1 [0036.709] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp") returned 82 [0036.709] StrStrIW (lpFirst="usertile34.bmp", lpSrch=".lolkek") returned 0x0 [0036.709] lstrcmpW (lpString1="usertile34.bmp", lpString2="LOLKEK.txt") returned 1 [0036.710] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp") returned 82 [0036.710] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x615528 [0036.710] lstrcpyW (in: lpString1=0x615528, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" [0036.710] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.710] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.710] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile35.bmp", cAlternateFileName="")) returned 1 [0036.710] lstrcmpiW (lpString1="usertile35.bmp", lpString2="Windows") returned -1 [0036.710] lstrcmpiW (lpString1="usertile35.bmp", lpString2="Program Files") returned 1 [0036.710] lstrcmpiW (lpString1="usertile35.bmp", lpString2="Program Files (x86)") returned 1 [0036.710] lstrcmpiW (lpString1="usertile35.bmp", lpString2="$Recycle.bin") returned 1 [0036.710] lstrcmpiW (lpString1="usertile35.bmp", lpString2="System Volume Information") returned 1 [0036.710] lstrcmpiW (lpString1="usertile35.bmp", lpString2=".") returned 1 [0036.710] lstrcmpiW (lpString1="usertile35.bmp", lpString2="..") returned 1 [0036.710] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp") returned 82 [0036.710] StrStrIW (lpFirst="usertile35.bmp", lpSrch=".lolkek") returned 0x0 [0036.710] lstrcmpW (lpString1="usertile35.bmp", lpString2="LOLKEK.txt") returned 1 [0036.710] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp") returned 82 [0036.710] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x615680 [0036.710] lstrcpyW (in: lpString1=0x615680, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" [0036.710] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.710] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.710] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae548fb8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae548fb8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile36.bmp", cAlternateFileName="")) returned 1 [0036.710] lstrcmpiW (lpString1="usertile36.bmp", lpString2="Windows") returned -1 [0036.710] lstrcmpiW (lpString1="usertile36.bmp", lpString2="Program Files") returned 1 [0036.710] lstrcmpiW (lpString1="usertile36.bmp", lpString2="Program Files (x86)") returned 1 [0036.710] lstrcmpiW (lpString1="usertile36.bmp", lpString2="$Recycle.bin") returned 1 [0036.710] lstrcmpiW (lpString1="usertile36.bmp", lpString2="System Volume Information") returned 1 [0036.710] lstrcmpiW (lpString1="usertile36.bmp", lpString2=".") returned 1 [0036.710] lstrcmpiW (lpString1="usertile36.bmp", lpString2="..") returned 1 [0036.710] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp") returned 82 [0036.710] StrStrIW (lpFirst="usertile36.bmp", lpSrch=".lolkek") returned 0x0 [0036.710] lstrcmpW (lpString1="usertile36.bmp", lpString2="LOLKEK.txt") returned 1 [0036.710] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp") returned 82 [0036.710] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x6157d8 [0036.710] lstrcpyW (in: lpString1=0x6157d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" [0036.710] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.711] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.711] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae595272, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae595272, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile37.bmp", cAlternateFileName="")) returned 1 [0036.711] lstrcmpiW (lpString1="usertile37.bmp", lpString2="Windows") returned -1 [0036.711] lstrcmpiW (lpString1="usertile37.bmp", lpString2="Program Files") returned 1 [0036.711] lstrcmpiW (lpString1="usertile37.bmp", lpString2="Program Files (x86)") returned 1 [0036.711] lstrcmpiW (lpString1="usertile37.bmp", lpString2="$Recycle.bin") returned 1 [0036.711] lstrcmpiW (lpString1="usertile37.bmp", lpString2="System Volume Information") returned 1 [0036.711] lstrcmpiW (lpString1="usertile37.bmp", lpString2=".") returned 1 [0036.711] lstrcmpiW (lpString1="usertile37.bmp", lpString2="..") returned 1 [0036.711] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp") returned 82 [0036.711] StrStrIW (lpFirst="usertile37.bmp", lpSrch=".lolkek") returned 0x0 [0036.711] lstrcmpW (lpString1="usertile37.bmp", lpString2="LOLKEK.txt") returned 1 [0036.711] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp") returned 82 [0036.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cad668 [0036.711] lstrcpyW (in: lpString1=0x3cad668, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" [0036.711] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.711] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.711] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5bb3cf, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5bb3cf, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile38.bmp", cAlternateFileName="")) returned 1 [0036.711] lstrcmpiW (lpString1="usertile38.bmp", lpString2="Windows") returned -1 [0036.711] lstrcmpiW (lpString1="usertile38.bmp", lpString2="Program Files") returned 1 [0036.711] lstrcmpiW (lpString1="usertile38.bmp", lpString2="Program Files (x86)") returned 1 [0036.711] lstrcmpiW (lpString1="usertile38.bmp", lpString2="$Recycle.bin") returned 1 [0036.711] lstrcmpiW (lpString1="usertile38.bmp", lpString2="System Volume Information") returned 1 [0036.711] lstrcmpiW (lpString1="usertile38.bmp", lpString2=".") returned 1 [0036.711] lstrcmpiW (lpString1="usertile38.bmp", lpString2="..") returned 1 [0036.711] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp") returned 82 [0036.711] StrStrIW (lpFirst="usertile38.bmp", lpSrch=".lolkek") returned 0x0 [0036.711] lstrcmpW (lpString1="usertile38.bmp", lpString2="LOLKEK.txt") returned 1 [0036.711] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp") returned 82 [0036.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cad7c0 [0036.711] lstrcpyW (in: lpString1=0x3cad7c0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" [0036.711] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.711] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.711] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5e152c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5e152c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc2ab41, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile39.bmp", cAlternateFileName="")) returned 1 [0036.712] lstrcmpiW (lpString1="usertile39.bmp", lpString2="Windows") returned -1 [0036.712] lstrcmpiW (lpString1="usertile39.bmp", lpString2="Program Files") returned 1 [0036.712] lstrcmpiW (lpString1="usertile39.bmp", lpString2="Program Files (x86)") returned 1 [0036.712] lstrcmpiW (lpString1="usertile39.bmp", lpString2="$Recycle.bin") returned 1 [0036.712] lstrcmpiW (lpString1="usertile39.bmp", lpString2="System Volume Information") returned 1 [0036.712] lstrcmpiW (lpString1="usertile39.bmp", lpString2=".") returned 1 [0036.712] lstrcmpiW (lpString1="usertile39.bmp", lpString2="..") returned 1 [0036.712] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp") returned 82 [0036.712] StrStrIW (lpFirst="usertile39.bmp", lpSrch=".lolkek") returned 0x0 [0036.712] lstrcmpW (lpString1="usertile39.bmp", lpString2="LOLKEK.txt") returned 1 [0036.712] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp") returned 82 [0036.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cad918 [0036.712] lstrcpyW (in: lpString1=0x3cad918, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" [0036.712] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.712] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.712] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae607689, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae607689, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc50c9f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile40.bmp", cAlternateFileName="")) returned 1 [0036.712] lstrcmpiW (lpString1="usertile40.bmp", lpString2="Windows") returned -1 [0036.712] lstrcmpiW (lpString1="usertile40.bmp", lpString2="Program Files") returned 1 [0036.712] lstrcmpiW (lpString1="usertile40.bmp", lpString2="Program Files (x86)") returned 1 [0036.712] lstrcmpiW (lpString1="usertile40.bmp", lpString2="$Recycle.bin") returned 1 [0036.712] lstrcmpiW (lpString1="usertile40.bmp", lpString2="System Volume Information") returned 1 [0036.712] lstrcmpiW (lpString1="usertile40.bmp", lpString2=".") returned 1 [0036.712] lstrcmpiW (lpString1="usertile40.bmp", lpString2="..") returned 1 [0036.712] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp") returned 82 [0036.712] StrStrIW (lpFirst="usertile40.bmp", lpSrch=".lolkek") returned 0x0 [0036.712] lstrcmpW (lpString1="usertile40.bmp", lpString2="LOLKEK.txt") returned 1 [0036.712] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp") returned 82 [0036.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cada70 [0036.712] lstrcpyW (in: lpString1=0x3cada70, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" [0036.712] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.712] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.712] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae62d7e6, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae62d7e6, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddcc30b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile41.bmp", cAlternateFileName="")) returned 1 [0036.712] lstrcmpiW (lpString1="usertile41.bmp", lpString2="Windows") returned -1 [0036.712] lstrcmpiW (lpString1="usertile41.bmp", lpString2="Program Files") returned 1 [0036.712] lstrcmpiW (lpString1="usertile41.bmp", lpString2="Program Files (x86)") returned 1 [0036.712] lstrcmpiW (lpString1="usertile41.bmp", lpString2="$Recycle.bin") returned 1 [0036.713] lstrcmpiW (lpString1="usertile41.bmp", lpString2="System Volume Information") returned 1 [0036.713] lstrcmpiW (lpString1="usertile41.bmp", lpString2=".") returned 1 [0036.713] lstrcmpiW (lpString1="usertile41.bmp", lpString2="..") returned 1 [0036.713] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp") returned 82 [0036.713] StrStrIW (lpFirst="usertile41.bmp", lpSrch=".lolkek") returned 0x0 [0036.713] lstrcmpW (lpString1="usertile41.bmp", lpString2="LOLKEK.txt") returned 1 [0036.713] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp") returned 82 [0036.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cadbc8 [0036.713] lstrcpyW (in: lpString1=0x3cadbc8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" [0036.713] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.713] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.713] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddce9217, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile42.bmp", cAlternateFileName="")) returned 1 [0036.713] lstrcmpiW (lpString1="usertile42.bmp", lpString2="Windows") returned -1 [0036.713] lstrcmpiW (lpString1="usertile42.bmp", lpString2="Program Files") returned 1 [0036.713] lstrcmpiW (lpString1="usertile42.bmp", lpString2="Program Files (x86)") returned 1 [0036.713] lstrcmpiW (lpString1="usertile42.bmp", lpString2="$Recycle.bin") returned 1 [0036.713] lstrcmpiW (lpString1="usertile42.bmp", lpString2="System Volume Information") returned 1 [0036.713] lstrcmpiW (lpString1="usertile42.bmp", lpString2=".") returned 1 [0036.713] lstrcmpiW (lpString1="usertile42.bmp", lpString2="..") returned 1 [0036.713] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp") returned 82 [0036.713] StrStrIW (lpFirst="usertile42.bmp", lpSrch=".lolkek") returned 0x0 [0036.713] lstrcmpW (lpString1="usertile42.bmp", lpString2="LOLKEK.txt") returned 1 [0036.713] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp") returned 82 [0036.713] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cadd20 [0036.713] lstrcpyW (in: lpString1=0x3cadd20, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" [0036.713] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.713] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.713] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd0f375, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile43.bmp", cAlternateFileName="")) returned 1 [0036.713] lstrcmpiW (lpString1="usertile43.bmp", lpString2="Windows") returned -1 [0036.713] lstrcmpiW (lpString1="usertile43.bmp", lpString2="Program Files") returned 1 [0036.713] lstrcmpiW (lpString1="usertile43.bmp", lpString2="Program Files (x86)") returned 1 [0036.713] lstrcmpiW (lpString1="usertile43.bmp", lpString2="$Recycle.bin") returned 1 [0036.713] lstrcmpiW (lpString1="usertile43.bmp", lpString2="System Volume Information") returned 1 [0036.713] lstrcmpiW (lpString1="usertile43.bmp", lpString2=".") returned 1 [0036.713] lstrcmpiW (lpString1="usertile43.bmp", lpString2="..") returned 1 [0036.713] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp") returned 82 [0036.713] StrStrIW (lpFirst="usertile43.bmp", lpSrch=".lolkek") returned 0x0 [0036.713] lstrcmpW (lpString1="usertile43.bmp", lpString2="LOLKEK.txt") returned 1 [0036.713] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp") returned 82 [0036.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cade78 [0036.714] lstrcpyW (in: lpString1=0x3cade78, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" [0036.714] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.714] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.714] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile44.bmp", cAlternateFileName="")) returned 1 [0036.714] lstrcmpiW (lpString1="usertile44.bmp", lpString2="Windows") returned -1 [0036.714] lstrcmpiW (lpString1="usertile44.bmp", lpString2="Program Files") returned 1 [0036.714] lstrcmpiW (lpString1="usertile44.bmp", lpString2="Program Files (x86)") returned 1 [0036.714] lstrcmpiW (lpString1="usertile44.bmp", lpString2="$Recycle.bin") returned 1 [0036.714] lstrcmpiW (lpString1="usertile44.bmp", lpString2="System Volume Information") returned 1 [0036.714] lstrcmpiW (lpString1="usertile44.bmp", lpString2=".") returned 1 [0036.714] lstrcmpiW (lpString1="usertile44.bmp", lpString2="..") returned 1 [0036.714] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp") returned 82 [0036.714] StrStrIW (lpFirst="usertile44.bmp", lpSrch=".lolkek") returned 0x0 [0036.714] lstrcmpW (lpString1="usertile44.bmp", lpString2="LOLKEK.txt") returned 1 [0036.714] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp") returned 82 [0036.714] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cadfd0 [0036.714] lstrcpyW (in: lpString1=0x3cadfd0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" [0036.714] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.714] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.714] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile44.bmp", cAlternateFileName="")) returned 0 [0036.714] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.715] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\LOLKEK.txt") returned 78 [0036.715] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\Default Pictures\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\user account pictures\\default pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.716] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.716] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.717] CloseHandle (hObject=0x2a0) returned 1 [0036.717] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.717] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="guest.bmp", cAlternateFileName="")) returned 1 [0036.717] lstrcmpiW (lpString1="guest.bmp", lpString2="Windows") returned -1 [0036.717] lstrcmpiW (lpString1="guest.bmp", lpString2="Program Files") returned -1 [0036.717] lstrcmpiW (lpString1="guest.bmp", lpString2="Program Files (x86)") returned -1 [0036.717] lstrcmpiW (lpString1="guest.bmp", lpString2="$Recycle.bin") returned 1 [0036.717] lstrcmpiW (lpString1="guest.bmp", lpString2="System Volume Information") returned -1 [0036.717] lstrcmpiW (lpString1="guest.bmp", lpString2=".") returned 1 [0036.717] lstrcmpiW (lpString1="guest.bmp", lpString2="..") returned 1 [0036.717] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp") returned 60 [0036.717] StrStrIW (lpFirst="guest.bmp", lpSrch=".lolkek") returned 0x0 [0036.717] lstrcmpW (lpString1="guest.bmp", lpString2="LOLKEK.txt") returned -1 [0036.717] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp") returned 60 [0036.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3ddd270 [0036.717] lstrcpyW (in: lpString1=0x3ddd270, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\guest.bmp" [0036.717] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.717] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.717] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="user.bmp", cAlternateFileName="")) returned 1 [0036.717] lstrcmpiW (lpString1="user.bmp", lpString2="Windows") returned -1 [0036.717] lstrcmpiW (lpString1="user.bmp", lpString2="Program Files") returned 1 [0036.717] lstrcmpiW (lpString1="user.bmp", lpString2="Program Files (x86)") returned 1 [0036.717] lstrcmpiW (lpString1="user.bmp", lpString2="$Recycle.bin") returned 1 [0036.717] lstrcmpiW (lpString1="user.bmp", lpString2="System Volume Information") returned 1 [0036.717] lstrcmpiW (lpString1="user.bmp", lpString2=".") returned 1 [0036.717] lstrcmpiW (lpString1="user.bmp", lpString2="..") returned 1 [0036.718] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp") returned 59 [0036.718] StrStrIW (lpFirst="user.bmp", lpSrch=".lolkek") returned 0x0 [0036.718] lstrcmpW (lpString1="user.bmp", lpString2="LOLKEK.txt") returned 1 [0036.718] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp") returned 59 [0036.718] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ddd370 [0036.718] lstrcpyW (in: lpString1=0x3ddd370, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp") returned="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp" [0036.718] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.718] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.718] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7bed1018, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="user.bmp", cAlternateFileName="")) returned 0 [0036.718] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.718] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\LOLKEK.txt") returned 61 [0036.718] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\User Account Pictures\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\user account pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.718] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.718] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.719] CloseHandle (hObject=0x2a8) returned 1 [0036.719] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.719] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Vault", cAlternateFileName="")) returned 1 [0036.719] lstrcmpiW (lpString1="Vault", lpString2="Windows") returned -1 [0036.719] lstrcmpiW (lpString1="Vault", lpString2="Program Files") returned 1 [0036.719] lstrcmpiW (lpString1="Vault", lpString2="Program Files (x86)") returned 1 [0036.719] lstrcmpiW (lpString1="Vault", lpString2="$Recycle.bin") returned 1 [0036.719] lstrcmpiW (lpString1="Vault", lpString2="System Volume Information") returned 1 [0036.719] lstrcmpiW (lpString1="Vault", lpString2=".") returned 1 [0036.719] lstrcmpiW (lpString1="Vault", lpString2="..") returned 1 [0036.719] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Vault") returned 34 [0036.719] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.719] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Vault" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Vault") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Vault" [0036.719] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Vault", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\*" [0036.719] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.719] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.719] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.719] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.719] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.719] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.720] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.720] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.720] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.720] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.720] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.720] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.720] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.720] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.720] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.720] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xc602eec6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.720] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.720] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\LOLKEK.txt") returned 45 [0036.720] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Vault\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\vault\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.720] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.720] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.721] CloseHandle (hObject=0x2a8) returned 1 [0036.721] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.721] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISIO", cAlternateFileName="")) returned 1 [0036.721] lstrcmpiW (lpString1="VISIO", lpString2="Windows") returned -1 [0036.721] lstrcmpiW (lpString1="VISIO", lpString2="Program Files") returned 1 [0036.721] lstrcmpiW (lpString1="VISIO", lpString2="Program Files (x86)") returned 1 [0036.721] lstrcmpiW (lpString1="VISIO", lpString2="$Recycle.bin") returned 1 [0036.721] lstrcmpiW (lpString1="VISIO", lpString2="System Volume Information") returned 1 [0036.721] lstrcmpiW (lpString1="VISIO", lpString2=".") returned 1 [0036.721] lstrcmpiW (lpString1="VISIO", lpString2="..") returned 1 [0036.721] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO") returned 34 [0036.721] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.721] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO") returned="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO" [0036.721] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\*" [0036.721] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.722] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.722] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.722] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.722] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.722] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.722] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.722] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.722] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.722] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.722] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.722] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.722] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.722] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.722] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.722] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.722] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.722] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\LOLKEK.txt") returned 45 [0036.722] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\VISIO\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\visio\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.722] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.722] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.723] CloseHandle (hObject=0x2a8) returned 1 [0036.723] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.723] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0036.723] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0036.723] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x591e8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x591e8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0036.723] lstrcmpiW (lpString1="Windows Defender", lpString2="Windows") returned 1 [0036.723] lstrcmpiW (lpString1="Windows Defender", lpString2="Program Files") returned 1 [0036.723] lstrcmpiW (lpString1="Windows Defender", lpString2="Program Files (x86)") returned 1 [0036.723] lstrcmpiW (lpString1="Windows Defender", lpString2="$Recycle.bin") returned 1 [0036.724] lstrcmpiW (lpString1="Windows Defender", lpString2="System Volume Information") returned 1 [0036.724] lstrcmpiW (lpString1="Windows Defender", lpString2=".") returned 1 [0036.724] lstrcmpiW (lpString1="Windows Defender", lpString2="..") returned 1 [0036.724] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender") returned 45 [0036.724] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.724] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender" [0036.724] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\*" [0036.724] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x591e8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x591e8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.725] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.725] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.725] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.725] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.725] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.725] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.725] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x591e8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x591e8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.725] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.725] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.725] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.725] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.725] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.726] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.726] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.726] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fb3099, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Definition Updates", cAlternateFileName="DEFINI~1")) returned 1 [0036.726] lstrcmpiW (lpString1="Definition Updates", lpString2="Windows") returned -1 [0036.726] lstrcmpiW (lpString1="Definition Updates", lpString2="Program Files") returned -1 [0036.726] lstrcmpiW (lpString1="Definition Updates", lpString2="Program Files (x86)") returned -1 [0036.726] lstrcmpiW (lpString1="Definition Updates", lpString2="$Recycle.bin") returned 1 [0036.726] lstrcmpiW (lpString1="Definition Updates", lpString2="System Volume Information") returned -1 [0036.726] lstrcmpiW (lpString1="Definition Updates", lpString2=".") returned 1 [0036.726] lstrcmpiW (lpString1="Definition Updates", lpString2="..") returned 1 [0036.726] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates") returned 64 [0036.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.726] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates" [0036.726] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\*" [0036.726] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fb3099, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.726] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.726] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.726] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.726] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.726] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.726] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.726] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fb3099, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.726] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.726] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.726] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.726] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.726] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.726] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.726] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.726] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Backup", cAlternateFileName="")) returned 1 [0036.726] lstrcmpiW (lpString1="Backup", lpString2="Windows") returned -1 [0036.726] lstrcmpiW (lpString1="Backup", lpString2="Program Files") returned -1 [0036.726] lstrcmpiW (lpString1="Backup", lpString2="Program Files (x86)") returned -1 [0036.726] lstrcmpiW (lpString1="Backup", lpString2="$Recycle.bin") returned 1 [0036.727] lstrcmpiW (lpString1="Backup", lpString2="System Volume Information") returned -1 [0036.727] lstrcmpiW (lpString1="Backup", lpString2=".") returned 1 [0036.727] lstrcmpiW (lpString1="Backup", lpString2="..") returned 1 [0036.727] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned 71 [0036.727] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.727] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup" [0036.727] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*" [0036.727] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.727] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.727] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.727] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.727] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.727] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.727] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.727] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.727] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.727] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.727] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.727] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.727] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.727] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.727] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.727] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.727] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.727] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\LOLKEK.txt") returned 82 [0036.727] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\backup\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.728] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.728] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.728] CloseHandle (hObject=0x270) returned 1 [0036.728] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.728] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Updates", cAlternateFileName="")) returned 1 [0036.728] lstrcmpiW (lpString1="Updates", lpString2="Windows") returned -1 [0036.728] lstrcmpiW (lpString1="Updates", lpString2="Program Files") returned 1 [0036.728] lstrcmpiW (lpString1="Updates", lpString2="Program Files (x86)") returned 1 [0036.728] lstrcmpiW (lpString1="Updates", lpString2="$Recycle.bin") returned 1 [0036.728] lstrcmpiW (lpString1="Updates", lpString2="System Volume Information") returned 1 [0036.729] lstrcmpiW (lpString1="Updates", lpString2=".") returned 1 [0036.729] lstrcmpiW (lpString1="Updates", lpString2="..") returned 1 [0036.729] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned 72 [0036.729] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.729] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates" [0036.729] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*" [0036.729] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.729] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.729] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.729] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.729] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.729] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.729] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.729] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.729] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.729] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.730] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.730] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.730] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.730] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.730] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.730] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.730] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.730] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\LOLKEK.txt") returned 83 [0036.730] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\updates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.730] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.730] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.731] CloseHandle (hObject=0x270) returned 1 [0036.731] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.731] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 1 [0036.731] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="Windows") returned -1 [0036.731] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="Program Files") returned -1 [0036.731] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="Program Files (x86)") returned -1 [0036.731] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="$Recycle.bin") returned 1 [0036.731] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="System Volume Information") returned -1 [0036.731] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2=".") returned 1 [0036.731] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="..") returned 1 [0036.731] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned 103 [0036.731] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.731] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0036.731] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*" [0036.731] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.731] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.731] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.731] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.731] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.731] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.731] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.731] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.731] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.731] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.731] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.731] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.731] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.732] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.732] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.732] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fd91f9, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fd91f9, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x12c4d000, ftLastWriteTime.dwHighDateTime=0x1cb85c9, nFileSizeHigh=0x0, nFileSizeLow=0xb17190, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpasbase.vdm", cAlternateFileName="")) returned 1 [0036.732] lstrcmpiW (lpString1="mpasbase.vdm", lpString2="Windows") returned -1 [0036.732] lstrcmpiW (lpString1="mpasbase.vdm", lpString2="Program Files") returned -1 [0036.732] lstrcmpiW (lpString1="mpasbase.vdm", lpString2="Program Files (x86)") returned -1 [0036.732] lstrcmpiW (lpString1="mpasbase.vdm", lpString2="$Recycle.bin") returned 1 [0036.732] lstrcmpiW (lpString1="mpasbase.vdm", lpString2="System Volume Information") returned -1 [0036.732] lstrcmpiW (lpString1="mpasbase.vdm", lpString2=".") returned 1 [0036.732] lstrcmpiW (lpString1="mpasbase.vdm", lpString2="..") returned 1 [0036.732] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm") returned 116 [0036.732] StrStrIW (lpFirst="mpasbase.vdm", lpSrch=".lolkek") returned 0x0 [0036.732] lstrcmpW (lpString1="mpasbase.vdm", lpString2="LOLKEK.txt") returned 1 [0036.732] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm") returned 116 [0036.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d4) returned 0x698d90 [0036.732] lstrcpyW (in: lpString1=0x698d90, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm" [0036.732] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.732] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.732] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fff35a, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x6da22700, ftLastWriteTime.dwHighDateTime=0x1cb8783, nFileSizeHigh=0x0, nFileSizeLow=0x52d90, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpasdlta.vdm", cAlternateFileName="")) returned 1 [0036.732] lstrcmpiW (lpString1="mpasdlta.vdm", lpString2="Windows") returned -1 [0036.732] lstrcmpiW (lpString1="mpasdlta.vdm", lpString2="Program Files") returned -1 [0036.732] lstrcmpiW (lpString1="mpasdlta.vdm", lpString2="Program Files (x86)") returned -1 [0036.732] lstrcmpiW (lpString1="mpasdlta.vdm", lpString2="$Recycle.bin") returned 1 [0036.732] lstrcmpiW (lpString1="mpasdlta.vdm", lpString2="System Volume Information") returned -1 [0036.732] lstrcmpiW (lpString1="mpasdlta.vdm", lpString2=".") returned 1 [0036.732] lstrcmpiW (lpString1="mpasdlta.vdm", lpString2="..") returned 1 [0036.732] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm") returned 116 [0036.732] StrStrIW (lpFirst="mpasdlta.vdm", lpSrch=".lolkek") returned 0x0 [0036.732] lstrcmpW (lpString1="mpasdlta.vdm", lpString2="LOLKEK.txt") returned 1 [0036.732] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm") returned 116 [0036.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d4) returned 0x3ddd468 [0036.732] lstrcpyW (in: lpString1=0x3ddd468, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm" [0036.732] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.732] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.732] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x93b6800, ftLastWriteTime.dwHighDateTime=0x1cb85c9, nFileSizeHigh=0x0, nFileSizeLow=0x7d1d50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpengine.dll", cAlternateFileName="")) returned 1 [0036.732] lstrcmpiW (lpString1="mpengine.dll", lpString2="Windows") returned -1 [0036.732] lstrcmpiW (lpString1="mpengine.dll", lpString2="Program Files") returned -1 [0036.733] lstrcmpiW (lpString1="mpengine.dll", lpString2="Program Files (x86)") returned -1 [0036.733] lstrcmpiW (lpString1="mpengine.dll", lpString2="$Recycle.bin") returned 1 [0036.733] lstrcmpiW (lpString1="mpengine.dll", lpString2="System Volume Information") returned -1 [0036.733] lstrcmpiW (lpString1="mpengine.dll", lpString2=".") returned 1 [0036.733] lstrcmpiW (lpString1="mpengine.dll", lpString2="..") returned 1 [0036.733] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll") returned 116 [0036.733] StrStrIW (lpFirst="mpengine.dll", lpSrch=".lolkek") returned 0x0 [0036.733] lstrcmpW (lpString1="mpengine.dll", lpString2="LOLKEK.txt") returned 1 [0036.733] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll") returned 116 [0036.733] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d4) returned 0x3ddd648 [0036.733] lstrcpyW (in: lpString1=0x3ddd648, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll" [0036.733] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.733] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.733] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x93b6800, ftLastWriteTime.dwHighDateTime=0x1cb85c9, nFileSizeHigh=0x0, nFileSizeLow=0x7d1d50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpengine.dll", cAlternateFileName="")) returned 0 [0036.733] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.733] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\LOLKEK.txt") returned 114 [0036.733] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.733] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.733] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.734] CloseHandle (hObject=0x270) returned 1 [0036.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.734] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x1fff35a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 0 [0036.734] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.734] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\LOLKEK.txt") returned 75 [0036.734] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Definition Updates\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\definition updates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.735] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.735] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.736] CloseHandle (hObject=0x2a0) returned 1 [0036.736] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.736] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LocalCopy", cAlternateFileName="LOCALC~1")) returned 1 [0036.736] lstrcmpiW (lpString1="LocalCopy", lpString2="Windows") returned -1 [0036.736] lstrcmpiW (lpString1="LocalCopy", lpString2="Program Files") returned -1 [0036.736] lstrcmpiW (lpString1="LocalCopy", lpString2="Program Files (x86)") returned -1 [0036.736] lstrcmpiW (lpString1="LocalCopy", lpString2="$Recycle.bin") returned 1 [0036.736] lstrcmpiW (lpString1="LocalCopy", lpString2="System Volume Information") returned -1 [0036.736] lstrcmpiW (lpString1="LocalCopy", lpString2=".") returned 1 [0036.736] lstrcmpiW (lpString1="LocalCopy", lpString2="..") returned 1 [0036.736] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy") returned 55 [0036.736] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.736] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy" [0036.736] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy\\*" [0036.736] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.736] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.736] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.736] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.736] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.737] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.737] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.737] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.737] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.737] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.737] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.737] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.737] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.737] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.737] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.737] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.737] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.737] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy\\LOLKEK.txt") returned 66 [0036.737] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LocalCopy\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\localcopy\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.737] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.737] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.738] CloseHandle (hObject=0x2a0) returned 1 [0036.738] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.738] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Quarantine", cAlternateFileName="QUARAN~1")) returned 1 [0036.738] lstrcmpiW (lpString1="Quarantine", lpString2="Windows") returned -1 [0036.738] lstrcmpiW (lpString1="Quarantine", lpString2="Program Files") returned 1 [0036.738] lstrcmpiW (lpString1="Quarantine", lpString2="Program Files (x86)") returned 1 [0036.738] lstrcmpiW (lpString1="Quarantine", lpString2="$Recycle.bin") returned 1 [0036.738] lstrcmpiW (lpString1="Quarantine", lpString2="System Volume Information") returned -1 [0036.738] lstrcmpiW (lpString1="Quarantine", lpString2=".") returned 1 [0036.738] lstrcmpiW (lpString1="Quarantine", lpString2="..") returned 1 [0036.738] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine") returned 56 [0036.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.738] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine" [0036.738] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine\\*" [0036.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.738] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.738] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.738] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.738] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.738] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.738] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.739] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.739] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.739] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.739] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.739] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.739] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.739] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.739] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.739] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.739] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.739] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine\\LOLKEK.txt") returned 67 [0036.739] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Quarantine\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\quarantine\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.739] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.739] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.740] CloseHandle (hObject=0x2a0) returned 1 [0036.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.741] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7690f9e4, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7690f9e4, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Scans", cAlternateFileName="")) returned 1 [0036.741] lstrcmpiW (lpString1="Scans", lpString2="Windows") returned -1 [0036.741] lstrcmpiW (lpString1="Scans", lpString2="Program Files") returned 1 [0036.741] lstrcmpiW (lpString1="Scans", lpString2="Program Files (x86)") returned 1 [0036.741] lstrcmpiW (lpString1="Scans", lpString2="$Recycle.bin") returned 1 [0036.741] lstrcmpiW (lpString1="Scans", lpString2="System Volume Information") returned -1 [0036.741] lstrcmpiW (lpString1="Scans", lpString2=".") returned 1 [0036.741] lstrcmpiW (lpString1="Scans", lpString2="..") returned 1 [0036.741] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans") returned 51 [0036.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.742] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans" [0036.742] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\*" [0036.742] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7690f9e4, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7690f9e4, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.742] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.742] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.742] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.742] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.742] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.742] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.742] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7690f9e4, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x7690f9e4, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.742] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.742] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.742] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.742] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.743] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.743] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.743] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.743] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History", cAlternateFileName="")) returned 1 [0036.743] lstrcmpiW (lpString1="History", lpString2="Windows") returned -1 [0036.743] lstrcmpiW (lpString1="History", lpString2="Program Files") returned -1 [0036.743] lstrcmpiW (lpString1="History", lpString2="Program Files (x86)") returned -1 [0036.743] lstrcmpiW (lpString1="History", lpString2="$Recycle.bin") returned 1 [0036.743] lstrcmpiW (lpString1="History", lpString2="System Volume Information") returned -1 [0036.743] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0036.743] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0036.743] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History") returned 59 [0036.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.743] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History" [0036.743] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\*" [0036.743] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.743] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.743] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.743] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.743] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.743] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.743] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.743] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.743] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.743] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.743] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.743] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.743] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.743] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.743] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.743] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc0a7e0, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CacheManager", cAlternateFileName="CACHEM~1")) returned 1 [0036.743] lstrcmpiW (lpString1="CacheManager", lpString2="Windows") returned -1 [0036.743] lstrcmpiW (lpString1="CacheManager", lpString2="Program Files") returned -1 [0036.743] lstrcmpiW (lpString1="CacheManager", lpString2="Program Files (x86)") returned -1 [0036.743] lstrcmpiW (lpString1="CacheManager", lpString2="$Recycle.bin") returned 1 [0036.743] lstrcmpiW (lpString1="CacheManager", lpString2="System Volume Information") returned -1 [0036.744] lstrcmpiW (lpString1="CacheManager", lpString2=".") returned 1 [0036.744] lstrcmpiW (lpString1="CacheManager", lpString2="..") returned 1 [0036.744] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned 72 [0036.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3cb4658 [0036.744] lstrcpyW (in: lpString1=0x3cb4658, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" [0036.744] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*" [0036.744] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc0a7e0, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0036.744] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.744] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.744] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.744] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.744] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.744] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.744] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc0a7e0, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.744] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.744] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.744] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.744] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.744] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.744] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.745] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.745] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc30940, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x33b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MpSfc.bin", cAlternateFileName="")) returned 1 [0036.745] lstrcmpiW (lpString1="MpSfc.bin", lpString2="Windows") returned -1 [0036.745] lstrcmpiW (lpString1="MpSfc.bin", lpString2="Program Files") returned -1 [0036.745] lstrcmpiW (lpString1="MpSfc.bin", lpString2="Program Files (x86)") returned -1 [0036.745] lstrcmpiW (lpString1="MpSfc.bin", lpString2="$Recycle.bin") returned 1 [0036.745] lstrcmpiW (lpString1="MpSfc.bin", lpString2="System Volume Information") returned -1 [0036.745] lstrcmpiW (lpString1="MpSfc.bin", lpString2=".") returned 1 [0036.745] lstrcmpiW (lpString1="MpSfc.bin", lpString2="..") returned 1 [0036.745] wsprintfW (in: param_1=0x3cb4658, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin") returned 82 [0036.745] StrStrIW (lpFirst="MpSfc.bin", lpSrch=".lolkek") returned 0x0 [0036.745] lstrcmpW (lpString1="MpSfc.bin", lpString2="LOLKEK.txt") returned 1 [0036.745] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin") returned 82 [0036.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cae128 [0036.745] lstrcpyW (in: lpString1=0x3cae128, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin" [0036.745] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.745] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0xcfc30940, ftLastWriteTime.dwHighDateTime=0x1d2faf9, nFileSizeHigh=0x0, nFileSizeLow=0x33b60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MpSfc.bin", cAlternateFileName="")) returned 0 [0036.745] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0036.745] wsprintfW (in: param_1=0x3cb4658, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\LOLKEK.txt") returned 83 [0036.745] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\cachemanager\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0036.745] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.745] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.746] CloseHandle (hObject=0x268) returned 1 [0036.746] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4658 | out: hHeap=0x5a0000) returned 1 [0036.746] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0xa13d69d0, ftLastAccessTime.dwHighDateTime=0x1d2dda3, ftLastWriteTime.dwLowDateTime=0xa13d69d0, ftLastWriteTime.dwHighDateTime=0x1d2dda3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Results", cAlternateFileName="")) returned 1 [0036.746] lstrcmpiW (lpString1="Results", lpString2="Windows") returned -1 [0036.746] lstrcmpiW (lpString1="Results", lpString2="Program Files") returned 1 [0036.746] lstrcmpiW (lpString1="Results", lpString2="Program Files (x86)") returned 1 [0036.746] lstrcmpiW (lpString1="Results", lpString2="$Recycle.bin") returned 1 [0036.746] lstrcmpiW (lpString1="Results", lpString2="System Volume Information") returned -1 [0036.746] lstrcmpiW (lpString1="Results", lpString2=".") returned 1 [0036.746] lstrcmpiW (lpString1="Results", lpString2="..") returned 1 [0036.746] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned 67 [0036.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3cb4658 [0036.746] lstrcpyW (in: lpString1=0x3cb4658, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results" [0036.746] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*" [0036.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0xa13d69d0, ftLastAccessTime.dwHighDateTime=0x1d2dda3, ftLastWriteTime.dwLowDateTime=0xa13d69d0, ftLastWriteTime.dwHighDateTime=0x1d2dda3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0036.747] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.747] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.747] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.747] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.747] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.747] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.747] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0xa13d69d0, ftLastAccessTime.dwHighDateTime=0x1d2dda3, ftLastWriteTime.dwLowDateTime=0xa13d69d0, ftLastWriteTime.dwHighDateTime=0x1d2dda3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.747] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.747] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.747] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.747] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.747] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.747] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.747] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.747] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Resource", cAlternateFileName="")) returned 1 [0036.747] lstrcmpiW (lpString1="Resource", lpString2="Windows") returned -1 [0036.747] lstrcmpiW (lpString1="Resource", lpString2="Program Files") returned 1 [0036.747] lstrcmpiW (lpString1="Resource", lpString2="Program Files (x86)") returned 1 [0036.747] lstrcmpiW (lpString1="Resource", lpString2="$Recycle.bin") returned 1 [0036.747] lstrcmpiW (lpString1="Resource", lpString2="System Volume Information") returned -1 [0036.747] lstrcmpiW (lpString1="Resource", lpString2=".") returned 1 [0036.747] lstrcmpiW (lpString1="Resource", lpString2="..") returned 1 [0036.747] wsprintfW (in: param_1=0x3cb4658, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned 76 [0036.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c14f50 [0036.747] lstrcpyW (in: lpString1=0x3c14f50, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" [0036.747] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*" [0036.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0036.748] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.748] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.748] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.748] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.748] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.748] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.748] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.748] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.748] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.748] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.748] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.748] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.748] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.748] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.748] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x81085570, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x1a60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", cAlternateFileName="{1D1DB~1")) returned 1 [0036.748] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2="Windows") returned -1 [0036.748] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2="Program Files") returned -1 [0036.748] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2="Program Files (x86)") returned -1 [0036.748] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2="$Recycle.bin") returned 1 [0036.748] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2="System Volume Information") returned -1 [0036.748] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2=".") returned 1 [0036.748] lstrcmpiW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2="..") returned 1 [0036.748] wsprintfW (in: param_1=0x3c14f50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}") returned 115 [0036.748] StrStrIW (lpFirst="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpSrch=".lolkek") returned 0x0 [0036.748] lstrcmpW (lpString1="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", lpString2="LOLKEK.txt") returned -1 [0036.748] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}") returned 115 [0036.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d0) returned 0x3ddd828 [0036.748] lstrcpyW (in: lpString1=0x3ddd828, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}" [0036.748] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.748] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.748] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x81085570, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x1a60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}", cAlternateFileName="{1D1DB~1")) returned 0 [0036.748] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0036.749] wsprintfW (in: param_1=0x3c14f50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\LOLKEK.txt") returned 87 [0036.749] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\resource\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0036.749] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.749] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0036.749] CloseHandle (hObject=0x23c) returned 1 [0036.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c14f50 | out: hHeap=0x5a0000) returned 1 [0036.750] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x80be8ad0, ftLastWriteTime.dwHighDateTime=0x1d33740, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Resource", cAlternateFileName="")) returned 0 [0036.750] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0036.750] wsprintfW (in: param_1=0x3cb4658, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\LOLKEK.txt") returned 78 [0036.750] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Results\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\results\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0036.750] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.750] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.750] CloseHandle (hObject=0x268) returned 1 [0036.751] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3cb4658 | out: hHeap=0x5a0000) returned 1 [0036.751] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0xb9820270, ftLastWriteTime.dwHighDateTime=0x1d2faf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Service", cAlternateFileName="")) returned 1 [0036.751] lstrcmpiW (lpString1="Service", lpString2="Windows") returned -1 [0036.751] lstrcmpiW (lpString1="Service", lpString2="Program Files") returned 1 [0036.751] lstrcmpiW (lpString1="Service", lpString2="Program Files (x86)") returned 1 [0036.751] lstrcmpiW (lpString1="Service", lpString2="$Recycle.bin") returned 1 [0036.751] lstrcmpiW (lpString1="Service", lpString2="System Volume Information") returned -1 [0036.751] lstrcmpiW (lpString1="Service", lpString2=".") returned 1 [0036.751] lstrcmpiW (lpString1="Service", lpString2="..") returned 1 [0036.751] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned 67 [0036.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c14f50 [0036.751] lstrcpyW (in: lpString1=0x3c14f50, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service" [0036.751] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*" [0036.751] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0xb9820270, ftLastWriteTime.dwHighDateTime=0x1d2faf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0036.751] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.752] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.752] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.752] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.752] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.752] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.752] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0xb9820270, ftLastWriteTime.dwHighDateTime=0x1d2faf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.752] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.752] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.752] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.752] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.752] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.752] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.752] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.752] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb9820270, ftCreationTime.dwHighDateTime=0x1d2faf0, ftLastAccessTime.dwLowDateTime=0xb9820270, ftLastAccessTime.dwHighDateTime=0x1d2faf0, ftLastWriteTime.dwLowDateTime=0x7de6c9b0, ftLastWriteTime.dwHighDateTime=0x1d3373d, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History.Log", cAlternateFileName="")) returned 1 [0036.752] lstrcmpiW (lpString1="History.Log", lpString2="Windows") returned -1 [0036.752] lstrcmpiW (lpString1="History.Log", lpString2="Program Files") returned -1 [0036.752] lstrcmpiW (lpString1="History.Log", lpString2="Program Files (x86)") returned -1 [0036.752] lstrcmpiW (lpString1="History.Log", lpString2="$Recycle.bin") returned 1 [0036.752] lstrcmpiW (lpString1="History.Log", lpString2="System Volume Information") returned -1 [0036.752] lstrcmpiW (lpString1="History.Log", lpString2=".") returned 1 [0036.752] lstrcmpiW (lpString1="History.Log", lpString2="..") returned 1 [0036.752] wsprintfW (in: param_1=0x3c14f50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log") returned 79 [0036.752] StrStrIW (lpFirst="History.Log", lpSrch=".lolkek") returned 0x0 [0036.752] lstrcmpW (lpString1="History.Log", lpString2="LOLKEK.txt") returned -1 [0036.752] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log") returned 79 [0036.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x617668 [0036.752] lstrcpyW (in: lpString1=0x617668, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log" [0036.752] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.752] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.752] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2d1f02a0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x1a86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Unknown.Log", cAlternateFileName="")) returned 1 [0036.752] lstrcmpiW (lpString1="Unknown.Log", lpString2="Windows") returned -1 [0036.752] lstrcmpiW (lpString1="Unknown.Log", lpString2="Program Files") returned 1 [0036.752] lstrcmpiW (lpString1="Unknown.Log", lpString2="Program Files (x86)") returned 1 [0036.752] lstrcmpiW (lpString1="Unknown.Log", lpString2="$Recycle.bin") returned 1 [0036.752] lstrcmpiW (lpString1="Unknown.Log", lpString2="System Volume Information") returned 1 [0036.752] lstrcmpiW (lpString1="Unknown.Log", lpString2=".") returned 1 [0036.752] lstrcmpiW (lpString1="Unknown.Log", lpString2="..") returned 1 [0036.752] wsprintfW (in: param_1=0x3c14f50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log") returned 79 [0036.752] StrStrIW (lpFirst="Unknown.Log", lpSrch=".lolkek") returned 0x0 [0036.753] lstrcmpW (lpString1="Unknown.Log", lpString2="LOLKEK.txt") returned 1 [0036.753] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log") returned 79 [0036.753] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x3cab8f8 [0036.753] lstrcpyW (in: lpString1=0x3cab8f8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log" [0036.753] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.753] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.753] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x2d1f02a0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x1a86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Unknown.Log", cAlternateFileName="")) returned 0 [0036.753] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0036.753] wsprintfW (in: param_1=0x3c14f50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\LOLKEK.txt") returned 78 [0036.753] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Service\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\service\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0036.753] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.753] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.754] CloseHandle (hObject=0x268) returned 1 [0036.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c14f50 | out: hHeap=0x5a0000) returned 1 [0036.754] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Store", cAlternateFileName="")) returned 1 [0036.754] lstrcmpiW (lpString1="Store", lpString2="Windows") returned -1 [0036.754] lstrcmpiW (lpString1="Store", lpString2="Program Files") returned 1 [0036.754] lstrcmpiW (lpString1="Store", lpString2="Program Files (x86)") returned 1 [0036.754] lstrcmpiW (lpString1="Store", lpString2="$Recycle.bin") returned 1 [0036.754] lstrcmpiW (lpString1="Store", lpString2="System Volume Information") returned -1 [0036.754] lstrcmpiW (lpString1="Store", lpString2=".") returned 1 [0036.754] lstrcmpiW (lpString1="Store", lpString2="..") returned 1 [0036.754] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned 65 [0036.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c14f50 [0036.754] lstrcpyW (in: lpString1=0x3c14f50, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store" [0036.754] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*" [0036.754] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0036.754] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.754] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.754] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.754] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.754] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.754] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.755] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.755] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.755] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.755] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.755] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.755] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.755] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.755] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.755] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.755] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0036.755] wsprintfW (in: param_1=0x3c14f50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store\\LOLKEK.txt") returned 76 [0036.755] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\Store\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\store\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0036.755] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.755] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.756] CloseHandle (hObject=0x268) returned 1 [0036.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c14f50 | out: hHeap=0x5a0000) returned 1 [0036.756] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Store", cAlternateFileName="")) returned 0 [0036.756] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.756] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\LOLKEK.txt") returned 70 [0036.756] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\History\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\history\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.756] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.756] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.757] CloseHandle (hObject=0x270) returned 1 [0036.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.757] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x244fb42, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x244fb42, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History", cAlternateFileName="")) returned 0 [0036.757] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.757] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\LOLKEK.txt") returned 62 [0036.757] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Scans\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\scans\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.757] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.757] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.758] CloseHandle (hObject=0x2a0) returned 1 [0036.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.759] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Support", cAlternateFileName="")) returned 1 [0036.759] lstrcmpiW (lpString1="Support", lpString2="Windows") returned -1 [0036.759] lstrcmpiW (lpString1="Support", lpString2="Program Files") returned 1 [0036.759] lstrcmpiW (lpString1="Support", lpString2="Program Files (x86)") returned 1 [0036.759] lstrcmpiW (lpString1="Support", lpString2="$Recycle.bin") returned 1 [0036.759] lstrcmpiW (lpString1="Support", lpString2="System Volume Information") returned -1 [0036.759] lstrcmpiW (lpString1="Support", lpString2=".") returned 1 [0036.759] lstrcmpiW (lpString1="Support", lpString2="..") returned 1 [0036.759] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support") returned 53 [0036.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.759] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support" [0036.759] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\*" [0036.760] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.760] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.760] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.760] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.760] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.760] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.760] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.760] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.760] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.760] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.760] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.760] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.760] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.760] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.760] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.760] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76792c22, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x798d48a0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x30ada, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MPLog-07132009-221054.log", cAlternateFileName="MPLOG-~1.LOG")) returned 1 [0036.760] lstrcmpiW (lpString1="MPLog-07132009-221054.log", lpString2="Windows") returned -1 [0036.760] lstrcmpiW (lpString1="MPLog-07132009-221054.log", lpString2="Program Files") returned -1 [0036.760] lstrcmpiW (lpString1="MPLog-07132009-221054.log", lpString2="Program Files (x86)") returned -1 [0036.760] lstrcmpiW (lpString1="MPLog-07132009-221054.log", lpString2="$Recycle.bin") returned 1 [0036.760] lstrcmpiW (lpString1="MPLog-07132009-221054.log", lpString2="System Volume Information") returned -1 [0036.760] lstrcmpiW (lpString1="MPLog-07132009-221054.log", lpString2=".") returned 1 [0036.760] lstrcmpiW (lpString1="MPLog-07132009-221054.log", lpString2="..") returned 1 [0036.760] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log") returned 79 [0036.760] StrStrIW (lpFirst="MPLog-07132009-221054.log", lpSrch=".lolkek") returned 0x0 [0036.760] lstrcmpW (lpString1="MPLog-07132009-221054.log", lpString2="LOLKEK.txt") returned 1 [0036.760] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log") returned 79 [0036.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x3caba40 [0036.760] lstrcpyW (in: lpString1=0x3caba40, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log" [0036.760] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.760] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.761] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76792c22, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x798d48a0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x30ada, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MPLog-07132009-221054.log", cAlternateFileName="MPLOG-~1.LOG")) returned 0 [0036.761] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0036.761] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\LOLKEK.txt") returned 64 [0036.761] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\Support\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\support\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0036.761] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.761] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0036.761] CloseHandle (hObject=0x2a0) returned 1 [0036.762] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0036.762] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76792c22, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Support", cAlternateFileName="")) returned 0 [0036.762] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0036.762] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LOLKEK.txt") returned 56 [0036.762] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows Defender\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows defender\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0036.762] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.762] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0036.763] CloseHandle (hObject=0x2a8) returned 1 [0036.763] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0036.763] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0036.763] lstrcmpiW (lpString1="Windows NT", lpString2="Windows") returned 1 [0036.763] lstrcmpiW (lpString1="Windows NT", lpString2="Program Files") returned 1 [0036.763] lstrcmpiW (lpString1="Windows NT", lpString2="Program Files (x86)") returned 1 [0036.763] lstrcmpiW (lpString1="Windows NT", lpString2="$Recycle.bin") returned 1 [0036.763] lstrcmpiW (lpString1="Windows NT", lpString2="System Volume Information") returned 1 [0036.763] lstrcmpiW (lpString1="Windows NT", lpString2=".") returned 1 [0036.763] lstrcmpiW (lpString1="Windows NT", lpString2="..") returned 1 [0036.763] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT") returned 39 [0036.763] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0036.763] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT" [0036.763] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\*" [0036.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0036.763] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.763] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.763] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.763] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.763] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.763] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.763] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.763] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.763] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.763] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.763] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.763] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.764] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.764] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.764] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSFax", cAlternateFileName="")) returned 1 [0036.764] lstrcmpiW (lpString1="MSFax", lpString2="Windows") returned -1 [0036.764] lstrcmpiW (lpString1="MSFax", lpString2="Program Files") returned -1 [0036.764] lstrcmpiW (lpString1="MSFax", lpString2="Program Files (x86)") returned -1 [0036.764] lstrcmpiW (lpString1="MSFax", lpString2="$Recycle.bin") returned 1 [0036.764] lstrcmpiW (lpString1="MSFax", lpString2="System Volume Information") returned -1 [0036.764] lstrcmpiW (lpString1="MSFax", lpString2=".") returned 1 [0036.764] lstrcmpiW (lpString1="MSFax", lpString2="..") returned 1 [0036.764] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax") returned 45 [0036.764] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0036.764] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax" [0036.764] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\*" [0036.764] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0036.766] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.766] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.766] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.766] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.766] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.766] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.766] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.766] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.766] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.766] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.766] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.766] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.766] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.766] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.766] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ActivityLog", cAlternateFileName="ACTIVI~1")) returned 1 [0036.766] lstrcmpiW (lpString1="ActivityLog", lpString2="Windows") returned -1 [0036.766] lstrcmpiW (lpString1="ActivityLog", lpString2="Program Files") returned -1 [0036.766] lstrcmpiW (lpString1="ActivityLog", lpString2="Program Files (x86)") returned -1 [0036.766] lstrcmpiW (lpString1="ActivityLog", lpString2="$Recycle.bin") returned 1 [0036.766] lstrcmpiW (lpString1="ActivityLog", lpString2="System Volume Information") returned -1 [0036.766] lstrcmpiW (lpString1="ActivityLog", lpString2=".") returned 1 [0036.766] lstrcmpiW (lpString1="ActivityLog", lpString2="..") returned 1 [0036.766] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned 57 [0036.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.766] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog" [0036.766] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*" [0036.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.767] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.767] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.767] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.767] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.767] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.767] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.767] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.767] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.767] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.767] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.767] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.767] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.767] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.767] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.767] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.767] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.767] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\LOLKEK.txt") returned 68 [0036.767] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\activitylog\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.768] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.768] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.768] CloseHandle (hObject=0x270) returned 1 [0036.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.768] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Common Coverpages", cAlternateFileName="COMMON~1")) returned 1 [0036.768] lstrcmpiW (lpString1="Common Coverpages", lpString2="Windows") returned -1 [0036.768] lstrcmpiW (lpString1="Common Coverpages", lpString2="Program Files") returned -1 [0036.769] lstrcmpiW (lpString1="Common Coverpages", lpString2="Program Files (x86)") returned -1 [0036.769] lstrcmpiW (lpString1="Common Coverpages", lpString2="$Recycle.bin") returned 1 [0036.769] lstrcmpiW (lpString1="Common Coverpages", lpString2="System Volume Information") returned -1 [0036.769] lstrcmpiW (lpString1="Common Coverpages", lpString2=".") returned 1 [0036.769] lstrcmpiW (lpString1="Common Coverpages", lpString2="..") returned 1 [0036.769] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned 63 [0036.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.769] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0036.769] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*" [0036.769] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.769] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.769] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.769] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.769] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.769] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.769] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.769] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.769] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.769] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.769] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.769] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.769] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.769] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.769] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.769] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0036.769] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0036.769] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0036.769] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0036.769] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0036.769] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0036.769] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0036.769] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0036.770] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned 69 [0036.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c15f58 [0036.770] lstrcpyW (in: lpString1=0x3c15f58, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0036.770] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*" [0036.770] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0036.770] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.770] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.770] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.770] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.770] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.770] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.770] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.770] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.770] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.770] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.770] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.770] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.770] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.771] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.771] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x28aa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="confident.cov", cAlternateFileName="")) returned 1 [0036.771] lstrcmpiW (lpString1="confident.cov", lpString2="Windows") returned -1 [0036.771] lstrcmpiW (lpString1="confident.cov", lpString2="Program Files") returned -1 [0036.771] lstrcmpiW (lpString1="confident.cov", lpString2="Program Files (x86)") returned -1 [0036.771] lstrcmpiW (lpString1="confident.cov", lpString2="$Recycle.bin") returned 1 [0036.771] lstrcmpiW (lpString1="confident.cov", lpString2="System Volume Information") returned -1 [0036.771] lstrcmpiW (lpString1="confident.cov", lpString2=".") returned 1 [0036.771] lstrcmpiW (lpString1="confident.cov", lpString2="..") returned 1 [0036.771] wsprintfW (in: param_1=0x3c15f58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov") returned 83 [0036.771] StrStrIW (lpFirst="confident.cov", lpSrch=".lolkek") returned 0x0 [0036.771] lstrcmpW (lpString1="confident.cov", lpString2="LOLKEK.txt") returned -1 [0036.771] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov") returned 83 [0036.771] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cae280 [0036.771] lstrcpyW (in: lpString1=0x3cae280, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" [0036.771] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.817] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.817] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x2a09, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fyi.cov", cAlternateFileName="")) returned 1 [0036.817] lstrcmpiW (lpString1="fyi.cov", lpString2="Windows") returned -1 [0036.817] lstrcmpiW (lpString1="fyi.cov", lpString2="Program Files") returned -1 [0036.817] lstrcmpiW (lpString1="fyi.cov", lpString2="Program Files (x86)") returned -1 [0036.817] lstrcmpiW (lpString1="fyi.cov", lpString2="$Recycle.bin") returned 1 [0036.817] lstrcmpiW (lpString1="fyi.cov", lpString2="System Volume Information") returned -1 [0036.817] lstrcmpiW (lpString1="fyi.cov", lpString2=".") returned 1 [0036.817] lstrcmpiW (lpString1="fyi.cov", lpString2="..") returned 1 [0036.817] wsprintfW (in: param_1=0x3c15f58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov") returned 77 [0036.817] StrStrIW (lpFirst="fyi.cov", lpSrch=".lolkek") returned 0x0 [0036.817] lstrcmpW (lpString1="fyi.cov", lpString2="LOLKEK.txt") returned -1 [0036.817] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov") returned 77 [0036.817] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x3cab7b0 [0036.817] lstrcpyW (in: lpString1=0x3cab7b0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" [0036.818] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.864] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.864] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x3aa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="generic.cov", cAlternateFileName="")) returned 1 [0036.864] lstrcmpiW (lpString1="generic.cov", lpString2="Windows") returned -1 [0036.864] lstrcmpiW (lpString1="generic.cov", lpString2="Program Files") returned -1 [0036.864] lstrcmpiW (lpString1="generic.cov", lpString2="Program Files (x86)") returned -1 [0036.864] lstrcmpiW (lpString1="generic.cov", lpString2="$Recycle.bin") returned 1 [0036.864] lstrcmpiW (lpString1="generic.cov", lpString2="System Volume Information") returned -1 [0036.864] lstrcmpiW (lpString1="generic.cov", lpString2=".") returned 1 [0036.864] lstrcmpiW (lpString1="generic.cov", lpString2="..") returned 1 [0036.864] wsprintfW (in: param_1=0x3c15f58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov") returned 81 [0036.864] StrStrIW (lpFirst="generic.cov", lpSrch=".lolkek") returned 0x0 [0036.864] lstrcmpW (lpString1="generic.cov", lpString2="LOLKEK.txt") returned -1 [0036.864] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov") returned 81 [0036.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae3d8 [0036.864] lstrcpyW (in: lpString1=0x3cae3d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" [0036.865] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.927] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.927] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x2886, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="urgent.cov", cAlternateFileName="")) returned 1 [0036.927] lstrcmpiW (lpString1="urgent.cov", lpString2="Windows") returned -1 [0036.927] lstrcmpiW (lpString1="urgent.cov", lpString2="Program Files") returned 1 [0036.927] lstrcmpiW (lpString1="urgent.cov", lpString2="Program Files (x86)") returned 1 [0036.927] lstrcmpiW (lpString1="urgent.cov", lpString2="$Recycle.bin") returned 1 [0036.927] lstrcmpiW (lpString1="urgent.cov", lpString2="System Volume Information") returned 1 [0036.927] lstrcmpiW (lpString1="urgent.cov", lpString2=".") returned 1 [0036.927] lstrcmpiW (lpString1="urgent.cov", lpString2="..") returned 1 [0036.927] wsprintfW (in: param_1=0x3c15f58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov") returned 80 [0036.927] StrStrIW (lpFirst="urgent.cov", lpSrch=".lolkek") returned 0x0 [0036.928] lstrcmpW (lpString1="urgent.cov", lpString2="LOLKEK.txt") returned 1 [0036.928] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov") returned 80 [0036.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3cae530 [0036.928] lstrcpyW (in: lpString1=0x3cae530, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" [0036.928] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0036.973] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0036.973] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x2886, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="urgent.cov", cAlternateFileName="")) returned 0 [0036.973] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0036.976] wsprintfW (in: param_1=0x3c15f58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\LOLKEK.txt") returned 80 [0036.976] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0036.976] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.976] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0036.976] CloseHandle (hObject=0x23c) returned 1 [0036.977] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c15f58 | out: hHeap=0x5a0000) returned 1 [0036.977] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 0 [0036.977] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.977] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\LOLKEK.txt") returned 74 [0036.977] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\common coverpages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0036.978] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.978] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.978] CloseHandle (hObject=0x270) returned 1 [0036.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.979] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Inbox", cAlternateFileName="")) returned 1 [0036.979] lstrcmpiW (lpString1="Inbox", lpString2="Windows") returned -1 [0036.979] lstrcmpiW (lpString1="Inbox", lpString2="Program Files") returned -1 [0036.979] lstrcmpiW (lpString1="Inbox", lpString2="Program Files (x86)") returned -1 [0036.979] lstrcmpiW (lpString1="Inbox", lpString2="$Recycle.bin") returned 1 [0036.979] lstrcmpiW (lpString1="Inbox", lpString2="System Volume Information") returned -1 [0036.979] lstrcmpiW (lpString1="Inbox", lpString2=".") returned 1 [0036.979] lstrcmpiW (lpString1="Inbox", lpString2="..") returned 1 [0036.979] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox") returned 51 [0036.979] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.980] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox" [0036.980] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox\\*" [0036.980] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.985] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.985] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.986] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.986] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.986] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.986] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.986] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.986] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.986] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.986] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.986] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.986] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.986] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.986] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.986] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.986] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.986] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox\\LOLKEK.txt") returned 62 [0036.986] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Inbox\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\inbox\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0036.986] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.986] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.987] CloseHandle (hObject=0x268) returned 1 [0036.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.987] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Queue", cAlternateFileName="")) returned 1 [0036.987] lstrcmpiW (lpString1="Queue", lpString2="Windows") returned -1 [0036.987] lstrcmpiW (lpString1="Queue", lpString2="Program Files") returned 1 [0036.987] lstrcmpiW (lpString1="Queue", lpString2="Program Files (x86)") returned 1 [0036.987] lstrcmpiW (lpString1="Queue", lpString2="$Recycle.bin") returned 1 [0036.987] lstrcmpiW (lpString1="Queue", lpString2="System Volume Information") returned -1 [0036.987] lstrcmpiW (lpString1="Queue", lpString2=".") returned 1 [0036.987] lstrcmpiW (lpString1="Queue", lpString2="..") returned 1 [0036.987] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue") returned 51 [0036.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.987] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue" [0036.987] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue\\*" [0036.987] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.988] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.988] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.988] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.988] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.988] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.988] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.988] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.988] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.988] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.988] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.988] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.988] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.988] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.988] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.988] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.988] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.988] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue\\LOLKEK.txt") returned 62 [0036.988] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\Queue\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\queue\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0036.988] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.988] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.989] CloseHandle (hObject=0x268) returned 1 [0036.989] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.989] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SentItems", cAlternateFileName="SENTIT~1")) returned 1 [0036.989] lstrcmpiW (lpString1="SentItems", lpString2="Windows") returned -1 [0036.989] lstrcmpiW (lpString1="SentItems", lpString2="Program Files") returned 1 [0036.989] lstrcmpiW (lpString1="SentItems", lpString2="Program Files (x86)") returned 1 [0036.989] lstrcmpiW (lpString1="SentItems", lpString2="$Recycle.bin") returned 1 [0036.989] lstrcmpiW (lpString1="SentItems", lpString2="System Volume Information") returned -1 [0036.989] lstrcmpiW (lpString1="SentItems", lpString2=".") returned 1 [0036.989] lstrcmpiW (lpString1="SentItems", lpString2="..") returned 1 [0036.989] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems") returned 55 [0036.989] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.989] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems" [0036.989] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems\\*" [0036.989] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.990] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.990] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.990] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.990] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.990] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.990] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.990] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.990] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.990] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.990] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.990] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.990] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.990] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.990] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.990] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0036.990] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0036.990] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems\\LOLKEK.txt") returned 66 [0036.990] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\SentItems\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\sentitems\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0036.990] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0036.990] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0036.991] CloseHandle (hObject=0x268) returned 1 [0036.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0036.991] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 1 [0036.991] lstrcmpiW (lpString1="VirtualInbox", lpString2="Windows") returned -1 [0036.991] lstrcmpiW (lpString1="VirtualInbox", lpString2="Program Files") returned 1 [0036.991] lstrcmpiW (lpString1="VirtualInbox", lpString2="Program Files (x86)") returned 1 [0036.991] lstrcmpiW (lpString1="VirtualInbox", lpString2="$Recycle.bin") returned 1 [0036.991] lstrcmpiW (lpString1="VirtualInbox", lpString2="System Volume Information") returned 1 [0036.991] lstrcmpiW (lpString1="VirtualInbox", lpString2=".") returned 1 [0036.991] lstrcmpiW (lpString1="VirtualInbox", lpString2="..") returned 1 [0036.991] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned 58 [0036.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0036.991] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0036.991] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*" [0036.991] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e318 [0036.991] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.991] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.992] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.992] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.992] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.992] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.992] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.992] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.992] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.992] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.992] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.992] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.992] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.992] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.992] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0036.992] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0036.992] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0036.992] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0036.992] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0036.992] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0036.992] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0036.992] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0036.992] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned 64 [0036.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df2fe8 [0036.993] lstrcpyW (in: lpString1=0x3df2fe8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0036.993] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*" [0036.993] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0036.993] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0036.993] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0036.993] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0036.993] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0036.993] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0036.993] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0036.993] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0036.993] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0036.993] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0036.993] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0036.993] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0036.993] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0036.993] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0036.994] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0036.994] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 1 [0036.994] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="Windows") returned -1 [0036.994] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="Program Files") returned 1 [0036.994] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="Program Files (x86)") returned 1 [0036.994] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="$Recycle.bin") returned 1 [0036.994] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="System Volume Information") returned 1 [0036.994] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2=".") returned 1 [0036.994] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="..") returned 1 [0036.994] wsprintfW (in: param_1=0x3df2fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif") returned 79 [0036.994] StrStrIW (lpFirst="WelcomeFax.tif", lpSrch=".lolkek") returned 0x0 [0036.994] lstrcmpW (lpString1="WelcomeFax.tif", lpString2="LOLKEK.txt") returned 1 [0036.994] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif") returned 79 [0036.994] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6178f8 [0036.994] lstrcpyW (in: lpString1=0x6178f8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" [0036.994] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.038] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.038] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 0 [0037.038] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0037.042] wsprintfW (in: param_1=0x3df2fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\LOLKEK.txt") returned 75 [0037.042] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0037.043] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0037.043] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0037.043] CloseHandle (hObject=0x23c) returned 1 [0037.043] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df2fe8 | out: hHeap=0x5a0000) returned 1 [0037.044] FindNextFileW (in: hFindFile=0x62e318, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21cf2d38, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 0 [0037.044] FindClose (in: hFindFile=0x62e318 | out: hFindFile=0x62e318) returned 1 [0037.046] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\LOLKEK.txt") returned 69 [0037.046] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\virtualinbox\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0037.046] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0037.046] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0037.047] CloseHandle (hObject=0x268) returned 1 [0037.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0037.047] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1d91b669, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d91b669, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 0 [0037.047] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0037.047] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\LOLKEK.txt") returned 56 [0037.047] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSFax\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msfax\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0037.047] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0037.047] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0037.048] CloseHandle (hObject=0x2a0) returned 1 [0037.048] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0037.048] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSScan", cAlternateFileName="")) returned 1 [0037.048] lstrcmpiW (lpString1="MSScan", lpString2="Windows") returned -1 [0037.048] lstrcmpiW (lpString1="MSScan", lpString2="Program Files") returned -1 [0037.048] lstrcmpiW (lpString1="MSScan", lpString2="Program Files (x86)") returned -1 [0037.048] lstrcmpiW (lpString1="MSScan", lpString2="$Recycle.bin") returned 1 [0037.048] lstrcmpiW (lpString1="MSScan", lpString2="System Volume Information") returned -1 [0037.048] lstrcmpiW (lpString1="MSScan", lpString2=".") returned 1 [0037.048] lstrcmpiW (lpString1="MSScan", lpString2="..") returned 1 [0037.048] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan") returned 46 [0037.048] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0037.048] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan" [0037.048] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\*" [0037.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0037.048] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0037.048] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0037.048] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0037.048] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0037.048] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0037.048] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0037.048] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0037.048] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0037.048] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0037.049] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0037.049] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0037.049] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0037.049] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0037.049] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0037.049] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xea1525c5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 1 [0037.049] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="Windows") returned -1 [0037.049] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="Program Files") returned 1 [0037.049] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="Program Files (x86)") returned 1 [0037.049] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="$Recycle.bin") returned 1 [0037.049] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="System Volume Information") returned 1 [0037.049] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2=".") returned 1 [0037.049] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="..") returned 1 [0037.049] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg") returned 62 [0037.049] StrStrIW (lpFirst="WelcomeScan.jpg", lpSrch=".lolkek") returned 0x0 [0037.049] lstrcmpW (lpString1="WelcomeScan.jpg", lpString2="LOLKEK.txt") returned 1 [0037.049] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg") returned 62 [0037.049] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3dde150 [0037.049] lstrcpyW (in: lpString1=0x3dde150, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg") returned="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" [0037.049] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.098] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.098] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xea1525c5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 0 [0037.098] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0037.103] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\LOLKEK.txt") returned 57 [0037.103] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\MSScan\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\msscan\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0037.103] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0037.103] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0037.104] CloseHandle (hObject=0x270) returned 1 [0037.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0037.105] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80340916, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSScan", cAlternateFileName="")) returned 0 [0037.106] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0037.106] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\LOLKEK.txt") returned 50 [0037.106] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\Windows NT\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\windows nt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0037.106] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0037.106] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0037.106] CloseHandle (hObject=0x2a8) returned 1 [0037.107] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0037.107] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0037.107] lstrcmpiW (lpString1="WwanSvc", lpString2="Windows") returned 1 [0037.107] lstrcmpiW (lpString1="WwanSvc", lpString2="Program Files") returned 1 [0037.107] lstrcmpiW (lpString1="WwanSvc", lpString2="Program Files (x86)") returned 1 [0037.107] lstrcmpiW (lpString1="WwanSvc", lpString2="$Recycle.bin") returned 1 [0037.107] lstrcmpiW (lpString1="WwanSvc", lpString2="System Volume Information") returned 1 [0037.107] lstrcmpiW (lpString1="WwanSvc", lpString2=".") returned 1 [0037.107] lstrcmpiW (lpString1="WwanSvc", lpString2="..") returned 1 [0037.107] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc") returned 36 [0037.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0037.107] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc") returned="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc" [0037.107] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\*" [0037.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0037.107] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0037.107] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0037.107] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0037.107] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0037.107] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0037.107] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0037.107] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0037.107] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0037.107] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0037.107] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0037.107] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0037.107] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0037.107] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0037.107] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0037.107] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 1 [0037.107] lstrcmpiW (lpString1="Profiles", lpString2="Windows") returned -1 [0037.107] lstrcmpiW (lpString1="Profiles", lpString2="Program Files") returned -1 [0037.107] lstrcmpiW (lpString1="Profiles", lpString2="Program Files (x86)") returned -1 [0037.107] lstrcmpiW (lpString1="Profiles", lpString2="$Recycle.bin") returned 1 [0037.107] lstrcmpiW (lpString1="Profiles", lpString2="System Volume Information") returned -1 [0037.107] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0037.107] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0037.108] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles") returned 45 [0037.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0037.108] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles") returned="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles" [0037.108] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*" [0037.108] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0037.108] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0037.108] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0037.108] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0037.108] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0037.108] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0037.108] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0037.108] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0037.108] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0037.108] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0037.108] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0037.108] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0037.108] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0037.108] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0037.108] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0037.108] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0037.108] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0037.108] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\LOLKEK.txt") returned 56 [0037.108] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\Profiles\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\wwansvc\\profiles\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0037.109] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0037.109] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 0 [0037.109] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0037.109] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\LOLKEK.txt") returned 47 [0037.109] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\WwanSvc\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\wwansvc\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0037.109] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0037.109] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0037.110] CloseHandle (hObject=0x2a8) returned 1 [0037.110] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0037.110] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0037.110] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0037.110] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft\\LOLKEK.txt") returned 39 [0037.110] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0037.110] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0037.110] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0037.111] CloseHandle (hObject=0x160) returned 1 [0037.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0037.111] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0037.111] lstrcmpiW (lpString1="Microsoft Help", lpString2="Windows") returned -1 [0037.111] lstrcmpiW (lpString1="Microsoft Help", lpString2="Program Files") returned -1 [0037.111] lstrcmpiW (lpString1="Microsoft Help", lpString2="Program Files (x86)") returned -1 [0037.111] lstrcmpiW (lpString1="Microsoft Help", lpString2="$Recycle.bin") returned 1 [0037.111] lstrcmpiW (lpString1="Microsoft Help", lpString2="System Volume Information") returned -1 [0037.111] lstrcmpiW (lpString1="Microsoft Help", lpString2=".") returned 1 [0037.112] lstrcmpiW (lpString1="Microsoft Help", lpString2="..") returned 1 [0037.112] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help") returned 33 [0037.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0037.112] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help") returned="\\\\?\\C:\\ProgramData\\Microsoft Help" [0037.112] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\*") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\*" [0037.112] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0037.160] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0037.160] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0037.160] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0037.160] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0037.160] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0037.161] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0037.161] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0037.182] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0037.182] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0037.183] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0037.183] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0037.183] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0037.183] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0037.183] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0037.183] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x896b9210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x896b9210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Hx.hxn", cAlternateFileName="")) returned 1 [0037.183] lstrcmpiW (lpString1="Hx.hxn", lpString2="Windows") returned -1 [0037.183] lstrcmpiW (lpString1="Hx.hxn", lpString2="Program Files") returned -1 [0037.183] lstrcmpiW (lpString1="Hx.hxn", lpString2="Program Files (x86)") returned -1 [0037.183] lstrcmpiW (lpString1="Hx.hxn", lpString2="$Recycle.bin") returned 1 [0037.183] lstrcmpiW (lpString1="Hx.hxn", lpString2="System Volume Information") returned -1 [0037.183] lstrcmpiW (lpString1="Hx.hxn", lpString2=".") returned 1 [0037.183] lstrcmpiW (lpString1="Hx.hxn", lpString2="..") returned 1 [0037.183] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn") returned 40 [0037.183] StrStrIW (lpFirst="Hx.hxn", lpSrch=".lolkek") returned 0x0 [0037.183] lstrcmpW (lpString1="Hx.hxn", lpString2="LOLKEK.txt") returned -1 [0037.183] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn") returned 40 [0037.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa4) returned 0x3cb1668 [0037.183] lstrcpyW (in: lpString1=0x3cb1668, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\Hx.hxn" [0037.183] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.183] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.183] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.EXCEL.14.1033.hxn", cAlternateFileName="MSEXCE~1.HXN")) returned 1 [0037.183] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="Windows") returned -1 [0037.183] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="Program Files") returned -1 [0037.183] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.183] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.183] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.183] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2=".") returned 1 [0037.183] lstrcmpiW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="..") returned 1 [0037.183] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn") returned 54 [0037.183] StrStrIW (lpFirst="MS.EXCEL.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.183] lstrcmpW (lpString1="MS.EXCEL.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.183] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn") returned 54 [0037.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x5fc230 [0037.183] lstrcpyW (in: lpString1=0x5fc230, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.14.1033.hxn" [0037.183] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.223] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.223] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa7a2030, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.EXCEL.DEV.14.1033.hxn", cAlternateFileName="MSEXCE~2.HXN")) returned 1 [0037.223] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0037.223] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0037.223] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.223] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.223] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.223] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2=".") returned 1 [0037.223] lstrcmpiW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="..") returned 1 [0037.223] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn") returned 58 [0037.223] StrStrIW (lpFirst="MS.EXCEL.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.223] lstrcmpW (lpString1="MS.EXCEL.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.223] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn") returned 58 [0037.223] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x5fc070 [0037.223] lstrcpyW (in: lpString1=0x5fc070, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn" [0037.223] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.285] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.285] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.GRAPH.14.1033.hxn", cAlternateFileName="MSGRAP~1.HXN")) returned 1 [0037.285] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="Windows") returned -1 [0037.285] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="Program Files") returned -1 [0037.285] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.285] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.285] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.285] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2=".") returned 1 [0037.285] lstrcmpiW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="..") returned 1 [0037.285] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn") returned 54 [0037.285] StrStrIW (lpFirst="MS.GRAPH.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.285] lstrcmpW (lpString1="MS.GRAPH.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.285] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn") returned 54 [0037.285] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x61b4d8 [0037.290] lstrcpyW (in: lpString1=0x61b4d8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GRAPH.14.1033.hxn" [0037.290] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.333] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.333] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd822070, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.GROOVE.14.1033.hxn", cAlternateFileName="MSGROO~1.HXN")) returned 1 [0037.333] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="Windows") returned -1 [0037.333] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="Program Files") returned -1 [0037.333] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.333] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.333] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.333] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2=".") returned 1 [0037.333] lstrcmpiW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="..") returned 1 [0037.333] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn") returned 55 [0037.333] StrStrIW (lpFirst="MS.GROOVE.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.333] lstrcmpW (lpString1="MS.GROOVE.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.333] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn") returned 55 [0037.333] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbb670 [0037.333] lstrcpyW (in: lpString1=0x3cbb670, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.GROOVE.14.1033.hxn" [0037.333] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.394] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.394] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x11446a50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.INFOPATH.14.1033.hxn", cAlternateFileName="MSINFO~1.HXN")) returned 1 [0037.394] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="Windows") returned -1 [0037.394] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="Program Files") returned -1 [0037.394] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.394] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.394] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.394] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2=".") returned 1 [0037.394] lstrcmpiW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="..") returned 1 [0037.394] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn") returned 57 [0037.395] StrStrIW (lpFirst="MS.INFOPATH.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.395] lstrcmpW (lpString1="MS.INFOPATH.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.395] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn") returned 57 [0037.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x62f8a0 [0037.395] lstrcpyW (in: lpString1=0x62f8a0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATH.14.1033.hxn" [0037.395] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.441] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.441] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1146cbb0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.INFOPATHEDITOR.14.1033.hxn", cAlternateFileName="MSINFO~2.HXN")) returned 1 [0037.441] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="Windows") returned -1 [0037.441] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="Program Files") returned -1 [0037.442] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.442] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.442] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.442] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2=".") returned 1 [0037.442] lstrcmpiW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="..") returned 1 [0037.442] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn") returned 63 [0037.442] StrStrIW (lpFirst="MS.INFOPATHEDITOR.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.442] lstrcmpW (lpString1="MS.INFOPATHEDITOR.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.442] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn") returned 63 [0037.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3dd7920 [0037.442] lstrcpyW (in: lpString1=0x3dd7920, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn" [0037.442] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.503] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.504] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSACCESS.14.1033.hxn", cAlternateFileName="MSMSAC~1.HXN")) returned 1 [0037.504] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="Windows") returned -1 [0037.504] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="Program Files") returned -1 [0037.504] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.504] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.504] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.504] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2=".") returned 1 [0037.504] lstrcmpiW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="..") returned 1 [0037.504] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn") returned 57 [0037.504] StrStrIW (lpFirst="MS.MSACCESS.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.504] lstrcmpW (lpString1="MS.MSACCESS.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.504] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn") returned 57 [0037.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x3ddb980 [0037.504] lstrcpyW (in: lpString1=0x3ddb980, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.14.1033.hxn" [0037.504] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.581] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.581] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1604c8f0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSACCESS.DEV.14.1033.hxn", cAlternateFileName="MSMSAC~2.HXN")) returned 1 [0037.582] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0037.582] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0037.582] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.582] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.582] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.582] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2=".") returned 1 [0037.582] lstrcmpiW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="..") returned 1 [0037.582] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn") returned 61 [0037.582] StrStrIW (lpFirst="MS.MSACCESS.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.582] lstrcmpW (lpString1="MS.MSACCESS.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.582] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn") returned 61 [0037.582] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x62fb60 [0037.582] lstrcpyW (in: lpString1=0x62fb60, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn" [0037.582] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.628] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.628] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSOUC.14.1033.hxn", cAlternateFileName="MSMSOU~1.HXN")) returned 1 [0037.628] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="Windows") returned -1 [0037.628] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="Program Files") returned -1 [0037.628] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.628] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.629] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.629] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2=".") returned 1 [0037.629] lstrcmpiW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="..") returned 1 [0037.629] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn") returned 54 [0037.629] StrStrIW (lpFirst="MS.MSOUC.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.629] lstrcmpW (lpString1="MS.MSOUC.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.629] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn") returned 54 [0037.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbb758 [0037.629] lstrcpyW (in: lpString1=0x3cbb758, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSOUC.14.1033.hxn" [0037.629] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.691] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.691] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSPUB.14.1033.hxn", cAlternateFileName="MSMSPU~1.HXN")) returned 1 [0037.691] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="Windows") returned -1 [0037.691] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="Program Files") returned -1 [0037.691] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.691] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.691] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.691] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2=".") returned 1 [0037.691] lstrcmpiW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="..") returned 1 [0037.691] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn") returned 54 [0037.691] StrStrIW (lpFirst="MS.MSPUB.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.691] lstrcmpW (lpString1="MS.MSPUB.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.691] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn") returned 54 [0037.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbb840 [0037.691] lstrcpyW (in: lpString1=0x3cbb840, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.14.1033.hxn" [0037.691] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.737] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.737] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1bf5d790, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSPUB.DEV.14.1033.hxn", cAlternateFileName="MSMSPU~2.HXN")) returned 1 [0037.738] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0037.738] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0037.738] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.738] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.738] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.738] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2=".") returned 1 [0037.738] lstrcmpiW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="..") returned 1 [0037.738] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn") returned 58 [0037.738] StrStrIW (lpFirst="MS.MSPUB.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.738] lstrcmpW (lpString1="MS.MSPUB.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.738] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn") returned 58 [0037.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3bf2dd8 [0037.738] lstrcpyW (in: lpString1=0x3bf2dd8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn" [0037.738] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.800] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.800] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSTORE.14.1033.hxn", cAlternateFileName="MSMSTO~1.HXN")) returned 1 [0037.800] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="Windows") returned -1 [0037.800] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="Program Files") returned -1 [0037.800] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.800] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.800] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.800] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2=".") returned 1 [0037.800] lstrcmpiW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="..") returned 1 [0037.800] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn") returned 55 [0037.800] StrStrIW (lpFirst="MS.MSTORE.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.800] lstrcmpW (lpString1="MS.MSTORE.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.800] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn") returned 55 [0037.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbb928 [0037.800] lstrcpyW (in: lpString1=0x3cbb928, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.MSTORE.14.1033.hxn" [0037.801] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.862] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.862] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.OIS.14.1033.hxn", cAlternateFileName="MSOIS1~1.HXN")) returned 1 [0037.862] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="Windows") returned -1 [0037.862] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="Program Files") returned -1 [0037.862] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.862] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.862] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.862] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2=".") returned 1 [0037.862] lstrcmpiW (lpString1="MS.OIS.14.1033.hxn", lpString2="..") returned 1 [0037.862] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn") returned 52 [0037.862] StrStrIW (lpFirst="MS.OIS.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.863] lstrcmpW (lpString1="MS.OIS.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.863] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn") returned 52 [0037.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x61b308 [0037.869] lstrcpyW (in: lpString1=0x61b308, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OIS.14.1033.hxn" [0037.869] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.909] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.909] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc9e3ad0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.ONENOTE.14.1033.hxn", cAlternateFileName="MSONEN~1.HXN")) returned 1 [0037.909] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="Windows") returned -1 [0037.909] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="Program Files") returned -1 [0037.909] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.910] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.910] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.910] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2=".") returned 1 [0037.910] lstrcmpiW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="..") returned 1 [0037.910] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn") returned 56 [0037.910] StrStrIW (lpFirst="MS.ONENOTE.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.910] lstrcmpW (lpString1="MS.ONENOTE.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.910] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn") returned 56 [0037.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x61b3e8 [0037.910] lstrcpyW (in: lpString1=0x61b3e8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.ONENOTE.14.1033.hxn" [0037.910] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0037.972] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0037.972] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2689510, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.OUTLOOK.14.1033.hxn", cAlternateFileName="MSOUTL~1.HXN")) returned 1 [0037.972] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="Windows") returned -1 [0037.972] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="Program Files") returned -1 [0037.972] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0037.972] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0037.972] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="System Volume Information") returned -1 [0037.972] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2=".") returned 1 [0037.972] lstrcmpiW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="..") returned 1 [0037.972] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn") returned 56 [0037.972] StrStrIW (lpFirst="MS.OUTLOOK.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0037.972] lstrcmpW (lpString1="MS.OUTLOOK.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0037.972] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn") returned 56 [0037.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x3e43ee0 [0037.972] lstrcpyW (in: lpString1=0x3e43ee0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn" [0037.972] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.024] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.024] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x26af670, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.OUTLOOK.DEV.14.1033.hxn", cAlternateFileName="MSOUTL~2.HXN")) returned 1 [0038.024] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0038.024] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0038.024] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.024] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.024] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.024] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2=".") returned 1 [0038.024] lstrcmpiW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="..") returned 1 [0038.024] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn") returned 60 [0038.024] StrStrIW (lpFirst="MS.OUTLOOK.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.024] lstrcmpW (lpString1="MS.OUTLOOK.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.024] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn") returned 60 [0038.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3dd7b20 [0038.024] lstrcpyW (in: lpString1=0x3dd7b20, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn" [0038.024] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.065] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.065] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x158, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.POWERPNT.14.1033.hxn", cAlternateFileName="MSPOWE~1.HXN")) returned 1 [0038.065] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="Windows") returned -1 [0038.065] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="Program Files") returned -1 [0038.065] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.065] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.066] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.066] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2=".") returned 1 [0038.066] lstrcmpiW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="..") returned 1 [0038.066] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn") returned 57 [0038.066] StrStrIW (lpFirst="MS.POWERPNT.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.066] lstrcmpW (lpString1="MS.POWERPNT.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.066] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn") returned 57 [0038.066] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x3dd7750 [0038.066] lstrcpyW (in: lpString1=0x3dd7750, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.14.1033.hxn" [0038.066] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.106] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.106] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf5fec970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x170, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.POWERPNT.DEV.14.1033.hxn", cAlternateFileName="MSPOWE~2.HXN")) returned 1 [0038.106] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0038.106] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0038.106] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.106] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.106] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.106] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2=".") returned 1 [0038.106] lstrcmpiW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="..") returned 1 [0038.106] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn") returned 61 [0038.106] StrStrIW (lpFirst="MS.POWERPNT.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.106] lstrcmpW (lpString1="MS.POWERPNT.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.106] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn") returned 61 [0038.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3cc9da0 [0038.106] lstrcpyW (in: lpString1=0x3cc9da0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn" [0038.106] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.115] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.115] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef3ea330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.SETLANG.14.1033.hxn", cAlternateFileName="MSSETL~1.HXN")) returned 1 [0038.115] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="Windows") returned -1 [0038.115] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="Program Files") returned -1 [0038.115] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.115] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.115] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.115] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2=".") returned 1 [0038.115] lstrcmpiW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="..") returned 1 [0038.115] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn") returned 56 [0038.115] StrStrIW (lpFirst="MS.SETLANG.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.115] lstrcmpW (lpString1="MS.SETLANG.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.115] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn") returned 56 [0038.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x62e8c0 [0038.115] lstrcpyW (in: lpString1=0x62e8c0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.SETLANG.14.1033.hxn" [0038.115] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.374] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.374] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x5269fec0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO.14.1033.hxn", cAlternateFileName="MSVISI~1.HXN")) returned 1 [0038.374] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="Windows") returned -1 [0038.374] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="Program Files") returned -1 [0038.374] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.374] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.374] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.374] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2=".") returned 1 [0038.374] lstrcmpiW (lpString1="MS.VISIO.14.1033.hxn", lpString2="..") returned 1 [0038.374] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn") returned 54 [0038.374] StrStrIW (lpFirst="MS.VISIO.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.374] lstrcmpW (lpString1="MS.VISIO.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.374] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn") returned 54 [0038.374] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbba10 [0038.374] lstrcpyW (in: lpString1=0x3cbba10, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.14.1033.hxn" [0038.374] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.381] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.381] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO.DEV.14.1033.hxn", cAlternateFileName="MSVISI~3.HXN")) returned 1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2=".") returned 1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="..") returned 1 [0038.381] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn") returned 58 [0038.381] StrStrIW (lpFirst="MS.VISIO.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.381] lstrcmpW (lpString1="MS.VISIO.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.381] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn") returned 58 [0038.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x5c2078 [0038.381] lstrcpyW (in: lpString1=0x5c2078, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn" [0038.381] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.381] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.381] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO.SHAPESHEET.14.1033.hxn", cAlternateFileName="MSVISI~4.HXN")) returned 1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2="Windows") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2="Program Files") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2=".") returned 1 [0038.381] lstrcmpiW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2="..") returned 1 [0038.381] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn") returned 65 [0038.381] StrStrIW (lpFirst="MS.VISIO.SHAPESHEET.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.381] lstrcmpW (lpString1="MS.VISIO.SHAPESHEET.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.381] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn") returned 65 [0038.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x3cc9ea0 [0038.381] lstrcpyW (in: lpString1=0x3cc9ea0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn" [0038.381] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.386] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.386] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x52738440, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO_PRM.14.1033.hxn", cAlternateFileName="MSE1C9~1.HXN")) returned 1 [0038.386] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2="Windows") returned -1 [0038.386] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2="Program Files") returned -1 [0038.386] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.386] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.386] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.386] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2=".") returned 1 [0038.386] lstrcmpiW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2="..") returned 1 [0038.386] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn") returned 58 [0038.386] StrStrIW (lpFirst="MS.VISIO_PRM.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.386] lstrcmpW (lpString1="MS.VISIO_PRM.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.386] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn") returned 58 [0038.386] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x632ed8 [0038.386] lstrcpyW (in: lpString1=0x632ed8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn" [0038.386] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.424] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.424] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x527122e0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x15e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO_STD.14.1033.hxn", cAlternateFileName="MSVISI~2.HXN")) returned 1 [0038.425] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2="Windows") returned -1 [0038.425] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2="Program Files") returned -1 [0038.425] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.425] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.425] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.425] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2=".") returned 1 [0038.425] lstrcmpiW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2="..") returned 1 [0038.425] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn") returned 58 [0038.425] StrStrIW (lpFirst="MS.VISIO_STD.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.425] lstrcmpW (lpString1="MS.VISIO_STD.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.425] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn") returned 58 [0038.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x633178 [0038.425] lstrcpyW (in: lpString1=0x633178, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn" [0038.425] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.430] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.430] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINPROJ.14.1033.hxn", cAlternateFileName="MSWINP~1.HXN")) returned 1 [0038.430] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2="Windows") returned -1 [0038.430] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2="Program Files") returned -1 [0038.430] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.430] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.430] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.430] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2=".") returned 1 [0038.430] lstrcmpiW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2="..") returned 1 [0038.430] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn") returned 56 [0038.430] StrStrIW (lpFirst="MS.WINPROJ.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.430] lstrcmpW (lpString1="MS.WINPROJ.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.430] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn") returned 56 [0038.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x632fd0 [0038.430] lstrcpyW (in: lpString1=0x632fd0, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.14.1033.hxn" [0038.430] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.468] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.468] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf7d9300, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINPROJ.DEV.14.1033.hxn", cAlternateFileName="MSWINP~2.HXN")) returned 1 [0038.468] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0038.468] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0038.468] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.468] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.468] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.468] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2=".") returned 1 [0038.468] lstrcmpiW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2="..") returned 1 [0038.468] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn") returned 60 [0038.468] StrStrIW (lpFirst="MS.WINPROJ.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.468] lstrcmpW (lpString1="MS.WINPROJ.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.468] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn") returned 60 [0038.468] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x62f5a8 [0038.468] lstrcpyW (in: lpString1=0x62f5a8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn" [0038.468] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.695] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.695] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINWORD.14.1033.hxn", cAlternateFileName="MSWINW~1.HXN")) returned 1 [0038.695] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn", lpString2="Windows") returned -1 [0038.695] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn", lpString2="Program Files") returned -1 [0038.695] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.695] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.695] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.695] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn", lpString2=".") returned 1 [0038.695] lstrcmpiW (lpString1="MS.WINWORD.14.1033.hxn", lpString2="..") returned 1 [0038.695] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn") returned 56 [0038.695] StrStrIW (lpFirst="MS.WINWORD.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.695] lstrcmpW (lpString1="MS.WINWORD.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.695] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn") returned 56 [0038.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x62f6a8 [0038.696] lstrcpyW (in: lpString1=0x62f6a8, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.14.1033.hxn" [0038.696] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.703] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.703] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x1e6f0550, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINWORD.DEV.14.1033.hxn", cAlternateFileName="MSWINW~2.HXN")) returned 1 [0038.704] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2="Windows") returned -1 [0038.704] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2="Program Files") returned -1 [0038.704] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2="Program Files (x86)") returned -1 [0038.704] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2="$Recycle.bin") returned 1 [0038.704] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2="System Volume Information") returned -1 [0038.704] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2=".") returned 1 [0038.704] lstrcmpiW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2="..") returned 1 [0038.704] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn") returned 60 [0038.704] StrStrIW (lpFirst="MS.WINWORD.DEV.14.1033.hxn", lpSrch=".lolkek") returned 0x0 [0038.704] lstrcmpW (lpString1="MS.WINWORD.DEV.14.1033.hxn", lpString2="LOLKEK.txt") returned 1 [0038.704] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn") returned 60 [0038.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3de1b70 [0038.704] lstrcpyW (in: lpString1=0x3de1b70, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn" [0038.704] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.704] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.704] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nslist.hxl", cAlternateFileName="")) returned 1 [0038.704] lstrcmpiW (lpString1="nslist.hxl", lpString2="Windows") returned -1 [0038.704] lstrcmpiW (lpString1="nslist.hxl", lpString2="Program Files") returned -1 [0038.704] lstrcmpiW (lpString1="nslist.hxl", lpString2="Program Files (x86)") returned -1 [0038.704] lstrcmpiW (lpString1="nslist.hxl", lpString2="$Recycle.bin") returned 1 [0038.704] lstrcmpiW (lpString1="nslist.hxl", lpString2="System Volume Information") returned -1 [0038.704] lstrcmpiW (lpString1="nslist.hxl", lpString2=".") returned 1 [0038.704] lstrcmpiW (lpString1="nslist.hxl", lpString2="..") returned 1 [0038.704] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl") returned 44 [0038.704] StrStrIW (lpFirst="nslist.hxl", lpSrch=".lolkek") returned 0x0 [0038.704] lstrcmpW (lpString1="nslist.hxl", lpString2="LOLKEK.txt") returned 1 [0038.704] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl") returned 44 [0038.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb4) returned 0x3cb9018 [0038.704] lstrcpyW (in: lpString1=0x3cb9018, lpString2="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" | out: lpString1="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl") returned="\\\\?\\C:\\ProgramData\\Microsoft Help\\nslist.hxl" [0038.704] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0038.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0038.743] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe8b8c220, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x21dc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nslist.hxl", cAlternateFileName="")) returned 0 [0038.744] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0038.744] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Microsoft Help\\LOLKEK.txt") returned 44 [0038.744] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Microsoft Help\\LOLKEK.txt" (normalized: "c:\\programdata\\microsoft help\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0038.745] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0038.745] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0038.751] CloseHandle (hObject=0x2a0) returned 1 [0038.751] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0038.751] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0038.751] lstrcmpiW (lpString1="Mozilla", lpString2="Windows") returned -1 [0038.751] lstrcmpiW (lpString1="Mozilla", lpString2="Program Files") returned -1 [0038.751] lstrcmpiW (lpString1="Mozilla", lpString2="Program Files (x86)") returned -1 [0038.751] lstrcmpiW (lpString1="Mozilla", lpString2="$Recycle.bin") returned 1 [0038.751] lstrcmpiW (lpString1="Mozilla", lpString2="System Volume Information") returned -1 [0038.751] lstrcmpiW (lpString1="Mozilla", lpString2=".") returned 1 [0038.751] lstrcmpiW (lpString1="Mozilla", lpString2="..") returned 1 [0038.751] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Mozilla") returned 26 [0038.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0038.751] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Mozilla" | out: lpString1="\\\\?\\C:\\ProgramData\\Mozilla") returned="\\\\?\\C:\\ProgramData\\Mozilla" [0038.751] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Mozilla", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Mozilla\\*") returned="\\\\?\\C:\\ProgramData\\Mozilla\\*" [0038.751] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0038.751] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0038.753] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0038.753] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0038.753] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0038.753] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0038.753] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0038.753] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0038.754] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0038.754] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0038.754] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0038.754] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0038.754] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0038.754] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0038.754] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0038.754] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="logs", cAlternateFileName="")) returned 1 [0038.754] lstrcmpiW (lpString1="logs", lpString2="Windows") returned -1 [0038.755] lstrcmpiW (lpString1="logs", lpString2="Program Files") returned -1 [0038.755] lstrcmpiW (lpString1="logs", lpString2="Program Files (x86)") returned -1 [0038.755] lstrcmpiW (lpString1="logs", lpString2="$Recycle.bin") returned 1 [0038.755] lstrcmpiW (lpString1="logs", lpString2="System Volume Information") returned -1 [0038.755] lstrcmpiW (lpString1="logs", lpString2=".") returned 1 [0038.755] lstrcmpiW (lpString1="logs", lpString2="..") returned 1 [0038.755] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Mozilla\\logs") returned 31 [0038.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0038.755] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Mozilla\\logs" | out: lpString1="\\\\?\\C:\\ProgramData\\Mozilla\\logs") returned="\\\\?\\C:\\ProgramData\\Mozilla\\logs" [0038.755] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Mozilla\\logs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\*") returned="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\*" [0038.755] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x363f200, dwReserved1=0x771b1ecd, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0038.831] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0038.832] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0038.832] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0038.832] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0038.832] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0038.832] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0038.832] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x363f200, dwReserved1=0x771b1ecd, cFileName="..", cAlternateFileName="")) returned 1 [0038.832] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0038.832] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0038.832] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0038.832] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0038.832] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0038.832] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0038.832] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0038.832] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x363f200, dwReserved1=0x771b1ecd, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 1 [0038.832] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="Windows") returned -1 [0038.832] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="Program Files") returned -1 [0038.832] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="Program Files (x86)") returned -1 [0038.832] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="$Recycle.bin") returned 1 [0038.832] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="System Volume Information") returned -1 [0038.832] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2=".") returned 1 [0038.832] lstrcmpiW (lpString1="maintenanceservice-install.log", lpString2="..") returned 1 [0038.832] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log") returned 62 [0038.832] StrStrIW (lpFirst="maintenanceservice-install.log", lpSrch=".lolkek") returned 0x0 [0038.832] lstrcmpW (lpString1="maintenanceservice-install.log", lpString2="LOLKEK.txt") returned 1 [0038.832] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log") returned 62 [0038.832] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x62cf18 [0038.832] lstrcpyW (in: lpString1=0x62cf18, lpString2="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" | out: lpString1="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log") returned="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\maintenanceservice-install.log" [0038.832] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.139] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.139] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb07822e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa4, dwReserved0=0x363f200, dwReserved1=0x771b1ecd, cFileName="maintenanceservice-install.log", cAlternateFileName="MAINTE~1.LOG")) returned 0 [0039.139] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.139] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\LOLKEK.txt") returned 42 [0039.140] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\logs\\LOLKEK.txt" (normalized: "c:\\programdata\\mozilla\\logs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.140] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.140] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.141] CloseHandle (hObject=0x294) returned 1 [0039.141] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.141] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="logs", cAlternateFileName="")) returned 0 [0039.141] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0039.141] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Mozilla\\LOLKEK.txt") returned 37 [0039.141] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Mozilla\\LOLKEK.txt" (normalized: "c:\\programdata\\mozilla\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0039.141] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.141] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0039.142] CloseHandle (hObject=0x2a0) returned 1 [0039.142] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0039.142] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0039.142] lstrcmpiW (lpString1="Oracle", lpString2="Windows") returned -1 [0039.142] lstrcmpiW (lpString1="Oracle", lpString2="Program Files") returned -1 [0039.142] lstrcmpiW (lpString1="Oracle", lpString2="Program Files (x86)") returned -1 [0039.142] lstrcmpiW (lpString1="Oracle", lpString2="$Recycle.bin") returned 1 [0039.142] lstrcmpiW (lpString1="Oracle", lpString2="System Volume Information") returned -1 [0039.142] lstrcmpiW (lpString1="Oracle", lpString2=".") returned 1 [0039.142] lstrcmpiW (lpString1="Oracle", lpString2="..") returned 1 [0039.142] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Oracle") returned 25 [0039.142] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0039.142] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Oracle" | out: lpString1="\\\\?\\C:\\ProgramData\\Oracle") returned="\\\\?\\C:\\ProgramData\\Oracle" [0039.142] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Oracle", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Oracle\\*") returned="\\\\?\\C:\\ProgramData\\Oracle\\*" [0039.142] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Oracle\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0039.143] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.143] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.143] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.143] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.143] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.143] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.143] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.143] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.143] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.143] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.143] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.143] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.143] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.143] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.143] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0039.143] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0039.143] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Oracle\\LOLKEK.txt") returned 36 [0039.143] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Oracle\\LOLKEK.txt" (normalized: "c:\\programdata\\oracle\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0039.143] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.143] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0039.144] CloseHandle (hObject=0x2a0) returned 1 [0039.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0039.144] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0039.144] lstrcmpiW (lpString1="Package Cache", lpString2="Windows") returned -1 [0039.144] lstrcmpiW (lpString1="Package Cache", lpString2="Program Files") returned -1 [0039.144] lstrcmpiW (lpString1="Package Cache", lpString2="Program Files (x86)") returned -1 [0039.144] lstrcmpiW (lpString1="Package Cache", lpString2="$Recycle.bin") returned 1 [0039.144] lstrcmpiW (lpString1="Package Cache", lpString2="System Volume Information") returned -1 [0039.144] lstrcmpiW (lpString1="Package Cache", lpString2=".") returned 1 [0039.144] lstrcmpiW (lpString1="Package Cache", lpString2="..") returned 1 [0039.144] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache") returned 32 [0039.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0039.144] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Package Cache" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache") returned="\\\\?\\C:\\ProgramData\\Package Cache" [0039.144] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\*" [0039.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0039.153] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.153] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.153] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.153] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.153] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.153] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.153] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.160] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.160] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.160] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.160] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.160] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.160] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.160] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.160] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cAlternateFileName="42D5BE~1")) returned 1 [0039.160] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="Windows") returned -1 [0039.160] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="Program Files") returned -1 [0039.160] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="Program Files (x86)") returned -1 [0039.160] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="$Recycle.bin") returned 1 [0039.160] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="System Volume Information") returned -1 [0039.160] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2=".") returned 1 [0039.160] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="..") returned 1 [0039.160] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned 73 [0039.160] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.160] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0039.160] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*" [0039.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.162] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.162] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.162] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.162] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.162] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.162] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.162] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.162] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.162] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.162] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.162] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.162] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.162] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.162] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.162] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0039.162] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0039.162] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0039.162] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0039.162] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0039.162] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0039.162] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0039.162] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0039.162] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned 82 [0039.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.163] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0039.163] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*" [0039.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0039.163] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.163] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.163] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.163] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.163] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.163] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.163] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.163] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.163] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.163] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.163] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.163] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.163] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.163] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.163] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 1 [0039.163] lstrcmpiW (lpString1="Patch", lpString2="Windows") returned -1 [0039.163] lstrcmpiW (lpString1="Patch", lpString2="Program Files") returned -1 [0039.163] lstrcmpiW (lpString1="Patch", lpString2="Program Files (x86)") returned -1 [0039.163] lstrcmpiW (lpString1="Patch", lpString2="$Recycle.bin") returned 1 [0039.163] lstrcmpiW (lpString1="Patch", lpString2="System Volume Information") returned -1 [0039.163] lstrcmpiW (lpString1="Patch", lpString2=".") returned 1 [0039.163] lstrcmpiW (lpString1="Patch", lpString2="..") returned 1 [0039.163] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned 88 [0039.163] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0039.164] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0039.164] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*" [0039.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0039.164] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.164] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.164] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.164] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.164] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.164] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.164] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.164] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.164] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.164] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.164] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.164] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.164] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.164] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.164] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 1 [0039.164] lstrcmpiW (lpString1="x64", lpString2="Windows") returned 1 [0039.164] lstrcmpiW (lpString1="x64", lpString2="Program Files") returned 1 [0039.164] lstrcmpiW (lpString1="x64", lpString2="Program Files (x86)") returned 1 [0039.164] lstrcmpiW (lpString1="x64", lpString2="$Recycle.bin") returned 1 [0039.164] lstrcmpiW (lpString1="x64", lpString2="System Volume Information") returned 1 [0039.164] lstrcmpiW (lpString1="x64", lpString2=".") returned 1 [0039.164] lstrcmpiW (lpString1="x64", lpString2="..") returned 1 [0039.164] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned 92 [0039.165] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0039.165] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0039.165] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*" [0039.165] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0039.165] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.165] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.165] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.165] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.165] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.165] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.165] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.165] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.165] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.165] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.165] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.165] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.165] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.165] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.165] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0039.165] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="Windows") returned 1 [0039.165] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="Program Files") returned 1 [0039.165] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="Program Files (x86)") returned 1 [0039.166] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="$Recycle.bin") returned 1 [0039.166] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="System Volume Information") returned 1 [0039.166] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".") returned 1 [0039.166] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="..") returned 1 [0039.166] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu") returned 121 [0039.166] StrStrIW (lpFirst="Windows6.1-KB2999226-x64.msu", lpSrch=".lolkek") returned 0x0 [0039.166] lstrcmpW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="LOLKEK.txt") returned 1 [0039.166] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu") returned 121 [0039.166] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e8) returned 0x3de1c70 [0039.166] lstrcpyW (in: lpString1=0x3de1c70, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu") returned="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" [0039.166] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.166] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.166] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x59d2100, ftLastWriteTime.dwHighDateTime=0x1d0a100, nFileSizeHigh=0x0, nFileSizeLow=0xf7139, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0039.166] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0039.166] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\LOLKEK.txt") returned 103 [0039.166] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0039.166] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.166] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0039.167] CloseHandle (hObject=0x2a8) returned 1 [0039.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0039.167] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 0 [0039.167] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0039.167] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\LOLKEK.txt") returned 99 [0039.167] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0039.168] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.168] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0039.168] CloseHandle (hObject=0x160) returned 1 [0039.168] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0039.168] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 0 [0039.168] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0039.168] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\LOLKEK.txt") returned 93 [0039.168] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0039.169] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.169] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0039.169] CloseHandle (hObject=0x250) returned 1 [0039.169] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.169] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0039.170] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.170] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\LOLKEK.txt") returned 84 [0039.170] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.170] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.170] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.170] CloseHandle (hObject=0x294) returned 1 [0039.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.172] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cAlternateFileName="54050A~1")) returned 1 [0039.172] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="Windows") returned -1 [0039.172] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="Program Files") returned -1 [0039.172] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="Program Files (x86)") returned -1 [0039.172] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="$Recycle.bin") returned 1 [0039.172] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="System Volume Information") returned -1 [0039.172] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2=".") returned 1 [0039.172] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="..") returned 1 [0039.172] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned 73 [0039.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.172] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0039.173] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*" [0039.173] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.213] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.213] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.213] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.213] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.213] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.213] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.213] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.214] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.214] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.214] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.214] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0039.214] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0039.214] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0039.214] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0039.214] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0039.214] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0039.214] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0039.214] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0039.214] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned 82 [0039.214] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.214] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0039.214] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*" [0039.214] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0039.214] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.214] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.214] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.214] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.214] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.214] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.214] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.214] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.214] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.214] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.214] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.214] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 1 [0039.214] lstrcmpiW (lpString1="Patch", lpString2="Windows") returned -1 [0039.214] lstrcmpiW (lpString1="Patch", lpString2="Program Files") returned -1 [0039.215] lstrcmpiW (lpString1="Patch", lpString2="Program Files (x86)") returned -1 [0039.215] lstrcmpiW (lpString1="Patch", lpString2="$Recycle.bin") returned 1 [0039.215] lstrcmpiW (lpString1="Patch", lpString2="System Volume Information") returned -1 [0039.215] lstrcmpiW (lpString1="Patch", lpString2=".") returned 1 [0039.215] lstrcmpiW (lpString1="Patch", lpString2="..") returned 1 [0039.215] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned 88 [0039.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0039.215] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0039.215] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*" [0039.215] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0039.226] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.226] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.226] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.226] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.226] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.226] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.226] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.226] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.226] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.226] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.226] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.226] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.226] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.226] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.226] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 1 [0039.226] lstrcmpiW (lpString1="x64", lpString2="Windows") returned 1 [0039.226] lstrcmpiW (lpString1="x64", lpString2="Program Files") returned 1 [0039.226] lstrcmpiW (lpString1="x64", lpString2="Program Files (x86)") returned 1 [0039.226] lstrcmpiW (lpString1="x64", lpString2="$Recycle.bin") returned 1 [0039.226] lstrcmpiW (lpString1="x64", lpString2="System Volume Information") returned 1 [0039.226] lstrcmpiW (lpString1="x64", lpString2=".") returned 1 [0039.226] lstrcmpiW (lpString1="x64", lpString2="..") returned 1 [0039.226] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned 92 [0039.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0039.226] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0039.226] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*" [0039.226] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0039.226] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.226] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.226] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.226] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.226] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.227] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.227] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.227] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.227] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.227] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.227] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.227] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.227] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.227] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.227] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 1 [0039.227] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="Windows") returned 1 [0039.227] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="Program Files") returned 1 [0039.227] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="Program Files (x86)") returned 1 [0039.227] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="$Recycle.bin") returned 1 [0039.227] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="System Volume Information") returned 1 [0039.227] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2=".") returned 1 [0039.227] lstrcmpiW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="..") returned 1 [0039.227] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu") returned 121 [0039.227] StrStrIW (lpFirst="Windows6.1-KB2999226-x64.msu", lpSrch=".lolkek") returned 0x0 [0039.227] lstrcmpW (lpString1="Windows6.1-KB2999226-x64.msu", lpString2="LOLKEK.txt") returned 1 [0039.227] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu") returned 121 [0039.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e8) returned 0x645fb8 [0039.227] lstrcpyW (in: lpString1=0x645fb8, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu") returned="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu" [0039.227] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.227] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.227] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x9ab54b00, ftLastWriteTime.dwHighDateTime=0x1d1a02d, nFileSizeHigh=0x0, nFileSizeLow=0xfc93c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu", cAlternateFileName="WINDOW~1.MSU")) returned 0 [0039.227] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0039.227] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\LOLKEK.txt") returned 103 [0039.227] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0039.227] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.227] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0039.228] CloseHandle (hObject=0x2a8) returned 1 [0039.228] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0039.228] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 0 [0039.228] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0039.228] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\LOLKEK.txt") returned 99 [0039.228] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0039.229] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.229] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0039.229] CloseHandle (hObject=0x160) returned 1 [0039.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0039.229] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 0 [0039.229] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0039.229] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\LOLKEK.txt") returned 93 [0039.230] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0039.230] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.230] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0039.230] CloseHandle (hObject=0x250) returned 1 [0039.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.230] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0039.230] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.231] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\LOLKEK.txt") returned 84 [0039.231] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.231] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.231] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.231] CloseHandle (hObject=0x294) returned 1 [0039.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.233] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1 [0039.233] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="Windows") returned -1 [0039.233] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="Program Files") returned -1 [0039.233] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="Program Files (x86)") returned -1 [0039.233] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="$Recycle.bin") returned 1 [0039.233] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="System Volume Information") returned -1 [0039.233] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2=".") returned 1 [0039.233] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="..") returned 1 [0039.233] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned 82 [0039.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.233] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0039.233] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*" [0039.233] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.233] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.233] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.233] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.233] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.233] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.233] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.233] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.233] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.233] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.234] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.234] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.234] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.234] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.234] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.234] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0039.234] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0039.234] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0039.234] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0039.234] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0039.234] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0039.234] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0039.234] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0039.234] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned 91 [0039.234] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.234] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0039.234] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*" [0039.234] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0039.237] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.237] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.237] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.237] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.237] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.237] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.237] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.237] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.237] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.237] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.237] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.237] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.237] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.237] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.237] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0039.237] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Windows") returned -1 [0039.237] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Program Files") returned 1 [0039.237] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Program Files (x86)") returned 1 [0039.237] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="$Recycle.bin") returned 1 [0039.237] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="System Volume Information") returned 1 [0039.237] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2=".") returned 1 [0039.237] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="..") returned 1 [0039.237] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned 112 [0039.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0039.238] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0039.238] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*" [0039.238] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0039.238] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.238] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.238] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.238] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.238] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.238] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.238] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.238] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.238] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.238] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.238] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.238] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.238] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.238] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.238] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0xf36be, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0039.238] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0039.238] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0039.238] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0039.238] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0039.238] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0039.238] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0039.238] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0039.238] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 121 [0039.238] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0039.238] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0039.238] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 121 [0039.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e8) returned 0x66aa10 [0039.238] lstrcpyW (in: lpString1=0x66aa10, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab" [0039.238] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.239] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.239] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0039.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Windows") returned -1 [0039.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Program Files") returned 1 [0039.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Program Files (x86)") returned 1 [0039.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="$Recycle.bin") returned 1 [0039.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="System Volume Information") returned 1 [0039.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".") returned 1 [0039.239] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="..") returned 1 [0039.239] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned 138 [0039.239] StrStrIW (lpFirst="vc_runtimeMinimum_x86.msi", lpSrch=".lolkek") returned 0x0 [0039.239] lstrcmpW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="LOLKEK.txt") returned 1 [0039.239] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned 138 [0039.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22c) returned 0x3dd5758 [0039.239] lstrcpyW (in: lpString1=0x3dd5758, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" [0039.239] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.239] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.239] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x50cc6500, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0039.239] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0039.239] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 123 [0039.239] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0039.239] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.239] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0039.240] CloseHandle (hObject=0x160) returned 1 [0039.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0039.240] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0039.240] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0039.240] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\LOLKEK.txt") returned 102 [0039.240] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0039.240] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.240] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0039.241] CloseHandle (hObject=0x250) returned 1 [0039.241] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.241] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0039.241] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.241] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\LOLKEK.txt") returned 93 [0039.241] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.242] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.242] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.242] CloseHandle (hObject=0x294) returned 1 [0039.242] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.242] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0039.242] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="Windows") returned -1 [0039.242] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="Program Files") returned -1 [0039.242] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="Program Files (x86)") returned -1 [0039.242] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="$Recycle.bin") returned 1 [0039.242] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="System Volume Information") returned -1 [0039.242] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2=".") returned 1 [0039.242] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="..") returned 1 [0039.242] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned 71 [0039.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.243] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0039.243] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*" [0039.243] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.243] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.243] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.243] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.243] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.243] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.243] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.243] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.243] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.243] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.243] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.243] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.243] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.243] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.243] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.243] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd314a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf08b3aa0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0039.243] lstrcmpiW (lpString1="state.rsm", lpString2="Windows") returned -1 [0039.243] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files") returned 1 [0039.243] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files (x86)") returned 1 [0039.243] lstrcmpiW (lpString1="state.rsm", lpString2="$Recycle.bin") returned 1 [0039.243] lstrcmpiW (lpString1="state.rsm", lpString2="System Volume Information") returned -1 [0039.243] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0039.243] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0039.243] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm") returned 81 [0039.243] StrStrIW (lpFirst="state.rsm", lpSrch=".lolkek") returned 0x0 [0039.243] lstrcmpW (lpString1="state.rsm", lpString2="LOLKEK.txt") returned 1 [0039.243] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm") returned 81 [0039.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae688 [0039.243] lstrcpyW (in: lpString1=0x3cae688, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm" [0039.243] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.243] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.243] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0039.243] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="Windows") returned -1 [0039.243] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="Program Files") returned 1 [0039.243] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="Program Files (x86)") returned 1 [0039.243] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="$Recycle.bin") returned 1 [0039.243] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="System Volume Information") returned 1 [0039.243] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".") returned 1 [0039.243] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="..") returned 1 [0039.244] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe") returned 88 [0039.244] StrStrIW (lpFirst="vcredist_x86.exe", lpSrch=".lolkek") returned 0x0 [0039.244] lstrcmpW (lpString1="vcredist_x86.exe", lpString2="LOLKEK.txt") returned 1 [0039.244] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe") returned 88 [0039.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x61c320 [0039.244] lstrcpyW (in: lpString1=0x61c320, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe" [0039.244] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.360] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.360] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xd3ea4f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0039.360] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.360] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\LOLKEK.txt") returned 82 [0039.360] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.441] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.441] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.442] CloseHandle (hObject=0x290) returned 1 [0039.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.442] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0039.442] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="Windows") returned -1 [0039.442] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="Program Files") returned -1 [0039.442] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="Program Files (x86)") returned -1 [0039.442] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="$Recycle.bin") returned 1 [0039.442] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="System Volume Information") returned -1 [0039.442] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2=".") returned 1 [0039.442] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="..") returned 1 [0039.442] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned 82 [0039.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.442] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0039.442] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*" [0039.442] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.485] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.485] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.485] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.485] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.485] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.485] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.485] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.485] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.485] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.485] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.485] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.485] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.485] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.485] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.485] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0039.485] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0039.485] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0039.485] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0039.485] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0039.485] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0039.485] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0039.485] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0039.485] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned 91 [0039.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.486] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0039.486] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*" [0039.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0039.486] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.486] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.486] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.486] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.486] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.486] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.486] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.486] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.486] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.486] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.486] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.486] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.486] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.486] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.486] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0039.486] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Windows") returned -1 [0039.486] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Program Files") returned 1 [0039.486] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Program Files (x86)") returned 1 [0039.486] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="$Recycle.bin") returned 1 [0039.486] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="System Volume Information") returned 1 [0039.486] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2=".") returned 1 [0039.486] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="..") returned 1 [0039.486] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned 117 [0039.486] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0039.487] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0039.487] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*" [0039.487] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0039.487] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.487] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.487] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.487] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.487] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.487] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.487] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.487] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.487] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.487] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.487] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.487] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.487] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.487] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.487] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa87bcb00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0xa87bcb00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0xa87bcb00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0039.487] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0039.487] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0039.487] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0039.487] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0039.487] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0039.487] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0039.488] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0039.488] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 126 [0039.488] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0039.488] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0039.488] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 126 [0039.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x61c490 [0039.488] lstrcpyW (in: lpString1=0x61c490, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" [0039.488] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.488] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.488] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0039.488] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Windows") returned -1 [0039.488] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Program Files") returned 1 [0039.488] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Program Files (x86)") returned 1 [0039.488] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="$Recycle.bin") returned 1 [0039.488] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="System Volume Information") returned 1 [0039.488] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".") returned 1 [0039.488] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="..") returned 1 [0039.488] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned 146 [0039.488] StrStrIW (lpFirst="vc_runtimeAdditional_x64.msi", lpSrch=".lolkek") returned 0x0 [0039.488] lstrcmpW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="LOLKEK.txt") returned 1 [0039.488] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned 146 [0039.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24c) returned 0x634508 [0039.488] lstrcpyW (in: lpString1=0x634508, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" [0039.488] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.488] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.488] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x4374a500, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0039.488] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0039.488] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 128 [0039.488] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.489] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.489] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0039.489] CloseHandle (hObject=0x294) returned 1 [0039.490] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0039.490] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfac0a1e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfac0a1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0039.490] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0039.490] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\LOLKEK.txt") returned 102 [0039.490] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.490] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.490] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0039.491] CloseHandle (hObject=0x290) returned 1 [0039.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.491] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0039.491] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.491] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\LOLKEK.txt") returned 93 [0039.491] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0039.491] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.491] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.492] CloseHandle (hObject=0x27c) returned 1 [0039.492] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.492] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1 [0039.492] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="Windows") returned -1 [0039.492] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="Program Files") returned -1 [0039.492] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="Program Files (x86)") returned -1 [0039.492] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="$Recycle.bin") returned 1 [0039.492] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="System Volume Information") returned -1 [0039.492] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2=".") returned 1 [0039.492] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="..") returned 1 [0039.492] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned 71 [0039.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.492] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0039.492] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*" [0039.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.542] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.542] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.542] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.542] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.542] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.542] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.542] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.542] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.542] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.542] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.542] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.542] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.542] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.542] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.542] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a127460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1c821ca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0039.542] lstrcmpiW (lpString1="state.rsm", lpString2="Windows") returned -1 [0039.542] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files") returned 1 [0039.542] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files (x86)") returned 1 [0039.542] lstrcmpiW (lpString1="state.rsm", lpString2="$Recycle.bin") returned 1 [0039.542] lstrcmpiW (lpString1="state.rsm", lpString2="System Volume Information") returned -1 [0039.542] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0039.542] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0039.542] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm") returned 81 [0039.542] StrStrIW (lpFirst="state.rsm", lpSrch=".lolkek") returned 0x0 [0039.543] lstrcmpW (lpString1="state.rsm", lpString2="LOLKEK.txt") returned 1 [0039.543] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm") returned 81 [0039.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae7e0 [0039.543] lstrcpyW (in: lpString1=0x3cae7e0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm" [0039.543] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.544] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.544] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0039.544] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="Windows") returned -1 [0039.544] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="Program Files") returned 1 [0039.544] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="Program Files (x86)") returned 1 [0039.544] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="$Recycle.bin") returned 1 [0039.544] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="System Volume Information") returned 1 [0039.544] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".") returned 1 [0039.544] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="..") returned 1 [0039.544] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe") returned 88 [0039.544] StrStrIW (lpFirst="vcredist_x64.exe", lpSrch=".lolkek") returned 0x0 [0039.544] lstrcmpW (lpString1="vcredist_x64.exe", lpString2="LOLKEK.txt") returned 1 [0039.544] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe") returned 88 [0039.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3c948d8 [0039.544] lstrcpyW (in: lpString1=0x3c948d8, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe" [0039.544] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.593] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.593] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1073de80, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0039.593] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.593] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\LOLKEK.txt") returned 82 [0039.593] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0039.593] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.593] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.598] CloseHandle (hObject=0x27c) returned 1 [0039.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.599] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1 [0039.599] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="Windows") returned -1 [0039.599] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="Program Files") returned -1 [0039.599] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="Program Files (x86)") returned -1 [0039.599] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="$Recycle.bin") returned 1 [0039.599] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="System Volume Information") returned -1 [0039.599] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2=".") returned 1 [0039.599] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="..") returned 1 [0039.599] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned 83 [0039.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.599] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0039.599] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*" [0039.599] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.603] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.603] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.603] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.603] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.603] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.603] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.603] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.603] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.603] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.603] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.603] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.603] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.603] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.603] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.603] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0039.603] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0039.603] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0039.603] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0039.603] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0039.603] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0039.603] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0039.603] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0039.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned 92 [0039.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.604] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0039.604] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*" [0039.604] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0039.604] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.604] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.604] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.604] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.604] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.604] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.604] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.604] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.604] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.604] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.604] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.604] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.604] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.604] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.604] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0039.604] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Windows") returned -1 [0039.604] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Program Files") returned 1 [0039.604] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Program Files (x86)") returned 1 [0039.605] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="$Recycle.bin") returned 1 [0039.605] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="System Volume Information") returned 1 [0039.605] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2=".") returned 1 [0039.605] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="..") returned 1 [0039.605] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned 113 [0039.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0039.605] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0039.605] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*" [0039.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0039.606] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.606] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.606] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.606] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.606] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.606] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.606] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.606] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.606] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.606] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.606] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.606] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.606] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.606] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.606] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd15e8b00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd15e8b00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd15e8b00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x13babb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0039.606] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0039.606] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0039.606] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0039.606] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0039.606] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0039.606] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0039.606] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0039.606] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 122 [0039.606] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0039.606] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0039.607] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 122 [0039.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x3bf0f40 [0039.607] lstrcpyW (in: lpString1=0x3bf0f40, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab" [0039.607] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.657] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.657] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0039.657] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Windows") returned -1 [0039.657] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Program Files") returned 1 [0039.657] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Program Files (x86)") returned 1 [0039.657] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="$Recycle.bin") returned 1 [0039.657] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="System Volume Information") returned 1 [0039.657] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".") returned 1 [0039.657] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="..") returned 1 [0039.657] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned 139 [0039.657] StrStrIW (lpFirst="vc_runtimeMinimum_x86.msi", lpSrch=".lolkek") returned 0x0 [0039.657] lstrcmpW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="LOLKEK.txt") returned 1 [0039.657] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned 139 [0039.657] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x3bf1138 [0039.657] lstrcpyW (in: lpString1=0x3bf1138, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" [0039.657] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.906] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.906] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfb17b200, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0039.906] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0039.906] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 124 [0039.906] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0039.907] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.907] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0039.907] CloseHandle (hObject=0x280) returned 1 [0039.908] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0039.908] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0039.908] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0039.908] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\LOLKEK.txt") returned 103 [0039.908] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.908] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.908] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0039.909] CloseHandle (hObject=0x294) returned 1 [0039.909] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.909] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0039.909] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.909] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\LOLKEK.txt") returned 94 [0039.909] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0039.909] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.909] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.910] CloseHandle (hObject=0x27c) returned 1 [0039.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.911] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1 [0039.911] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="Windows") returned -1 [0039.911] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="Program Files") returned -1 [0039.911] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="Program Files (x86)") returned -1 [0039.911] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="$Recycle.bin") returned 1 [0039.911] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="System Volume Information") returned -1 [0039.911] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2=".") returned 1 [0039.911] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="..") returned 1 [0039.911] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned 83 [0039.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0039.912] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0039.912] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*" [0039.912] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0039.953] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.953] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.953] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.953] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.953] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.953] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.953] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.953] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.953] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.953] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.953] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.953] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.953] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.953] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.953] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0039.953] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0039.953] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0039.953] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0039.953] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0039.953] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0039.953] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0039.953] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0039.953] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned 92 [0039.953] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.953] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0039.953] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*" [0039.953] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0039.954] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.954] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.954] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.954] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.954] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.954] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.954] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.954] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.954] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.954] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.954] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.954] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.954] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.954] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.954] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0039.954] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Windows") returned -1 [0039.954] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Program Files") returned 1 [0039.954] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Program Files (x86)") returned 1 [0039.954] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="$Recycle.bin") returned 1 [0039.954] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="System Volume Information") returned 1 [0039.954] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2=".") returned 1 [0039.954] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="..") returned 1 [0039.954] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned 116 [0039.954] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0039.954] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0039.955] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*" [0039.955] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0039.955] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0039.955] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0039.955] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0039.955] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0039.955] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0039.955] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.955] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0039.955] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0039.955] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0039.955] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0039.955] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0039.955] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0039.955] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.955] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.955] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x4f699e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0039.955] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0039.955] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0039.955] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0039.955] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0039.955] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0039.955] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0039.955] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0039.955] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 125 [0039.955] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0039.955] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0039.955] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 125 [0039.955] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f8) returned 0x6357c8 [0039.955] lstrcpyW (in: lpString1=0x6357c8, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab" [0039.955] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.955] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.955] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0039.955] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Windows") returned -1 [0039.955] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Program Files") returned 1 [0039.955] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Program Files (x86)") returned 1 [0039.956] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="$Recycle.bin") returned 1 [0039.956] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="System Volume Information") returned 1 [0039.956] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".") returned 1 [0039.956] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="..") returned 1 [0039.956] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned 145 [0039.956] StrStrIW (lpFirst="vc_runtimeAdditional_x86.msi", lpSrch=".lolkek") returned 0x0 [0039.956] lstrcmpW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="LOLKEK.txt") returned 1 [0039.956] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned 145 [0039.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x248) returned 0x6359c8 [0039.956] lstrcpyW (in: lpString1=0x6359c8, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" [0039.956] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0039.956] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0039.956] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfeab3900, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0039.956] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0039.956] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt") returned 127 [0039.956] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0039.956] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.956] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0039.957] CloseHandle (hObject=0x294) returned 1 [0039.957] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0039.957] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94fa460, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94fa460, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0039.957] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0039.957] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\LOLKEK.txt") returned 103 [0039.957] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0039.958] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.958] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0039.958] CloseHandle (hObject=0x27c) returned 1 [0039.958] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0039.958] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0039.958] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0039.958] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\LOLKEK.txt") returned 94 [0039.959] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0039.959] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0039.959] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0039.960] CloseHandle (hObject=0x290) returned 1 [0039.960] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0039.960] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1 [0039.960] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="Windows") returned -1 [0039.960] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="Program Files") returned -1 [0039.960] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="Program Files (x86)") returned -1 [0039.960] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="$Recycle.bin") returned 1 [0039.960] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="System Volume Information") returned -1 [0039.960] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2=".") returned 1 [0039.960] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="..") returned 1 [0039.960] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned 83 [0039.960] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0039.960] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0039.960] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*" [0039.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.052] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.052] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.052] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.052] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.052] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.052] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.052] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.052] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.052] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.052] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.052] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.052] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.052] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.052] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.052] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.052] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.052] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.052] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.052] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.052] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.052] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.052] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.052] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned 92 [0040.052] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.053] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0040.053] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*" [0040.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.053] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.053] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.053] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.053] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.053] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.053] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.053] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.053] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.053] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.054] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.054] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.054] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.054] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.054] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.054] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0040.054] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Windows") returned -1 [0040.054] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Program Files") returned 1 [0040.054] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Program Files (x86)") returned 1 [0040.054] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="$Recycle.bin") returned 1 [0040.054] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="System Volume Information") returned 1 [0040.054] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2=".") returned 1 [0040.054] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="..") returned 1 [0040.054] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned 115 [0040.054] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.054] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0040.054] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*" [0040.054] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.054] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.054] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.054] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.054] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.054] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.054] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.054] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.054] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.054] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.054] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.054] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.054] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.054] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.054] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.054] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c0e500, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xd3c0e500, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xd3c0e500, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x165257, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.054] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.054] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.055] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.055] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.055] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.055] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.055] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.055] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 124 [0040.055] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.055] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.055] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 124 [0040.055] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f4) returned 0x62ca80 [0040.055] lstrcpyW (in: lpString1=0x62ca80, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" [0040.055] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.252] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.252] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.252] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Windows") returned -1 [0040.252] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Program Files") returned 1 [0040.252] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Program Files (x86)") returned 1 [0040.252] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="$Recycle.bin") returned 1 [0040.252] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="System Volume Information") returned 1 [0040.252] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".") returned 1 [0040.252] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="..") returned 1 [0040.252] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned 141 [0040.252] StrStrIW (lpFirst="vc_runtimeMinimum_x64.msi", lpSrch=".lolkek") returned 0x0 [0040.252] lstrcmpW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="LOLKEK.txt") returned 1 [0040.252] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned 141 [0040.252] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x62cc80 [0040.253] lstrcpyW (in: lpString1=0x62cc80, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" [0040.253] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.253] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.253] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xfd7a0c00, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.253] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.253] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 126 [0040.253] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.253] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.253] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.254] CloseHandle (hObject=0x280) returned 1 [0040.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.254] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa93425b0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa93425b0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0040.254] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.254] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\LOLKEK.txt") returned 103 [0040.254] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.254] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.254] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.255] CloseHandle (hObject=0x294) returned 1 [0040.255] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.256] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.256] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.257] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\LOLKEK.txt") returned 94 [0040.257] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.257] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.257] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.257] CloseHandle (hObject=0x27c) returned 1 [0040.258] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.258] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0040.258] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="Windows") returned -1 [0040.258] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="Program Files") returned -1 [0040.258] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="Program Files (x86)") returned -1 [0040.258] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="$Recycle.bin") returned 1 [0040.258] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="System Volume Information") returned -1 [0040.258] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2=".") returned 1 [0040.258] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="..") returned 1 [0040.258] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned 82 [0040.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.258] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0040.258] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*" [0040.258] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.258] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.258] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.258] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.258] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.258] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.258] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.258] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.258] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.258] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.258] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.258] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.258] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.258] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.258] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.258] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.258] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.258] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.258] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.258] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.259] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.259] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.259] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.259] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned 91 [0040.259] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.259] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0040.259] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*" [0040.259] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.259] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.259] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.259] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.259] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.259] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.259] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.259] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.259] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.259] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.259] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.259] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.259] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.259] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.259] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.259] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0040.259] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Windows") returned -1 [0040.259] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Program Files") returned 1 [0040.260] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Program Files (x86)") returned 1 [0040.260] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="$Recycle.bin") returned 1 [0040.260] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="System Volume Information") returned 1 [0040.260] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2=".") returned 1 [0040.260] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="..") returned 1 [0040.260] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned 117 [0040.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.260] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0040.260] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*" [0040.260] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.260] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.260] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.260] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.260] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.260] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.260] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.260] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.260] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.260] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.260] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.260] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.260] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.260] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.261] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.261] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c9b1b00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7c9b1b00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7c9b1b00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.261] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.261] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.261] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.261] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.261] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.261] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.261] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.261] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 126 [0040.261] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.261] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.261] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 126 [0040.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x635c18 [0040.261] lstrcpyW (in: lpString1=0x635c18, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" [0040.261] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.336] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.336] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.336] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Windows") returned -1 [0040.336] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Program Files") returned 1 [0040.336] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Program Files (x86)") returned 1 [0040.336] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="$Recycle.bin") returned 1 [0040.336] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="System Volume Information") returned 1 [0040.336] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".") returned 1 [0040.336] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="..") returned 1 [0040.336] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned 146 [0040.336] StrStrIW (lpFirst="vc_runtimeAdditional_x64.msi", lpSrch=".lolkek") returned 0x0 [0040.336] lstrcmpW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="LOLKEK.txt") returned 1 [0040.336] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned 146 [0040.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24c) returned 0x60c8c8 [0040.336] lstrcpyW (in: lpString1=0x60c8c8, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" [0040.336] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.354] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.354] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.354] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.354] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 128 [0040.354] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.354] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.354] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.355] CloseHandle (hObject=0x280) returned 1 [0040.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.355] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a257f60, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a257f60, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0040.355] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.355] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\LOLKEK.txt") returned 102 [0040.356] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.356] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.356] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.356] CloseHandle (hObject=0x294) returned 1 [0040.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.357] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.357] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.357] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\LOLKEK.txt") returned 93 [0040.357] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.357] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.357] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.357] CloseHandle (hObject=0x27c) returned 1 [0040.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.359] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0040.359] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="Windows") returned -1 [0040.359] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="Program Files") returned -1 [0040.359] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="Program Files (x86)") returned -1 [0040.359] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="$Recycle.bin") returned 1 [0040.359] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="System Volume Information") returned -1 [0040.359] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2=".") returned 1 [0040.359] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="..") returned 1 [0040.359] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned 82 [0040.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.359] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0040.359] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*" [0040.359] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.359] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.360] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.360] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.360] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.360] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.360] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.360] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.360] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.360] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.360] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.360] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.360] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.360] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.360] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.360] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.360] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.360] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.360] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.360] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.360] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.360] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.360] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.360] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned 91 [0040.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.360] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0040.360] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*" [0040.360] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.360] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.360] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.360] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.360] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.360] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.361] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.361] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.361] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.361] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.361] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.361] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.361] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.361] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.361] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.361] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0040.361] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Windows") returned -1 [0040.361] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Program Files") returned 1 [0040.361] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Program Files (x86)") returned 1 [0040.361] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="$Recycle.bin") returned 1 [0040.361] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="System Volume Information") returned 1 [0040.361] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2=".") returned 1 [0040.361] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="..") returned 1 [0040.361] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned 114 [0040.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.361] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0040.361] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*" [0040.361] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.361] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.361] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.361] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.361] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.361] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.361] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.361] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.362] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.362] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.362] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.362] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.362] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.362] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.362] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.362] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b69ee00, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7b69ee00, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7b69ee00, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.362] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.362] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.362] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.362] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.362] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.362] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.362] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.362] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 123 [0040.362] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.362] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.362] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 123 [0040.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f0) returned 0x634760 [0040.362] lstrcpyW (in: lpString1=0x634760, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" [0040.362] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.362] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.362] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.362] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Windows") returned -1 [0040.362] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Program Files") returned 1 [0040.362] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Program Files (x86)") returned 1 [0040.362] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="$Recycle.bin") returned 1 [0040.362] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="System Volume Information") returned 1 [0040.362] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".") returned 1 [0040.362] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="..") returned 1 [0040.362] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned 140 [0040.362] StrStrIW (lpFirst="vc_runtimeMinimum_x64.msi", lpSrch=".lolkek") returned 0x0 [0040.362] lstrcmpW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="LOLKEK.txt") returned 1 [0040.362] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned 140 [0040.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x234) returned 0x3bf2080 [0040.362] lstrcpyW (in: lpString1=0x3bf2080, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" [0040.362] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.370] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.371] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x7a38c100, ftLastWriteTime.dwHighDateTime=0x1cf3dd2, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.371] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.371] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 125 [0040.371] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.371] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.371] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.372] CloseHandle (hObject=0x280) returned 1 [0040.372] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.372] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0040.372] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.372] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\LOLKEK.txt") returned 102 [0040.372] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.372] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.372] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.373] CloseHandle (hObject=0x294) returned 1 [0040.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.373] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.373] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.373] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\LOLKEK.txt") returned 93 [0040.373] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.374] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.374] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.374] CloseHandle (hObject=0x27c) returned 1 [0040.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.376] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0040.376] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="Windows") returned -1 [0040.376] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="Program Files") returned -1 [0040.376] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="Program Files (x86)") returned -1 [0040.376] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="$Recycle.bin") returned 1 [0040.376] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="System Volume Information") returned -1 [0040.376] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2=".") returned 1 [0040.376] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="..") returned 1 [0040.376] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned 82 [0040.376] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.376] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0040.376] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*" [0040.376] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.398] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.398] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.398] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.399] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.399] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.399] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.399] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.399] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.399] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.399] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.399] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.399] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.399] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.399] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.399] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.399] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.399] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.399] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.399] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.399] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.399] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.399] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.399] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned 91 [0040.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.399] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0040.399] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*" [0040.399] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.447] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.447] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.447] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.447] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.447] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.447] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.447] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.447] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.447] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.447] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.447] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.447] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.447] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.447] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.447] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0040.447] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Windows") returned -1 [0040.447] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Program Files") returned 1 [0040.447] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Program Files (x86)") returned 1 [0040.447] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="$Recycle.bin") returned 1 [0040.447] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="System Volume Information") returned 1 [0040.447] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2=".") returned 1 [0040.447] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="..") returned 1 [0040.447] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned 115 [0040.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.447] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0040.447] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*" [0040.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.455] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.455] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.455] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.455] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.455] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.455] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.455] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.455] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.455] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.455] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.455] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.455] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.455] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.456] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.456] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8aae6600, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x8aae6600, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x8aae6600, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.456] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.456] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.456] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.456] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.456] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.456] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.456] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.456] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 124 [0040.456] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.456] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.456] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 124 [0040.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f4) returned 0x3bf22c0 [0040.456] lstrcpyW (in: lpString1=0x3bf22c0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\cab1.cab" [0040.456] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.456] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.456] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Windows") returned -1 [0040.456] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Program Files") returned 1 [0040.456] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Program Files (x86)") returned 1 [0040.456] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="$Recycle.bin") returned 1 [0040.456] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="System Volume Information") returned 1 [0040.456] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".") returned 1 [0040.456] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="..") returned 1 [0040.456] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned 144 [0040.456] StrStrIW (lpFirst="vc_runtimeAdditional_x86.msi", lpSrch=".lolkek") returned 0x0 [0040.456] lstrcmpW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="LOLKEK.txt") returned 1 [0040.456] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned 144 [0040.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x244) returned 0x633270 [0040.456] lstrcpyW (in: lpString1=0x633270, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" [0040.456] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.456] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.456] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.456] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt") returned 126 [0040.456] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.457] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.457] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.457] CloseHandle (hObject=0x280) returned 1 [0040.458] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.458] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedc37f80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedc37f80, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0040.458] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.458] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\LOLKEK.txt") returned 102 [0040.458] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.458] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.458] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.459] CloseHandle (hObject=0x294) returned 1 [0040.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.459] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.459] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.459] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\LOLKEK.txt") returned 93 [0040.459] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.459] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.459] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.460] CloseHandle (hObject=0x27c) returned 1 [0040.460] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.461] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0040.461] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="Windows") returned -1 [0040.461] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="Program Files") returned -1 [0040.461] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="Program Files (x86)") returned -1 [0040.461] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="$Recycle.bin") returned 1 [0040.461] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="System Volume Information") returned -1 [0040.461] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2=".") returned 1 [0040.461] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="..") returned 1 [0040.461] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned 82 [0040.461] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.462] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0040.462] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*" [0040.462] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.462] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.462] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.462] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.462] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.462] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.462] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.462] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.462] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.462] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.462] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.462] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.462] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.462] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.462] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.462] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.462] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.462] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.462] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.462] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.462] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.462] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.462] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.462] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned 91 [0040.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.463] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0040.463] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*" [0040.463] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.503] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.503] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.503] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.503] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.503] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.503] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.503] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.503] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.503] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.503] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.503] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.503] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.503] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.503] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.503] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0040.504] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Windows") returned -1 [0040.504] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Program Files") returned 1 [0040.504] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="Program Files (x86)") returned 1 [0040.504] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="$Recycle.bin") returned 1 [0040.504] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="System Volume Information") returned 1 [0040.504] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2=".") returned 1 [0040.504] lstrcmpiW (lpString1="vcRuntimeMinimum_x86", lpString2="..") returned 1 [0040.504] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned 112 [0040.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.504] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0040.504] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*" [0040.504] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.507] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.507] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.507] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.507] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.507] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.507] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.507] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.507] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.507] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.507] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.507] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.507] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.507] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.507] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.507] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x884c0c00, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x884c0c00, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x884c0c00, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc89b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.507] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.507] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.507] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.507] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.507] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.507] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.507] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.507] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 121 [0040.507] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.507] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.507] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned 121 [0040.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e8) returned 0x60c608 [0040.507] lstrcpyW (in: lpString1=0x60c608, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\cab1.cab" [0040.507] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.507] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.507] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.507] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Windows") returned -1 [0040.507] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Program Files") returned 1 [0040.507] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="Program Files (x86)") returned 1 [0040.507] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="$Recycle.bin") returned 1 [0040.507] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="System Volume Information") returned 1 [0040.507] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2=".") returned 1 [0040.507] lstrcmpiW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="..") returned 1 [0040.507] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned 138 [0040.507] StrStrIW (lpFirst="vc_runtimeMinimum_x86.msi", lpSrch=".lolkek") returned 0x0 [0040.507] lstrcmpW (lpString1="vc_runtimeMinimum_x86.msi", lpString2="LOLKEK.txt") returned 1 [0040.507] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned 138 [0040.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22c) returned 0x6334c0 [0040.507] lstrcpyW (in: lpString1=0x6334c0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi" [0040.508] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.508] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.508] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x48395900, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.508] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.508] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 123 [0040.508] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.508] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.508] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.509] CloseHandle (hObject=0x24c) returned 1 [0040.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.509] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0040.509] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.509] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\LOLKEK.txt") returned 102 [0040.509] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.509] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.509] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.510] CloseHandle (hObject=0x290) returned 1 [0040.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.510] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.510] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.510] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\LOLKEK.txt") returned 93 [0040.510] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.510] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.510] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.511] CloseHandle (hObject=0x27c) returned 1 [0040.511] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.512] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0040.512] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="Windows") returned -1 [0040.512] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="Program Files") returned -1 [0040.512] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="Program Files (x86)") returned -1 [0040.512] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="$Recycle.bin") returned 1 [0040.512] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="System Volume Information") returned -1 [0040.512] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2=".") returned 1 [0040.512] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="..") returned 1 [0040.512] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned 71 [0040.512] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.513] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0040.513] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*" [0040.513] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.513] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.513] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.513] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.513] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.513] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.513] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.513] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.514] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.514] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.514] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.514] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.514] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.514] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.514] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.514] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfe3882c0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0040.514] lstrcmpiW (lpString1="state.rsm", lpString2="Windows") returned -1 [0040.514] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files") returned 1 [0040.514] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files (x86)") returned 1 [0040.514] lstrcmpiW (lpString1="state.rsm", lpString2="$Recycle.bin") returned 1 [0040.514] lstrcmpiW (lpString1="state.rsm", lpString2="System Volume Information") returned -1 [0040.514] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0040.514] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0040.514] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm") returned 81 [0040.514] StrStrIW (lpFirst="state.rsm", lpSrch=".lolkek") returned 0x0 [0040.514] lstrcmpW (lpString1="state.rsm", lpString2="LOLKEK.txt") returned 1 [0040.514] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm") returned 81 [0040.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae938 [0040.514] lstrcpyW (in: lpString1=0x3cae938, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\state.rsm" [0040.514] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.514] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.514] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0040.514] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="Windows") returned -1 [0040.514] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="Program Files") returned 1 [0040.514] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="Program Files (x86)") returned 1 [0040.514] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="$Recycle.bin") returned 1 [0040.514] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="System Volume Information") returned 1 [0040.514] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2=".") returned 1 [0040.514] lstrcmpiW (lpString1="vcredist_x64.exe", lpString2="..") returned 1 [0040.514] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe") returned 88 [0040.514] StrStrIW (lpFirst="vcredist_x64.exe", lpSrch=".lolkek") returned 0x0 [0040.514] lstrcmpW (lpString1="vcredist_x64.exe", lpString2="LOLKEK.txt") returned 1 [0040.514] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe") returned 88 [0040.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3cbb000 [0040.514] lstrcpyW (in: lpString1=0x3cbb000, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\vcredist_x64.exe" [0040.514] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.514] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.514] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xf0a0a700, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0040.514] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.515] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\LOLKEK.txt") returned 82 [0040.515] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.515] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.515] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.515] CloseHandle (hObject=0x27c) returned 1 [0040.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.516] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0040.516] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="Windows") returned -1 [0040.516] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="Program Files") returned -1 [0040.516] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="Program Files (x86)") returned -1 [0040.516] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="$Recycle.bin") returned 1 [0040.516] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="System Volume Information") returned -1 [0040.516] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2=".") returned 1 [0040.516] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="..") returned 1 [0040.516] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned 82 [0040.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.516] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0040.516] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*" [0040.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.517] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.517] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.517] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.517] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.517] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.517] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.517] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.517] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.517] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.517] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.517] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.517] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.517] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.517] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.517] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.517] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.517] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.517] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.517] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.517] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.517] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.517] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.517] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned 91 [0040.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.518] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0040.518] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*" [0040.518] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.518] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.518] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.518] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.518] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.518] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.518] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.518] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.518] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.518] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.518] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.518] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.518] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.518] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.518] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.518] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0040.518] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Windows") returned -1 [0040.518] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Program Files") returned 1 [0040.518] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="Program Files (x86)") returned 1 [0040.518] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="$Recycle.bin") returned 1 [0040.518] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="System Volume Information") returned 1 [0040.518] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2=".") returned 1 [0040.518] lstrcmpiW (lpString1="vcRuntimeMinimum_amd64", lpString2="..") returned 1 [0040.518] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned 114 [0040.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.519] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0040.519] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*" [0040.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.519] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.519] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.519] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.519] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.519] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.519] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.519] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.519] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.519] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.519] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.519] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.519] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.519] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.519] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.519] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x969a2800, ftCreationTime.dwHighDateTime=0x1ced4d9, ftLastAccessTime.dwLowDateTime=0x969a2800, ftLastAccessTime.dwHighDateTime=0x1ced4d9, ftLastWriteTime.dwLowDateTime=0x969a2800, ftLastWriteTime.dwHighDateTime=0x1ced4d9, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.519] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.519] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.519] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.519] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.519] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.519] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.519] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.519] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 123 [0040.519] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.519] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.519] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned 123 [0040.519] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f0) returned 0x3cbb170 [0040.519] lstrcpyW (in: lpString1=0x3cbb170, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\cab1.cab" [0040.519] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.520] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.520] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.520] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Windows") returned -1 [0040.520] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Program Files") returned 1 [0040.520] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="Program Files (x86)") returned 1 [0040.520] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="$Recycle.bin") returned 1 [0040.520] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="System Volume Information") returned 1 [0040.520] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2=".") returned 1 [0040.520] lstrcmpiW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="..") returned 1 [0040.520] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned 140 [0040.520] StrStrIW (lpFirst="vc_runtimeMinimum_x64.msi", lpSrch=".lolkek") returned 0x0 [0040.520] lstrcmpW (lpString1="vc_runtimeMinimum_x64.msi", lpString2="LOLKEK.txt") returned 1 [0040.520] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned 140 [0040.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x234) returned 0x3cbb368 [0040.520] lstrcpyW (in: lpString1=0x3cbb368, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi" [0040.520] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.520] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.520] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x5a1afc00, ftLastWriteTime.dwHighDateTime=0x1ced4da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.520] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.520] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 125 [0040.520] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.520] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.520] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.521] CloseHandle (hObject=0x24c) returned 1 [0040.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.521] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0040.521] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.521] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\LOLKEK.txt") returned 102 [0040.521] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.521] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.521] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.522] CloseHandle (hObject=0x290) returned 1 [0040.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.522] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.522] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.522] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\LOLKEK.txt") returned 93 [0040.522] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.523] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.523] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.524] CloseHandle (hObject=0x27c) returned 1 [0040.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.524] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cAlternateFileName="{E5127~1.250")) returned 1 [0040.524] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="Windows") returned -1 [0040.524] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="Program Files") returned -1 [0040.524] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="Program Files (x86)") returned -1 [0040.524] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="$Recycle.bin") returned 1 [0040.524] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="System Volume Information") returned -1 [0040.524] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2=".") returned 1 [0040.524] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="..") returned 1 [0040.524] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned 83 [0040.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.524] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0040.524] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*" [0040.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.524] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.524] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.524] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.524] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.524] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.524] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.524] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.524] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.524] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.524] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.524] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.524] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.524] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.525] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.525] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.525] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.525] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.525] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.525] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.525] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.525] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.525] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.525] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned 92 [0040.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.525] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0040.525] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*" [0040.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.526] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.526] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.526] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.526] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.526] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.526] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.526] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.526] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.526] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.526] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.526] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.526] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.526] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.526] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.526] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0040.526] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Windows") returned -1 [0040.526] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Program Files") returned 1 [0040.526] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="Program Files (x86)") returned 1 [0040.526] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="$Recycle.bin") returned 1 [0040.526] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="System Volume Information") returned 1 [0040.526] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2=".") returned 1 [0040.526] lstrcmpiW (lpString1="vcRuntimeAdditional_amd64", lpString2="..") returned 1 [0040.526] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned 118 [0040.526] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.527] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0040.527] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*" [0040.527] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.527] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.527] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.527] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.527] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.527] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.527] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.527] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.527] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.527] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.527] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.527] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.527] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.527] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.527] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.527] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdae7f300, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xdae7f300, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0xdae7f300, ftLastWriteTime.dwHighDateTime=0x1d28824, nFileSizeHigh=0x0, nFileSizeLow=0x59bde5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.527] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.527] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.527] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.527] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.527] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.527] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.527] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.527] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 127 [0040.527] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.527] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.527] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned 127 [0040.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x200) returned 0x62d020 [0040.527] lstrcpyW (in: lpString1=0x62d020, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\cab1.cab" [0040.527] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.527] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.527] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.527] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Windows") returned -1 [0040.527] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Program Files") returned 1 [0040.527] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="Program Files (x86)") returned 1 [0040.527] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="$Recycle.bin") returned 1 [0040.527] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="System Volume Information") returned 1 [0040.527] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2=".") returned 1 [0040.528] lstrcmpiW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="..") returned 1 [0040.528] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned 147 [0040.528] StrStrIW (lpFirst="vc_runtimeAdditional_x64.msi", lpSrch=".lolkek") returned 0x0 [0040.528] lstrcmpW (lpString1="vc_runtimeAdditional_x64.msi", lpString2="LOLKEK.txt") returned 1 [0040.528] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned 147 [0040.528] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x250) returned 0x62d228 [0040.528] lstrcpyW (in: lpString1=0x62d228, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi" [0040.528] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.539] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.539] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x36fed00, ftLastWriteTime.dwHighDateTime=0x1d28825, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.539] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.539] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 129 [0040.539] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0040.540] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.540] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.540] CloseHandle (hObject=0x250) returned 1 [0040.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.541] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa938e870, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa938e870, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0040.541] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.541] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\LOLKEK.txt") returned 103 [0040.541] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.541] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.541] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.542] CloseHandle (hObject=0x24c) returned 1 [0040.542] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.542] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.542] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.542] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\LOLKEK.txt") returned 94 [0040.542] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.542] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.542] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.543] CloseHandle (hObject=0x27c) returned 1 [0040.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.544] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e52a6842-b0ac-476e-b48f-378a97a67346}", cAlternateFileName="{E52A6~1")) returned 1 [0040.544] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="Windows") returned -1 [0040.544] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="Program Files") returned -1 [0040.544] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="Program Files (x86)") returned -1 [0040.544] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="$Recycle.bin") returned 1 [0040.544] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="System Volume Information") returned -1 [0040.544] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2=".") returned 1 [0040.544] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="..") returned 1 [0040.544] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned 71 [0040.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.544] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0040.544] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*" [0040.544] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.544] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.544] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.544] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.544] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.544] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.544] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.544] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.544] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.544] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.544] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.544] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.544] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.545] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.545] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.545] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xe9f9cff0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0040.545] lstrcmpiW (lpString1="state.rsm", lpString2="Windows") returned -1 [0040.545] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files") returned 1 [0040.545] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files (x86)") returned 1 [0040.545] lstrcmpiW (lpString1="state.rsm", lpString2="$Recycle.bin") returned 1 [0040.545] lstrcmpiW (lpString1="state.rsm", lpString2="System Volume Information") returned -1 [0040.545] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0040.545] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0040.545] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm") returned 81 [0040.545] StrStrIW (lpFirst="state.rsm", lpSrch=".lolkek") returned 0x0 [0040.545] lstrcmpW (lpString1="state.rsm", lpString2="LOLKEK.txt") returned 1 [0040.545] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm") returned 81 [0040.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3caea90 [0040.545] lstrcpyW (in: lpString1=0x3caea90, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\state.rsm" [0040.545] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.553] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.553] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0040.553] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="Windows") returned -1 [0040.553] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="Program Files") returned 1 [0040.553] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="Program Files (x86)") returned 1 [0040.553] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="$Recycle.bin") returned 1 [0040.553] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="System Volume Information") returned 1 [0040.553] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2=".") returned 1 [0040.553] lstrcmpiW (lpString1="VC_redist.x64.exe", lpString2="..") returned 1 [0040.553] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe") returned 89 [0040.553] StrStrIW (lpFirst="VC_redist.x64.exe", lpSrch=".lolkek") returned 0x0 [0040.553] lstrcmpW (lpString1="VC_redist.x64.exe", lpString2="LOLKEK.txt") returned 1 [0040.554] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe") returned 89 [0040.554] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x60cb20 [0040.554] lstrcpyW (in: lpString1=0x60cb20, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\VC_redist.x64.exe" [0040.554] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.554] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.554] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x968d5df0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xbee38, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x64.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0040.554] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.554] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\LOLKEK.txt") returned 82 [0040.554] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.554] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.554] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.555] CloseHandle (hObject=0x27c) returned 1 [0040.555] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.555] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cAlternateFileName="{E6E75~1")) returned 1 [0040.555] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="Windows") returned -1 [0040.555] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="Program Files") returned -1 [0040.555] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="Program Files (x86)") returned -1 [0040.555] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="$Recycle.bin") returned 1 [0040.555] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="System Volume Information") returned -1 [0040.555] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2=".") returned 1 [0040.555] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="..") returned 1 [0040.555] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned 71 [0040.555] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.555] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0040.555] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*" [0040.555] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.558] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.558] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.558] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.558] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.558] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.558] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.558] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.558] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.558] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.558] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.558] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.558] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.558] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.558] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad7040, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x105e7220, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0040.558] lstrcmpiW (lpString1="state.rsm", lpString2="Windows") returned -1 [0040.558] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files") returned 1 [0040.558] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files (x86)") returned 1 [0040.558] lstrcmpiW (lpString1="state.rsm", lpString2="$Recycle.bin") returned 1 [0040.558] lstrcmpiW (lpString1="state.rsm", lpString2="System Volume Information") returned -1 [0040.558] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0040.558] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0040.558] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm") returned 81 [0040.558] StrStrIW (lpFirst="state.rsm", lpSrch=".lolkek") returned 0x0 [0040.558] lstrcmpW (lpString1="state.rsm", lpString2="LOLKEK.txt") returned 1 [0040.558] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm") returned 81 [0040.558] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3caebe8 [0040.558] lstrcpyW (in: lpString1=0x3caebe8, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\state.rsm" [0040.558] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.558] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.558] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0040.558] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="Windows") returned -1 [0040.558] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="Program Files") returned 1 [0040.558] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="Program Files (x86)") returned 1 [0040.558] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="$Recycle.bin") returned 1 [0040.558] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="System Volume Information") returned 1 [0040.558] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2=".") returned 1 [0040.558] lstrcmpiW (lpString1="vcredist_x86.exe", lpString2="..") returned 1 [0040.558] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe") returned 88 [0040.559] StrStrIW (lpFirst="vcredist_x86.exe", lpSrch=".lolkek") returned 0x0 [0040.559] lstrcmpW (lpString1="vcredist_x86.exe", lpString2="LOLKEK.txt") returned 1 [0040.559] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe") returned 88 [0040.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x60cc90 [0040.559] lstrcpyW (in: lpString1=0x60cc90, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\vcredist_x86.exe" [0040.559] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.561] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.561] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xfe5c3760, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x71080, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0040.561] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.562] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\LOLKEK.txt") returned 82 [0040.562] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.562] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.562] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.562] CloseHandle (hObject=0x27c) returned 1 [0040.563] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.563] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cAlternateFileName="{F325F~1")) returned 1 [0040.563] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="Windows") returned -1 [0040.563] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="Program Files") returned -1 [0040.563] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="Program Files (x86)") returned -1 [0040.563] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="$Recycle.bin") returned 1 [0040.563] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="System Volume Information") returned -1 [0040.563] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2=".") returned 1 [0040.563] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="..") returned 1 [0040.563] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned 71 [0040.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.563] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0040.563] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*" [0040.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.564] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.564] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.564] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.564] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.564] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.564] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.564] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.564] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.564] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.564] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.564] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.564] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.564] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.564] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93efac0, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x6601040, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x2fe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0040.564] lstrcmpiW (lpString1="state.rsm", lpString2="Windows") returned -1 [0040.564] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files") returned 1 [0040.564] lstrcmpiW (lpString1="state.rsm", lpString2="Program Files (x86)") returned 1 [0040.564] lstrcmpiW (lpString1="state.rsm", lpString2="$Recycle.bin") returned 1 [0040.564] lstrcmpiW (lpString1="state.rsm", lpString2="System Volume Information") returned -1 [0040.564] lstrcmpiW (lpString1="state.rsm", lpString2=".") returned 1 [0040.564] lstrcmpiW (lpString1="state.rsm", lpString2="..") returned 1 [0040.564] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm") returned 81 [0040.564] StrStrIW (lpFirst="state.rsm", lpSrch=".lolkek") returned 0x0 [0040.564] lstrcmpW (lpString1="state.rsm", lpString2="LOLKEK.txt") returned 1 [0040.564] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm") returned 81 [0040.564] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3caed40 [0040.564] lstrcpyW (in: lpString1=0x3caed40, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm" [0040.564] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.565] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.565] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 1 [0040.565] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="Windows") returned -1 [0040.565] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="Program Files") returned 1 [0040.565] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="Program Files (x86)") returned 1 [0040.565] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="$Recycle.bin") returned 1 [0040.565] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="System Volume Information") returned 1 [0040.565] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2=".") returned 1 [0040.565] lstrcmpiW (lpString1="VC_redist.x86.exe", lpString2="..") returned 1 [0040.565] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe") returned 89 [0040.565] StrStrIW (lpFirst="VC_redist.x86.exe", lpSrch=".lolkek") returned 0x0 [0040.565] lstrcmpW (lpString1="VC_redist.x86.exe", lpString2="LOLKEK.txt") returned 1 [0040.565] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe") returned 89 [0040.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x60ce00 [0040.566] lstrcpyW (in: lpString1=0x60ce00, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\VC_redist.x86.exe" [0040.566] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.570] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.570] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xedfa2720, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0xbee30, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x86.exe", cAlternateFileName="VC_RED~1.EXE")) returned 0 [0040.570] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.570] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\LOLKEK.txt") returned 82 [0040.570] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.571] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.571] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.571] CloseHandle (hObject=0x27c) returned 1 [0040.571] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.571] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 1 [0040.571] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="Windows") returned -1 [0040.572] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="Program Files") returned -1 [0040.572] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="Program Files (x86)") returned -1 [0040.572] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="$Recycle.bin") returned 1 [0040.572] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="System Volume Information") returned -1 [0040.572] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2=".") returned 1 [0040.572] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="..") returned 1 [0040.572] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned 82 [0040.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.572] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0040.572] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*" [0040.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.572] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.572] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.572] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.572] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.572] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.572] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.572] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.572] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.572] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.572] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.572] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.572] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.572] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.572] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.572] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0040.572] lstrcmpiW (lpString1="packages", lpString2="Windows") returned -1 [0040.572] lstrcmpiW (lpString1="packages", lpString2="Program Files") returned -1 [0040.572] lstrcmpiW (lpString1="packages", lpString2="Program Files (x86)") returned -1 [0040.572] lstrcmpiW (lpString1="packages", lpString2="$Recycle.bin") returned 1 [0040.572] lstrcmpiW (lpString1="packages", lpString2="System Volume Information") returned -1 [0040.572] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0040.572] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0040.572] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned 91 [0040.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.572] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0040.572] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*" [0040.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.573] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.573] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.573] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.573] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.573] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.573] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.573] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.573] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.573] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.573] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.573] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0040.573] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Windows") returned -1 [0040.573] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Program Files") returned 1 [0040.573] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="Program Files (x86)") returned 1 [0040.573] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="$Recycle.bin") returned 1 [0040.573] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="System Volume Information") returned 1 [0040.573] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2=".") returned 1 [0040.573] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="..") returned 1 [0040.573] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned 115 [0040.573] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.573] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0040.573] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*" [0040.573] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.573] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.573] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.573] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.573] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.573] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.573] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.574] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.574] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.574] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.574] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.574] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.574] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532ebf00, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x532ebf00, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x532ebf00, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x4b4520, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0040.574] lstrcmpiW (lpString1="cab1.cab", lpString2="Windows") returned -1 [0040.574] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files") returned -1 [0040.574] lstrcmpiW (lpString1="cab1.cab", lpString2="Program Files (x86)") returned -1 [0040.574] lstrcmpiW (lpString1="cab1.cab", lpString2="$Recycle.bin") returned 1 [0040.574] lstrcmpiW (lpString1="cab1.cab", lpString2="System Volume Information") returned -1 [0040.574] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0040.574] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0040.574] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 124 [0040.574] StrStrIW (lpFirst="cab1.cab", lpSrch=".lolkek") returned 0x0 [0040.574] lstrcmpW (lpString1="cab1.cab", lpString2="LOLKEK.txt") returned -1 [0040.574] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 124 [0040.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f4) returned 0x62d480 [0040.574] lstrcpyW (in: lpString1=0x62d480, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" [0040.574] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.581] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.581] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0040.581] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Windows") returned -1 [0040.581] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Program Files") returned 1 [0040.581] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="Program Files (x86)") returned 1 [0040.581] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="$Recycle.bin") returned 1 [0040.581] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="System Volume Information") returned 1 [0040.581] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2=".") returned 1 [0040.581] lstrcmpiW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="..") returned 1 [0040.581] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned 144 [0040.581] StrStrIW (lpFirst="vc_runtimeAdditional_x86.msi", lpSrch=".lolkek") returned 0x0 [0040.581] lstrcmpW (lpString1="vc_runtimeAdditional_x86.msi", lpString2="LOLKEK.txt") returned 1 [0040.581] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned 144 [0040.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x244) returned 0x60d340 [0040.581] lstrcpyW (in: lpString1=0x60d340, lpString2="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" | out: lpString1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi") returned="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi" [0040.581] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.591] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.591] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x4f9b3800, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0040.591] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.591] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt") returned 126 [0040.591] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.591] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.591] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.592] CloseHandle (hObject=0x280) returned 1 [0040.592] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0040.592] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0040.592] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.592] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\LOLKEK.txt") returned 102 [0040.592] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.592] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.593] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.593] CloseHandle (hObject=0x290) returned 1 [0040.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.593] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0040.593] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.593] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\LOLKEK.txt") returned 93 [0040.593] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.594] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.594] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.594] CloseHandle (hObject=0x27c) returned 1 [0040.594] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.595] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0 [0040.595] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0040.595] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Package Cache\\LOLKEK.txt") returned 43 [0040.595] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Package Cache\\LOLKEK.txt" (normalized: "c:\\programdata\\package cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0040.596] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.596] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0040.596] CloseHandle (hObject=0x2a0) returned 1 [0040.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0040.596] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0040.596] lstrcmpiW (lpString1="Start Menu", lpString2="Windows") returned -1 [0040.596] lstrcmpiW (lpString1="Start Menu", lpString2="Program Files") returned 1 [0040.596] lstrcmpiW (lpString1="Start Menu", lpString2="Program Files (x86)") returned 1 [0040.597] lstrcmpiW (lpString1="Start Menu", lpString2="$Recycle.bin") returned 1 [0040.597] lstrcmpiW (lpString1="Start Menu", lpString2="System Volume Information") returned -1 [0040.597] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0040.597] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0040.597] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Start Menu") returned 29 [0040.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0040.597] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Start Menu" | out: lpString1="\\\\?\\C:\\ProgramData\\Start Menu") returned="\\\\?\\C:\\ProgramData\\Start Menu" [0040.597] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Start Menu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Start Menu\\*") returned="\\\\?\\C:\\ProgramData\\Start Menu\\*" [0040.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Start Menu\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="ꐴ瘵ꐣ䛦ͣ疨쁨^纈0ͣͣ㼭䚗쁨^ͣ热/쁨^麈\\庠\\헍皮咽瑆?b麈\\␖")) returned 0xffffffff [0040.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0040.597] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Sun", cAlternateFileName="")) returned 1 [0040.597] lstrcmpiW (lpString1="Sun", lpString2="Windows") returned -1 [0040.597] lstrcmpiW (lpString1="Sun", lpString2="Program Files") returned 1 [0040.597] lstrcmpiW (lpString1="Sun", lpString2="Program Files (x86)") returned 1 [0040.597] lstrcmpiW (lpString1="Sun", lpString2="$Recycle.bin") returned 1 [0040.597] lstrcmpiW (lpString1="Sun", lpString2="System Volume Information") returned -1 [0040.597] lstrcmpiW (lpString1="Sun", lpString2=".") returned 1 [0040.597] lstrcmpiW (lpString1="Sun", lpString2="..") returned 1 [0040.597] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun") returned 22 [0040.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0040.597] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Sun" | out: lpString1="\\\\?\\C:\\ProgramData\\Sun") returned="\\\\?\\C:\\ProgramData\\Sun" [0040.597] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Sun", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Sun\\*") returned="\\\\?\\C:\\ProgramData\\Sun\\*" [0040.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0040.601] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.601] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.601] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.601] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.601] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.601] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.601] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.601] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.601] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.601] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.601] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.601] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.601] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.601] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.601] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Java", cAlternateFileName="")) returned 1 [0040.601] lstrcmpiW (lpString1="Java", lpString2="Windows") returned -1 [0040.601] lstrcmpiW (lpString1="Java", lpString2="Program Files") returned -1 [0040.601] lstrcmpiW (lpString1="Java", lpString2="Program Files (x86)") returned -1 [0040.602] lstrcmpiW (lpString1="Java", lpString2="$Recycle.bin") returned 1 [0040.602] lstrcmpiW (lpString1="Java", lpString2="System Volume Information") returned -1 [0040.602] lstrcmpiW (lpString1="Java", lpString2=".") returned 1 [0040.602] lstrcmpiW (lpString1="Java", lpString2="..") returned 1 [0040.602] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun\\Java") returned 27 [0040.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.602] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\ProgramData\\Sun\\Java" | out: lpString1="\\\\?\\C:\\ProgramData\\Sun\\Java") returned="\\\\?\\C:\\ProgramData\\Sun\\Java" [0040.602] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Sun\\Java", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Sun\\Java\\*") returned="\\\\?\\C:\\ProgramData\\Sun\\Java\\*" [0040.602] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.602] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.602] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.602] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.602] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.602] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.602] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.602] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.602] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.602] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.602] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.602] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.602] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.602] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.602] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.602] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 1 [0040.602] lstrcmpiW (lpString1="Java Update", lpString2="Windows") returned -1 [0040.602] lstrcmpiW (lpString1="Java Update", lpString2="Program Files") returned -1 [0040.602] lstrcmpiW (lpString1="Java Update", lpString2="Program Files (x86)") returned -1 [0040.602] lstrcmpiW (lpString1="Java Update", lpString2="$Recycle.bin") returned 1 [0040.602] lstrcmpiW (lpString1="Java Update", lpString2="System Volume Information") returned -1 [0040.602] lstrcmpiW (lpString1="Java Update", lpString2=".") returned 1 [0040.602] lstrcmpiW (lpString1="Java Update", lpString2="..") returned 1 [0040.602] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update") returned 39 [0040.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.603] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update" | out: lpString1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update") returned="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update" [0040.603] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\*") returned="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\*" [0040.603] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.603] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.603] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.603] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.603] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.603] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.603] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.603] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.603] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.603] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.603] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.603] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.603] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.603] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.603] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.603] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 1 [0040.603] lstrcmpiW (lpString1="jaureglist.xml", lpString2="Windows") returned -1 [0040.603] lstrcmpiW (lpString1="jaureglist.xml", lpString2="Program Files") returned -1 [0040.603] lstrcmpiW (lpString1="jaureglist.xml", lpString2="Program Files (x86)") returned -1 [0040.603] lstrcmpiW (lpString1="jaureglist.xml", lpString2="$Recycle.bin") returned 1 [0040.603] lstrcmpiW (lpString1="jaureglist.xml", lpString2="System Volume Information") returned -1 [0040.603] lstrcmpiW (lpString1="jaureglist.xml", lpString2=".") returned 1 [0040.603] lstrcmpiW (lpString1="jaureglist.xml", lpString2="..") returned 1 [0040.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml") returned 54 [0040.603] StrStrIW (lpFirst="jaureglist.xml", lpSrch=".lolkek") returned 0x0 [0040.603] lstrcmpW (lpString1="jaureglist.xml", lpString2="LOLKEK.txt") returned -1 [0040.603] lstrlenW (lpString="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml") returned 54 [0040.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbbaf8 [0040.603] lstrcpyW (in: lpString1=0x3cbbaf8, lpString2="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" | out: lpString1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml") returned="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\jaureglist.xml" [0040.603] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.603] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.603] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 0 [0040.603] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0040.604] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\LOLKEK.txt") returned 50 [0040.604] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\Java Update\\LOLKEK.txt" (normalized: "c:\\programdata\\sun\\java\\java update\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0040.604] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.604] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0040.604] CloseHandle (hObject=0x2a0) returned 1 [0040.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0040.605] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 0 [0040.605] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0040.605] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun\\Java\\LOLKEK.txt") returned 38 [0040.605] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\Java\\LOLKEK.txt" (normalized: "c:\\programdata\\sun\\java\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0040.605] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.605] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0040.606] CloseHandle (hObject=0x294) returned 1 [0040.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.606] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Java", cAlternateFileName="")) returned 0 [0040.606] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0040.606] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Sun\\LOLKEK.txt") returned 33 [0040.606] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\Sun\\LOLKEK.txt" (normalized: "c:\\programdata\\sun\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0040.606] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.606] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0040.607] CloseHandle (hObject=0x250) returned 1 [0040.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0040.607] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0040.607] lstrcmpiW (lpString1="Templates", lpString2="Windows") returned -1 [0040.607] lstrcmpiW (lpString1="Templates", lpString2="Program Files") returned 1 [0040.607] lstrcmpiW (lpString1="Templates", lpString2="Program Files (x86)") returned 1 [0040.607] lstrcmpiW (lpString1="Templates", lpString2="$Recycle.bin") returned 1 [0040.607] lstrcmpiW (lpString1="Templates", lpString2="System Volume Information") returned 1 [0040.607] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0040.607] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0040.607] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\Templates") returned 28 [0040.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0040.607] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\ProgramData\\Templates" | out: lpString1="\\\\?\\C:\\ProgramData\\Templates") returned="\\\\?\\C:\\ProgramData\\Templates" [0040.607] lstrcatW (in: lpString1="\\\\?\\C:\\ProgramData\\Templates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\ProgramData\\Templates\\*") returned="\\\\?\\C:\\ProgramData\\Templates\\*" [0040.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\ProgramData\\Templates\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Java", cAlternateFileName="ꐴ瘵ꐣ䛦ͣ疨쁨^纈0ͣͣ㼭䚗쁨^ͣ热/쁨^麈\\庠\\헍皮咽瑆?b麈\\␖")) returned 0xffffffff [0040.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0040.607] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0 [0040.607] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0040.607] wsprintfW (in: param_1=0x5ec068, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\ProgramData\\LOLKEK.txt") returned 29 [0040.607] CreateFileW (lpFileName="\\\\?\\C:\\ProgramData\\LOLKEK.txt" (normalized: "c:\\programdata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0040.608] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.608] WriteFile (in: hFile=0x144, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f604, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f604*=0x10, lpOverlapped=0x0) returned 1 [0040.608] CloseHandle (hObject=0x144) returned 1 [0040.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec068 | out: hHeap=0x5a0000) returned 1 [0040.609] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0040.609] lstrcmpiW (lpString1="Recovery", lpString2="Windows") returned -1 [0040.609] lstrcmpiW (lpString1="Recovery", lpString2="Program Files") returned 1 [0040.609] lstrcmpiW (lpString1="Recovery", lpString2="Program Files (x86)") returned 1 [0040.609] lstrcmpiW (lpString1="Recovery", lpString2="$Recycle.bin") returned 1 [0040.609] lstrcmpiW (lpString1="Recovery", lpString2="System Volume Information") returned -1 [0040.609] lstrcmpiW (lpString1="Recovery", lpString2=".") returned 1 [0040.610] lstrcmpiW (lpString1="Recovery", lpString2="..") returned 1 [0040.610] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Recovery") returned 15 [0040.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0040.610] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\Recovery" | out: lpString1="\\\\?\\C:\\Recovery") returned="\\\\?\\C:\\Recovery" [0040.610] lstrcatW (in: lpString1="\\\\?\\C:\\Recovery", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Recovery\\*") returned="\\\\?\\C:\\Recovery\\*" [0040.610] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0040.611] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.611] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.611] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.611] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.611] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.611] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.611] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 1 [0040.611] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.611] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.611] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.611] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.611] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.611] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.611] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.611] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0040.611] lstrcmpiW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="Windows") returned -1 [0040.611] lstrcmpiW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="Program Files") returned -1 [0040.611] lstrcmpiW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="Program Files (x86)") returned -1 [0040.611] lstrcmpiW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="$Recycle.bin") returned 1 [0040.611] lstrcmpiW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="System Volume Information") returned -1 [0040.611] lstrcmpiW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2=".") returned 1 [0040.611] lstrcmpiW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="..") returned 1 [0040.612] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned 52 [0040.612] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.612] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0040.612] lstrcatW (in: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*" [0040.612] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0040.612] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.612] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.612] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.612] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.612] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.612] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.612] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.613] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.613] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.613] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.613] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.613] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.613] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.613] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.613] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0040.613] lstrcmpiW (lpString1="boot.sdi", lpString2="Windows") returned -1 [0040.613] lstrcmpiW (lpString1="boot.sdi", lpString2="Program Files") returned -1 [0040.613] lstrcmpiW (lpString1="boot.sdi", lpString2="Program Files (x86)") returned -1 [0040.613] lstrcmpiW (lpString1="boot.sdi", lpString2="$Recycle.bin") returned 1 [0040.613] lstrcmpiW (lpString1="boot.sdi", lpString2="System Volume Information") returned -1 [0040.613] lstrcmpiW (lpString1="boot.sdi", lpString2=".") returned 1 [0040.613] lstrcmpiW (lpString1="boot.sdi", lpString2="..") returned 1 [0040.613] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 61 [0040.613] StrStrIW (lpFirst="boot.sdi", lpSrch=".lolkek") returned 0x0 [0040.613] lstrcmpW (lpString1="boot.sdi", lpString2="LOLKEK.txt") returned -1 [0040.613] lstrlenW (lpString="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 61 [0040.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x66ac00 [0040.613] lstrcpyW (in: lpString1=0x66ac00, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" [0040.613] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.613] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.613] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0040.613] lstrcmpiW (lpString1="Winre.wim", lpString2="Windows") returned 1 [0040.613] lstrcmpiW (lpString1="Winre.wim", lpString2="Program Files") returned 1 [0040.613] lstrcmpiW (lpString1="Winre.wim", lpString2="Program Files (x86)") returned 1 [0040.613] lstrcmpiW (lpString1="Winre.wim", lpString2="$Recycle.bin") returned 1 [0040.613] lstrcmpiW (lpString1="Winre.wim", lpString2="System Volume Information") returned 1 [0040.613] lstrcmpiW (lpString1="Winre.wim", lpString2=".") returned 1 [0040.613] lstrcmpiW (lpString1="Winre.wim", lpString2="..") returned 1 [0040.613] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 62 [0040.614] StrStrIW (lpFirst="Winre.wim", lpSrch=".lolkek") returned 0x0 [0040.614] lstrcmpW (lpString1="Winre.wim", lpString2="LOLKEK.txt") returned 1 [0040.614] lstrlenW (lpString="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 62 [0040.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x6461a8 [0040.614] lstrcpyW (in: lpString1=0x6461a8, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" [0040.614] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.614] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.614] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0040.614] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0040.614] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\LOLKEK.txt") returned 63 [0040.614] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\LOLKEK.txt" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0040.615] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.615] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0040.616] CloseHandle (hObject=0x250) returned 1 [0040.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0040.616] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 0 [0040.616] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0040.616] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Recovery\\LOLKEK.txt") returned 26 [0040.616] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\LOLKEK.txt" (normalized: "c:\\recovery\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0040.616] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.616] WriteFile (in: hFile=0x144, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f604, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f604*=0x10, lpOverlapped=0x0) returned 1 [0040.617] CloseHandle (hObject=0x144) returned 1 [0040.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0040.617] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0040.617] lstrcmpiW (lpString1="System Volume Information", lpString2="Windows") returned -1 [0040.618] lstrcmpiW (lpString1="System Volume Information", lpString2="Program Files") returned 1 [0040.618] lstrcmpiW (lpString1="System Volume Information", lpString2="Program Files (x86)") returned 1 [0040.618] lstrcmpiW (lpString1="System Volume Information", lpString2="$Recycle.bin") returned 1 [0040.618] lstrcmpiW (lpString1="System Volume Information", lpString2="System Volume Information") returned 0 [0040.618] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0040.618] lstrcmpiW (lpString1="Users", lpString2="Windows") returned -1 [0040.618] lstrcmpiW (lpString1="Users", lpString2="Program Files") returned 1 [0040.618] lstrcmpiW (lpString1="Users", lpString2="Program Files (x86)") returned 1 [0040.618] lstrcmpiW (lpString1="Users", lpString2="$Recycle.bin") returned 1 [0040.618] lstrcmpiW (lpString1="Users", lpString2="System Volume Information") returned 1 [0040.618] lstrcmpiW (lpString1="Users", lpString2=".") returned 1 [0040.618] lstrcmpiW (lpString1="Users", lpString2="..") returned 1 [0040.618] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users") returned 12 [0040.618] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x61c748 [0040.618] lstrcpyW (in: lpString1=0x61c748, lpString2="\\\\?\\C:\\Users" | out: lpString1="\\\\?\\C:\\Users") returned="\\\\?\\C:\\Users" [0040.618] lstrcatW (in: lpString1="\\\\?\\C:\\Users", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\*") returned="\\\\?\\C:\\Users\\*" [0040.618] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName=".", cAlternateFileName="")) returned 0x62d8d8 [0040.618] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.618] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.618] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.618] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.618] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.618] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.618] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="..", cAlternateFileName="")) returned 1 [0040.618] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.618] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.618] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.618] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.619] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.619] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.619] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.619] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0040.619] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="Windows") returned -1 [0040.619] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="Program Files") returned -1 [0040.619] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="Program Files (x86)") returned -1 [0040.619] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="$Recycle.bin") returned 1 [0040.619] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="System Volume Information") returned -1 [0040.619] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0040.619] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0040.619] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 33 [0040.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0040.619] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz" [0040.619] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*" [0040.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0040.619] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.619] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.619] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.619] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.619] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.619] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.619] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.619] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.619] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.620] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.620] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.620] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.620] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.620] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.620] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AppData", cAlternateFileName="")) returned 1 [0040.620] lstrcmpiW (lpString1="AppData", lpString2="Windows") returned -1 [0040.620] lstrcmpiW (lpString1="AppData", lpString2="Program Files") returned -1 [0040.620] lstrcmpiW (lpString1="AppData", lpString2="Program Files (x86)") returned -1 [0040.620] lstrcmpiW (lpString1="AppData", lpString2="$Recycle.bin") returned 1 [0040.620] lstrcmpiW (lpString1="AppData", lpString2="System Volume Information") returned -1 [0040.620] lstrcmpiW (lpString1="AppData", lpString2=".") returned 1 [0040.620] lstrcmpiW (lpString1="AppData", lpString2="..") returned 1 [0040.620] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 41 [0040.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0040.620] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" [0040.620] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*" [0040.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0040.621] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.621] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.621] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.621] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.621] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.621] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.621] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.621] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.621] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.621] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.621] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.621] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.621] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.621] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.621] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Local", cAlternateFileName="")) returned 1 [0040.621] lstrcmpiW (lpString1="Local", lpString2="Windows") returned -1 [0040.621] lstrcmpiW (lpString1="Local", lpString2="Program Files") returned -1 [0040.621] lstrcmpiW (lpString1="Local", lpString2="Program Files (x86)") returned -1 [0040.621] lstrcmpiW (lpString1="Local", lpString2="$Recycle.bin") returned 1 [0040.621] lstrcmpiW (lpString1="Local", lpString2="System Volume Information") returned -1 [0040.621] lstrcmpiW (lpString1="Local", lpString2=".") returned 1 [0040.621] lstrcmpiW (lpString1="Local", lpString2="..") returned 1 [0040.621] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 47 [0040.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0040.622] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0040.622] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*" [0040.622] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0040.622] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.622] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.622] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.622] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.622] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.622] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.622] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.622] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.622] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.622] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.622] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.622] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.622] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.622] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.622] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Adobe", cAlternateFileName="")) returned 1 [0040.622] lstrcmpiW (lpString1="Adobe", lpString2="Windows") returned -1 [0040.622] lstrcmpiW (lpString1="Adobe", lpString2="Program Files") returned -1 [0040.622] lstrcmpiW (lpString1="Adobe", lpString2="Program Files (x86)") returned -1 [0040.623] lstrcmpiW (lpString1="Adobe", lpString2="$Recycle.bin") returned 1 [0040.623] lstrcmpiW (lpString1="Adobe", lpString2="System Volume Information") returned -1 [0040.623] lstrcmpiW (lpString1="Adobe", lpString2=".") returned 1 [0040.623] lstrcmpiW (lpString1="Adobe", lpString2="..") returned 1 [0040.623] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe") returned 53 [0040.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0040.623] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe" [0040.623] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*" [0040.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.624] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.624] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.624] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.624] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.624] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.624] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.624] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.624] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.624] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.624] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.624] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.624] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.624] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.624] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.624] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0040.624] lstrcmpiW (lpString1="Acrobat", lpString2="Windows") returned -1 [0040.624] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files") returned -1 [0040.624] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files (x86)") returned -1 [0040.624] lstrcmpiW (lpString1="Acrobat", lpString2="$Recycle.bin") returned 1 [0040.624] lstrcmpiW (lpString1="Acrobat", lpString2="System Volume Information") returned -1 [0040.624] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0040.624] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0040.624] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat") returned 61 [0040.624] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.625] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat" [0040.625] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*" [0040.625] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0040.625] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.625] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.625] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.625] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.625] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.625] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.625] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.625] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.625] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.625] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.625] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.625] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.625] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.625] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.625] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 1 [0040.625] lstrcmpiW (lpString1="10.0", lpString2="Windows") returned -1 [0040.625] lstrcmpiW (lpString1="10.0", lpString2="Program Files") returned -1 [0040.626] lstrcmpiW (lpString1="10.0", lpString2="Program Files (x86)") returned -1 [0040.626] lstrcmpiW (lpString1="10.0", lpString2="$Recycle.bin") returned 1 [0040.626] lstrcmpiW (lpString1="10.0", lpString2="System Volume Information") returned -1 [0040.626] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0040.626] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0040.626] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0") returned 66 [0040.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.626] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0" [0040.626] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*" [0040.626] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0040.627] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.627] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.627] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.627] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.627] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.627] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.627] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.627] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.627] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.627] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.627] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.627] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.627] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.627] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.628] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0040.628] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="Windows") returned -1 [0040.628] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="Program Files") returned -1 [0040.628] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="Program Files (x86)") returned -1 [0040.628] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="$Recycle.bin") returned 1 [0040.628] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="System Volume Information") returned -1 [0040.628] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2=".") returned 1 [0040.628] lstrcmpiW (lpString1="AdobeCMapFnt10.lst", lpString2="..") returned 1 [0040.628] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst") returned 85 [0040.628] StrStrIW (lpFirst="AdobeCMapFnt10.lst", lpSrch=".lolkek") returned 0x0 [0040.628] lstrcmpW (lpString1="AdobeCMapFnt10.lst", lpString2="LOLKEK.txt") returned -1 [0040.628] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst") returned 85 [0040.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x6336f8 [0040.628] lstrcpyW (in: lpString1=0x6336f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" [0040.628] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.646] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.646] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0040.646] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="Windows") returned -1 [0040.646] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="Program Files") returned -1 [0040.646] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="Program Files (x86)") returned -1 [0040.646] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="$Recycle.bin") returned 1 [0040.646] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="System Volume Information") returned -1 [0040.646] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2=".") returned 1 [0040.646] lstrcmpiW (lpString1="AdobeSysFnt10.lst", lpString2="..") returned 1 [0040.646] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst") returned 84 [0040.646] StrStrIW (lpFirst="AdobeSysFnt10.lst", lpSrch=".lolkek") returned 0x0 [0040.646] lstrcmpW (lpString1="AdobeSysFnt10.lst", lpString2="LOLKEK.txt") returned -1 [0040.646] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst") returned 84 [0040.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x62d680 [0040.646] lstrcpyW (in: lpString1=0x62d680, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" [0040.646] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.647] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.647] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Cache", cAlternateFileName="")) returned 1 [0040.647] lstrcmpiW (lpString1="Cache", lpString2="Windows") returned -1 [0040.647] lstrcmpiW (lpString1="Cache", lpString2="Program Files") returned -1 [0040.647] lstrcmpiW (lpString1="Cache", lpString2="Program Files (x86)") returned -1 [0040.647] lstrcmpiW (lpString1="Cache", lpString2="$Recycle.bin") returned 1 [0040.647] lstrcmpiW (lpString1="Cache", lpString2="System Volume Information") returned -1 [0040.647] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0040.647] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0040.647] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache") returned 72 [0040.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.647] lstrcpyW (in: lpString1=0x658b20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache" [0040.647] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*" [0040.647] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0040.652] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.652] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.652] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.652] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.652] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.652] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.652] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.652] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.652] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.652] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.652] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.652] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.652] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.652] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.652] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 1 [0040.652] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="Windows") returned -1 [0040.652] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="Program Files") returned -1 [0040.652] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="Program Files (x86)") returned -1 [0040.652] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="$Recycle.bin") returned 1 [0040.652] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="System Volume Information") returned -1 [0040.652] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2=".") returned 1 [0040.652] lstrcmpiW (lpString1="AcroFnt10.lst", lpString2="..") returned 1 [0040.653] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst") returned 86 [0040.653] StrStrIW (lpFirst="AcroFnt10.lst", lpSrch=".lolkek") returned 0x0 [0040.653] lstrcmpW (lpString1="AcroFnt10.lst", lpString2="LOLKEK.txt") returned -1 [0040.653] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst") returned 86 [0040.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x60cf70 [0040.653] lstrcpyW (in: lpString1=0x60cf70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" [0040.653] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.653] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.653] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 0 [0040.653] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0040.653] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\LOLKEK.txt") returned 83 [0040.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.653] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.653] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0040.654] CloseHandle (hObject=0x2a8) returned 1 [0040.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.654] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0040.654] lstrcmpiW (lpString1="SharedDataEvents", lpString2="Windows") returned -1 [0040.654] lstrcmpiW (lpString1="SharedDataEvents", lpString2="Program Files") returned 1 [0040.654] lstrcmpiW (lpString1="SharedDataEvents", lpString2="Program Files (x86)") returned 1 [0040.654] lstrcmpiW (lpString1="SharedDataEvents", lpString2="$Recycle.bin") returned 1 [0040.654] lstrcmpiW (lpString1="SharedDataEvents", lpString2="System Volume Information") returned -1 [0040.654] lstrcmpiW (lpString1="SharedDataEvents", lpString2=".") returned 1 [0040.654] lstrcmpiW (lpString1="SharedDataEvents", lpString2="..") returned 1 [0040.654] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents") returned 83 [0040.654] StrStrIW (lpFirst="SharedDataEvents", lpSrch=".lolkek") returned 0x0 [0040.654] lstrcmpW (lpString1="SharedDataEvents", lpString2="LOLKEK.txt") returned 1 [0040.654] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents") returned 83 [0040.654] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3caee98 [0040.654] lstrcpyW (in: lpString1=0x3caee98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" [0040.654] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.654] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.654] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0040.654] lstrcmpiW (lpString1="UserCache.bin", lpString2="Windows") returned -1 [0040.654] lstrcmpiW (lpString1="UserCache.bin", lpString2="Program Files") returned 1 [0040.654] lstrcmpiW (lpString1="UserCache.bin", lpString2="Program Files (x86)") returned 1 [0040.654] lstrcmpiW (lpString1="UserCache.bin", lpString2="$Recycle.bin") returned 1 [0040.654] lstrcmpiW (lpString1="UserCache.bin", lpString2="System Volume Information") returned 1 [0040.654] lstrcmpiW (lpString1="UserCache.bin", lpString2=".") returned 1 [0040.654] lstrcmpiW (lpString1="UserCache.bin", lpString2="..") returned 1 [0040.655] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin") returned 80 [0040.655] StrStrIW (lpFirst="UserCache.bin", lpSrch=".lolkek") returned 0x0 [0040.655] lstrcmpW (lpString1="UserCache.bin", lpString2="LOLKEK.txt") returned 1 [0040.655] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin") returned 80 [0040.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3caeff0 [0040.655] lstrcpyW (in: lpString1=0x3caeff0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" [0040.655] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.657] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.658] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 0 [0040.658] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0040.658] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\LOLKEK.txt") returned 77 [0040.658] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.658] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.658] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0040.659] CloseHandle (hObject=0x280) returned 1 [0040.659] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.660] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 0 [0040.660] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0040.660] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\LOLKEK.txt") returned 72 [0040.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.660] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.660] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0040.661] CloseHandle (hObject=0x290) returned 1 [0040.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.661] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Color", cAlternateFileName="")) returned 1 [0040.661] lstrcmpiW (lpString1="Color", lpString2="Windows") returned -1 [0040.661] lstrcmpiW (lpString1="Color", lpString2="Program Files") returned -1 [0040.661] lstrcmpiW (lpString1="Color", lpString2="Program Files (x86)") returned -1 [0040.661] lstrcmpiW (lpString1="Color", lpString2="$Recycle.bin") returned 1 [0040.661] lstrcmpiW (lpString1="Color", lpString2="System Volume Information") returned -1 [0040.661] lstrcmpiW (lpString1="Color", lpString2=".") returned 1 [0040.661] lstrcmpiW (lpString1="Color", lpString2="..") returned 1 [0040.661] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color") returned 59 [0040.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.661] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color" [0040.661] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*" [0040.661] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0040.661] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.661] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.661] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.661] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.661] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.661] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.661] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.661] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.661] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.661] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.661] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.661] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.661] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.661] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.662] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce719dc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ACECache11.lst", cAlternateFileName="ACECAC~1.LST")) returned 1 [0040.662] lstrcmpiW (lpString1="ACECache11.lst", lpString2="Windows") returned -1 [0040.662] lstrcmpiW (lpString1="ACECache11.lst", lpString2="Program Files") returned -1 [0040.662] lstrcmpiW (lpString1="ACECache11.lst", lpString2="Program Files (x86)") returned -1 [0040.662] lstrcmpiW (lpString1="ACECache11.lst", lpString2="$Recycle.bin") returned 1 [0040.662] lstrcmpiW (lpString1="ACECache11.lst", lpString2="System Volume Information") returned -1 [0040.662] lstrcmpiW (lpString1="ACECache11.lst", lpString2=".") returned 1 [0040.662] lstrcmpiW (lpString1="ACECache11.lst", lpString2="..") returned 1 [0040.662] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst") returned 74 [0040.662] StrStrIW (lpFirst="ACECache11.lst", lpSrch=".lolkek") returned 0x0 [0040.662] lstrcmpW (lpString1="ACECache11.lst", lpString2="LOLKEK.txt") returned -1 [0040.662] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst") returned 74 [0040.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x62f460 [0040.662] lstrcpyW (in: lpString1=0x62f460, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" [0040.662] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.677] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.677] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 1 [0040.677] lstrcmpiW (lpString1="Profiles", lpString2="Windows") returned -1 [0040.677] lstrcmpiW (lpString1="Profiles", lpString2="Program Files") returned -1 [0040.677] lstrcmpiW (lpString1="Profiles", lpString2="Program Files (x86)") returned -1 [0040.677] lstrcmpiW (lpString1="Profiles", lpString2="$Recycle.bin") returned 1 [0040.677] lstrcmpiW (lpString1="Profiles", lpString2="System Volume Information") returned -1 [0040.677] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0040.677] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0040.677] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles") returned 68 [0040.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.677] lstrcpyW (in: lpString1=0x658b20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles" [0040.677] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*" [0040.677] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0040.679] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.679] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.679] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.679] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.679] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.679] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.679] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.679] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.679] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.679] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.679] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.679] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.679] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.679] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.679] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wscRGB.icc", cAlternateFileName="")) returned 1 [0040.679] lstrcmpiW (lpString1="wscRGB.icc", lpString2="Windows") returned 1 [0040.679] lstrcmpiW (lpString1="wscRGB.icc", lpString2="Program Files") returned 1 [0040.679] lstrcmpiW (lpString1="wscRGB.icc", lpString2="Program Files (x86)") returned 1 [0040.679] lstrcmpiW (lpString1="wscRGB.icc", lpString2="$Recycle.bin") returned 1 [0040.679] lstrcmpiW (lpString1="wscRGB.icc", lpString2="System Volume Information") returned 1 [0040.679] lstrcmpiW (lpString1="wscRGB.icc", lpString2=".") returned 1 [0040.679] lstrcmpiW (lpString1="wscRGB.icc", lpString2="..") returned 1 [0040.679] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc") returned 79 [0040.679] StrStrIW (lpFirst="wscRGB.icc", lpSrch=".lolkek") returned 0x0 [0040.679] lstrcmpW (lpString1="wscRGB.icc", lpString2="LOLKEK.txt") returned 1 [0040.679] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc") returned 79 [0040.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x3cabb88 [0040.679] lstrcpyW (in: lpString1=0x3cabb88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" [0040.679] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.679] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.679] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wsRGB.icc", cAlternateFileName="")) returned 1 [0040.679] lstrcmpiW (lpString1="wsRGB.icc", lpString2="Windows") returned 1 [0040.679] lstrcmpiW (lpString1="wsRGB.icc", lpString2="Program Files") returned 1 [0040.679] lstrcmpiW (lpString1="wsRGB.icc", lpString2="Program Files (x86)") returned 1 [0040.679] lstrcmpiW (lpString1="wsRGB.icc", lpString2="$Recycle.bin") returned 1 [0040.679] lstrcmpiW (lpString1="wsRGB.icc", lpString2="System Volume Information") returned 1 [0040.679] lstrcmpiW (lpString1="wsRGB.icc", lpString2=".") returned 1 [0040.679] lstrcmpiW (lpString1="wsRGB.icc", lpString2="..") returned 1 [0040.679] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc") returned 78 [0040.679] StrStrIW (lpFirst="wsRGB.icc", lpSrch=".lolkek") returned 0x0 [0040.679] lstrcmpW (lpString1="wsRGB.icc", lpString2="LOLKEK.txt") returned 1 [0040.679] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc") returned 78 [0040.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x3cabf60 [0040.680] lstrcpyW (in: lpString1=0x3cabf60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" [0040.680] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.683] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.683] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wsRGB.icc", cAlternateFileName="")) returned 0 [0040.683] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0040.683] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\LOLKEK.txt") returned 79 [0040.683] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.683] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.683] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0040.684] CloseHandle (hObject=0x280) returned 1 [0040.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.684] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 0 [0040.684] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0040.684] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\LOLKEK.txt") returned 70 [0040.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.684] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.684] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0040.685] CloseHandle (hObject=0x290) returned 1 [0040.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.685] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Color", cAlternateFileName="")) returned 0 [0040.685] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.685] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\LOLKEK.txt") returned 64 [0040.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.685] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.685] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.686] CloseHandle (hObject=0x27c) returned 1 [0040.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0040.688] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0040.688] lstrcmpiW (lpString1="Application Data", lpString2="Windows") returned -1 [0040.688] lstrcmpiW (lpString1="Application Data", lpString2="Program Files") returned -1 [0040.688] lstrcmpiW (lpString1="Application Data", lpString2="Program Files (x86)") returned -1 [0040.688] lstrcmpiW (lpString1="Application Data", lpString2="$Recycle.bin") returned 1 [0040.688] lstrcmpiW (lpString1="Application Data", lpString2="System Volume Information") returned -1 [0040.688] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0040.688] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0040.688] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data") returned 64 [0040.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0040.688] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" [0040.688] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*" [0040.688] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Color", cAlternateFileName="ꐴ瘵뾣䛦ͣ疨༸ξ纈0ͣͣ⒭䚗༸ξͣ热/༸ξ였_徰c헍皮")) returned 0xffffffff [0040.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0040.688] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Apps", cAlternateFileName="")) returned 1 [0040.688] lstrcmpiW (lpString1="Apps", lpString2="Windows") returned -1 [0040.688] lstrcmpiW (lpString1="Apps", lpString2="Program Files") returned -1 [0040.688] lstrcmpiW (lpString1="Apps", lpString2="Program Files (x86)") returned -1 [0040.688] lstrcmpiW (lpString1="Apps", lpString2="$Recycle.bin") returned 1 [0040.688] lstrcmpiW (lpString1="Apps", lpString2="System Volume Information") returned -1 [0040.688] lstrcmpiW (lpString1="Apps", lpString2=".") returned 1 [0040.688] lstrcmpiW (lpString1="Apps", lpString2="..") returned 1 [0040.688] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps") returned 52 [0040.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0040.688] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps" [0040.688] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*" [0040.688] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.689] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.689] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.689] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.689] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.689] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.689] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.689] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.689] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.689] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.689] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.689] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.689] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.689] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.689] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.689] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2.0", cAlternateFileName="")) returned 1 [0040.689] lstrcmpiW (lpString1="2.0", lpString2="Windows") returned -1 [0040.689] lstrcmpiW (lpString1="2.0", lpString2="Program Files") returned -1 [0040.689] lstrcmpiW (lpString1="2.0", lpString2="Program Files (x86)") returned -1 [0040.689] lstrcmpiW (lpString1="2.0", lpString2="$Recycle.bin") returned 1 [0040.689] lstrcmpiW (lpString1="2.0", lpString2="System Volume Information") returned -1 [0040.689] lstrcmpiW (lpString1="2.0", lpString2=".") returned 1 [0040.689] lstrcmpiW (lpString1="2.0", lpString2="..") returned 1 [0040.689] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0") returned 56 [0040.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.689] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0" [0040.689] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*" [0040.690] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0040.690] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.690] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.690] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.690] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.690] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.690] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.690] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.690] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.690] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.690] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.690] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.690] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.690] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.690] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.690] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Data", cAlternateFileName="")) returned 1 [0040.690] lstrcmpiW (lpString1="Data", lpString2="Windows") returned -1 [0040.690] lstrcmpiW (lpString1="Data", lpString2="Program Files") returned -1 [0040.690] lstrcmpiW (lpString1="Data", lpString2="Program Files (x86)") returned -1 [0040.690] lstrcmpiW (lpString1="Data", lpString2="$Recycle.bin") returned 1 [0040.690] lstrcmpiW (lpString1="Data", lpString2="System Volume Information") returned -1 [0040.690] lstrcmpiW (lpString1="Data", lpString2=".") returned 1 [0040.690] lstrcmpiW (lpString1="Data", lpString2="..") returned 1 [0040.690] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data") returned 61 [0040.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.690] lstrcpyW (in: lpString1=0x658b20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data" [0040.690] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*" [0040.690] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0040.691] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.691] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.691] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.691] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.691] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.691] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.691] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.691] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.691] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.691] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.691] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.691] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.691] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.691] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.691] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 1 [0040.691] lstrcmpiW (lpString1="CJW3O3KP.BX7", lpString2="Windows") returned -1 [0040.691] lstrcmpiW (lpString1="CJW3O3KP.BX7", lpString2="Program Files") returned -1 [0040.691] lstrcmpiW (lpString1="CJW3O3KP.BX7", lpString2="Program Files (x86)") returned -1 [0040.691] lstrcmpiW (lpString1="CJW3O3KP.BX7", lpString2="$Recycle.bin") returned 1 [0040.691] lstrcmpiW (lpString1="CJW3O3KP.BX7", lpString2="System Volume Information") returned -1 [0040.692] lstrcmpiW (lpString1="CJW3O3KP.BX7", lpString2=".") returned 1 [0040.692] lstrcmpiW (lpString1="CJW3O3KP.BX7", lpString2="..") returned 1 [0040.692] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7") returned 74 [0040.692] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.692] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7" [0040.692] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*" [0040.692] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0040.692] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.692] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.692] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.692] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.692] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.692] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.692] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.692] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.692] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.692] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.692] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.692] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.692] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.692] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.692] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 1 [0040.692] lstrcmpiW (lpString1="6NG60CXZ.9GJ", lpString2="Windows") returned -1 [0040.692] lstrcmpiW (lpString1="6NG60CXZ.9GJ", lpString2="Program Files") returned -1 [0040.692] lstrcmpiW (lpString1="6NG60CXZ.9GJ", lpString2="Program Files (x86)") returned -1 [0040.692] lstrcmpiW (lpString1="6NG60CXZ.9GJ", lpString2="$Recycle.bin") returned 1 [0040.692] lstrcmpiW (lpString1="6NG60CXZ.9GJ", lpString2="System Volume Information") returned -1 [0040.692] lstrcmpiW (lpString1="6NG60CXZ.9GJ", lpString2=".") returned 1 [0040.692] lstrcmpiW (lpString1="6NG60CXZ.9GJ", lpString2="..") returned 1 [0040.693] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ") returned 87 [0040.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0040.693] lstrcpyW (in: lpString1=0x3e43fd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ" [0040.693] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*" [0040.693] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.693] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.693] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.693] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.693] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.693] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.693] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.693] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.693] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.693] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.693] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.694] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.694] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.694] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.694] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.694] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0040.694] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="Windows") returned -1 [0040.694] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="Program Files") returned -1 [0040.694] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="Program Files (x86)") returned -1 [0040.694] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="$Recycle.bin") returned 1 [0040.694] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="System Volume Information") returned -1 [0040.694] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2=".") returned 1 [0040.694] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="..") returned 1 [0040.694] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned 142 [0040.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e53fd8 [0040.694] lstrcpyW (in: lpString1=0x3e53fd8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" [0040.694] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*" [0040.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0040.695] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.695] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.695] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.695] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.695] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.695] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.695] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.695] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.695] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.695] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.695] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Data", cAlternateFileName="")) returned 1 [0040.695] lstrcmpiW (lpString1="Data", lpString2="Windows") returned -1 [0040.695] lstrcmpiW (lpString1="Data", lpString2="Program Files") returned -1 [0040.695] lstrcmpiW (lpString1="Data", lpString2="Program Files (x86)") returned -1 [0040.695] lstrcmpiW (lpString1="Data", lpString2="$Recycle.bin") returned 1 [0040.695] lstrcmpiW (lpString1="Data", lpString2="System Volume Information") returned -1 [0040.695] lstrcmpiW (lpString1="Data", lpString2=".") returned 1 [0040.695] lstrcmpiW (lpString1="Data", lpString2="..") returned 1 [0040.695] wsprintfW (in: param_1=0x3e53fd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data") returned 147 [0040.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e63fe0 [0040.695] lstrcpyW (in: lpString1=0x3e63fe0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data" [0040.695] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*" [0040.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0040.695] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.695] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.695] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.695] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.696] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.696] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.696] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.696] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.696] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.696] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.696] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.696] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0040.696] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0040.696] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\LOLKEK.txt") returned 158 [0040.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\data\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.696] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.696] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0040.697] CloseHandle (hObject=0x270) returned 1 [0040.697] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e63fe0 | out: hHeap=0x5a0000) returned 1 [0040.697] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Data", cAlternateFileName="")) returned 0 [0040.697] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0040.697] wsprintfW (in: param_1=0x3e53fd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\LOLKEK.txt") returned 153 [0040.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0040.697] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.697] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0040.698] CloseHandle (hObject=0x24c) returned 1 [0040.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e53fd8 | out: hHeap=0x5a0000) returned 1 [0040.698] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 0 [0040.698] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.698] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\LOLKEK.txt") returned 98 [0040.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.698] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.698] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.699] CloseHandle (hObject=0x160) returned 1 [0040.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0040.699] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 0 [0040.699] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0040.699] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\LOLKEK.txt") returned 85 [0040.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.699] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.699] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0040.700] CloseHandle (hObject=0x2a8) returned 1 [0040.700] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.701] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 0 [0040.701] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0040.701] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\LOLKEK.txt") returned 72 [0040.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.701] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.701] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0040.702] CloseHandle (hObject=0x280) returned 1 [0040.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.702] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 1 [0040.702] lstrcmpiW (lpString1="DQQ19BCJ.JAX", lpString2="Windows") returned -1 [0040.702] lstrcmpiW (lpString1="DQQ19BCJ.JAX", lpString2="Program Files") returned -1 [0040.702] lstrcmpiW (lpString1="DQQ19BCJ.JAX", lpString2="Program Files (x86)") returned -1 [0040.702] lstrcmpiW (lpString1="DQQ19BCJ.JAX", lpString2="$Recycle.bin") returned 1 [0040.702] lstrcmpiW (lpString1="DQQ19BCJ.JAX", lpString2="System Volume Information") returned -1 [0040.702] lstrcmpiW (lpString1="DQQ19BCJ.JAX", lpString2=".") returned 1 [0040.702] lstrcmpiW (lpString1="DQQ19BCJ.JAX", lpString2="..") returned 1 [0040.702] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX") returned 69 [0040.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.702] lstrcpyW (in: lpString1=0x658b20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX" [0040.702] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*" [0040.702] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0040.702] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.702] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.702] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.702] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.702] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.702] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.702] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.702] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.703] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.703] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.703] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.703] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.703] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.703] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.703] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 1 [0040.703] lstrcmpiW (lpString1="YVORLGOR.PNT", lpString2="Windows") returned 1 [0040.703] lstrcmpiW (lpString1="YVORLGOR.PNT", lpString2="Program Files") returned 1 [0040.703] lstrcmpiW (lpString1="YVORLGOR.PNT", lpString2="Program Files (x86)") returned 1 [0040.703] lstrcmpiW (lpString1="YVORLGOR.PNT", lpString2="$Recycle.bin") returned 1 [0040.703] lstrcmpiW (lpString1="YVORLGOR.PNT", lpString2="System Volume Information") returned 1 [0040.703] lstrcmpiW (lpString1="YVORLGOR.PNT", lpString2=".") returned 1 [0040.703] lstrcmpiW (lpString1="YVORLGOR.PNT", lpString2="..") returned 1 [0040.703] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT") returned 82 [0040.703] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.703] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT" [0040.703] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*" [0040.703] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0040.705] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.705] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.705] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.705] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.705] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.705] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.705] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.705] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.705] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.705] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.705] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.705] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.705] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.705] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.705] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", cAlternateFileName="CLICEX~1.000")) returned 1 [0040.705] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2="Windows") returned -1 [0040.705] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2="Program Files") returned -1 [0040.705] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2="Program Files (x86)") returned -1 [0040.705] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2="$Recycle.bin") returned 1 [0040.705] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2="System Volume Information") returned -1 [0040.705] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2=".") returned 1 [0040.705] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2="..") returned 1 [0040.705] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715") returned 142 [0040.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.705] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715" [0040.705] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*" [0040.705] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.706] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.706] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.706] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.706] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.706] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.706] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.706] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.706] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.706] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.706] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.706] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.706] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.706] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.706] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.706] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 1 [0040.706] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="Windows") returned -1 [0040.706] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="Program Files") returned -1 [0040.706] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="Program Files (x86)") returned -1 [0040.706] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="$Recycle.bin") returned 1 [0040.706] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="System Volume Information") returned -1 [0040.706] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2=".") returned 1 [0040.706] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="..") returned 1 [0040.706] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe") returned 164 [0040.706] StrStrIW (lpFirst="GoogleUpdateSetup.exe", lpSrch=".lolkek") returned 0x0 [0040.706] lstrcmpW (lpString1="GoogleUpdateSetup.exe", lpString2="LOLKEK.txt") returned -1 [0040.707] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe") returned 164 [0040.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x634058 [0040.707] lstrcpyW (in: lpString1=0x634058, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" [0040.707] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.707] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.707] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 0 [0040.707] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.707] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\LOLKEK.txt") returned 153 [0040.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.707] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.707] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.708] CloseHandle (hObject=0x160) returned 1 [0040.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.708] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0040.708] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="Windows") returned -1 [0040.708] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="Program Files") returned -1 [0040.708] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="Program Files (x86)") returned -1 [0040.708] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="$Recycle.bin") returned 1 [0040.708] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="System Volume Information") returned -1 [0040.708] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2=".") returned 1 [0040.708] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="..") returned 1 [0040.708] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned 137 [0040.708] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.708] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" [0040.708] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*" [0040.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.710] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.711] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.711] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.711] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.711] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.711] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.711] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.711] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.711] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.711] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.711] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.711] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.711] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.711] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.711] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clickonce_bootstrap.exe", cAlternateFileName="CLICKO~1.EXE")) returned 1 [0040.711] lstrcmpiW (lpString1="clickonce_bootstrap.exe", lpString2="Windows") returned -1 [0040.711] lstrcmpiW (lpString1="clickonce_bootstrap.exe", lpString2="Program Files") returned -1 [0040.711] lstrcmpiW (lpString1="clickonce_bootstrap.exe", lpString2="Program Files (x86)") returned -1 [0040.711] lstrcmpiW (lpString1="clickonce_bootstrap.exe", lpString2="$Recycle.bin") returned 1 [0040.711] lstrcmpiW (lpString1="clickonce_bootstrap.exe", lpString2="System Volume Information") returned -1 [0040.711] lstrcmpiW (lpString1="clickonce_bootstrap.exe", lpString2=".") returned 1 [0040.711] lstrcmpiW (lpString1="clickonce_bootstrap.exe", lpString2="..") returned 1 [0040.711] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe") returned 161 [0040.711] StrStrIW (lpFirst="clickonce_bootstrap.exe", lpSrch=".lolkek") returned 0x0 [0040.711] lstrcmpW (lpString1="clickonce_bootstrap.exe", lpString2="LOLKEK.txt") returned -1 [0040.711] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe") returned 161 [0040.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x288) returned 0x60d590 [0040.711] lstrcpyW (in: lpString1=0x60d590, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" [0040.711] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.716] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.716] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clickonce_bootstrap.exe.cdf-ms", cAlternateFileName="")) returned 1 [0040.716] lstrcmpiW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2="Windows") returned -1 [0040.716] lstrcmpiW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2="Program Files") returned -1 [0040.716] lstrcmpiW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2="Program Files (x86)") returned -1 [0040.716] lstrcmpiW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2="$Recycle.bin") returned 1 [0040.716] lstrcmpiW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2="System Volume Information") returned -1 [0040.716] lstrcmpiW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2=".") returned 1 [0040.716] lstrcmpiW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2="..") returned 1 [0040.716] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms") returned 168 [0040.716] StrStrIW (lpFirst="clickonce_bootstrap.exe.cdf-ms", lpSrch=".lolkek") returned 0x0 [0040.716] lstrcmpW (lpString1="clickonce_bootstrap.exe.cdf-ms", lpString2="LOLKEK.txt") returned -1 [0040.716] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms") returned 168 [0040.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a4) returned 0x60d820 [0040.716] lstrcpyW (in: lpString1=0x60d820, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" [0040.716] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.727] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.727] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clickonce_bootstrap.exe.manifest", cAlternateFileName="")) returned 1 [0040.727] lstrcmpiW (lpString1="clickonce_bootstrap.exe.manifest", lpString2="Windows") returned -1 [0040.728] lstrcmpiW (lpString1="clickonce_bootstrap.exe.manifest", lpString2="Program Files") returned -1 [0040.728] lstrcmpiW (lpString1="clickonce_bootstrap.exe.manifest", lpString2="Program Files (x86)") returned -1 [0040.728] lstrcmpiW (lpString1="clickonce_bootstrap.exe.manifest", lpString2="$Recycle.bin") returned 1 [0040.728] lstrcmpiW (lpString1="clickonce_bootstrap.exe.manifest", lpString2="System Volume Information") returned -1 [0040.728] lstrcmpiW (lpString1="clickonce_bootstrap.exe.manifest", lpString2=".") returned 1 [0040.728] lstrcmpiW (lpString1="clickonce_bootstrap.exe.manifest", lpString2="..") returned 1 [0040.728] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest") returned 170 [0040.728] StrStrIW (lpFirst="clickonce_bootstrap.exe.manifest", lpSrch=".lolkek") returned 0x0 [0040.728] lstrcmpW (lpString1="clickonce_bootstrap.exe.manifest", lpString2="LOLKEK.txt") returned -1 [0040.728] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest") returned 170 [0040.728] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2ac) returned 0x60dad0 [0040.728] lstrcpyW (in: lpString1=0x60dad0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" [0040.728] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.739] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.739] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clickonce_bootstrap_unsigned.cdf-ms", cAlternateFileName="CLICKO~1.CDF")) returned 1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2="Windows") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2="Program Files") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2="Program Files (x86)") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2="$Recycle.bin") returned 1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2="System Volume Information") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2=".") returned 1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2="..") returned 1 [0040.739] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms") returned 173 [0040.739] StrStrIW (lpFirst="clickonce_bootstrap_unsigned.cdf-ms", lpSrch=".lolkek") returned 0x0 [0040.739] lstrcmpW (lpString1="clickonce_bootstrap_unsigned.cdf-ms", lpString2="LOLKEK.txt") returned -1 [0040.739] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms") returned 173 [0040.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2b8) returned 0x610ed8 [0040.739] lstrcpyW (in: lpString1=0x610ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" [0040.739] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.739] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.739] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clickonce_bootstrap_unsigned.manifest", cAlternateFileName="CLICKO~1.MAN")) returned 1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2="Windows") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2="Program Files") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2="Program Files (x86)") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2="$Recycle.bin") returned 1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2="System Volume Information") returned -1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2=".") returned 1 [0040.739] lstrcmpiW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2="..") returned 1 [0040.739] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest") returned 175 [0040.739] StrStrIW (lpFirst="clickonce_bootstrap_unsigned.manifest", lpSrch=".lolkek") returned 0x0 [0040.739] lstrcmpW (lpString1="clickonce_bootstrap_unsigned.manifest", lpString2="LOLKEK.txt") returned -1 [0040.740] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest") returned 175 [0040.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2c0) returned 0x3ddaea8 [0040.740] lstrcpyW (in: lpString1=0x3ddaea8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" [0040.740] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.740] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.740] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 1 [0040.740] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="Windows") returned -1 [0040.740] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="Program Files") returned -1 [0040.740] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="Program Files (x86)") returned -1 [0040.740] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="$Recycle.bin") returned 1 [0040.740] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="System Volume Information") returned -1 [0040.740] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2=".") returned 1 [0040.740] lstrcmpiW (lpString1="GoogleUpdateSetup.exe", lpString2="..") returned 1 [0040.740] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe") returned 159 [0040.740] StrStrIW (lpFirst="GoogleUpdateSetup.exe", lpSrch=".lolkek") returned 0x0 [0040.740] lstrcmpW (lpString1="GoogleUpdateSetup.exe", lpString2="LOLKEK.txt") returned -1 [0040.740] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe") returned 159 [0040.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ddb170 [0040.740] lstrcpyW (in: lpString1=0x3ddb170, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" [0040.740] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.748] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.749] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 0 [0040.749] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.749] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\LOLKEK.txt") returned 148 [0040.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.750] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.750] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.750] CloseHandle (hObject=0x160) returned 1 [0040.751] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.752] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 1 [0040.752] lstrcmpiW (lpString1="manifests", lpString2="Windows") returned -1 [0040.752] lstrcmpiW (lpString1="manifests", lpString2="Program Files") returned -1 [0040.752] lstrcmpiW (lpString1="manifests", lpString2="Program Files (x86)") returned -1 [0040.752] lstrcmpiW (lpString1="manifests", lpString2="$Recycle.bin") returned 1 [0040.752] lstrcmpiW (lpString1="manifests", lpString2="System Volume Information") returned -1 [0040.752] lstrcmpiW (lpString1="manifests", lpString2=".") returned 1 [0040.752] lstrcmpiW (lpString1="manifests", lpString2="..") returned 1 [0040.752] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests") returned 92 [0040.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.752] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests" [0040.752] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*" [0040.752] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.758] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.758] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.758] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.758] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.758] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.758] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.758] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.758] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.758] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.758] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.758] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.758] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.758] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.758] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.758] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cAlternateFileName="CLICEX~1.CDF")) returned 1 [0040.758] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2="Windows") returned -1 [0040.758] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2="Program Files") returned -1 [0040.758] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2="Program Files (x86)") returned -1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2="$Recycle.bin") returned 1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2="System Volume Information") returned -1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2=".") returned 1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2="..") returned 1 [0040.759] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms") returned 159 [0040.759] StrStrIW (lpFirst="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpSrch=".lolkek") returned 0x0 [0040.759] lstrcmpW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", lpString2="LOLKEK.txt") returned -1 [0040.759] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms") returned 159 [0040.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ddb3f8 [0040.759] lstrcpyW (in: lpString1=0x3ddb3f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" [0040.759] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.759] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.759] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cAlternateFileName="CLICEX~1.MAN")) returned 1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2="Windows") returned -1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2="Program Files") returned -1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2="Program Files (x86)") returned -1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2="$Recycle.bin") returned 1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2="System Volume Information") returned -1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2=".") returned 1 [0040.759] lstrcmpiW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2="..") returned 1 [0040.759] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest") returned 161 [0040.759] StrStrIW (lpFirst="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpSrch=".lolkek") returned 0x0 [0040.759] lstrcmpW (lpString1="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", lpString2="LOLKEK.txt") returned -1 [0040.759] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest") returned 161 [0040.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x288) returned 0x3ddb680 [0040.759] lstrcpyW (in: lpString1=0x3ddb680, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" [0040.759] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.759] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.759] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x38b0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cAlternateFileName="GOOGAP~1.CDF")) returned 1 [0040.759] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2="Windows") returned -1 [0040.759] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2="Program Files") returned -1 [0040.759] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2="Program Files (x86)") returned -1 [0040.759] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2="$Recycle.bin") returned 1 [0040.760] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2="System Volume Information") returned -1 [0040.760] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2=".") returned 1 [0040.760] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2="..") returned 1 [0040.760] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms") returned 159 [0040.760] StrStrIW (lpFirst="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpSrch=".lolkek") returned 0x0 [0040.760] lstrcmpW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", lpString2="LOLKEK.txt") returned -1 [0040.760] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms") returned 159 [0040.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x6575a8 [0040.760] lstrcpyW (in: lpString1=0x6575a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" [0040.760] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.766] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.766] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 1 [0040.766] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2="Windows") returned -1 [0040.766] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2="Program Files") returned -1 [0040.766] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2="Program Files (x86)") returned -1 [0040.766] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2="$Recycle.bin") returned 1 [0040.766] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2="System Volume Information") returned -1 [0040.766] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2=".") returned 1 [0040.766] lstrcmpiW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2="..") returned 1 [0040.766] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest") returned 161 [0040.766] StrStrIW (lpFirst="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpSrch=".lolkek") returned 0x0 [0040.766] lstrcmpW (lpString1="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", lpString2="LOLKEK.txt") returned -1 [0040.766] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest") returned 161 [0040.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x288) returned 0x657830 [0040.766] lstrcpyW (in: lpString1=0x657830, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" [0040.766] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.766] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.766] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 0 [0040.766] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.767] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\LOLKEK.txt") returned 103 [0040.767] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.767] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.767] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.768] CloseHandle (hObject=0x160) returned 1 [0040.768] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.769] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 0 [0040.769] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0040.769] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\LOLKEK.txt") returned 93 [0040.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.769] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.769] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0040.770] CloseHandle (hObject=0x2a8) returned 1 [0040.770] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.770] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 0 [0040.770] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0040.770] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\LOLKEK.txt") returned 80 [0040.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.771] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.771] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0040.771] CloseHandle (hObject=0x280) returned 1 [0040.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0040.771] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 0 [0040.771] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0040.772] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\LOLKEK.txt") returned 67 [0040.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.772] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.772] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0040.773] CloseHandle (hObject=0x290) returned 1 [0040.773] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0040.773] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2.0", cAlternateFileName="")) returned 0 [0040.773] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.773] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\LOLKEK.txt") returned 63 [0040.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.773] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.773] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.774] CloseHandle (hObject=0x27c) returned 1 [0040.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0040.775] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0040.775] lstrcmpiW (lpString1="Deployment", lpString2="Windows") returned -1 [0040.775] lstrcmpiW (lpString1="Deployment", lpString2="Program Files") returned -1 [0040.775] lstrcmpiW (lpString1="Deployment", lpString2="Program Files (x86)") returned -1 [0040.775] lstrcmpiW (lpString1="Deployment", lpString2="$Recycle.bin") returned 1 [0040.775] lstrcmpiW (lpString1="Deployment", lpString2="System Volume Information") returned -1 [0040.775] lstrcmpiW (lpString1="Deployment", lpString2=".") returned 1 [0040.775] lstrcmpiW (lpString1="Deployment", lpString2="..") returned 1 [0040.775] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment") returned 58 [0040.775] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0040.775] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment" [0040.775] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*" [0040.775] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.775] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.776] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.776] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.776] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.776] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.776] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.776] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.776] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.776] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.776] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.776] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.776] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.776] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.776] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.776] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0040.776] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0040.776] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\LOLKEK.txt") returned 69 [0040.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\deployment\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0040.776] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.776] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0040.777] CloseHandle (hObject=0x27c) returned 1 [0040.777] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0040.777] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0040.777] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT", lpString2="Windows") returned -1 [0040.777] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT", lpString2="Program Files") returned -1 [0040.777] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT", lpString2="Program Files (x86)") returned -1 [0040.777] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT", lpString2="$Recycle.bin") returned 1 [0040.777] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT", lpString2="System Volume Information") returned -1 [0040.777] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT", lpString2=".") returned 1 [0040.777] lstrcmpiW (lpString1="GDIPFONTCACHEV1.DAT", lpString2="..") returned 1 [0040.777] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT") returned 67 [0040.777] StrStrIW (lpFirst="GDIPFONTCACHEV1.DAT", lpSrch=".lolkek") returned 0x0 [0040.777] lstrcmpW (lpString1="GDIPFONTCACHEV1.DAT", lpString2="LOLKEK.txt") returned -1 [0040.778] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT") returned 67 [0040.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x3dd5990 [0040.778] lstrcpyW (in: lpString1=0x3dd5990, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" [0040.778] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.788] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.788] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Google", cAlternateFileName="")) returned 1 [0040.788] lstrcmpiW (lpString1="Google", lpString2="Windows") returned -1 [0040.788] lstrcmpiW (lpString1="Google", lpString2="Program Files") returned -1 [0040.788] lstrcmpiW (lpString1="Google", lpString2="Program Files (x86)") returned -1 [0040.788] lstrcmpiW (lpString1="Google", lpString2="$Recycle.bin") returned 1 [0040.788] lstrcmpiW (lpString1="Google", lpString2="System Volume Information") returned -1 [0040.788] lstrcmpiW (lpString1="Google", lpString2=".") returned 1 [0040.788] lstrcmpiW (lpString1="Google", lpString2="..") returned 1 [0040.788] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google") returned 54 [0040.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0040.788] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google" [0040.788] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*" [0040.788] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0040.789] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.789] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.789] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.789] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.789] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.789] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.789] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.789] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.789] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.789] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.789] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.789] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.789] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.789] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.789] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Chrome", cAlternateFileName="")) returned 1 [0040.789] lstrcmpiW (lpString1="Chrome", lpString2="Windows") returned -1 [0040.789] lstrcmpiW (lpString1="Chrome", lpString2="Program Files") returned -1 [0040.789] lstrcmpiW (lpString1="Chrome", lpString2="Program Files (x86)") returned -1 [0040.789] lstrcmpiW (lpString1="Chrome", lpString2="$Recycle.bin") returned 1 [0040.789] lstrcmpiW (lpString1="Chrome", lpString2="System Volume Information") returned -1 [0040.789] lstrcmpiW (lpString1="Chrome", lpString2=".") returned 1 [0040.789] lstrcmpiW (lpString1="Chrome", lpString2="..") returned 1 [0040.789] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 61 [0040.789] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0040.789] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0040.790] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*" [0040.790] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0040.790] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.790] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.790] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.790] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.790] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.790] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.790] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.790] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.790] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.790] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.790] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.790] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.790] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.790] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.790] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0040.790] lstrcmpiW (lpString1="User Data", lpString2="Windows") returned -1 [0040.790] lstrcmpiW (lpString1="User Data", lpString2="Program Files") returned 1 [0040.790] lstrcmpiW (lpString1="User Data", lpString2="Program Files (x86)") returned 1 [0040.790] lstrcmpiW (lpString1="User Data", lpString2="$Recycle.bin") returned 1 [0040.790] lstrcmpiW (lpString1="User Data", lpString2="System Volume Information") returned 1 [0040.790] lstrcmpiW (lpString1="User Data", lpString2=".") returned 1 [0040.790] lstrcmpiW (lpString1="User Data", lpString2="..") returned 1 [0040.790] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 71 [0040.790] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b20 [0040.791] lstrcpyW (in: lpString1=0x658b20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0040.791] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*" [0040.791] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0040.813] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.813] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.813] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.813] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.813] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.813] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.813] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.814] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.814] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.814] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.814] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.814] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.814] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.814] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.814] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0040.814] lstrcmpiW (lpString1="CertificateTransparency", lpString2="Windows") returned -1 [0040.814] lstrcmpiW (lpString1="CertificateTransparency", lpString2="Program Files") returned -1 [0040.814] lstrcmpiW (lpString1="CertificateTransparency", lpString2="Program Files (x86)") returned -1 [0040.814] lstrcmpiW (lpString1="CertificateTransparency", lpString2="$Recycle.bin") returned 1 [0040.814] lstrcmpiW (lpString1="CertificateTransparency", lpString2="System Volume Information") returned -1 [0040.814] lstrcmpiW (lpString1="CertificateTransparency", lpString2=".") returned 1 [0040.814] lstrcmpiW (lpString1="CertificateTransparency", lpString2="..") returned 1 [0040.814] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 95 [0040.814] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.815] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0040.815] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*" [0040.815] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0040.816] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.816] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.816] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.816] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.816] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.816] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.816] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.816] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.816] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.816] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.816] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.816] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.816] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.816] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.816] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0040.816] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0040.816] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\LOLKEK.txt") returned 106 [0040.816] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.817] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.817] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0040.817] CloseHandle (hObject=0x280) returned 1 [0040.817] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.817] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0040.817] lstrcmpiW (lpString1="Crashpad", lpString2="Windows") returned -1 [0040.817] lstrcmpiW (lpString1="Crashpad", lpString2="Program Files") returned -1 [0040.817] lstrcmpiW (lpString1="Crashpad", lpString2="Program Files (x86)") returned -1 [0040.817] lstrcmpiW (lpString1="Crashpad", lpString2="$Recycle.bin") returned 1 [0040.817] lstrcmpiW (lpString1="Crashpad", lpString2="System Volume Information") returned -1 [0040.818] lstrcmpiW (lpString1="Crashpad", lpString2=".") returned 1 [0040.818] lstrcmpiW (lpString1="Crashpad", lpString2="..") returned 1 [0040.818] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 80 [0040.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.818] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0040.818] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*" [0040.818] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0040.819] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.819] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.819] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.819] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.819] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.819] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.819] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.819] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.819] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.819] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.819] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.819] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.819] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.819] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.819] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="metadata", cAlternateFileName="")) returned 1 [0040.819] lstrcmpiW (lpString1="metadata", lpString2="Windows") returned -1 [0040.819] lstrcmpiW (lpString1="metadata", lpString2="Program Files") returned -1 [0040.819] lstrcmpiW (lpString1="metadata", lpString2="Program Files (x86)") returned -1 [0040.819] lstrcmpiW (lpString1="metadata", lpString2="$Recycle.bin") returned 1 [0040.819] lstrcmpiW (lpString1="metadata", lpString2="System Volume Information") returned -1 [0040.819] lstrcmpiW (lpString1="metadata", lpString2=".") returned 1 [0040.819] lstrcmpiW (lpString1="metadata", lpString2="..") returned 1 [0040.819] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata") returned 89 [0040.819] StrStrIW (lpFirst="metadata", lpSrch=".lolkek") returned 0x0 [0040.819] lstrcmpW (lpString1="metadata", lpString2="LOLKEK.txt") returned 1 [0040.819] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata") returned 89 [0040.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x60ecf0 [0040.819] lstrcpyW (in: lpString1=0x60ecf0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" [0040.819] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.819] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.820] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="reports", cAlternateFileName="")) returned 1 [0040.820] lstrcmpiW (lpString1="reports", lpString2="Windows") returned -1 [0040.820] lstrcmpiW (lpString1="reports", lpString2="Program Files") returned 1 [0040.820] lstrcmpiW (lpString1="reports", lpString2="Program Files (x86)") returned 1 [0040.820] lstrcmpiW (lpString1="reports", lpString2="$Recycle.bin") returned 1 [0040.820] lstrcmpiW (lpString1="reports", lpString2="System Volume Information") returned -1 [0040.820] lstrcmpiW (lpString1="reports", lpString2=".") returned 1 [0040.820] lstrcmpiW (lpString1="reports", lpString2="..") returned 1 [0040.820] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned 88 [0040.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.820] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" [0040.820] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*" [0040.820] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.820] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.820] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.820] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.820] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.820] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.820] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.821] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.821] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.821] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.821] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.821] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.821] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.821] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.821] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.821] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0040.821] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.821] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\LOLKEK.txt") returned 99 [0040.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\reports\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0040.821] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.821] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.822] CloseHandle (hObject=0x290) returned 1 [0040.822] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.822] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0040.822] lstrcmpiW (lpString1="settings.dat", lpString2="Windows") returned -1 [0040.822] lstrcmpiW (lpString1="settings.dat", lpString2="Program Files") returned 1 [0040.822] lstrcmpiW (lpString1="settings.dat", lpString2="Program Files (x86)") returned 1 [0040.822] lstrcmpiW (lpString1="settings.dat", lpString2="$Recycle.bin") returned 1 [0040.822] lstrcmpiW (lpString1="settings.dat", lpString2="System Volume Information") returned -1 [0040.822] lstrcmpiW (lpString1="settings.dat", lpString2=".") returned 1 [0040.822] lstrcmpiW (lpString1="settings.dat", lpString2="..") returned 1 [0040.822] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat") returned 93 [0040.822] StrStrIW (lpFirst="settings.dat", lpSrch=".lolkek") returned 0x0 [0040.822] lstrcmpW (lpString1="settings.dat", lpString2="LOLKEK.txt") returned 1 [0040.822] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat") returned 93 [0040.822] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x60d0d8 [0040.822] lstrcpyW (in: lpString1=0x60d0d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" [0040.822] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.838] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.838] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="settings.dat", cAlternateFileName="")) returned 0 [0040.838] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0040.838] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\LOLKEK.txt") returned 91 [0040.839] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0040.839] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.839] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0040.839] CloseHandle (hObject=0x280) returned 1 [0040.840] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0040.840] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Default", cAlternateFileName="")) returned 1 [0040.840] lstrcmpiW (lpString1="Default", lpString2="Windows") returned -1 [0040.840] lstrcmpiW (lpString1="Default", lpString2="Program Files") returned -1 [0040.840] lstrcmpiW (lpString1="Default", lpString2="Program Files (x86)") returned -1 [0040.840] lstrcmpiW (lpString1="Default", lpString2="$Recycle.bin") returned 1 [0040.840] lstrcmpiW (lpString1="Default", lpString2="System Volume Information") returned -1 [0040.840] lstrcmpiW (lpString1="Default", lpString2=".") returned 1 [0040.840] lstrcmpiW (lpString1="Default", lpString2="..") returned 1 [0040.840] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 79 [0040.840] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x67d400 [0040.840] lstrcpyW (in: lpString1=0x67d400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0040.840] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*" [0040.840] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0040.846] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.846] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.846] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.846] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.846] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.846] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.857] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.857] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.857] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.857] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.857] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.857] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.857] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.857] lstrcmpiW (lpString1="Cache", lpString2="Windows") returned -1 [0040.857] lstrcmpiW (lpString1="Cache", lpString2="Program Files") returned -1 [0040.858] lstrcmpiW (lpString1="Cache", lpString2="Program Files (x86)") returned -1 [0040.858] lstrcmpiW (lpString1="Cache", lpString2="$Recycle.bin") returned 1 [0040.858] lstrcmpiW (lpString1="Cache", lpString2="System Volume Information") returned -1 [0040.858] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0040.858] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0040.858] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 85 [0040.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.858] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0040.858] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*" [0040.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.858] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.858] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.858] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.858] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.858] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.859] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.859] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.859] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.859] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.859] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.859] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.859] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.859] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.859] lstrcmpiW (lpString1="data_0", lpString2="Windows") returned -1 [0040.859] lstrcmpiW (lpString1="data_0", lpString2="Program Files") returned -1 [0040.859] lstrcmpiW (lpString1="data_0", lpString2="Program Files (x86)") returned -1 [0040.859] lstrcmpiW (lpString1="data_0", lpString2="$Recycle.bin") returned 1 [0040.859] lstrcmpiW (lpString1="data_0", lpString2="System Volume Information") returned -1 [0040.859] lstrcmpiW (lpString1="data_0", lpString2=".") returned 1 [0040.859] lstrcmpiW (lpString1="data_0", lpString2="..") returned 1 [0040.859] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0") returned 92 [0040.859] StrStrIW (lpFirst="data_0", lpSrch=".lolkek") returned 0x0 [0040.859] lstrcmpW (lpString1="data_0", lpString2="LOLKEK.txt") returned -1 [0040.859] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0") returned 92 [0040.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x60eb70 [0040.859] lstrcpyW (in: lpString1=0x60eb70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" [0040.859] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.859] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.859] lstrcmpiW (lpString1="data_1", lpString2="Windows") returned -1 [0040.859] lstrcmpiW (lpString1="data_1", lpString2="Program Files") returned -1 [0040.859] lstrcmpiW (lpString1="data_1", lpString2="Program Files (x86)") returned -1 [0040.859] lstrcmpiW (lpString1="data_1", lpString2="$Recycle.bin") returned 1 [0040.859] lstrcmpiW (lpString1="data_1", lpString2="System Volume Information") returned -1 [0040.859] lstrcmpiW (lpString1="data_1", lpString2=".") returned 1 [0040.859] lstrcmpiW (lpString1="data_1", lpString2="..") returned 1 [0040.859] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1") returned 92 [0040.859] StrStrIW (lpFirst="data_1", lpSrch=".lolkek") returned 0x0 [0040.859] lstrcmpW (lpString1="data_1", lpString2="LOLKEK.txt") returned -1 [0040.859] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1") returned 92 [0040.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x6135a8 [0040.859] lstrcpyW (in: lpString1=0x6135a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" [0040.859] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.860] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.860] lstrcmpiW (lpString1="data_2", lpString2="Windows") returned -1 [0040.860] lstrcmpiW (lpString1="data_2", lpString2="Program Files") returned -1 [0040.860] lstrcmpiW (lpString1="data_2", lpString2="Program Files (x86)") returned -1 [0040.860] lstrcmpiW (lpString1="data_2", lpString2="$Recycle.bin") returned 1 [0040.860] lstrcmpiW (lpString1="data_2", lpString2="System Volume Information") returned -1 [0040.860] lstrcmpiW (lpString1="data_2", lpString2=".") returned 1 [0040.860] lstrcmpiW (lpString1="data_2", lpString2="..") returned 1 [0040.860] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2") returned 92 [0040.860] StrStrIW (lpFirst="data_2", lpSrch=".lolkek") returned 0x0 [0040.860] lstrcmpW (lpString1="data_2", lpString2="LOLKEK.txt") returned -1 [0040.860] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2") returned 92 [0040.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x613728 [0040.860] lstrcpyW (in: lpString1=0x613728, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" [0040.860] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.860] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.860] lstrcmpiW (lpString1="data_3", lpString2="Windows") returned -1 [0040.860] lstrcmpiW (lpString1="data_3", lpString2="Program Files") returned -1 [0040.860] lstrcmpiW (lpString1="data_3", lpString2="Program Files (x86)") returned -1 [0040.860] lstrcmpiW (lpString1="data_3", lpString2="$Recycle.bin") returned 1 [0040.860] lstrcmpiW (lpString1="data_3", lpString2="System Volume Information") returned -1 [0040.860] lstrcmpiW (lpString1="data_3", lpString2=".") returned 1 [0040.860] lstrcmpiW (lpString1="data_3", lpString2="..") returned 1 [0040.860] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3") returned 92 [0040.860] StrStrIW (lpFirst="data_3", lpSrch=".lolkek") returned 0x0 [0040.860] lstrcmpW (lpString1="data_3", lpString2="LOLKEK.txt") returned -1 [0040.860] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3") returned 92 [0040.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x6138a8 [0040.860] lstrcpyW (in: lpString1=0x6138a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" [0040.860] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.860] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.860] lstrcmpiW (lpString1="index", lpString2="Windows") returned -1 [0040.860] lstrcmpiW (lpString1="index", lpString2="Program Files") returned -1 [0040.860] lstrcmpiW (lpString1="index", lpString2="Program Files (x86)") returned -1 [0040.861] lstrcmpiW (lpString1="index", lpString2="$Recycle.bin") returned 1 [0040.861] lstrcmpiW (lpString1="index", lpString2="System Volume Information") returned -1 [0040.861] lstrcmpiW (lpString1="index", lpString2=".") returned 1 [0040.861] lstrcmpiW (lpString1="index", lpString2="..") returned 1 [0040.861] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index") returned 91 [0040.861] StrStrIW (lpFirst="index", lpSrch=".lolkek") returned 0x0 [0040.861] lstrcmpW (lpString1="index", lpString2="LOLKEK.txt") returned -1 [0040.861] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index") returned 91 [0040.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x657ac0 [0040.861] lstrcpyW (in: lpString1=0x657ac0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" [0040.861] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.861] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.861] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.861] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\LOLKEK.txt") returned 96 [0040.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0040.861] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.861] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.862] CloseHandle (hObject=0x2a8) returned 1 [0040.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.862] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0040.862] lstrcmpiW (lpString1="Cookies", lpString2="Windows") returned -1 [0040.862] lstrcmpiW (lpString1="Cookies", lpString2="Program Files") returned -1 [0040.862] lstrcmpiW (lpString1="Cookies", lpString2="Program Files (x86)") returned -1 [0040.862] lstrcmpiW (lpString1="Cookies", lpString2="$Recycle.bin") returned 1 [0040.862] lstrcmpiW (lpString1="Cookies", lpString2="System Volume Information") returned -1 [0040.862] lstrcmpiW (lpString1="Cookies", lpString2=".") returned 1 [0040.862] lstrcmpiW (lpString1="Cookies", lpString2="..") returned 1 [0040.862] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies") returned 87 [0040.862] StrStrIW (lpFirst="Cookies", lpSrch=".lolkek") returned 0x0 [0040.862] lstrcmpW (lpString1="Cookies", lpString2="LOLKEK.txt") returned -1 [0040.862] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies") returned 87 [0040.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x657c38 [0040.862] lstrcpyW (in: lpString1=0x657c38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" [0040.862] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.862] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.863] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0040.863] lstrcmpiW (lpString1="Cookies-journal", lpString2="Windows") returned -1 [0040.863] lstrcmpiW (lpString1="Cookies-journal", lpString2="Program Files") returned -1 [0040.863] lstrcmpiW (lpString1="Cookies-journal", lpString2="Program Files (x86)") returned -1 [0040.863] lstrcmpiW (lpString1="Cookies-journal", lpString2="$Recycle.bin") returned 1 [0040.863] lstrcmpiW (lpString1="Cookies-journal", lpString2="System Volume Information") returned -1 [0040.863] lstrcmpiW (lpString1="Cookies-journal", lpString2=".") returned 1 [0040.863] lstrcmpiW (lpString1="Cookies-journal", lpString2="..") returned 1 [0040.863] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal") returned 95 [0040.863] StrStrIW (lpFirst="Cookies-journal", lpSrch=".lolkek") returned 0x0 [0040.863] lstrcmpW (lpString1="Cookies-journal", lpString2="LOLKEK.txt") returned -1 [0040.863] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal") returned 95 [0040.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x657da0 [0040.863] lstrcpyW (in: lpString1=0x657da0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" [0040.863] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.874] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.874] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0040.874] lstrcmpiW (lpString1="Current Session", lpString2="Windows") returned -1 [0040.874] lstrcmpiW (lpString1="Current Session", lpString2="Program Files") returned -1 [0040.874] lstrcmpiW (lpString1="Current Session", lpString2="Program Files (x86)") returned -1 [0040.874] lstrcmpiW (lpString1="Current Session", lpString2="$Recycle.bin") returned 1 [0040.874] lstrcmpiW (lpString1="Current Session", lpString2="System Volume Information") returned -1 [0040.874] lstrcmpiW (lpString1="Current Session", lpString2=".") returned 1 [0040.874] lstrcmpiW (lpString1="Current Session", lpString2="..") returned 1 [0040.874] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session") returned 95 [0040.874] StrStrIW (lpFirst="Current Session", lpSrch=".lolkek") returned 0x0 [0040.874] lstrcmpW (lpString1="Current Session", lpString2="LOLKEK.txt") returned -1 [0040.875] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session") returned 95 [0040.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x3cc1658 [0040.875] lstrcpyW (in: lpString1=0x3cc1658, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" [0040.875] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.877] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.877] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0040.877] lstrcmpiW (lpString1="Current Tabs", lpString2="Windows") returned -1 [0040.877] lstrcmpiW (lpString1="Current Tabs", lpString2="Program Files") returned -1 [0040.877] lstrcmpiW (lpString1="Current Tabs", lpString2="Program Files (x86)") returned -1 [0040.877] lstrcmpiW (lpString1="Current Tabs", lpString2="$Recycle.bin") returned 1 [0040.877] lstrcmpiW (lpString1="Current Tabs", lpString2="System Volume Information") returned -1 [0040.877] lstrcmpiW (lpString1="Current Tabs", lpString2=".") returned 1 [0040.877] lstrcmpiW (lpString1="Current Tabs", lpString2="..") returned 1 [0040.877] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs") returned 92 [0040.877] StrStrIW (lpFirst="Current Tabs", lpSrch=".lolkek") returned 0x0 [0040.877] lstrcmpW (lpString1="Current Tabs", lpString2="LOLKEK.txt") returned -1 [0040.877] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs") returned 92 [0040.877] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x3cc17e0 [0040.877] lstrcpyW (in: lpString1=0x3cc17e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" [0040.877] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.878] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.878] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0040.878] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="Windows") returned -1 [0040.878] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="Program Files") returned -1 [0040.878] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="Program Files (x86)") returned -1 [0040.878] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="$Recycle.bin") returned 1 [0040.878] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="System Volume Information") returned -1 [0040.878] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2=".") returned 1 [0040.878] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="..") returned 1 [0040.878] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 108 [0040.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.878] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0040.878] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*" [0040.878] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.880] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.880] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.880] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.880] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.880] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.880] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.880] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.880] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.880] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.880] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.880] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.880] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.880] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.880] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.880] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="000003.log", cAlternateFileName="")) returned 1 [0040.880] lstrcmpiW (lpString1="000003.log", lpString2="Windows") returned -1 [0040.880] lstrcmpiW (lpString1="000003.log", lpString2="Program Files") returned -1 [0040.880] lstrcmpiW (lpString1="000003.log", lpString2="Program Files (x86)") returned -1 [0040.880] lstrcmpiW (lpString1="000003.log", lpString2="$Recycle.bin") returned 1 [0040.880] lstrcmpiW (lpString1="000003.log", lpString2="System Volume Information") returned -1 [0040.880] lstrcmpiW (lpString1="000003.log", lpString2=".") returned 1 [0040.880] lstrcmpiW (lpString1="000003.log", lpString2="..") returned 1 [0040.880] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log") returned 119 [0040.880] StrStrIW (lpFirst="000003.log", lpSrch=".lolkek") returned 0x0 [0040.880] lstrcmpW (lpString1="000003.log", lpString2="LOLKEK.txt") returned -1 [0040.880] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log") returned 119 [0040.880] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x3cc1960 [0040.880] lstrcpyW (in: lpString1=0x3cc1960, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" [0040.880] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.896] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.896] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0040.896] lstrcmpiW (lpString1="CURRENT", lpString2="Windows") returned -1 [0040.896] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files") returned -1 [0040.896] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files (x86)") returned -1 [0040.896] lstrcmpiW (lpString1="CURRENT", lpString2="$Recycle.bin") returned 1 [0040.896] lstrcmpiW (lpString1="CURRENT", lpString2="System Volume Information") returned -1 [0040.896] lstrcmpiW (lpString1="CURRENT", lpString2=".") returned 1 [0040.896] lstrcmpiW (lpString1="CURRENT", lpString2="..") returned 1 [0040.896] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT") returned 116 [0040.896] StrStrIW (lpFirst="CURRENT", lpSrch=".lolkek") returned 0x0 [0040.896] lstrcmpW (lpString1="CURRENT", lpString2="LOLKEK.txt") returned -1 [0040.896] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT") returned 116 [0040.896] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d4) returned 0x3cc1b48 [0040.896] lstrcpyW (in: lpString1=0x3cc1b48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" [0040.896] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.896] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.896] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOCK", cAlternateFileName="")) returned 1 [0040.896] lstrcmpiW (lpString1="LOCK", lpString2="Windows") returned -1 [0040.896] lstrcmpiW (lpString1="LOCK", lpString2="Program Files") returned -1 [0040.896] lstrcmpiW (lpString1="LOCK", lpString2="Program Files (x86)") returned -1 [0040.896] lstrcmpiW (lpString1="LOCK", lpString2="$Recycle.bin") returned 1 [0040.897] lstrcmpiW (lpString1="LOCK", lpString2="System Volume Information") returned -1 [0040.897] lstrcmpiW (lpString1="LOCK", lpString2=".") returned 1 [0040.897] lstrcmpiW (lpString1="LOCK", lpString2="..") returned 1 [0040.897] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK") returned 113 [0040.897] StrStrIW (lpFirst="LOCK", lpSrch=".lolkek") returned 0x0 [0040.897] lstrcmpW (lpString1="LOCK", lpString2="LOLKEK.txt") returned -1 [0040.897] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK") returned 113 [0040.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c8) returned 0x3dde258 [0040.897] lstrcpyW (in: lpString1=0x3dde258, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" [0040.897] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.902] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.902] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOG", cAlternateFileName="")) returned 1 [0040.902] lstrcmpiW (lpString1="LOG", lpString2="Windows") returned -1 [0040.902] lstrcmpiW (lpString1="LOG", lpString2="Program Files") returned -1 [0040.902] lstrcmpiW (lpString1="LOG", lpString2="Program Files (x86)") returned -1 [0040.902] lstrcmpiW (lpString1="LOG", lpString2="$Recycle.bin") returned 1 [0040.902] lstrcmpiW (lpString1="LOG", lpString2="System Volume Information") returned -1 [0040.902] lstrcmpiW (lpString1="LOG", lpString2=".") returned 1 [0040.902] lstrcmpiW (lpString1="LOG", lpString2="..") returned 1 [0040.902] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG") returned 112 [0040.902] StrStrIW (lpFirst="LOG", lpSrch=".lolkek") returned 0x0 [0040.902] lstrcmpW (lpString1="LOG", lpString2="LOLKEK.txt") returned -1 [0040.902] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG") returned 112 [0040.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c4) returned 0x3dde428 [0040.902] lstrcpyW (in: lpString1=0x3dde428, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" [0040.902] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.903] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.903] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0040.903] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Windows") returned -1 [0040.903] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files") returned -1 [0040.903] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files (x86)") returned -1 [0040.903] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="$Recycle.bin") returned 1 [0040.903] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="System Volume Information") returned -1 [0040.903] lstrcmpiW (lpString1="MANIFEST-000001", lpString2=".") returned 1 [0040.903] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="..") returned 1 [0040.903] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001") returned 124 [0040.903] StrStrIW (lpFirst="MANIFEST-000001", lpSrch=".lolkek") returned 0x0 [0040.903] lstrcmpW (lpString1="MANIFEST-000001", lpString2="LOLKEK.txt") returned 1 [0040.903] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001") returned 124 [0040.903] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f4) returned 0x3dde5f8 [0040.903] lstrcpyW (in: lpString1=0x3dde5f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" [0040.903] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.916] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.916] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0040.916] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.916] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOLKEK.txt") returned 119 [0040.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0040.917] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.917] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.918] CloseHandle (hObject=0x160) returned 1 [0040.918] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.919] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0040.919] lstrcmpiW (lpString1="Extension Rules", lpString2="Windows") returned -1 [0040.919] lstrcmpiW (lpString1="Extension Rules", lpString2="Program Files") returned -1 [0040.919] lstrcmpiW (lpString1="Extension Rules", lpString2="Program Files (x86)") returned -1 [0040.919] lstrcmpiW (lpString1="Extension Rules", lpString2="$Recycle.bin") returned 1 [0040.919] lstrcmpiW (lpString1="Extension Rules", lpString2="System Volume Information") returned -1 [0040.919] lstrcmpiW (lpString1="Extension Rules", lpString2=".") returned 1 [0040.919] lstrcmpiW (lpString1="Extension Rules", lpString2="..") returned 1 [0040.919] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 95 [0040.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.920] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0040.920] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*" [0040.920] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.924] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.924] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.924] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.925] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.925] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.925] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.925] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.925] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.925] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.925] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.925] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.925] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.925] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.925] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.925] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="000003.log", cAlternateFileName="")) returned 1 [0040.925] lstrcmpiW (lpString1="000003.log", lpString2="Windows") returned -1 [0040.925] lstrcmpiW (lpString1="000003.log", lpString2="Program Files") returned -1 [0040.925] lstrcmpiW (lpString1="000003.log", lpString2="Program Files (x86)") returned -1 [0040.925] lstrcmpiW (lpString1="000003.log", lpString2="$Recycle.bin") returned 1 [0040.925] lstrcmpiW (lpString1="000003.log", lpString2="System Volume Information") returned -1 [0040.925] lstrcmpiW (lpString1="000003.log", lpString2=".") returned 1 [0040.925] lstrcmpiW (lpString1="000003.log", lpString2="..") returned 1 [0040.925] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log") returned 106 [0040.925] StrStrIW (lpFirst="000003.log", lpSrch=".lolkek") returned 0x0 [0040.925] lstrcmpW (lpString1="000003.log", lpString2="LOLKEK.txt") returned -1 [0040.925] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log") returned 106 [0040.925] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3dde7f8 [0040.925] lstrcpyW (in: lpString1=0x3dde7f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" [0040.925] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.927] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.927] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0040.927] lstrcmpiW (lpString1="CURRENT", lpString2="Windows") returned -1 [0040.927] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files") returned -1 [0040.927] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files (x86)") returned -1 [0040.927] lstrcmpiW (lpString1="CURRENT", lpString2="$Recycle.bin") returned 1 [0040.927] lstrcmpiW (lpString1="CURRENT", lpString2="System Volume Information") returned -1 [0040.927] lstrcmpiW (lpString1="CURRENT", lpString2=".") returned 1 [0040.927] lstrcmpiW (lpString1="CURRENT", lpString2="..") returned 1 [0040.927] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT") returned 103 [0040.927] StrStrIW (lpFirst="CURRENT", lpSrch=".lolkek") returned 0x0 [0040.927] lstrcmpW (lpString1="CURRENT", lpString2="LOLKEK.txt") returned -1 [0040.927] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT") returned 103 [0040.927] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x3dde9b0 [0040.927] lstrcpyW (in: lpString1=0x3dde9b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" [0040.927] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.928] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.928] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOCK", cAlternateFileName="")) returned 1 [0040.928] lstrcmpiW (lpString1="LOCK", lpString2="Windows") returned -1 [0040.928] lstrcmpiW (lpString1="LOCK", lpString2="Program Files") returned -1 [0040.928] lstrcmpiW (lpString1="LOCK", lpString2="Program Files (x86)") returned -1 [0040.928] lstrcmpiW (lpString1="LOCK", lpString2="$Recycle.bin") returned 1 [0040.928] lstrcmpiW (lpString1="LOCK", lpString2="System Volume Information") returned -1 [0040.928] lstrcmpiW (lpString1="LOCK", lpString2=".") returned 1 [0040.928] lstrcmpiW (lpString1="LOCK", lpString2="..") returned 1 [0040.928] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK") returned 100 [0040.928] StrStrIW (lpFirst="LOCK", lpSrch=".lolkek") returned 0x0 [0040.928] lstrcmpW (lpString1="LOCK", lpString2="LOLKEK.txt") returned -1 [0040.928] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK") returned 100 [0040.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3ddeb58 [0040.928] lstrcpyW (in: lpString1=0x3ddeb58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" [0040.928] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.944] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.944] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOG", cAlternateFileName="")) returned 1 [0040.944] lstrcmpiW (lpString1="LOG", lpString2="Windows") returned -1 [0040.944] lstrcmpiW (lpString1="LOG", lpString2="Program Files") returned -1 [0040.944] lstrcmpiW (lpString1="LOG", lpString2="Program Files (x86)") returned -1 [0040.944] lstrcmpiW (lpString1="LOG", lpString2="$Recycle.bin") returned 1 [0040.944] lstrcmpiW (lpString1="LOG", lpString2="System Volume Information") returned -1 [0040.944] lstrcmpiW (lpString1="LOG", lpString2=".") returned 1 [0040.944] lstrcmpiW (lpString1="LOG", lpString2="..") returned 1 [0040.944] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG") returned 99 [0040.944] StrStrIW (lpFirst="LOG", lpSrch=".lolkek") returned 0x0 [0040.944] lstrcmpW (lpString1="LOG", lpString2="LOLKEK.txt") returned -1 [0040.944] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG") returned 99 [0040.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x634958 [0040.944] lstrcpyW (in: lpString1=0x634958, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" [0040.944] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.944] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.944] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0040.944] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Windows") returned -1 [0040.944] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files") returned -1 [0040.944] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files (x86)") returned -1 [0040.944] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="$Recycle.bin") returned 1 [0040.944] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="System Volume Information") returned -1 [0040.944] lstrcmpiW (lpString1="MANIFEST-000001", lpString2=".") returned 1 [0040.944] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="..") returned 1 [0040.944] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001") returned 111 [0040.944] StrStrIW (lpFirst="MANIFEST-000001", lpSrch=".lolkek") returned 0x0 [0040.944] lstrcmpW (lpString1="MANIFEST-000001", lpString2="LOLKEK.txt") returned 1 [0040.944] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001") returned 111 [0040.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c0) returned 0x634af0 [0040.944] lstrcpyW (in: lpString1=0x634af0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" [0040.945] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.945] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.945] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0040.945] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.945] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOLKEK.txt") returned 106 [0040.945] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.946] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.946] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.946] CloseHandle (hObject=0x270) returned 1 [0040.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.948] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0040.948] lstrcmpiW (lpString1="Extension State", lpString2="Windows") returned -1 [0040.948] lstrcmpiW (lpString1="Extension State", lpString2="Program Files") returned -1 [0040.948] lstrcmpiW (lpString1="Extension State", lpString2="Program Files (x86)") returned -1 [0040.948] lstrcmpiW (lpString1="Extension State", lpString2="$Recycle.bin") returned 1 [0040.948] lstrcmpiW (lpString1="Extension State", lpString2="System Volume Information") returned -1 [0040.948] lstrcmpiW (lpString1="Extension State", lpString2=".") returned 1 [0040.948] lstrcmpiW (lpString1="Extension State", lpString2="..") returned 1 [0040.948] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 95 [0040.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.948] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0040.948] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*" [0040.948] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.950] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.950] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.950] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.950] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.950] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.950] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.950] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.950] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.950] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.950] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.950] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.950] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.950] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.950] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.950] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="000003.log", cAlternateFileName="")) returned 1 [0040.950] lstrcmpiW (lpString1="000003.log", lpString2="Windows") returned -1 [0040.950] lstrcmpiW (lpString1="000003.log", lpString2="Program Files") returned -1 [0040.950] lstrcmpiW (lpString1="000003.log", lpString2="Program Files (x86)") returned -1 [0040.950] lstrcmpiW (lpString1="000003.log", lpString2="$Recycle.bin") returned 1 [0040.950] lstrcmpiW (lpString1="000003.log", lpString2="System Volume Information") returned -1 [0040.950] lstrcmpiW (lpString1="000003.log", lpString2=".") returned 1 [0040.950] lstrcmpiW (lpString1="000003.log", lpString2="..") returned 1 [0040.950] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log") returned 106 [0040.950] StrStrIW (lpFirst="000003.log", lpSrch=".lolkek") returned 0x0 [0040.950] lstrcmpW (lpString1="000003.log", lpString2="LOLKEK.txt") returned -1 [0040.950] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log") returned 106 [0040.950] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x634cb8 [0040.950] lstrcpyW (in: lpString1=0x634cb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" [0040.950] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.967] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.967] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0040.967] lstrcmpiW (lpString1="CURRENT", lpString2="Windows") returned -1 [0040.967] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files") returned -1 [0040.967] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files (x86)") returned -1 [0040.967] lstrcmpiW (lpString1="CURRENT", lpString2="$Recycle.bin") returned 1 [0040.967] lstrcmpiW (lpString1="CURRENT", lpString2="System Volume Information") returned -1 [0040.967] lstrcmpiW (lpString1="CURRENT", lpString2=".") returned 1 [0040.967] lstrcmpiW (lpString1="CURRENT", lpString2="..") returned 1 [0040.967] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT") returned 103 [0040.967] StrStrIW (lpFirst="CURRENT", lpSrch=".lolkek") returned 0x0 [0040.967] lstrcmpW (lpString1="CURRENT", lpString2="LOLKEK.txt") returned -1 [0040.967] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT") returned 103 [0040.967] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x634e70 [0040.967] lstrcpyW (in: lpString1=0x634e70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" [0040.967] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.967] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.967] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOCK", cAlternateFileName="")) returned 1 [0040.967] lstrcmpiW (lpString1="LOCK", lpString2="Windows") returned -1 [0040.967] lstrcmpiW (lpString1="LOCK", lpString2="Program Files") returned -1 [0040.967] lstrcmpiW (lpString1="LOCK", lpString2="Program Files (x86)") returned -1 [0040.967] lstrcmpiW (lpString1="LOCK", lpString2="$Recycle.bin") returned 1 [0040.967] lstrcmpiW (lpString1="LOCK", lpString2="System Volume Information") returned -1 [0040.967] lstrcmpiW (lpString1="LOCK", lpString2=".") returned 1 [0040.967] lstrcmpiW (lpString1="LOCK", lpString2="..") returned 1 [0040.967] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK") returned 100 [0040.967] StrStrIW (lpFirst="LOCK", lpSrch=".lolkek") returned 0x0 [0040.967] lstrcmpW (lpString1="LOCK", lpString2="LOLKEK.txt") returned -1 [0040.967] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK") returned 100 [0040.968] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x635018 [0040.968] lstrcpyW (in: lpString1=0x635018, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" [0040.968] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.972] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.972] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOG", cAlternateFileName="")) returned 1 [0040.972] lstrcmpiW (lpString1="LOG", lpString2="Windows") returned -1 [0040.972] lstrcmpiW (lpString1="LOG", lpString2="Program Files") returned -1 [0040.972] lstrcmpiW (lpString1="LOG", lpString2="Program Files (x86)") returned -1 [0040.972] lstrcmpiW (lpString1="LOG", lpString2="$Recycle.bin") returned 1 [0040.972] lstrcmpiW (lpString1="LOG", lpString2="System Volume Information") returned -1 [0040.972] lstrcmpiW (lpString1="LOG", lpString2=".") returned 1 [0040.972] lstrcmpiW (lpString1="LOG", lpString2="..") returned 1 [0040.972] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG") returned 99 [0040.972] StrStrIW (lpFirst="LOG", lpSrch=".lolkek") returned 0x0 [0040.972] lstrcmpW (lpString1="LOG", lpString2="LOLKEK.txt") returned -1 [0040.973] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG") returned 99 [0040.973] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x6351b8 [0040.973] lstrcpyW (in: lpString1=0x6351b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" [0040.973] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.974] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.974] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0040.974] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Windows") returned -1 [0040.974] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files") returned -1 [0040.974] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files (x86)") returned -1 [0040.974] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="$Recycle.bin") returned 1 [0040.974] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="System Volume Information") returned -1 [0040.974] lstrcmpiW (lpString1="MANIFEST-000001", lpString2=".") returned 1 [0040.974] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="..") returned 1 [0040.974] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001") returned 111 [0040.974] StrStrIW (lpFirst="MANIFEST-000001", lpSrch=".lolkek") returned 0x0 [0040.974] lstrcmpW (lpString1="MANIFEST-000001", lpString2="LOLKEK.txt") returned 1 [0040.974] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001") returned 111 [0040.974] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c0) returned 0x635350 [0040.974] lstrcpyW (in: lpString1=0x635350, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" [0040.974] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0040.985] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0040.985] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0040.985] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0040.985] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOLKEK.txt") returned 106 [0040.986] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0040.986] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0040.986] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0040.987] CloseHandle (hObject=0x270) returned 1 [0040.987] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0040.988] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0040.988] lstrcmpiW (lpString1="Extensions", lpString2="Windows") returned -1 [0040.988] lstrcmpiW (lpString1="Extensions", lpString2="Program Files") returned -1 [0040.988] lstrcmpiW (lpString1="Extensions", lpString2="Program Files (x86)") returned -1 [0040.988] lstrcmpiW (lpString1="Extensions", lpString2="$Recycle.bin") returned 1 [0040.988] lstrcmpiW (lpString1="Extensions", lpString2="System Volume Information") returned -1 [0040.988] lstrcmpiW (lpString1="Extensions", lpString2=".") returned 1 [0040.988] lstrcmpiW (lpString1="Extensions", lpString2="..") returned 1 [0040.988] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 90 [0040.988] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0040.989] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0040.989] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*" [0040.989] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0040.997] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.997] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.997] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.997] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.997] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0040.997] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.997] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0040.997] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0040.997] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0040.997] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0040.997] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0040.997] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0040.997] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.997] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.997] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0040.997] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="Windows") returned -1 [0040.997] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="Program Files") returned -1 [0040.997] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="Program Files (x86)") returned -1 [0040.997] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="$Recycle.bin") returned 1 [0040.997] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="System Volume Information") returned -1 [0040.997] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2=".") returned 1 [0040.997] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="..") returned 1 [0040.997] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 123 [0040.997] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e53fd8 [0040.997] lstrcpyW (in: lpString1=0x3e53fd8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0040.997] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*" [0040.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0040.999] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0040.999] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0040.999] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0040.999] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0040.999] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.000] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.000] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.000] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.000] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.000] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.000] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.000] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.000] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.000] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.000] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0041.000] lstrcmpiW (lpString1="0.9_0", lpString2="Windows") returned -1 [0041.000] lstrcmpiW (lpString1="0.9_0", lpString2="Program Files") returned -1 [0041.000] lstrcmpiW (lpString1="0.9_0", lpString2="Program Files (x86)") returned -1 [0041.000] lstrcmpiW (lpString1="0.9_0", lpString2="$Recycle.bin") returned 1 [0041.000] lstrcmpiW (lpString1="0.9_0", lpString2="System Volume Information") returned -1 [0041.000] lstrcmpiW (lpString1="0.9_0", lpString2=".") returned 1 [0041.000] lstrcmpiW (lpString1="0.9_0", lpString2="..") returned 1 [0041.000] wsprintfW (in: param_1=0x3e53fd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 129 [0041.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e63fe0 [0041.000] lstrcpyW (in: lpString1=0x3e63fe0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0041.000] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*" [0041.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0041.003] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.003] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.003] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.003] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.003] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.003] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.003] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.003] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.003] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.003] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.003] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.003] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.003] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.003] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.003] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0041.003] lstrcmpiW (lpString1="icon_128.png", lpString2="Windows") returned -1 [0041.003] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files") returned -1 [0041.003] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files (x86)") returned -1 [0041.003] lstrcmpiW (lpString1="icon_128.png", lpString2="$Recycle.bin") returned 1 [0041.003] lstrcmpiW (lpString1="icon_128.png", lpString2="System Volume Information") returned -1 [0041.003] lstrcmpiW (lpString1="icon_128.png", lpString2=".") returned 1 [0041.003] lstrcmpiW (lpString1="icon_128.png", lpString2="..") returned 1 [0041.003] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png") returned 142 [0041.003] StrStrIW (lpFirst="icon_128.png", lpSrch=".lolkek") returned 0x0 [0041.003] lstrcmpW (lpString1="icon_128.png", lpString2="LOLKEK.txt") returned -1 [0041.003] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png") returned 142 [0041.003] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x23c) returned 0x635518 [0041.003] lstrcpyW (in: lpString1=0x635518, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" [0041.004] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.004] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.004] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0041.004] lstrcmpiW (lpString1="icon_16.png", lpString2="Windows") returned -1 [0041.004] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files") returned -1 [0041.004] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files (x86)") returned -1 [0041.004] lstrcmpiW (lpString1="icon_16.png", lpString2="$Recycle.bin") returned 1 [0041.004] lstrcmpiW (lpString1="icon_16.png", lpString2="System Volume Information") returned -1 [0041.004] lstrcmpiW (lpString1="icon_16.png", lpString2=".") returned 1 [0041.004] lstrcmpiW (lpString1="icon_16.png", lpString2="..") returned 1 [0041.004] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png") returned 141 [0041.004] StrStrIW (lpFirst="icon_16.png", lpSrch=".lolkek") returned 0x0 [0041.004] lstrcmpW (lpString1="icon_16.png", lpString2="LOLKEK.txt") returned -1 [0041.004] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png") returned 141 [0041.004] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x68d408 [0041.004] lstrcpyW (in: lpString1=0x68d408, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" [0041.004] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.005] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.005] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0041.005] lstrcmpiW (lpString1="main.html", lpString2="Windows") returned -1 [0041.005] lstrcmpiW (lpString1="main.html", lpString2="Program Files") returned -1 [0041.006] lstrcmpiW (lpString1="main.html", lpString2="Program Files (x86)") returned -1 [0041.006] lstrcmpiW (lpString1="main.html", lpString2="$Recycle.bin") returned 1 [0041.006] lstrcmpiW (lpString1="main.html", lpString2="System Volume Information") returned -1 [0041.006] lstrcmpiW (lpString1="main.html", lpString2=".") returned 1 [0041.006] lstrcmpiW (lpString1="main.html", lpString2="..") returned 1 [0041.006] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html") returned 139 [0041.006] StrStrIW (lpFirst="main.html", lpSrch=".lolkek") returned 0x0 [0041.006] lstrcmpW (lpString1="main.html", lpString2="LOLKEK.txt") returned 1 [0041.006] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html") returned 139 [0041.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x613198 [0041.006] lstrcpyW (in: lpString1=0x613198, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" [0041.006] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.006] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.006] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="main.js", cAlternateFileName="")) returned 1 [0041.006] lstrcmpiW (lpString1="main.js", lpString2="Windows") returned -1 [0041.006] lstrcmpiW (lpString1="main.js", lpString2="Program Files") returned -1 [0041.006] lstrcmpiW (lpString1="main.js", lpString2="Program Files (x86)") returned -1 [0041.007] lstrcmpiW (lpString1="main.js", lpString2="$Recycle.bin") returned 1 [0041.007] lstrcmpiW (lpString1="main.js", lpString2="System Volume Information") returned -1 [0041.007] lstrcmpiW (lpString1="main.js", lpString2=".") returned 1 [0041.007] lstrcmpiW (lpString1="main.js", lpString2="..") returned 1 [0041.007] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js") returned 137 [0041.007] StrStrIW (lpFirst="main.js", lpSrch=".lolkek") returned 0x0 [0041.007] lstrcmpW (lpString1="main.js", lpString2="LOLKEK.txt") returned 1 [0041.007] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js") returned 137 [0041.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x68d648 [0041.007] lstrcpyW (in: lpString1=0x68d648, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" [0041.007] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.016] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.016] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0041.016] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0041.016] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0041.016] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0041.016] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0041.016] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0041.016] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0041.016] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0041.016] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json") returned 143 [0041.016] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0041.016] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0041.016] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json") returned 143 [0041.016] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x240) returned 0x68d878 [0041.016] lstrcpyW (in: lpString1=0x68d878, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" [0041.016] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.027] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.027] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0041.027] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0041.027] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0041.027] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0041.027] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0041.027] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0041.027] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0041.027] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0041.027] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 138 [0041.027] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0041.027] lstrcpyW (in: lpString1=0x3e43fd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0041.028] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*" [0041.028] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0041.042] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.042] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.042] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.042] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.042] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.042] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.042] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.042] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.042] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.042] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.042] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.042] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.042] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.042] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.042] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ar", cAlternateFileName="")) returned 1 [0041.042] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0041.042] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0041.042] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0041.042] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0041.042] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0041.042] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0041.042] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0041.042] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned 141 [0041.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.042] lstrcpyW (in: lpString1=0x3c13e98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0041.042] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*" [0041.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.042] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.042] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.042] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.043] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.043] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.043] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.043] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.043] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.043] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.043] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.043] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.043] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.043] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.043] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.043] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.043] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.043] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.043] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.043] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.043] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.043] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.043] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.043] wsprintfW (in: param_1=0x3c13e98, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json") returned 155 [0041.043] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.043] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.043] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json") returned 155 [0041.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x68dac0 [0041.043] lstrcpyW (in: lpString1=0x68dac0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" [0041.043] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.043] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.043] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.043] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.043] wsprintfW (in: param_1=0x3c13e98, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\LOLKEK.txt") returned 152 [0041.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.044] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.044] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.044] CloseHandle (hObject=0x210) returned 1 [0041.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.045] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0041.045] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0041.045] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0041.045] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0041.045] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0041.045] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0041.045] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0041.045] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0041.045] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned 141 [0041.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.045] lstrcpyW (in: lpString1=0x3c13e98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0041.045] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*" [0041.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.045] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.045] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.045] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.045] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.045] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.045] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.045] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.045] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.045] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.045] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.045] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.045] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.045] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.045] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.045] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.046] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.046] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.046] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.046] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.046] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.046] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.046] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.046] wsprintfW (in: param_1=0x3c13e98, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json") returned 155 [0041.046] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.046] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.046] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json") returned 155 [0041.046] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x68dd38 [0041.046] lstrcpyW (in: lpString1=0x68dd38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" [0041.046] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.046] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.046] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.046] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.046] wsprintfW (in: param_1=0x3c13e98, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\LOLKEK.txt") returned 152 [0041.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.046] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.046] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.047] CloseHandle (hObject=0x210) returned 1 [0041.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.047] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0041.047] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0041.047] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0041.047] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0041.047] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0041.047] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0041.047] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0041.047] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0041.047] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned 141 [0041.047] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c13e98 [0041.047] lstrcpyW (in: lpString1=0x3c13e98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0041.047] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*" [0041.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.055] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.055] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.055] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.055] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.055] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.055] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.055] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.055] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.055] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.055] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.055] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.055] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.055] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.055] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.055] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.055] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.055] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.055] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.055] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.055] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.055] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.055] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.055] wsprintfW (in: param_1=0x3c13e98, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json") returned 155 [0041.055] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.055] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.055] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json") returned 155 [0041.055] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x68dfb0 [0041.055] lstrcpyW (in: lpString1=0x68dfb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" [0041.055] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.057] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.057] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.057] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.057] wsprintfW (in: param_1=0x3c13e98, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\LOLKEK.txt") returned 152 [0041.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.058] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.058] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.059] CloseHandle (hObject=0x2a8) returned 1 [0041.059] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c13e98 | out: hHeap=0x5a0000) returned 1 [0041.060] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0041.060] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0041.060] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0041.060] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0041.060] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0041.060] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0041.060] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0041.060] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0041.060] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned 141 [0041.060] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.060] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0041.060] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*" [0041.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.061] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.061] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.061] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.061] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.061] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.061] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.061] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.061] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.061] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.061] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.061] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.061] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.061] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.061] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.061] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.061] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.061] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.061] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.061] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.061] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.061] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.061] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.061] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json") returned 155 [0041.061] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.061] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.061] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json") returned 155 [0041.061] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x668b28 [0041.061] lstrcpyW (in: lpString1=0x668b28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" [0041.061] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.063] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.063] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.063] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.063] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\LOLKEK.txt") returned 152 [0041.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.064] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.064] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.064] CloseHandle (hObject=0x2a8) returned 1 [0041.064] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.064] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0041.064] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0041.064] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0041.064] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0041.064] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0041.064] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0041.064] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0041.065] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0041.065] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned 141 [0041.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.065] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0041.065] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*" [0041.065] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.065] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.065] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.065] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.065] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.065] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.065] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.065] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.065] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.065] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.065] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.066] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.066] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.066] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.066] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.066] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.066] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.066] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.066] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.066] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.066] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.066] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.066] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.066] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json") returned 155 [0041.066] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.066] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.066] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json") returned 155 [0041.066] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x668da0 [0041.066] lstrcpyW (in: lpString1=0x668da0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" [0041.066] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.079] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.079] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.079] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.079] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\LOLKEK.txt") returned 152 [0041.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.079] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.079] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.080] CloseHandle (hObject=0x2a8) returned 1 [0041.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.080] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0041.080] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0041.080] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0041.080] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0041.080] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0041.080] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0041.080] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0041.080] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0041.080] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned 141 [0041.080] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.080] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0041.080] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*" [0041.080] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.081] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.081] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.081] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.081] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.081] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.081] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.081] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.081] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.081] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.081] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.081] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.081] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.081] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.081] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.081] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.081] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.081] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.081] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.081] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.081] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.081] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.081] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.081] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json") returned 155 [0041.081] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.081] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.081] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json") returned 155 [0041.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x669018 [0041.081] lstrcpyW (in: lpString1=0x669018, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" [0041.081] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.093] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.093] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.093] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.093] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\LOLKEK.txt") returned 152 [0041.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.094] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.094] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.094] CloseHandle (hObject=0x2a8) returned 1 [0041.095] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.095] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0041.095] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0041.095] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0041.095] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0041.095] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0041.095] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0041.095] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0041.095] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0041.095] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned 141 [0041.095] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.095] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0041.095] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*" [0041.095] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.097] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.097] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.097] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.097] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.097] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.097] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.097] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.097] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.097] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.097] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.097] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.097] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.097] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.097] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.097] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.097] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.097] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.097] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.097] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.097] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.097] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.097] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.097] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json") returned 155 [0041.097] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.098] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.098] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json") returned 155 [0041.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x669290 [0041.098] lstrcpyW (in: lpString1=0x669290, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" [0041.098] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.098] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.098] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.098] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.098] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\LOLKEK.txt") returned 152 [0041.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.098] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.098] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.099] CloseHandle (hObject=0x2a8) returned 1 [0041.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.099] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_GB", cAlternateFileName="")) returned 1 [0041.099] lstrcmpiW (lpString1="en_GB", lpString2="Windows") returned -1 [0041.099] lstrcmpiW (lpString1="en_GB", lpString2="Program Files") returned -1 [0041.099] lstrcmpiW (lpString1="en_GB", lpString2="Program Files (x86)") returned -1 [0041.099] lstrcmpiW (lpString1="en_GB", lpString2="$Recycle.bin") returned 1 [0041.099] lstrcmpiW (lpString1="en_GB", lpString2="System Volume Information") returned -1 [0041.099] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0041.099] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0041.099] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned 144 [0041.099] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.099] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0041.099] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*" [0041.099] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.101] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.101] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.101] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.101] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.101] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.101] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.101] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.101] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.101] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.101] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.101] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.101] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.101] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.101] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.101] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.101] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.101] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.101] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.101] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.101] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.101] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.101] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.101] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json") returned 158 [0041.101] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.101] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.101] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json") returned 158 [0041.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x669508 [0041.101] lstrcpyW (in: lpString1=0x669508, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" [0041.101] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.103] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.103] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.103] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.103] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\LOLKEK.txt") returned 155 [0041.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.104] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.104] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.104] CloseHandle (hObject=0x210) returned 1 [0041.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.104] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_US", cAlternateFileName="")) returned 1 [0041.105] lstrcmpiW (lpString1="en_US", lpString2="Windows") returned -1 [0041.105] lstrcmpiW (lpString1="en_US", lpString2="Program Files") returned -1 [0041.105] lstrcmpiW (lpString1="en_US", lpString2="Program Files (x86)") returned -1 [0041.105] lstrcmpiW (lpString1="en_US", lpString2="$Recycle.bin") returned 1 [0041.105] lstrcmpiW (lpString1="en_US", lpString2="System Volume Information") returned -1 [0041.105] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0041.105] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0041.105] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned 144 [0041.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.105] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0041.105] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*" [0041.105] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.105] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.105] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.105] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.105] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.105] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.106] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.106] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.106] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.106] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.106] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.106] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.106] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.106] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.106] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.106] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.106] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.106] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.106] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.106] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.106] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.106] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.106] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.106] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json") returned 158 [0041.106] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.106] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.106] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json") returned 158 [0041.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3ca5768 [0041.106] lstrcpyW (in: lpString1=0x3ca5768, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" [0041.106] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.107] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.107] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.107] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.107] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\LOLKEK.txt") returned 155 [0041.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.107] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.107] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.108] CloseHandle (hObject=0x210) returned 1 [0041.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.108] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0041.108] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0041.108] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0041.108] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0041.108] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0041.108] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0041.108] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0041.108] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0041.108] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned 141 [0041.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.108] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0041.108] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*" [0041.108] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.112] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.112] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.112] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.112] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.112] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.112] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.112] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.112] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.112] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.112] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.112] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.112] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.112] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.112] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.112] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.112] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.112] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.112] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.112] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.112] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.112] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.112] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.112] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json") returned 155 [0041.112] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.112] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.112] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json") returned 155 [0041.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x669790 [0041.112] lstrcpyW (in: lpString1=0x669790, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" [0041.112] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.127] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.127] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.127] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.127] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\LOLKEK.txt") returned 152 [0041.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.128] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.128] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.129] CloseHandle (hObject=0x210) returned 1 [0041.129] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.129] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es_419", cAlternateFileName="")) returned 1 [0041.129] lstrcmpiW (lpString1="es_419", lpString2="Windows") returned -1 [0041.129] lstrcmpiW (lpString1="es_419", lpString2="Program Files") returned -1 [0041.129] lstrcmpiW (lpString1="es_419", lpString2="Program Files (x86)") returned -1 [0041.129] lstrcmpiW (lpString1="es_419", lpString2="$Recycle.bin") returned 1 [0041.129] lstrcmpiW (lpString1="es_419", lpString2="System Volume Information") returned -1 [0041.129] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0041.129] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0041.129] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned 145 [0041.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.129] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0041.129] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*" [0041.129] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.129] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.129] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.129] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.129] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.129] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.129] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.129] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.130] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.130] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.130] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.130] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.130] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.130] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.130] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.130] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.130] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.130] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.130] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.130] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.130] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.130] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.130] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.130] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json") returned 159 [0041.130] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.130] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.130] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json") returned 159 [0041.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ca59f0 [0041.130] lstrcpyW (in: lpString1=0x3ca59f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" [0041.130] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.170] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.170] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.170] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.170] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\LOLKEK.txt") returned 156 [0041.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0041.171] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.171] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.171] CloseHandle (hObject=0x210) returned 1 [0041.172] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.180] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="et", cAlternateFileName="")) returned 1 [0041.180] lstrcmpiW (lpString1="et", lpString2="Windows") returned -1 [0041.180] lstrcmpiW (lpString1="et", lpString2="Program Files") returned -1 [0041.180] lstrcmpiW (lpString1="et", lpString2="Program Files (x86)") returned -1 [0041.180] lstrcmpiW (lpString1="et", lpString2="$Recycle.bin") returned 1 [0041.180] lstrcmpiW (lpString1="et", lpString2="System Volume Information") returned -1 [0041.180] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0041.181] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0041.181] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned 141 [0041.181] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.181] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0041.181] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*" [0041.181] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.183] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.183] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.183] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.183] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.183] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.183] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.183] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.184] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.184] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.184] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.184] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.184] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.184] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.184] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.184] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.184] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.184] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.184] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.184] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.184] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.184] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.184] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.184] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json") returned 155 [0041.184] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.184] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.184] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json") returned 155 [0041.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca6310 [0041.184] lstrcpyW (in: lpString1=0x3ca6310, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" [0041.184] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.184] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.184] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.184] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.184] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\LOLKEK.txt") returned 152 [0041.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0041.185] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.185] WriteFile (in: hFile=0x1d4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.185] CloseHandle (hObject=0x1d4) returned 1 [0041.185] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.185] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0041.185] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0041.186] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0041.186] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0041.186] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0041.186] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0041.186] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0041.186] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0041.186] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned 141 [0041.186] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.186] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0041.186] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*" [0041.186] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.186] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.186] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.186] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.186] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.186] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.186] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.186] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.186] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.186] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.186] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.186] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.186] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.186] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.186] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.186] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.186] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.186] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.186] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.186] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.186] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.186] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.186] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.186] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json") returned 155 [0041.186] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.186] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.186] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json") returned 155 [0041.186] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x632310 [0041.186] lstrcpyW (in: lpString1=0x632310, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" [0041.186] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.187] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.187] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.187] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.187] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\LOLKEK.txt") returned 152 [0041.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0041.187] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.187] WriteFile (in: hFile=0x1d4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.188] CloseHandle (hObject=0x1d4) returned 1 [0041.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.188] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0041.188] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0041.188] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0041.188] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0041.188] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0041.188] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0041.188] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0041.188] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0041.188] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned 142 [0041.188] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c03e90 [0041.188] lstrcpyW (in: lpString1=0x3c03e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0041.188] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*" [0041.188] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.210] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.210] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.210] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.210] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.210] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.210] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.210] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.210] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.210] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.210] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.210] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.210] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.210] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.210] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.210] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.210] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.210] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.210] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.210] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.210] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.210] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.211] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.211] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json") returned 156 [0041.211] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.211] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.211] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json") returned 156 [0041.211] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x631ed0 [0041.211] lstrcpyW (in: lpString1=0x631ed0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" [0041.211] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.211] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.211] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.211] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.211] wsprintfW (in: param_1=0x3c03e90, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\LOLKEK.txt") returned 153 [0041.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.212] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.212] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.212] CloseHandle (hObject=0x1dc) returned 1 [0041.213] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c03e90 | out: hHeap=0x5a0000) returned 1 [0041.213] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0041.213] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0041.213] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0041.213] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0041.213] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0041.214] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0041.214] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0041.214] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0041.214] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned 141 [0041.214] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.214] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0041.214] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*" [0041.214] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.214] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.214] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.214] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.214] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.214] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.214] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.214] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.214] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.214] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.214] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.214] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.214] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.214] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.214] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.214] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.214] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.214] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.214] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.214] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.214] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.214] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.214] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.214] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json") returned 155 [0041.214] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.214] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.214] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json") returned 155 [0041.214] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca5c78 [0041.214] lstrcpyW (in: lpString1=0x3ca5c78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" [0041.215] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.215] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.215] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.215] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.215] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\LOLKEK.txt") returned 152 [0041.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.215] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.215] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.216] CloseHandle (hObject=0x1dc) returned 1 [0041.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.217] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="he", cAlternateFileName="")) returned 1 [0041.217] lstrcmpiW (lpString1="he", lpString2="Windows") returned -1 [0041.217] lstrcmpiW (lpString1="he", lpString2="Program Files") returned -1 [0041.217] lstrcmpiW (lpString1="he", lpString2="Program Files (x86)") returned -1 [0041.217] lstrcmpiW (lpString1="he", lpString2="$Recycle.bin") returned 1 [0041.217] lstrcmpiW (lpString1="he", lpString2="System Volume Information") returned -1 [0041.217] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0041.218] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0041.218] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned 141 [0041.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.218] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0041.218] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*" [0041.218] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.223] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.223] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.223] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.223] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.223] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.223] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.223] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.224] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.224] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.224] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.224] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.224] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.224] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.224] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.224] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.224] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.224] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.224] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.224] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.224] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.224] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.224] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.224] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json") returned 155 [0041.224] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.224] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.224] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json") returned 155 [0041.224] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca5ef0 [0041.224] lstrcpyW (in: lpString1=0x3ca5ef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" [0041.224] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.224] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.224] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.224] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.224] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\LOLKEK.txt") returned 152 [0041.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.225] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.225] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.226] CloseHandle (hObject=0x2a8) returned 1 [0041.226] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.226] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0041.226] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0041.226] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0041.226] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0041.226] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0041.226] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0041.226] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0041.226] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0041.226] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned 141 [0041.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.226] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0041.226] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*" [0041.226] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.227] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.227] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.227] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.227] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.227] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.227] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.227] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.227] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.227] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.227] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.227] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.227] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.227] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.227] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.227] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.227] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.227] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.227] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.227] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.227] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.227] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.227] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.227] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json") returned 155 [0041.227] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.227] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.227] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json") returned 155 [0041.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x632588 [0041.227] lstrcpyW (in: lpString1=0x632588, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" [0041.227] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.227] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.227] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.227] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.227] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\LOLKEK.txt") returned 152 [0041.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0041.228] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.228] WriteFile (in: hFile=0x2a8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.228] CloseHandle (hObject=0x2a8) returned 1 [0041.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.229] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0041.229] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0041.229] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0041.229] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0041.229] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0041.229] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0041.229] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0041.229] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0041.229] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned 141 [0041.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.229] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0041.229] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*" [0041.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.233] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.233] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.233] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.234] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.234] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.234] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.234] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.234] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.234] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.234] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.234] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.234] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.234] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.234] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.234] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.234] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.234] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.234] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.234] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.234] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.234] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.234] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.234] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json") returned 155 [0041.234] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.234] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.234] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json") returned 155 [0041.234] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x618c88 [0041.234] lstrcpyW (in: lpString1=0x618c88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" [0041.234] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.234] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.234] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.234] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.234] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\LOLKEK.txt") returned 152 [0041.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.235] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.235] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.235] CloseHandle (hObject=0x160) returned 1 [0041.235] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.237] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0041.237] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0041.237] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0041.237] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0041.237] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0041.237] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0041.237] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0041.237] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0041.237] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned 141 [0041.237] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.237] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0041.237] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*" [0041.237] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.238] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.238] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.238] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.238] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.238] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.238] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.238] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.238] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.238] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.238] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.238] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.238] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.238] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.238] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.238] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.238] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.238] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.238] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.238] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.238] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.238] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.238] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.238] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json") returned 155 [0041.238] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.238] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.238] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json") returned 155 [0041.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x632800 [0041.238] lstrcpyW (in: lpString1=0x632800, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" [0041.238] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.238] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.238] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.238] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.239] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\LOLKEK.txt") returned 152 [0041.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.239] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.239] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.239] CloseHandle (hObject=0x160) returned 1 [0041.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.240] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0041.240] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0041.240] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0041.240] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0041.240] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0041.240] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0041.240] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0041.240] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0041.240] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned 141 [0041.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.240] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0041.240] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*" [0041.240] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.241] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.241] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.241] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.242] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.242] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.242] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.242] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.242] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.242] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.242] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.242] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.242] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.242] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.242] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.242] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.242] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.242] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.242] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.242] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.242] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.242] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.242] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.242] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json") returned 155 [0041.242] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.242] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.242] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json") returned 155 [0041.242] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x632a78 [0041.242] lstrcpyW (in: lpString1=0x632a78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" [0041.242] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.262] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.262] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.263] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.263] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\LOLKEK.txt") returned 152 [0041.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.263] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.263] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.264] CloseHandle (hObject=0x160) returned 1 [0041.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.265] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0041.265] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0041.265] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0041.265] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0041.265] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0041.265] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0041.265] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0041.265] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0041.265] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned 141 [0041.265] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.266] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0041.266] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*" [0041.266] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.266] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.266] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.266] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.266] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.266] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.266] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.266] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.266] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.266] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.266] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.266] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.266] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.266] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.267] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.267] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.267] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.267] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.267] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.267] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.267] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.267] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.267] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.267] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json") returned 155 [0041.267] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.267] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.267] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json") returned 155 [0041.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x697d88 [0041.267] lstrcpyW (in: lpString1=0x697d88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" [0041.267] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.267] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.267] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.267] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.267] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\LOLKEK.txt") returned 152 [0041.267] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.267] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.267] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.268] CloseHandle (hObject=0x160) returned 1 [0041.268] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.268] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0041.268] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0041.268] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0041.268] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0041.268] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0041.268] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0041.268] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0041.268] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0041.268] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned 141 [0041.268] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.268] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0041.268] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*" [0041.268] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.272] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.272] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.272] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.272] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.273] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.273] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.273] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.273] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.273] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.273] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.273] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.273] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.273] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.273] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.273] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.273] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.273] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.273] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.273] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.273] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.273] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.273] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.273] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json") returned 155 [0041.273] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.273] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.273] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json") returned 155 [0041.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60eef0 [0041.273] lstrcpyW (in: lpString1=0x60eef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" [0041.273] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.273] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.273] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.273] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.273] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\LOLKEK.txt") returned 152 [0041.273] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.274] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.274] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.274] CloseHandle (hObject=0x160) returned 1 [0041.274] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.274] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0041.274] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0041.275] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0041.275] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0041.275] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0041.275] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0041.275] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0041.275] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0041.275] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned 141 [0041.275] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.275] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0041.275] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*" [0041.275] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0041.275] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.275] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.275] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.275] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.275] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.275] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.275] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.275] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.275] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.275] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.275] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.275] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.275] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.275] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.275] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.275] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.275] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.275] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.275] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.275] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.275] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.275] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.276] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json") returned 155 [0041.276] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.276] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.276] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json") returned 155 [0041.276] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60f178 [0041.276] lstrcpyW (in: lpString1=0x60f178, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" [0041.276] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.276] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.276] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.276] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0041.276] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\LOLKEK.txt") returned 152 [0041.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0041.276] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.276] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.277] CloseHandle (hObject=0x160) returned 1 [0041.277] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.277] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0041.277] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0041.277] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0041.277] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0041.277] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0041.277] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0041.277] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0041.277] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0041.277] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned 141 [0041.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.277] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0041.277] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*" [0041.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.311] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.311] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.311] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.311] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.311] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.311] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.311] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.311] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.311] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.311] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.311] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.311] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.311] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.311] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.311] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.311] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.311] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.311] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.311] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.311] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.311] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.311] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.311] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json") returned 155 [0041.311] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.311] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.311] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json") returned 155 [0041.311] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60f400 [0041.311] lstrcpyW (in: lpString1=0x60f400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" [0041.311] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.311] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.311] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.311] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.312] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\LOLKEK.txt") returned 152 [0041.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.312] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.312] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.313] CloseHandle (hObject=0x1dc) returned 1 [0041.313] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.313] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ms", cAlternateFileName="")) returned 1 [0041.313] lstrcmpiW (lpString1="ms", lpString2="Windows") returned -1 [0041.313] lstrcmpiW (lpString1="ms", lpString2="Program Files") returned -1 [0041.313] lstrcmpiW (lpString1="ms", lpString2="Program Files (x86)") returned -1 [0041.313] lstrcmpiW (lpString1="ms", lpString2="$Recycle.bin") returned 1 [0041.313] lstrcmpiW (lpString1="ms", lpString2="System Volume Information") returned -1 [0041.313] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0041.313] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0041.313] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned 141 [0041.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.313] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0041.313] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*" [0041.313] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dfd8 [0041.313] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.313] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.313] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.313] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.313] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.313] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.313] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.313] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.313] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.314] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.314] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.314] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.314] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.314] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.314] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.314] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.314] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.314] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.314] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.314] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.314] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.314] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.314] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json") returned 155 [0041.314] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.314] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.314] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json") returned 155 [0041.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60f688 [0041.314] lstrcpyW (in: lpString1=0x60f688, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" [0041.314] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.314] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.314] FindNextFileW (in: hFindFile=0x62dfd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.314] FindClose (in: hFindFile=0x62dfd8 | out: hFindFile=0x62dfd8) returned 1 [0041.314] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\LOLKEK.txt") returned 152 [0041.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.315] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.315] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.315] CloseHandle (hObject=0x1dc) returned 1 [0041.315] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.315] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0041.315] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0041.315] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0041.315] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0041.315] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0041.315] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0041.315] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0041.315] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0041.315] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned 141 [0041.315] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.315] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0041.316] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*" [0041.316] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.349] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.349] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.349] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.349] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.349] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.349] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.349] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.349] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.349] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.349] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.349] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.349] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.349] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.349] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.349] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.349] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.349] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.349] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.349] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.349] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.349] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.349] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.349] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json") returned 155 [0041.349] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.349] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.349] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json") returned 155 [0041.349] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60f910 [0041.349] lstrcpyW (in: lpString1=0x60f910, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" [0041.349] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.349] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.349] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.349] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.349] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\LOLKEK.txt") returned 152 [0041.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.350] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.350] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.351] CloseHandle (hObject=0x1dc) returned 1 [0041.351] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.351] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="no", cAlternateFileName="")) returned 1 [0041.351] lstrcmpiW (lpString1="no", lpString2="Windows") returned -1 [0041.351] lstrcmpiW (lpString1="no", lpString2="Program Files") returned -1 [0041.351] lstrcmpiW (lpString1="no", lpString2="Program Files (x86)") returned -1 [0041.351] lstrcmpiW (lpString1="no", lpString2="$Recycle.bin") returned 1 [0041.351] lstrcmpiW (lpString1="no", lpString2="System Volume Information") returned -1 [0041.351] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0041.351] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0041.351] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned 141 [0041.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.351] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0041.351] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*" [0041.351] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.351] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.351] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.351] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.351] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.351] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.351] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.351] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.351] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.351] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.351] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.351] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.352] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.352] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.352] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.352] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.352] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.352] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.352] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.352] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.352] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.352] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.352] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.352] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json") returned 155 [0041.352] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.352] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.352] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json") returned 155 [0041.352] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60fb98 [0041.352] lstrcpyW (in: lpString1=0x60fb98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" [0041.352] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.352] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.352] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.352] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.352] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\LOLKEK.txt") returned 152 [0041.352] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.352] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.353] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.353] CloseHandle (hObject=0x1dc) returned 1 [0041.353] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.353] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0041.353] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0041.353] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0041.353] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0041.353] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0041.353] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0041.353] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0041.353] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0041.353] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned 141 [0041.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.353] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0041.353] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*" [0041.354] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.354] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.354] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.354] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.354] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.354] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.354] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.354] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.355] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.355] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.355] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.355] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.355] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.355] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.355] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.355] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.355] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.355] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.355] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.355] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.355] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.355] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.355] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.355] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json") returned 155 [0041.355] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.355] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.355] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json") returned 155 [0041.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60fe20 [0041.355] lstrcpyW (in: lpString1=0x60fe20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" [0041.355] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.355] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.355] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.355] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.355] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\LOLKEK.txt") returned 152 [0041.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.356] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.356] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.356] CloseHandle (hObject=0x1dc) returned 1 [0041.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.356] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0041.356] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0041.356] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0041.356] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0041.356] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0041.356] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0041.356] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0041.356] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0041.357] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned 144 [0041.357] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.357] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0041.357] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*" [0041.357] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.357] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.357] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.357] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.357] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.357] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.357] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.357] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.357] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.357] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.357] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.357] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.357] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.357] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.357] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.357] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.357] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.357] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.357] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.357] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.357] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.357] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.357] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.357] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json") returned 158 [0041.357] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.357] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.357] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json") returned 158 [0041.357] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x61c030 [0041.358] lstrcpyW (in: lpString1=0x61c030, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" [0041.358] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.435] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.435] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.435] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.435] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\LOLKEK.txt") returned 155 [0041.435] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.436] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.436] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.436] CloseHandle (hObject=0x1dc) returned 1 [0041.437] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.444] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0041.444] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0041.444] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0041.444] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0041.444] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0041.444] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0041.444] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0041.444] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0041.444] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned 144 [0041.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.444] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0041.444] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*" [0041.444] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.450] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.450] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.450] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.450] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.450] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.450] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.450] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.451] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.451] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.451] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.451] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.451] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.451] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.451] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.451] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.451] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.451] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.451] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.451] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.451] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.451] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.451] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.451] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json") returned 158 [0041.451] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.451] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.451] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json") returned 158 [0041.451] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x698a98 [0041.451] lstrcpyW (in: lpString1=0x698a98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" [0041.451] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.479] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.479] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.479] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.479] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\LOLKEK.txt") returned 155 [0041.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.480] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.480] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.480] CloseHandle (hObject=0x1dc) returned 1 [0041.480] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.480] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0041.480] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0041.480] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0041.480] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0041.480] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0041.481] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0041.481] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0041.481] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0041.481] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned 141 [0041.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.481] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0041.481] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*" [0041.481] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.481] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.481] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.481] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.481] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.481] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.481] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.481] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.481] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.481] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.481] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.481] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.481] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.481] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.481] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.481] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.481] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.481] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.481] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.481] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.481] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.481] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.481] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.481] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json") returned 155 [0041.482] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.482] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.482] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json") returned 155 [0041.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x6100a8 [0041.482] lstrcpyW (in: lpString1=0x6100a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" [0041.482] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.544] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.544] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.544] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.544] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\LOLKEK.txt") returned 152 [0041.544] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.545] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.545] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.545] CloseHandle (hObject=0x1dc) returned 1 [0041.545] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.545] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0041.545] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0041.545] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0041.545] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0041.545] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0041.545] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0041.545] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0041.545] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0041.545] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned 141 [0041.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.545] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0041.546] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*" [0041.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.558] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.558] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.558] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.558] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.558] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.558] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.558] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.558] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.558] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.558] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.558] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.558] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.558] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.558] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.558] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.558] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.558] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.558] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.559] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.559] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.559] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.559] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json") returned 155 [0041.559] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.559] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.559] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json") returned 155 [0041.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x610330 [0041.559] lstrcpyW (in: lpString1=0x610330, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" [0041.559] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.606] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.606] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.606] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.606] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\LOLKEK.txt") returned 152 [0041.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0041.607] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.607] WriteFile (in: hFile=0x1d4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.608] CloseHandle (hObject=0x1d4) returned 1 [0041.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.614] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0041.614] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0041.614] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0041.614] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0041.614] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0041.614] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0041.614] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0041.614] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0041.614] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned 141 [0041.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.615] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0041.615] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*" [0041.615] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e458 [0041.615] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.615] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.615] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.615] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.615] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.615] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.615] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.615] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.615] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.615] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.615] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.615] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.615] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.615] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.615] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.615] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.615] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.615] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.615] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.615] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.615] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.615] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.615] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json") returned 155 [0041.615] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.615] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.615] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json") returned 155 [0041.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x6105b8 [0041.615] lstrcpyW (in: lpString1=0x6105b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" [0041.615] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.653] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.653] FindNextFileW (in: hFindFile=0x62e458, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.653] FindClose (in: hFindFile=0x62e458 | out: hFindFile=0x62e458) returned 1 [0041.653] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\LOLKEK.txt") returned 152 [0041.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0041.654] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.654] WriteFile (in: hFile=0x1dc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.654] CloseHandle (hObject=0x1dc) returned 1 [0041.654] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.688] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0041.688] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0041.688] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0041.688] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0041.688] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0041.688] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0041.688] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0041.688] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0041.688] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned 141 [0041.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.688] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0041.688] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*" [0041.688] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0041.695] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.695] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.695] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.695] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.695] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.695] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.695] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.695] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.695] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.695] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.695] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.695] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.695] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.695] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.695] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.695] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.695] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.695] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.695] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.695] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.695] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.695] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.695] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json") returned 155 [0041.695] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.695] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.696] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json") returned 155 [0041.696] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x610840 [0041.696] lstrcpyW (in: lpString1=0x610840, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" [0041.696] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.719] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.719] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.719] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0041.719] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\LOLKEK.txt") returned 152 [0041.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0041.719] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.719] WriteFile (in: hFile=0x1fc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.720] CloseHandle (hObject=0x1fc) returned 1 [0041.720] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.720] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0041.720] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0041.720] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0041.720] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0041.720] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0041.720] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0041.720] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0041.720] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0041.720] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned 141 [0041.720] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.720] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0041.720] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*" [0041.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0041.721] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.721] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.721] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.721] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.721] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.721] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.721] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.721] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.721] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.721] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.721] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.721] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.721] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.721] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.721] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.721] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.721] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.721] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.721] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.721] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.721] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.721] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.721] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json") returned 155 [0041.721] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.721] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.721] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json") returned 155 [0041.721] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x610ac8 [0041.721] lstrcpyW (in: lpString1=0x610ac8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" [0041.721] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0041.793] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0041.793] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0041.794] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0041.794] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\LOLKEK.txt") returned 152 [0041.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0041.794] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0041.794] WriteFile (in: hFile=0x1fc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0041.795] CloseHandle (hObject=0x1fc) returned 1 [0041.795] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0041.795] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sv", cAlternateFileName="")) returned 1 [0041.795] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0041.795] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0041.795] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0041.795] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0041.795] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0041.795] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0041.795] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0041.795] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned 141 [0041.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0041.795] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0041.795] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*" [0041.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0041.897] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0041.897] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0041.897] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0041.897] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0041.897] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0041.897] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0041.897] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0041.897] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0041.898] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0041.898] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0041.898] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0041.898] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0041.898] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0041.898] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0041.898] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0041.898] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0041.898] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0041.898] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0041.898] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0041.898] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0041.898] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0041.898] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0041.898] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json") returned 155 [0041.898] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0041.898] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0041.898] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json") returned 155 [0041.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb3668 [0041.898] lstrcpyW (in: lpString1=0x3cb3668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" [0041.898] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.199] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.199] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0042.200] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0042.200] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\LOLKEK.txt") returned 152 [0042.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0042.200] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.200] WriteFile (in: hFile=0x1fc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0042.201] CloseHandle (hObject=0x1fc) returned 1 [0042.201] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0042.201] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0042.201] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0042.201] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0042.201] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0042.201] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0042.201] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0042.201] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0042.201] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0042.201] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned 141 [0042.201] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0042.201] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0042.201] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*" [0042.201] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0042.201] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.201] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.201] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.201] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.201] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.201] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.201] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.201] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.201] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.201] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.201] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.201] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.201] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.201] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.201] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0042.201] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0042.201] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0042.202] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0042.202] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0042.202] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0042.202] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0042.202] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0042.202] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json") returned 155 [0042.202] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0042.202] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0042.202] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json") returned 155 [0042.202] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb38f0 [0042.202] lstrcpyW (in: lpString1=0x3cb38f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" [0042.202] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.202] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.202] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0042.202] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0042.202] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\LOLKEK.txt") returned 152 [0042.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0042.202] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.202] WriteFile (in: hFile=0x1fc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0042.203] CloseHandle (hObject=0x1fc) returned 1 [0042.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0042.203] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0042.203] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0042.203] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0042.203] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0042.203] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0042.203] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0042.203] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0042.203] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0042.203] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned 141 [0042.203] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e73fe8 [0042.203] lstrcpyW (in: lpString1=0x3e73fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" [0042.203] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*" [0042.203] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0042.210] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.210] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.210] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.210] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.210] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.210] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.210] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.210] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.210] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.210] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.210] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.210] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.210] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.210] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.210] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0042.210] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0042.210] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0042.210] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0042.210] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0042.210] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0042.210] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0042.210] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0042.210] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json") returned 155 [0042.210] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0042.210] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0042.210] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json") returned 155 [0042.210] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb3b78 [0042.210] lstrcpyW (in: lpString1=0x3cb3b78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" [0042.210] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.243] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.244] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0042.244] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0042.244] wsprintfW (in: param_1=0x3e73fe8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\LOLKEK.txt") returned 152 [0042.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0042.244] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.244] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0042.245] CloseHandle (hObject=0x2bc) returned 1 [0042.245] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e73fe8 | out: hHeap=0x5a0000) returned 1 [0042.245] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0042.245] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0042.245] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0042.245] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0042.245] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0042.245] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0042.245] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0042.245] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0042.245] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned 141 [0042.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0042.245] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" [0042.246] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*" [0042.246] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0042.246] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.246] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.246] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.246] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.246] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.246] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.246] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.246] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.246] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.246] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.246] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.246] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.246] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.246] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.246] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0042.246] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0042.246] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0042.246] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0042.246] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0042.246] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0042.246] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0042.246] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0042.246] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json") returned 155 [0042.246] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0042.246] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0042.246] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json") returned 155 [0042.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb3e00 [0042.246] lstrcpyW (in: lpString1=0x3cb3e00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" [0042.246] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.480] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.480] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0042.480] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0042.480] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\LOLKEK.txt") returned 152 [0042.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0042.480] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.480] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0042.481] CloseHandle (hObject=0x2bc) returned 1 [0042.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0042.482] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0042.482] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0042.482] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0042.482] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0042.482] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0042.482] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0042.482] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0042.482] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0042.482] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned 141 [0042.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0042.482] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" [0042.482] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*" [0042.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0042.514] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.514] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.514] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.514] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.514] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.514] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.514] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.515] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.515] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.515] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.515] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.515] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.515] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.515] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.515] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0042.515] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0042.515] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0042.515] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0042.515] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0042.515] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0042.515] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0042.515] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0042.515] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json") returned 155 [0042.515] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0042.515] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0042.515] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json") returned 155 [0042.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4088 [0042.515] lstrcpyW (in: lpString1=0x3cb4088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" [0042.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.515] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0042.515] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0042.515] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\LOLKEK.txt") returned 152 [0042.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0042.515] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.515] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0042.516] CloseHandle (hObject=0x160) returned 1 [0042.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0042.516] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0042.516] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0042.516] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0042.516] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0042.516] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0042.516] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0042.516] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0042.516] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0042.516] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned 144 [0042.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0042.516] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" [0042.516] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*" [0042.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0042.517] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.517] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.517] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.517] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.517] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.517] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.517] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.517] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.517] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.517] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.517] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.517] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.517] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.517] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.517] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0042.517] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0042.517] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0042.517] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0042.517] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0042.517] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0042.517] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0042.517] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0042.517] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json") returned 158 [0042.517] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0042.517] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0042.517] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json") returned 158 [0042.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x657158 [0042.517] lstrcpyW (in: lpString1=0x657158, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" [0042.517] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.558] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.558] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0042.558] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0042.558] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\LOLKEK.txt") returned 155 [0042.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0042.559] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.559] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0042.559] CloseHandle (hObject=0x160) returned 1 [0042.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0042.559] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0042.559] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0042.559] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0042.559] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0042.559] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0042.559] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0042.559] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0042.559] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0042.559] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned 144 [0042.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0042.559] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" [0042.559] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*" [0042.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0042.570] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.570] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.570] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.570] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.570] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.570] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.570] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.570] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.570] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.570] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.570] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.570] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.570] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.570] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.571] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0042.571] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0042.571] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0042.571] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0042.571] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0042.571] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0042.571] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0042.571] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0042.571] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json") returned 158 [0042.571] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0042.571] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0042.571] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json") returned 158 [0042.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3cb8c60 [0042.571] lstrcpyW (in: lpString1=0x3cb8c60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" [0042.571] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.597] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.597] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0042.597] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0042.597] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\LOLKEK.txt") returned 155 [0042.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0042.598] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.598] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0042.598] CloseHandle (hObject=0x160) returned 1 [0042.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0042.599] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0042.599] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0042.599] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\LOLKEK.txt") returned 149 [0042.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0042.599] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.599] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0042.600] CloseHandle (hObject=0x234) returned 1 [0042.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0042.600] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0042.600] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0042.600] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0042.600] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0042.600] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0042.600] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0042.600] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0042.600] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0042.600] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned 139 [0042.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e43fd0 [0042.600] lstrcpyW (in: lpString1=0x3e43fd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" [0042.600] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*" [0042.600] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62da98 [0042.623] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.623] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.623] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.623] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.623] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.623] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.623] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.623] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.623] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.623] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.623] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.623] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.623] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.623] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.623] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85d166b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0042.623] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Windows") returned -1 [0042.623] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files") returned -1 [0042.623] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files (x86)") returned -1 [0042.623] lstrcmpiW (lpString1="computed_hashes.json", lpString2="$Recycle.bin") returned 1 [0042.623] lstrcmpiW (lpString1="computed_hashes.json", lpString2="System Volume Information") returned -1 [0042.623] lstrcmpiW (lpString1="computed_hashes.json", lpString2=".") returned 1 [0042.623] lstrcmpiW (lpString1="computed_hashes.json", lpString2="..") returned 1 [0042.623] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json") returned 160 [0042.623] StrStrIW (lpFirst="computed_hashes.json", lpSrch=".lolkek") returned 0x0 [0042.623] lstrcmpW (lpString1="computed_hashes.json", lpString2="LOLKEK.txt") returned -1 [0042.623] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json") returned 160 [0042.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x3ddf190 [0042.623] lstrcpyW (in: lpString1=0x3ddf190, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" [0042.623] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.667] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.667] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0042.667] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0042.667] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0042.667] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0042.667] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0042.667] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0042.667] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0042.667] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0042.667] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json") returned 162 [0042.668] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0042.668] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0042.668] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json") returned 162 [0042.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ddf420 [0042.678] lstrcpyW (in: lpString1=0x3ddf420, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" [0042.678] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.705] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.705] FindNextFileW (in: hFindFile=0x62da98, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0042.705] FindClose (in: hFindFile=0x62da98 | out: hFindFile=0x62da98) returned 1 [0042.706] wsprintfW (in: param_1=0x3e43fd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\LOLKEK.txt") returned 150 [0042.706] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0042.730] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.730] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0042.730] CloseHandle (hObject=0x174) returned 1 [0042.730] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e43fd0 | out: hHeap=0x5a0000) returned 1 [0042.732] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0042.732] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0042.732] wsprintfW (in: param_1=0x3e63fe0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\LOLKEK.txt") returned 140 [0042.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0042.732] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.732] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0042.733] CloseHandle (hObject=0x23c) returned 1 [0042.733] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e63fe0 | out: hHeap=0x5a0000) returned 1 [0042.733] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0042.733] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0042.733] wsprintfW (in: param_1=0x3e53fd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\LOLKEK.txt") returned 134 [0042.733] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0042.733] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0042.733] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0042.734] CloseHandle (hObject=0x270) returned 1 [0042.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e53fd8 | out: hHeap=0x5a0000) returned 1 [0042.734] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0042.734] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="Windows") returned -1 [0042.734] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="Program Files") returned -1 [0042.734] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="Program Files (x86)") returned -1 [0042.734] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="$Recycle.bin") returned 1 [0042.734] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="System Volume Information") returned -1 [0042.734] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2=".") returned 1 [0042.734] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="..") returned 1 [0042.734] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned 123 [0042.734] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0042.735] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" [0042.735] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*" [0042.735] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0042.735] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.735] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.735] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.735] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.735] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.735] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.735] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.735] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.735] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.735] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.735] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.735] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.735] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.735] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.735] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0042.735] lstrcmpiW (lpString1="0.9_0", lpString2="Windows") returned -1 [0042.735] lstrcmpiW (lpString1="0.9_0", lpString2="Program Files") returned -1 [0042.735] lstrcmpiW (lpString1="0.9_0", lpString2="Program Files (x86)") returned -1 [0042.735] lstrcmpiW (lpString1="0.9_0", lpString2="$Recycle.bin") returned 1 [0042.735] lstrcmpiW (lpString1="0.9_0", lpString2="System Volume Information") returned -1 [0042.735] lstrcmpiW (lpString1="0.9_0", lpString2=".") returned 1 [0042.735] lstrcmpiW (lpString1="0.9_0", lpString2="..") returned 1 [0042.735] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 129 [0042.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0042.736] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0042.736] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*" [0042.736] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0042.776] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0042.776] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0042.776] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0042.776] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0042.776] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0042.776] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0042.776] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0042.777] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0042.777] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0042.777] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0042.777] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0042.777] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0042.777] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0042.777] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0042.777] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0042.777] lstrcmpiW (lpString1="icon_128.png", lpString2="Windows") returned -1 [0042.777] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files") returned -1 [0042.777] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files (x86)") returned -1 [0042.777] lstrcmpiW (lpString1="icon_128.png", lpString2="$Recycle.bin") returned 1 [0042.777] lstrcmpiW (lpString1="icon_128.png", lpString2="System Volume Information") returned -1 [0042.777] lstrcmpiW (lpString1="icon_128.png", lpString2=".") returned 1 [0042.777] lstrcmpiW (lpString1="icon_128.png", lpString2="..") returned 1 [0042.777] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png") returned 142 [0042.777] StrStrIW (lpFirst="icon_128.png", lpSrch=".lolkek") returned 0x0 [0042.777] lstrcmpW (lpString1="icon_128.png", lpString2="LOLKEK.txt") returned -1 [0042.777] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png") returned 142 [0042.777] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x23c) returned 0x62fc60 [0042.777] lstrcpyW (in: lpString1=0x62fc60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" [0042.777] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.777] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.777] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0042.777] lstrcmpiW (lpString1="icon_16.png", lpString2="Windows") returned -1 [0042.777] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files") returned -1 [0042.777] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files (x86)") returned -1 [0042.777] lstrcmpiW (lpString1="icon_16.png", lpString2="$Recycle.bin") returned 1 [0042.777] lstrcmpiW (lpString1="icon_16.png", lpString2="System Volume Information") returned -1 [0042.777] lstrcmpiW (lpString1="icon_16.png", lpString2=".") returned 1 [0042.777] lstrcmpiW (lpString1="icon_16.png", lpString2="..") returned 1 [0042.777] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png") returned 141 [0042.777] StrStrIW (lpFirst="icon_16.png", lpSrch=".lolkek") returned 0x0 [0042.777] lstrcmpW (lpString1="icon_16.png", lpString2="LOLKEK.txt") returned -1 [0042.777] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png") returned 141 [0042.777] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x3bf2b58 [0042.777] lstrcpyW (in: lpString1=0x3bf2b58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" [0042.777] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.839] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.839] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0042.839] lstrcmpiW (lpString1="main.html", lpString2="Windows") returned -1 [0042.839] lstrcmpiW (lpString1="main.html", lpString2="Program Files") returned -1 [0042.839] lstrcmpiW (lpString1="main.html", lpString2="Program Files (x86)") returned -1 [0042.839] lstrcmpiW (lpString1="main.html", lpString2="$Recycle.bin") returned 1 [0042.839] lstrcmpiW (lpString1="main.html", lpString2="System Volume Information") returned -1 [0042.839] lstrcmpiW (lpString1="main.html", lpString2=".") returned 1 [0042.839] lstrcmpiW (lpString1="main.html", lpString2="..") returned 1 [0042.839] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html") returned 139 [0042.839] StrStrIW (lpFirst="main.html", lpSrch=".lolkek") returned 0x0 [0042.839] lstrcmpW (lpString1="main.html", lpString2="LOLKEK.txt") returned 1 [0042.839] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html") returned 139 [0042.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x3ddf6b8 [0042.839] lstrcpyW (in: lpString1=0x3ddf6b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" [0042.839] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.885] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.885] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="main.js", cAlternateFileName="")) returned 1 [0042.886] lstrcmpiW (lpString1="main.js", lpString2="Windows") returned -1 [0042.886] lstrcmpiW (lpString1="main.js", lpString2="Program Files") returned -1 [0042.886] lstrcmpiW (lpString1="main.js", lpString2="Program Files (x86)") returned -1 [0042.886] lstrcmpiW (lpString1="main.js", lpString2="$Recycle.bin") returned 1 [0042.886] lstrcmpiW (lpString1="main.js", lpString2="System Volume Information") returned -1 [0042.886] lstrcmpiW (lpString1="main.js", lpString2=".") returned 1 [0042.886] lstrcmpiW (lpString1="main.js", lpString2="..") returned 1 [0042.886] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js") returned 137 [0042.886] StrStrIW (lpFirst="main.js", lpSrch=".lolkek") returned 0x0 [0042.886] lstrcmpW (lpString1="main.js", lpString2="LOLKEK.txt") returned 1 [0042.886] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js") returned 137 [0042.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3db0f88 [0042.892] lstrcpyW (in: lpString1=0x3db0f88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" [0042.892] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.918] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.918] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0042.919] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0042.919] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0042.919] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0042.919] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0042.919] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0042.919] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0042.919] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0042.919] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json") returned 143 [0042.919] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0042.919] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0042.919] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json") returned 143 [0042.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x240) returned 0x3db11b8 [0042.919] lstrcpyW (in: lpString1=0x3db11b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" [0042.919] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0042.995] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0042.995] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0042.995] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0042.995] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0042.995] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0042.995] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0042.995] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0042.995] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0042.995] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0042.995] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 138 [0042.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0042.998] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0042.998] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*" [0042.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0043.007] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.007] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.007] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.007] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.007] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.007] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.007] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.007] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.007] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.007] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.007] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.007] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.007] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.007] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.007] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ar", cAlternateFileName="")) returned 1 [0043.007] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0043.007] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0043.007] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0043.007] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0043.007] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0043.007] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0043.007] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0043.007] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned 141 [0043.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.007] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" [0043.007] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*" [0043.007] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.008] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.008] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.008] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.008] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.008] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.008] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.008] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.008] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.008] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.008] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.008] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.008] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.008] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.008] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.008] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.008] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.008] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.008] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.008] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.008] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.008] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json") returned 155 [0043.008] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.008] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.008] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json") returned 155 [0043.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4310 [0043.008] lstrcpyW (in: lpString1=0x3cb4310, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" [0043.008] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.060] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.060] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.060] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.060] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\LOLKEK.txt") returned 152 [0043.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.060] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.060] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.061] CloseHandle (hObject=0x174) returned 1 [0043.061] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.063] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0043.063] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0043.063] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0043.063] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0043.063] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0043.063] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0043.063] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0043.063] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0043.063] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned 141 [0043.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.064] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" [0043.064] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*" [0043.064] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.064] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.064] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.064] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.064] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.064] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.064] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.064] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.064] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.064] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.064] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.064] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.064] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.064] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.064] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.064] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.064] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.064] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.064] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.065] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.065] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.065] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.065] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.065] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json") returned 155 [0043.065] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.065] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.065] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json") returned 155 [0043.065] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4598 [0043.065] lstrcpyW (in: lpString1=0x3cb4598, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" [0043.065] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.104] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.104] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.104] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.104] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\LOLKEK.txt") returned 152 [0043.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.104] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.104] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.105] CloseHandle (hObject=0x174) returned 1 [0043.105] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.105] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0043.105] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0043.105] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0043.105] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0043.105] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0043.105] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0043.105] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0043.105] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0043.105] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned 141 [0043.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.105] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" [0043.105] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*" [0043.105] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.119] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.119] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.119] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.119] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.119] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.119] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.119] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.119] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.119] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.119] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.119] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.119] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.119] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.119] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.119] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.119] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.119] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.119] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.119] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.119] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.119] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.119] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.119] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json") returned 155 [0043.119] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.119] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.119] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json") returned 155 [0043.119] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4820 [0043.119] lstrcpyW (in: lpString1=0x3cb4820, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" [0043.119] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.166] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.166] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.166] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.166] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\LOLKEK.txt") returned 152 [0043.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1fc [0043.167] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.167] WriteFile (in: hFile=0x1fc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.167] CloseHandle (hObject=0x1fc) returned 1 [0043.168] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.172] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0043.172] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0043.172] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0043.172] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0043.172] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0043.172] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0043.172] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0043.172] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0043.172] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned 141 [0043.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.172] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" [0043.172] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*" [0043.173] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.173] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.173] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.173] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.173] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.173] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.173] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.173] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.173] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.173] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.173] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.173] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.173] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.173] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.173] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.173] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.173] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.173] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.173] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.173] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.173] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.173] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.173] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.173] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json") returned 155 [0043.173] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.173] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.173] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json") returned 155 [0043.173] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4aa8 [0043.173] lstrcpyW (in: lpString1=0x3cb4aa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" [0043.173] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.210] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.210] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.210] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.210] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\LOLKEK.txt") returned 152 [0043.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.211] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.211] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.211] CloseHandle (hObject=0x174) returned 1 [0043.211] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.211] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0043.212] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0043.212] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0043.212] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0043.212] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0043.212] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0043.212] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0043.212] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0043.212] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned 141 [0043.212] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.212] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" [0043.212] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*" [0043.212] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.213] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.213] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.213] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.213] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.213] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.214] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.214] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.214] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.214] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.214] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.214] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.214] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.214] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.214] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.214] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.214] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.214] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.214] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.214] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.214] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.214] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.214] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.214] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json") returned 155 [0043.214] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.214] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.214] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json") returned 155 [0043.214] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4d30 [0043.214] lstrcpyW (in: lpString1=0x3cb4d30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" [0043.214] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.216] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.216] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.216] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.216] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\LOLKEK.txt") returned 152 [0043.216] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.216] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.216] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.217] CloseHandle (hObject=0x174) returned 1 [0043.217] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.217] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0043.217] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0043.217] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0043.217] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0043.217] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0043.217] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0043.217] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0043.217] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0043.217] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned 141 [0043.217] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.217] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" [0043.217] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*" [0043.217] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.218] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.218] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.218] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.218] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.218] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.218] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.218] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.218] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.218] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.218] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.218] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.218] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.218] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.218] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.218] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.218] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.218] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.218] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.218] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.218] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.218] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.218] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.218] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json") returned 155 [0043.218] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.218] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.218] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json") returned 155 [0043.218] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4fb8 [0043.218] lstrcpyW (in: lpString1=0x3cb4fb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" [0043.218] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.223] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.224] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.224] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.224] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\LOLKEK.txt") returned 152 [0043.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.224] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.224] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.225] CloseHandle (hObject=0x174) returned 1 [0043.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.225] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0043.225] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0043.225] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0043.225] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0043.225] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0043.225] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0043.225] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0043.225] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0043.225] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned 141 [0043.225] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.225] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" [0043.225] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*" [0043.225] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.227] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.227] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.227] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.227] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.227] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.227] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.227] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.227] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.227] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.227] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.227] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.227] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.227] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.227] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.227] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.227] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.227] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.227] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.227] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.227] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.227] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.227] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.227] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json") returned 155 [0043.227] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.227] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.227] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json") returned 155 [0043.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb5240 [0043.227] lstrcpyW (in: lpString1=0x3cb5240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" [0043.227] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.231] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.231] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.231] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.231] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\LOLKEK.txt") returned 152 [0043.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.231] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.231] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.232] CloseHandle (hObject=0x174) returned 1 [0043.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.232] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_GB", cAlternateFileName="")) returned 1 [0043.232] lstrcmpiW (lpString1="en_GB", lpString2="Windows") returned -1 [0043.232] lstrcmpiW (lpString1="en_GB", lpString2="Program Files") returned -1 [0043.232] lstrcmpiW (lpString1="en_GB", lpString2="Program Files (x86)") returned -1 [0043.232] lstrcmpiW (lpString1="en_GB", lpString2="$Recycle.bin") returned 1 [0043.232] lstrcmpiW (lpString1="en_GB", lpString2="System Volume Information") returned -1 [0043.232] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0043.232] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0043.232] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned 144 [0043.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.232] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" [0043.232] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*" [0043.232] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.233] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.233] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.233] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.233] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.233] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.233] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.233] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.233] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.233] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.233] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.233] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.233] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.233] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.233] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.233] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.233] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.233] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.233] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.233] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.233] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.233] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.233] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.233] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json") returned 158 [0043.233] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.233] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.233] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json") returned 158 [0043.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3e3b890 [0043.233] lstrcpyW (in: lpString1=0x3e3b890, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" [0043.233] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.237] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.237] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.237] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.237] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\LOLKEK.txt") returned 155 [0043.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.238] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.238] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.238] CloseHandle (hObject=0x174) returned 1 [0043.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.238] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_US", cAlternateFileName="")) returned 1 [0043.238] lstrcmpiW (lpString1="en_US", lpString2="Windows") returned -1 [0043.238] lstrcmpiW (lpString1="en_US", lpString2="Program Files") returned -1 [0043.238] lstrcmpiW (lpString1="en_US", lpString2="Program Files (x86)") returned -1 [0043.238] lstrcmpiW (lpString1="en_US", lpString2="$Recycle.bin") returned 1 [0043.238] lstrcmpiW (lpString1="en_US", lpString2="System Volume Information") returned -1 [0043.238] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0043.238] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0043.238] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned 144 [0043.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.239] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" [0043.239] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*" [0043.239] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.240] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.240] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.240] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.240] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.240] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.240] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.240] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.240] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.240] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.240] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.240] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.240] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.240] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.240] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.240] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.240] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.240] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.240] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.240] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.240] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.240] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.240] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.240] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json") returned 158 [0043.241] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.241] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.241] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json") returned 158 [0043.241] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x61a030 [0043.241] lstrcpyW (in: lpString1=0x61a030, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" [0043.241] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.245] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.245] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.245] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.245] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\LOLKEK.txt") returned 155 [0043.245] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.245] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.245] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.246] CloseHandle (hObject=0x174) returned 1 [0043.246] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.246] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0043.246] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0043.246] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0043.246] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0043.246] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0043.246] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0043.246] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0043.246] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0043.246] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned 141 [0043.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.246] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" [0043.246] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*" [0043.246] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.248] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.248] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.248] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.248] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.248] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.248] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.248] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.248] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.248] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.248] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.248] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.248] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.248] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.248] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.248] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.248] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.248] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.248] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.248] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.248] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.248] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.248] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.248] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json") returned 155 [0043.248] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.248] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.248] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json") returned 155 [0043.248] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb54c8 [0043.248] lstrcpyW (in: lpString1=0x3cb54c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" [0043.248] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.252] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.252] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.252] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.252] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\LOLKEK.txt") returned 152 [0043.252] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.252] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.252] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.253] CloseHandle (hObject=0x174) returned 1 [0043.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.253] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es_419", cAlternateFileName="")) returned 1 [0043.253] lstrcmpiW (lpString1="es_419", lpString2="Windows") returned -1 [0043.253] lstrcmpiW (lpString1="es_419", lpString2="Program Files") returned -1 [0043.253] lstrcmpiW (lpString1="es_419", lpString2="Program Files (x86)") returned -1 [0043.253] lstrcmpiW (lpString1="es_419", lpString2="$Recycle.bin") returned 1 [0043.253] lstrcmpiW (lpString1="es_419", lpString2="System Volume Information") returned -1 [0043.253] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0043.253] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0043.253] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned 145 [0043.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.253] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" [0043.253] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*" [0043.253] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.253] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.253] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.253] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.253] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.253] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.253] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.253] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.253] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.253] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.253] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.253] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.253] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.253] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.253] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.253] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.254] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.254] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.254] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.254] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.254] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.254] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.254] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.254] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json") returned 159 [0043.254] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.254] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.254] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json") returned 159 [0043.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x67ca98 [0043.254] lstrcpyW (in: lpString1=0x67ca98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" [0043.254] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.282] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.282] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.282] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.282] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\LOLKEK.txt") returned 156 [0043.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.282] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.282] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.283] CloseHandle (hObject=0x174) returned 1 [0043.283] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.283] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="et", cAlternateFileName="")) returned 1 [0043.283] lstrcmpiW (lpString1="et", lpString2="Windows") returned -1 [0043.283] lstrcmpiW (lpString1="et", lpString2="Program Files") returned -1 [0043.283] lstrcmpiW (lpString1="et", lpString2="Program Files (x86)") returned -1 [0043.283] lstrcmpiW (lpString1="et", lpString2="$Recycle.bin") returned 1 [0043.283] lstrcmpiW (lpString1="et", lpString2="System Volume Information") returned -1 [0043.283] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0043.283] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0043.283] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned 141 [0043.283] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.283] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" [0043.283] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*" [0043.283] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.284] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.284] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.284] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.284] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.284] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.284] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.284] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.284] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.284] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.284] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.284] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.284] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.284] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.284] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.284] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.284] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.284] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.284] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.284] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.284] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.284] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.284] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.284] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json") returned 155 [0043.284] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.284] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.284] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json") returned 155 [0043.284] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb5750 [0043.284] lstrcpyW (in: lpString1=0x3cb5750, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" [0043.284] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.289] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.289] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.289] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.289] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\LOLKEK.txt") returned 152 [0043.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.290] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.290] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.290] CloseHandle (hObject=0x174) returned 1 [0043.290] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.290] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0043.290] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0043.290] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0043.290] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0043.290] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0043.290] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0043.290] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0043.290] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0043.290] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned 141 [0043.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.290] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" [0043.290] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*" [0043.291] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.291] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.291] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.291] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.291] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.291] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.291] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.291] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.291] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.291] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.291] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.291] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.291] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.291] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.291] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.291] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.291] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.291] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.291] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.291] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.291] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.291] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.291] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.291] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json") returned 155 [0043.291] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.291] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.291] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json") returned 155 [0043.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb59d8 [0043.291] lstrcpyW (in: lpString1=0x3cb59d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" [0043.291] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.295] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.295] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.295] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.295] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\LOLKEK.txt") returned 152 [0043.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.296] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.296] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.296] CloseHandle (hObject=0x174) returned 1 [0043.296] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.296] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0043.296] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0043.296] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0043.296] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0043.296] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0043.296] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0043.296] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0043.296] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0043.296] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned 142 [0043.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.297] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" [0043.297] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*" [0043.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.300] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.300] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.300] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.300] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.300] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.300] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.300] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.300] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.300] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.300] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.300] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.300] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.300] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.300] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.300] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.300] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.300] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.300] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.300] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.300] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.300] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.300] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.300] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json") returned 156 [0043.300] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.300] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.301] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json") returned 156 [0043.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x67cd20 [0043.301] lstrcpyW (in: lpString1=0x67cd20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" [0043.301] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.301] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.301] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.301] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.301] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\LOLKEK.txt") returned 153 [0043.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.301] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.301] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.302] CloseHandle (hObject=0x190) returned 1 [0043.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.302] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0043.302] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0043.302] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0043.302] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0043.302] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0043.302] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0043.302] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0043.302] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0043.302] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned 141 [0043.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.302] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" [0043.302] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*" [0043.302] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.302] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.302] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.302] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.302] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.302] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.302] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.302] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.302] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.302] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.302] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.303] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.303] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.303] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.303] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.303] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.303] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.303] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.303] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.303] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.303] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.303] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.303] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.303] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json") returned 155 [0043.303] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.303] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.303] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json") returned 155 [0043.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb5c60 [0043.303] lstrcpyW (in: lpString1=0x3cb5c60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" [0043.303] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.307] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.307] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.307] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.307] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\LOLKEK.txt") returned 152 [0043.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.307] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.307] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.308] CloseHandle (hObject=0x190) returned 1 [0043.308] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.308] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="he", cAlternateFileName="")) returned 1 [0043.308] lstrcmpiW (lpString1="he", lpString2="Windows") returned -1 [0043.308] lstrcmpiW (lpString1="he", lpString2="Program Files") returned -1 [0043.308] lstrcmpiW (lpString1="he", lpString2="Program Files (x86)") returned -1 [0043.308] lstrcmpiW (lpString1="he", lpString2="$Recycle.bin") returned 1 [0043.308] lstrcmpiW (lpString1="he", lpString2="System Volume Information") returned -1 [0043.308] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0043.308] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0043.308] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned 141 [0043.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.308] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" [0043.308] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*" [0043.308] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.314] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.314] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.314] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.314] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.314] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.314] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.314] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.314] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.314] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.314] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.314] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.314] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.314] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.314] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.314] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.314] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.314] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.314] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.314] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.314] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.314] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.314] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.314] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json") returned 155 [0043.314] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.314] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.314] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json") returned 155 [0043.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb5ee8 [0043.314] lstrcpyW (in: lpString1=0x3cb5ee8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" [0043.314] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.314] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.314] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.315] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.315] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\LOLKEK.txt") returned 152 [0043.315] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.315] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.315] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.315] CloseHandle (hObject=0x174) returned 1 [0043.316] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.316] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0043.316] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0043.316] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0043.316] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0043.316] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0043.316] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0043.316] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0043.316] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0043.316] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned 141 [0043.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.316] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" [0043.316] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*" [0043.316] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.316] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.316] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.316] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.316] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.316] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.316] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.316] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.316] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.316] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.316] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.316] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.316] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.316] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.316] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.316] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.316] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.316] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.316] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.316] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.316] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.316] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.316] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.316] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json") returned 155 [0043.316] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.316] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.316] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json") returned 155 [0043.317] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb6170 [0043.317] lstrcpyW (in: lpString1=0x3cb6170, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" [0043.317] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.320] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.320] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.320] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.320] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\LOLKEK.txt") returned 152 [0043.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.321] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.321] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.322] CloseHandle (hObject=0x174) returned 1 [0043.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.322] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0043.322] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0043.322] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0043.322] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0043.322] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0043.322] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0043.322] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0043.322] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0043.322] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned 141 [0043.322] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.322] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" [0043.322] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*" [0043.322] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.325] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.325] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.325] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.325] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.325] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.325] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.325] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.325] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.325] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.325] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.325] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.325] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.325] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.325] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.325] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.325] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.325] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.325] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.325] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.325] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.325] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.325] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.325] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json") returned 155 [0043.325] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.325] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.325] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json") returned 155 [0043.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb63f8 [0043.326] lstrcpyW (in: lpString1=0x3cb63f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" [0043.326] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.328] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.328] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.329] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.329] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\LOLKEK.txt") returned 152 [0043.329] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.329] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.329] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.330] CloseHandle (hObject=0x174) returned 1 [0043.330] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.330] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0043.330] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0043.330] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0043.330] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0043.330] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0043.330] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0043.330] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0043.330] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0043.330] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned 141 [0043.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.330] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" [0043.330] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*" [0043.330] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.330] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.330] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.330] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.330] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.330] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.330] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.330] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.330] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.330] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.330] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.330] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.330] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.330] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.330] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.330] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.330] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.330] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.331] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.331] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.331] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.331] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.331] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.331] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json") returned 155 [0043.331] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.331] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.331] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json") returned 155 [0043.331] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb6680 [0043.331] lstrcpyW (in: lpString1=0x3cb6680, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" [0043.331] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.334] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.334] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.334] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.335] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\LOLKEK.txt") returned 152 [0043.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.335] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.335] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.336] CloseHandle (hObject=0x174) returned 1 [0043.336] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.336] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0043.336] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0043.336] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0043.336] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0043.336] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0043.336] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0043.336] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0043.336] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0043.336] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned 141 [0043.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.336] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" [0043.336] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*" [0043.336] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.340] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.340] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.340] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.340] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.340] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.340] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.340] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.340] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.340] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.340] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.340] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.340] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.340] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.340] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.340] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.340] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.340] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.340] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.340] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.340] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.340] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.340] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.340] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json") returned 155 [0043.340] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.340] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.340] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json") returned 155 [0043.340] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb6908 [0043.340] lstrcpyW (in: lpString1=0x3cb6908, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" [0043.340] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.341] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.341] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.341] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.341] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\LOLKEK.txt") returned 152 [0043.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.341] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.341] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.342] CloseHandle (hObject=0x234) returned 1 [0043.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.342] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0043.342] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0043.342] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0043.342] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0043.342] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0043.342] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0043.342] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0043.342] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0043.342] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned 141 [0043.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.342] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" [0043.342] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*" [0043.342] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.342] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.342] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.342] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.342] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.342] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.342] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.342] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.342] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.342] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.342] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.342] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.342] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.342] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.342] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.343] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.343] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.343] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.343] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.343] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.343] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.343] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.343] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.343] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json") returned 155 [0043.343] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.343] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.343] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json") returned 155 [0043.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb6b90 [0043.343] lstrcpyW (in: lpString1=0x3cb6b90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" [0043.343] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.348] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.349] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.349] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.349] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\LOLKEK.txt") returned 152 [0043.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.349] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.349] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.350] CloseHandle (hObject=0x234) returned 1 [0043.350] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.350] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0043.350] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0043.350] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0043.350] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0043.350] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0043.350] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0043.350] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0043.350] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0043.350] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned 141 [0043.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.350] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" [0043.350] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*" [0043.350] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.353] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.353] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.353] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.353] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.353] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.353] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.353] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.353] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.353] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.353] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.353] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.354] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.354] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.354] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.354] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.354] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.354] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.354] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.354] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.354] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.354] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.354] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.354] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json") returned 155 [0043.354] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.354] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.354] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json") returned 155 [0043.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb6e18 [0043.354] lstrcpyW (in: lpString1=0x3cb6e18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" [0043.354] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.354] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.354] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.354] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.354] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\LOLKEK.txt") returned 152 [0043.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.354] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.354] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.355] CloseHandle (hObject=0x190) returned 1 [0043.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.355] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0043.355] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0043.355] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0043.355] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0043.355] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0043.355] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0043.355] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0043.355] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0043.355] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned 141 [0043.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.355] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" [0043.355] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*" [0043.355] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.356] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.356] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.356] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.356] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.356] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.356] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.356] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.356] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.356] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.356] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.356] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.356] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.356] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.356] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.356] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.356] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.356] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.356] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.356] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.356] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.356] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.356] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.356] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json") returned 155 [0043.356] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.356] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.356] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json") returned 155 [0043.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb70a0 [0043.356] lstrcpyW (in: lpString1=0x3cb70a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" [0043.356] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.361] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.361] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.361] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.361] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\LOLKEK.txt") returned 152 [0043.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.362] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.362] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.362] CloseHandle (hObject=0x190) returned 1 [0043.362] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.362] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0043.362] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0043.362] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0043.362] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0043.362] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0043.362] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0043.362] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0043.362] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0043.362] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned 141 [0043.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.362] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" [0043.362] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*" [0043.363] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.366] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.366] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.366] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.366] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.366] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.366] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.366] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.366] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.366] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.366] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.366] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.366] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.366] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.366] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.366] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.366] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.366] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.366] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.366] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.366] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.366] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.366] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.367] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json") returned 155 [0043.367] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.367] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.367] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json") returned 155 [0043.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb7328 [0043.367] lstrcpyW (in: lpString1=0x3cb7328, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" [0043.367] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.367] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.367] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.367] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.367] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\LOLKEK.txt") returned 152 [0043.367] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.367] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.367] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.368] CloseHandle (hObject=0x234) returned 1 [0043.368] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.368] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ms", cAlternateFileName="")) returned 1 [0043.368] lstrcmpiW (lpString1="ms", lpString2="Windows") returned -1 [0043.368] lstrcmpiW (lpString1="ms", lpString2="Program Files") returned -1 [0043.368] lstrcmpiW (lpString1="ms", lpString2="Program Files (x86)") returned -1 [0043.368] lstrcmpiW (lpString1="ms", lpString2="$Recycle.bin") returned 1 [0043.368] lstrcmpiW (lpString1="ms", lpString2="System Volume Information") returned -1 [0043.368] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0043.368] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0043.368] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned 141 [0043.368] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.368] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" [0043.368] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*" [0043.368] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.368] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.368] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.368] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.368] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.368] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.368] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.368] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.369] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.369] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.369] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.369] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.369] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.369] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.369] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.369] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.369] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.369] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.369] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.369] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.369] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.369] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.369] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.369] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json") returned 155 [0043.369] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.369] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.369] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json") returned 155 [0043.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb7d00 [0043.369] lstrcpyW (in: lpString1=0x3eb7d00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" [0043.369] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.373] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.373] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.373] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.373] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\LOLKEK.txt") returned 152 [0043.373] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.374] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.374] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.374] CloseHandle (hObject=0x234) returned 1 [0043.375] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.375] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0043.375] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0043.375] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0043.375] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0043.375] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0043.375] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0043.375] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0043.375] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0043.375] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned 141 [0043.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.375] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" [0043.375] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*" [0043.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.378] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.378] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.378] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.378] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.378] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.378] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.378] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.378] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.379] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.379] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.379] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.379] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.379] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.379] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.379] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.379] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.379] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.379] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.379] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.379] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.379] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.379] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.379] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json") returned 155 [0043.379] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.379] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.379] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json") returned 155 [0043.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb7f88 [0043.379] lstrcpyW (in: lpString1=0x3eb7f88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" [0043.379] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.379] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.379] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.379] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.379] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\LOLKEK.txt") returned 152 [0043.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.379] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.379] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.380] CloseHandle (hObject=0x174) returned 1 [0043.380] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.380] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="no", cAlternateFileName="")) returned 1 [0043.380] lstrcmpiW (lpString1="no", lpString2="Windows") returned -1 [0043.380] lstrcmpiW (lpString1="no", lpString2="Program Files") returned -1 [0043.380] lstrcmpiW (lpString1="no", lpString2="Program Files (x86)") returned -1 [0043.380] lstrcmpiW (lpString1="no", lpString2="$Recycle.bin") returned 1 [0043.380] lstrcmpiW (lpString1="no", lpString2="System Volume Information") returned -1 [0043.380] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0043.380] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0043.380] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned 141 [0043.380] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.380] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" [0043.380] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*" [0043.380] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.381] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.381] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.381] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.381] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.381] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.381] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.381] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.381] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.381] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.381] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.381] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.381] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.381] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.381] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.381] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.381] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.381] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.381] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.381] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.381] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.381] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.381] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.381] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json") returned 155 [0043.381] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.381] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.381] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json") returned 155 [0043.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb8210 [0043.381] lstrcpyW (in: lpString1=0x3eb8210, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" [0043.381] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.385] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.385] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.385] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.385] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\LOLKEK.txt") returned 152 [0043.385] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.386] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.386] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.386] CloseHandle (hObject=0x174) returned 1 [0043.386] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.386] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0043.386] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0043.386] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0043.386] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0043.386] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0043.386] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0043.386] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0043.386] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0043.387] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned 141 [0043.387] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.387] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" [0043.387] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*" [0043.387] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.393] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.393] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.393] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.393] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.393] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.393] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.393] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.393] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.393] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.393] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.393] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.393] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.393] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.393] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.394] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.394] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.394] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.394] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.394] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.394] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.394] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.394] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.394] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json") returned 155 [0043.394] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.394] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.394] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json") returned 155 [0043.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb8498 [0043.394] lstrcpyW (in: lpString1=0x3eb8498, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" [0043.394] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.394] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.394] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.394] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.394] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\LOLKEK.txt") returned 152 [0043.394] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.394] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.394] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.395] CloseHandle (hObject=0x234) returned 1 [0043.395] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.395] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0043.395] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0043.395] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0043.395] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0043.395] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0043.395] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0043.395] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0043.395] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0043.395] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned 144 [0043.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.395] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" [0043.395] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*" [0043.395] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.395] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.395] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.395] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.395] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.395] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.396] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.396] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.396] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.396] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.396] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.396] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.396] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.396] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.396] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.396] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.396] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.396] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.396] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.396] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.396] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.396] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.396] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.396] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json") returned 158 [0043.396] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.396] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.396] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json") returned 158 [0043.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x67cfa0 [0043.396] lstrcpyW (in: lpString1=0x67cfa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" [0043.396] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.400] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.400] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.400] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.400] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\LOLKEK.txt") returned 155 [0043.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.401] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.401] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.401] CloseHandle (hObject=0x234) returned 1 [0043.401] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.401] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0043.401] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0043.402] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0043.402] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0043.402] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0043.402] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0043.402] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0043.402] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0043.402] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned 144 [0043.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.402] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" [0043.402] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*" [0043.402] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.402] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.402] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.402] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.403] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.403] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.403] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.403] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.403] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.403] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.403] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.403] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.403] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.403] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.403] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.403] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.403] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.403] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.403] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.403] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.403] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.403] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.403] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.403] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json") returned 158 [0043.403] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.403] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.403] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json") returned 158 [0043.403] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x61b5c0 [0043.403] lstrcpyW (in: lpString1=0x61b5c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" [0043.403] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.406] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.406] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.406] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.406] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\LOLKEK.txt") returned 155 [0043.406] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.406] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.406] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.407] CloseHandle (hObject=0x234) returned 1 [0043.407] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.407] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0043.407] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0043.407] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0043.407] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0043.407] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0043.407] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0043.407] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0043.407] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0043.407] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned 141 [0043.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.407] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" [0043.407] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*" [0043.407] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.408] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.408] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.408] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.408] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.408] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.408] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.408] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.408] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.408] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.408] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.408] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.408] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.408] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.408] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.408] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.408] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.408] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.408] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.408] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.408] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.408] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.408] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.408] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json") returned 155 [0043.408] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.408] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.408] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json") returned 155 [0043.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb8720 [0043.408] lstrcpyW (in: lpString1=0x3eb8720, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" [0043.408] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.412] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.412] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.412] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.413] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\LOLKEK.txt") returned 152 [0043.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.413] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.413] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.414] CloseHandle (hObject=0x234) returned 1 [0043.414] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.414] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0043.414] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0043.414] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0043.414] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0043.414] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0043.414] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0043.414] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0043.414] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0043.414] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned 141 [0043.414] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.414] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" [0043.414] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*" [0043.414] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.419] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.419] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.419] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.419] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.419] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.419] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.419] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.419] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.419] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.419] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.419] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.419] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.419] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.419] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.419] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.419] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.419] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.419] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.419] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.419] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.419] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.419] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.419] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json") returned 155 [0043.419] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.419] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.419] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json") returned 155 [0043.419] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb89a8 [0043.419] lstrcpyW (in: lpString1=0x3eb89a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" [0043.419] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.419] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.419] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.419] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.420] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\LOLKEK.txt") returned 152 [0043.420] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.420] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.420] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.420] CloseHandle (hObject=0x174) returned 1 [0043.421] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.421] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0043.421] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0043.421] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0043.421] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0043.421] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0043.421] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0043.421] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0043.421] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0043.421] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned 141 [0043.421] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.421] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" [0043.421] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*" [0043.421] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.421] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.421] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.421] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.421] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.421] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.421] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.421] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.421] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.421] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.421] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.421] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.421] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.421] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.421] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.421] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.421] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.421] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.421] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.421] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.421] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.421] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.422] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.422] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json") returned 155 [0043.422] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.422] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.422] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json") returned 155 [0043.422] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb8c30 [0043.422] lstrcpyW (in: lpString1=0x3eb8c30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" [0043.422] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.428] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.428] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.428] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.428] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\LOLKEK.txt") returned 152 [0043.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.428] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.428] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.429] CloseHandle (hObject=0x174) returned 1 [0043.429] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.429] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0043.429] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0043.429] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0043.429] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0043.429] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0043.429] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0043.429] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0043.429] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0043.429] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl") returned 141 [0043.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.429] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl" [0043.429] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*" [0043.429] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.430] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.430] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.430] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.430] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.430] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.430] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.430] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.430] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.430] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.430] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.430] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.430] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.430] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.430] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.430] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.430] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.430] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.430] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.430] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.430] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.430] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.430] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.430] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json") returned 155 [0043.430] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.430] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.430] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json") returned 155 [0043.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb8eb8 [0043.430] lstrcpyW (in: lpString1=0x3eb8eb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" [0043.430] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.434] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.434] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.434] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.434] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\LOLKEK.txt") returned 152 [0043.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.434] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.434] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.435] CloseHandle (hObject=0x174) returned 1 [0043.435] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.435] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0043.435] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0043.435] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0043.435] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0043.435] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0043.435] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0043.435] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0043.435] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0043.435] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr") returned 141 [0043.435] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.435] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr" [0043.435] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*" [0043.435] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.436] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.436] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.436] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.436] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.436] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.436] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.436] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.436] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.436] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.436] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.436] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.436] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.436] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.436] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.436] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.436] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.436] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.436] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.436] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.436] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.436] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.436] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.436] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json") returned 155 [0043.436] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.436] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.436] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json") returned 155 [0043.436] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb9140 [0043.436] lstrcpyW (in: lpString1=0x3eb9140, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" [0043.436] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.440] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.440] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.440] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.440] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\LOLKEK.txt") returned 152 [0043.440] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0043.440] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.441] WriteFile (in: hFile=0x174, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.441] CloseHandle (hObject=0x174) returned 1 [0043.441] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.441] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sv", cAlternateFileName="")) returned 1 [0043.441] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0043.441] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0043.441] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0043.441] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0043.441] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0043.441] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0043.441] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0043.441] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv") returned 141 [0043.441] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.441] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv" [0043.441] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*" [0043.442] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.446] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.446] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.446] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.446] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.446] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.446] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.446] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.446] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.446] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.446] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.446] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.446] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.446] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.446] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.446] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.446] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.446] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.446] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.446] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.446] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.446] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.446] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.446] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json") returned 155 [0043.446] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.446] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.446] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json") returned 155 [0043.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb93c8 [0043.446] lstrcpyW (in: lpString1=0x3eb93c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" [0043.446] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.446] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.446] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.446] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.446] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\LOLKEK.txt") returned 152 [0043.446] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.447] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.447] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.447] CloseHandle (hObject=0x190) returned 1 [0043.447] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.447] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0043.447] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0043.448] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0043.448] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0043.448] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0043.448] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0043.448] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0043.448] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0043.448] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th") returned 141 [0043.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.448] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th" [0043.448] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*" [0043.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.448] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.448] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.448] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.448] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.448] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.448] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.448] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.448] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.448] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.448] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.448] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.448] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.448] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.448] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.448] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.448] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.448] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.448] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.448] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.448] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.448] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.448] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.448] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json") returned 155 [0043.448] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.448] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.448] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json") returned 155 [0043.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb9650 [0043.448] lstrcpyW (in: lpString1=0x3eb9650, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" [0043.448] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.456] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.456] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.456] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\LOLKEK.txt") returned 152 [0043.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.456] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.456] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.457] CloseHandle (hObject=0x190) returned 1 [0043.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.457] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0043.457] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0043.457] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0043.457] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0043.457] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0043.457] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0043.457] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0043.457] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0043.457] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr") returned 141 [0043.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.457] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr" [0043.457] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*" [0043.458] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.462] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.462] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.462] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.462] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.462] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.462] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.462] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.462] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.462] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.462] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.462] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.462] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.462] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.462] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.462] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.462] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.462] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.462] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.462] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.462] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.462] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.462] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.462] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json") returned 155 [0043.462] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.462] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.462] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json") returned 155 [0043.462] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb98d8 [0043.462] lstrcpyW (in: lpString1=0x3eb98d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" [0043.462] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.462] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.462] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.462] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.463] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\LOLKEK.txt") returned 152 [0043.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.463] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.463] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.464] CloseHandle (hObject=0x190) returned 1 [0043.464] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.464] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0043.464] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0043.464] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0043.464] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0043.464] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0043.464] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0043.464] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0043.464] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0043.464] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk") returned 141 [0043.464] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.464] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk" [0043.464] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*" [0043.464] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.464] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.464] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.464] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.464] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.464] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.464] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.464] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.464] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.464] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.464] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.464] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.464] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.464] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.464] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.464] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.464] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.464] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.464] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.464] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.464] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.465] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.465] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.465] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json") returned 155 [0043.465] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.465] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.465] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json") returned 155 [0043.465] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb9b60 [0043.465] lstrcpyW (in: lpString1=0x3eb9b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" [0043.465] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.468] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.468] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.468] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.468] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\LOLKEK.txt") returned 152 [0043.468] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.468] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.468] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.469] CloseHandle (hObject=0x190) returned 1 [0043.469] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.469] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0043.469] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0043.469] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0043.469] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0043.469] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0043.469] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0043.469] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0043.469] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0043.469] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi") returned 141 [0043.469] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.469] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi" [0043.469] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*" [0043.469] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.473] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.473] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.473] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.473] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.473] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.473] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.473] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.473] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.473] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.473] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.473] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.473] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.473] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.473] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.473] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.473] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.473] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.473] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.473] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.473] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.473] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.473] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.473] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json") returned 155 [0043.473] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.473] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.473] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json") returned 155 [0043.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb9de8 [0043.473] lstrcpyW (in: lpString1=0x3eb9de8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" [0043.473] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.473] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.473] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.473] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.473] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\LOLKEK.txt") returned 152 [0043.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.474] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.474] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.474] CloseHandle (hObject=0x234) returned 1 [0043.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.474] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0043.474] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0043.474] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0043.474] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0043.474] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0043.474] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0043.474] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0043.474] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0043.474] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN") returned 144 [0043.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.474] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN" [0043.475] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*" [0043.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.475] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.475] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.475] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.475] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.475] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.475] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.475] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.475] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.475] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.475] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.475] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.475] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.475] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.475] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.475] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.475] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.475] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.475] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.475] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.475] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.475] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.475] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.475] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json") returned 158 [0043.475] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.475] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.475] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json") returned 158 [0043.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x618490 [0043.475] lstrcpyW (in: lpString1=0x618490, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" [0043.475] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.478] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.478] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.478] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.478] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\LOLKEK.txt") returned 155 [0043.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.478] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.478] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.479] CloseHandle (hObject=0x234) returned 1 [0043.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.479] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0043.479] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0043.479] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0043.479] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0043.479] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0043.479] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0043.479] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0043.479] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0043.479] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW") returned 144 [0043.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0043.479] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW" [0043.479] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*" [0043.480] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.480] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.480] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.480] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.480] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.480] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.480] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.480] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.480] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.480] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.480] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.480] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.480] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.480] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.480] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.480] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.480] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.481] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.481] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.481] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.481] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.481] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.481] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.481] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json") returned 158 [0043.481] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.481] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.481] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json") returned 158 [0043.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3eba070 [0043.481] lstrcpyW (in: lpString1=0x3eba070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" [0043.481] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.489] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.489] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.489] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.489] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\LOLKEK.txt") returned 155 [0043.489] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.490] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.490] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.490] CloseHandle (hObject=0x234) returned 1 [0043.490] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0043.490] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0043.490] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0043.490] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\LOLKEK.txt") returned 149 [0043.490] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0043.491] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.491] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0043.491] CloseHandle (hObject=0x23c) returned 1 [0043.491] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0043.491] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0043.491] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0043.491] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0043.491] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0043.491] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0043.491] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0043.491] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0043.491] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0043.491] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata") returned 139 [0043.491] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0043.491] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata" [0043.491] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*" [0043.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0043.494] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.494] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.494] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.494] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.494] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.494] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.494] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.494] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.494] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.494] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.494] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.494] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.494] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.494] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.495] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0043.495] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Windows") returned -1 [0043.495] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files") returned -1 [0043.495] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files (x86)") returned -1 [0043.495] lstrcmpiW (lpString1="computed_hashes.json", lpString2="$Recycle.bin") returned 1 [0043.495] lstrcmpiW (lpString1="computed_hashes.json", lpString2="System Volume Information") returned -1 [0043.495] lstrcmpiW (lpString1="computed_hashes.json", lpString2=".") returned 1 [0043.495] lstrcmpiW (lpString1="computed_hashes.json", lpString2="..") returned 1 [0043.495] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json") returned 160 [0043.495] StrStrIW (lpFirst="computed_hashes.json", lpSrch=".lolkek") returned 0x0 [0043.495] lstrcmpW (lpString1="computed_hashes.json", lpString2="LOLKEK.txt") returned -1 [0043.495] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json") returned 160 [0043.495] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x618718 [0043.495] lstrcpyW (in: lpString1=0x618718, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" [0043.495] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.495] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.495] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0043.495] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0043.495] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0043.495] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0043.495] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0043.495] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0043.495] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0043.495] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0043.495] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json") returned 162 [0043.495] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0043.495] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0043.495] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json") returned 162 [0043.495] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ebfd08 [0043.495] lstrcpyW (in: lpString1=0x3ebfd08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" [0043.495] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.499] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.499] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0043.499] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0043.499] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\LOLKEK.txt") returned 150 [0043.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.504] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.504] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0043.504] CloseHandle (hObject=0x234) returned 1 [0043.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0043.504] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0043.504] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0043.504] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\LOLKEK.txt") returned 140 [0043.505] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0043.505] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.505] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0043.505] CloseHandle (hObject=0x1b4) returned 1 [0043.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0043.507] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0043.507] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0043.507] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\LOLKEK.txt") returned 134 [0043.507] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0043.508] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.508] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0043.508] CloseHandle (hObject=0x270) returned 1 [0043.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0043.508] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="apdfllckaahabafndbhieahigkjlhalf", cAlternateFileName="APDFLL~1")) returned 1 [0043.508] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2="Windows") returned -1 [0043.508] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2="Program Files") returned -1 [0043.508] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2="Program Files (x86)") returned -1 [0043.508] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2="$Recycle.bin") returned 1 [0043.508] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2="System Volume Information") returned -1 [0043.508] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2=".") returned 1 [0043.509] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2="..") returned 1 [0043.509] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf") returned 123 [0043.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0043.509] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf" [0043.509] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*" [0043.509] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0043.509] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.509] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.509] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.509] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.509] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.509] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.509] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.509] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.509] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.509] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.509] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.509] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.509] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.509] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.509] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="14.1_0", cAlternateFileName="")) returned 1 [0043.509] lstrcmpiW (lpString1="14.1_0", lpString2="Windows") returned -1 [0043.509] lstrcmpiW (lpString1="14.1_0", lpString2="Program Files") returned -1 [0043.509] lstrcmpiW (lpString1="14.1_0", lpString2="Program Files (x86)") returned -1 [0043.509] lstrcmpiW (lpString1="14.1_0", lpString2="$Recycle.bin") returned 1 [0043.509] lstrcmpiW (lpString1="14.1_0", lpString2="System Volume Information") returned -1 [0043.509] lstrcmpiW (lpString1="14.1_0", lpString2=".") returned 1 [0043.509] lstrcmpiW (lpString1="14.1_0", lpString2="..") returned 1 [0043.509] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0") returned 130 [0043.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0043.510] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" [0043.510] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*" [0043.510] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0043.520] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.520] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.520] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.520] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.520] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.520] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.520] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.520] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.520] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.520] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.520] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.521] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.521] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.521] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.521] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a33, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="128.png", cAlternateFileName="")) returned 1 [0043.521] lstrcmpiW (lpString1="128.png", lpString2="Windows") returned -1 [0043.521] lstrcmpiW (lpString1="128.png", lpString2="Program Files") returned -1 [0043.521] lstrcmpiW (lpString1="128.png", lpString2="Program Files (x86)") returned -1 [0043.521] lstrcmpiW (lpString1="128.png", lpString2="$Recycle.bin") returned 1 [0043.521] lstrcmpiW (lpString1="128.png", lpString2="System Volume Information") returned -1 [0043.521] lstrcmpiW (lpString1="128.png", lpString2=".") returned 1 [0043.521] lstrcmpiW (lpString1="128.png", lpString2="..") returned 1 [0043.521] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png") returned 138 [0043.521] StrStrIW (lpFirst="128.png", lpSrch=".lolkek") returned 0x0 [0043.521] lstrcmpW (lpString1="128.png", lpString2="LOLKEK.txt") returned -1 [0043.521] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png") returned 138 [0043.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22c) returned 0x66d1d8 [0043.521] lstrcpyW (in: lpString1=0x66d1d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" [0043.521] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.521] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.521] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8716c790, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0043.521] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0043.521] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0043.521] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0043.521] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0043.521] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0043.521] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0043.521] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0043.521] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json") returned 144 [0043.521] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0043.521] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0043.521] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json") returned 144 [0043.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x244) returned 0x66d410 [0043.521] lstrcpyW (in: lpString1=0x66d410, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" [0043.521] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.521] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.521] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0043.521] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0043.521] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0043.521] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0043.521] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0043.521] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0043.521] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0043.521] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0043.521] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 139 [0043.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0043.521] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales" [0043.521] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*" [0043.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0043.524] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.524] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.524] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.524] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.524] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.524] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.524] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.524] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.524] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.524] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.524] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.524] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.524] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.524] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.524] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ar", cAlternateFileName="")) returned 1 [0043.524] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0043.524] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0043.524] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0043.524] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0043.524] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0043.525] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0043.525] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0043.525] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar") returned 142 [0043.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.525] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar" [0043.525] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*" [0043.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.525] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.525] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.525] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.525] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.525] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.525] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.525] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.525] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.525] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.525] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.526] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.526] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.526] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.526] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.526] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.526] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.526] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.526] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.526] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.526] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.526] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.526] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.526] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json") returned 156 [0043.526] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.526] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.526] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json") returned 156 [0043.526] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x66d660 [0043.526] lstrcpyW (in: lpString1=0x66d660, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" [0043.526] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.526] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.526] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.526] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.526] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\LOLKEK.txt") returned 153 [0043.526] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.526] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.526] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.527] CloseHandle (hObject=0x234) returned 1 [0043.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.527] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0043.527] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0043.527] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0043.527] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0043.527] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0043.527] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0043.527] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0043.527] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0043.527] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg") returned 142 [0043.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.527] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg" [0043.527] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*" [0043.527] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.528] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.528] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.528] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.528] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.528] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.528] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.528] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.528] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.528] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.528] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.528] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.528] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.528] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.528] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.528] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.528] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.528] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.528] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.529] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.529] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.529] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.529] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.529] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json") returned 156 [0043.529] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.529] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.529] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json") returned 156 [0043.529] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x66d8e0 [0043.529] lstrcpyW (in: lpString1=0x66d8e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" [0043.529] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.530] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.530] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.530] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.530] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\LOLKEK.txt") returned 153 [0043.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.531] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.531] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.531] CloseHandle (hObject=0x234) returned 1 [0043.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.531] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0043.531] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0043.531] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0043.531] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0043.531] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0043.531] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0043.531] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0043.531] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0043.531] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca") returned 142 [0043.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.531] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca" [0043.531] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*" [0043.531] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.532] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.532] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.532] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.532] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.532] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.532] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.532] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.532] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.532] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.532] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.532] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.532] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.532] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.532] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.532] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.532] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.532] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.532] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.532] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.532] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.532] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.532] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.532] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json") returned 156 [0043.532] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.532] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.532] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json") returned 156 [0043.532] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x60dd88 [0043.532] lstrcpyW (in: lpString1=0x60dd88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" [0043.532] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.542] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.542] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.542] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.542] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\LOLKEK.txt") returned 153 [0043.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.542] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.542] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.543] CloseHandle (hObject=0x234) returned 1 [0043.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.543] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0043.543] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0043.543] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0043.543] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0043.543] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0043.543] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0043.543] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0043.543] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0043.543] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs") returned 142 [0043.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.543] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs" [0043.543] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*" [0043.544] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.546] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.546] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.546] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.546] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.546] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.546] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.546] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.546] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.546] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.546] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.546] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.546] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.546] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.546] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.546] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.546] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.546] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.546] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.546] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.546] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.546] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.546] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.546] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json") returned 156 [0043.546] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.546] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.546] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json") returned 156 [0043.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x60e008 [0043.546] lstrcpyW (in: lpString1=0x60e008, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" [0043.546] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.546] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.546] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.546] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.546] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\LOLKEK.txt") returned 153 [0043.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.547] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.547] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.547] CloseHandle (hObject=0x234) returned 1 [0043.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.548] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0043.548] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0043.548] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0043.548] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0043.548] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0043.548] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0043.548] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0043.548] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0043.548] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da") returned 142 [0043.548] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.548] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da" [0043.548] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*" [0043.548] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.548] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.548] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.548] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.548] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.548] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.548] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.548] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.548] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.548] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.548] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.548] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.548] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.548] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.548] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.548] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.548] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.548] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.548] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.548] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.548] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.548] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.549] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.549] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json") returned 156 [0043.549] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.549] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.549] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json") returned 156 [0043.549] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x60e288 [0043.549] lstrcpyW (in: lpString1=0x60e288, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" [0043.549] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.555] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.555] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.555] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.555] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\LOLKEK.txt") returned 153 [0043.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.555] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.555] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.556] CloseHandle (hObject=0x234) returned 1 [0043.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.556] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0043.556] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0043.556] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0043.556] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0043.557] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0043.557] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0043.557] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0043.557] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0043.557] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de") returned 142 [0043.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.557] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de" [0043.557] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*" [0043.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.558] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.558] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.558] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.558] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.558] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.558] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.558] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.558] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.558] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.558] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.558] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.559] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.559] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.559] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.559] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.559] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.559] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.559] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.559] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.559] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.559] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.559] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json") returned 156 [0043.559] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.559] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.559] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json") returned 156 [0043.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x60e508 [0043.559] lstrcpyW (in: lpString1=0x60e508, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" [0043.559] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.559] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.559] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.559] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.559] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\LOLKEK.txt") returned 153 [0043.559] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.559] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.559] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.560] CloseHandle (hObject=0x234) returned 1 [0043.560] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.560] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0043.560] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0043.560] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0043.560] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0043.560] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0043.560] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0043.560] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0043.560] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0043.560] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el") returned 142 [0043.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.560] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el" [0043.560] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*" [0043.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.561] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.561] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.561] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.561] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.561] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.561] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.561] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.561] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.561] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.561] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.561] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.561] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.561] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.561] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.561] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.561] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.561] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.561] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.561] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.561] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.561] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.561] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.561] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json") returned 156 [0043.561] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.561] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.561] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json") returned 156 [0043.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x5eafc8 [0043.561] lstrcpyW (in: lpString1=0x5eafc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" [0043.561] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.568] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.568] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.568] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.568] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\LOLKEK.txt") returned 153 [0043.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.569] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.569] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.569] CloseHandle (hObject=0x234) returned 1 [0043.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.569] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_GB", cAlternateFileName="")) returned 1 [0043.569] lstrcmpiW (lpString1="en_GB", lpString2="Windows") returned -1 [0043.570] lstrcmpiW (lpString1="en_GB", lpString2="Program Files") returned -1 [0043.570] lstrcmpiW (lpString1="en_GB", lpString2="Program Files (x86)") returned -1 [0043.570] lstrcmpiW (lpString1="en_GB", lpString2="$Recycle.bin") returned 1 [0043.570] lstrcmpiW (lpString1="en_GB", lpString2="System Volume Information") returned -1 [0043.570] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0043.570] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0043.570] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB") returned 145 [0043.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.570] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB" [0043.570] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*" [0043.570] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.572] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.572] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.572] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.572] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.572] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.572] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.572] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.572] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.572] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.572] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.572] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.572] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.572] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.572] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.572] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.572] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.572] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.572] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.572] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.572] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.572] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.572] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.572] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json") returned 159 [0043.572] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.572] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.572] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json") returned 159 [0043.573] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eba2f8 [0043.573] lstrcpyW (in: lpString1=0x3eba2f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" [0043.573] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.573] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.573] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.573] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.573] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\LOLKEK.txt") returned 156 [0043.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.573] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.573] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.574] CloseHandle (hObject=0x234) returned 1 [0043.574] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.574] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_US", cAlternateFileName="")) returned 1 [0043.574] lstrcmpiW (lpString1="en_US", lpString2="Windows") returned -1 [0043.574] lstrcmpiW (lpString1="en_US", lpString2="Program Files") returned -1 [0043.574] lstrcmpiW (lpString1="en_US", lpString2="Program Files (x86)") returned -1 [0043.574] lstrcmpiW (lpString1="en_US", lpString2="$Recycle.bin") returned 1 [0043.574] lstrcmpiW (lpString1="en_US", lpString2="System Volume Information") returned -1 [0043.574] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0043.574] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0043.574] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US") returned 145 [0043.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.574] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US" [0043.574] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*" [0043.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.575] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.575] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.575] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.575] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.575] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.575] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.575] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.575] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.575] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.575] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.575] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.575] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.575] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.575] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.575] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.575] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.575] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.575] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.575] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.575] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.575] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.575] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.575] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json") returned 159 [0043.575] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.575] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.575] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json") returned 159 [0043.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eba580 [0043.575] lstrcpyW (in: lpString1=0x3eba580, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" [0043.575] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.581] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.581] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.581] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.581] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\LOLKEK.txt") returned 156 [0043.581] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.582] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.582] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.583] CloseHandle (hObject=0x234) returned 1 [0043.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.583] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0043.583] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0043.583] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0043.583] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0043.583] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0043.583] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0043.583] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0043.583] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0043.583] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es") returned 142 [0043.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.583] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es" [0043.583] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*" [0043.583] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.587] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.587] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.587] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.587] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.587] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.587] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.587] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.587] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.587] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.587] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.587] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.587] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.587] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.587] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.587] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.587] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.587] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.587] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.587] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.587] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.587] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.587] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json") returned 156 [0043.587] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.587] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.587] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json") returned 156 [0043.587] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x5eb248 [0043.587] lstrcpyW (in: lpString1=0x5eb248, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" [0043.587] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.587] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.587] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.588] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.588] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\LOLKEK.txt") returned 153 [0043.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.588] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.588] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.589] CloseHandle (hObject=0x234) returned 1 [0043.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.589] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es_419", cAlternateFileName="")) returned 1 [0043.589] lstrcmpiW (lpString1="es_419", lpString2="Windows") returned -1 [0043.589] lstrcmpiW (lpString1="es_419", lpString2="Program Files") returned -1 [0043.589] lstrcmpiW (lpString1="es_419", lpString2="Program Files (x86)") returned -1 [0043.589] lstrcmpiW (lpString1="es_419", lpString2="$Recycle.bin") returned 1 [0043.589] lstrcmpiW (lpString1="es_419", lpString2="System Volume Information") returned -1 [0043.589] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0043.589] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0043.589] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419") returned 146 [0043.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.589] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419" [0043.589] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*" [0043.589] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.589] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.589] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.589] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.589] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.589] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.589] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.589] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.589] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.589] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.589] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.589] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.589] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.589] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.589] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.589] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.589] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.589] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.589] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.589] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.589] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.589] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.590] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.590] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json") returned 160 [0043.590] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.590] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.590] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json") returned 160 [0043.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x5eb4c8 [0043.590] lstrcpyW (in: lpString1=0x5eb4c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" [0043.590] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.595] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.595] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.595] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.595] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\LOLKEK.txt") returned 157 [0043.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.596] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.596] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.596] CloseHandle (hObject=0x234) returned 1 [0043.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.596] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="et", cAlternateFileName="")) returned 1 [0043.596] lstrcmpiW (lpString1="et", lpString2="Windows") returned -1 [0043.596] lstrcmpiW (lpString1="et", lpString2="Program Files") returned -1 [0043.596] lstrcmpiW (lpString1="et", lpString2="Program Files (x86)") returned -1 [0043.596] lstrcmpiW (lpString1="et", lpString2="$Recycle.bin") returned 1 [0043.596] lstrcmpiW (lpString1="et", lpString2="System Volume Information") returned -1 [0043.596] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0043.596] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0043.596] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et") returned 142 [0043.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.596] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et" [0043.597] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*" [0043.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.599] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.599] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.599] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.599] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.599] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.599] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.599] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.599] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.599] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.599] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.599] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.599] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.599] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.599] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.599] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.599] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.599] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.599] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.599] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.599] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.599] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.599] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.599] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json") returned 156 [0043.599] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.599] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.599] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json") returned 156 [0043.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x5eb758 [0043.599] lstrcpyW (in: lpString1=0x5eb758, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" [0043.599] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.599] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.599] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.599] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.599] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\LOLKEK.txt") returned 153 [0043.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.600] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.600] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.600] CloseHandle (hObject=0x234) returned 1 [0043.600] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.600] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eu", cAlternateFileName="")) returned 1 [0043.600] lstrcmpiW (lpString1="eu", lpString2="Windows") returned -1 [0043.600] lstrcmpiW (lpString1="eu", lpString2="Program Files") returned -1 [0043.600] lstrcmpiW (lpString1="eu", lpString2="Program Files (x86)") returned -1 [0043.600] lstrcmpiW (lpString1="eu", lpString2="$Recycle.bin") returned 1 [0043.600] lstrcmpiW (lpString1="eu", lpString2="System Volume Information") returned -1 [0043.601] lstrcmpiW (lpString1="eu", lpString2=".") returned 1 [0043.601] lstrcmpiW (lpString1="eu", lpString2="..") returned 1 [0043.601] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu") returned 142 [0043.601] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.601] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu" [0043.601] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*" [0043.601] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.601] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.601] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.601] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.601] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.601] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.601] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.601] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.601] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.601] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.601] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.601] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.601] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.601] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.601] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.601] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.601] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.601] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.601] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.601] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.601] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.601] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.601] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.601] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json") returned 156 [0043.601] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.601] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.601] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json") returned 156 [0043.601] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x5eb9d8 [0043.601] lstrcpyW (in: lpString1=0x5eb9d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" [0043.601] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.607] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.607] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.607] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.607] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\LOLKEK.txt") returned 153 [0043.607] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.608] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.608] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.608] CloseHandle (hObject=0x234) returned 1 [0043.608] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.608] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0043.608] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0043.608] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0043.608] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0043.608] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0043.608] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0043.608] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0043.608] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0043.608] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi") returned 142 [0043.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.609] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi" [0043.609] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*" [0043.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.611] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.611] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.611] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.611] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.611] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.611] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.611] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.611] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.611] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.611] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.611] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.611] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.611] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.611] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.611] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.611] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.611] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.611] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.611] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.611] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.611] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.611] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.611] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json") returned 156 [0043.611] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.611] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.611] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json") returned 156 [0043.611] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3dd3cc8 [0043.611] lstrcpyW (in: lpString1=0x3dd3cc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" [0043.611] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.612] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.612] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.612] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.612] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\LOLKEK.txt") returned 153 [0043.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.612] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.612] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.613] CloseHandle (hObject=0x234) returned 1 [0043.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.613] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0043.613] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0043.613] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0043.613] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0043.613] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0043.613] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0043.613] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0043.613] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0043.613] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil") returned 143 [0043.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.613] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil" [0043.613] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*" [0043.613] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.613] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.613] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.613] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.613] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.613] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.613] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.613] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.613] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.613] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.613] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.613] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.613] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.613] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.613] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.613] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.613] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.613] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.613] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.613] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.614] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.614] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.614] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.614] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json") returned 157 [0043.614] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.614] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.614] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json") returned 157 [0043.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3dd3f48 [0043.614] lstrcpyW (in: lpString1=0x3dd3f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" [0043.614] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.619] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.619] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.619] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.619] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\LOLKEK.txt") returned 154 [0043.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.620] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.620] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.620] CloseHandle (hObject=0x234) returned 1 [0043.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.620] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0043.620] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0043.620] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0043.620] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0043.620] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0043.620] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0043.620] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0043.620] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0043.620] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr") returned 142 [0043.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.621] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr" [0043.621] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*" [0043.621] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.622] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.622] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.622] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.622] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.622] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.622] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.622] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.622] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.622] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.622] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.622] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.622] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.622] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.622] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.622] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.622] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.623] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.623] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.623] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.623] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.623] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.623] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json") returned 156 [0043.623] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.623] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.623] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json") returned 156 [0043.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3dd41c8 [0043.623] lstrcpyW (in: lpString1=0x3dd41c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" [0043.623] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.623] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.623] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.623] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\LOLKEK.txt") returned 153 [0043.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.624] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.624] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.624] CloseHandle (hObject=0x234) returned 1 [0043.624] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.625] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="he", cAlternateFileName="")) returned 1 [0043.625] lstrcmpiW (lpString1="he", lpString2="Windows") returned -1 [0043.625] lstrcmpiW (lpString1="he", lpString2="Program Files") returned -1 [0043.625] lstrcmpiW (lpString1="he", lpString2="Program Files (x86)") returned -1 [0043.625] lstrcmpiW (lpString1="he", lpString2="$Recycle.bin") returned 1 [0043.625] lstrcmpiW (lpString1="he", lpString2="System Volume Information") returned -1 [0043.625] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0043.625] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0043.625] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he") returned 142 [0043.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.625] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he" [0043.625] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*" [0043.625] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.625] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.625] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.625] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.625] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.625] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.625] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.625] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.625] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.625] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.625] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.625] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.625] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.625] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.625] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.625] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.625] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.625] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.625] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.625] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.625] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.625] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.625] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.625] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json") returned 156 [0043.625] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.625] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.625] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json") returned 156 [0043.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3dd4448 [0043.625] lstrcpyW (in: lpString1=0x3dd4448, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" [0043.626] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.631] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.631] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.631] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.631] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\LOLKEK.txt") returned 153 [0043.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.632] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.632] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.632] CloseHandle (hObject=0x234) returned 1 [0043.632] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.632] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0043.632] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0043.632] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0043.632] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0043.632] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0043.632] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0043.632] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0043.632] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0043.632] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi") returned 142 [0043.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.632] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi" [0043.632] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*" [0043.633] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.635] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.635] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.635] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.635] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.635] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.635] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.635] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.635] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.635] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.635] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.635] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.635] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.635] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.635] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.635] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.635] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.635] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.635] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.635] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.635] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.635] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.635] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.635] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json") returned 156 [0043.635] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.635] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.635] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json") returned 156 [0043.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3dd46c8 [0043.635] lstrcpyW (in: lpString1=0x3dd46c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" [0043.635] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.635] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.635] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.635] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.635] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\LOLKEK.txt") returned 153 [0043.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.636] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.636] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.636] CloseHandle (hObject=0x234) returned 1 [0043.636] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.636] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hr", cAlternateFileName="")) returned 1 [0043.636] lstrcmpiW (lpString1="hr", lpString2="Windows") returned -1 [0043.636] lstrcmpiW (lpString1="hr", lpString2="Program Files") returned -1 [0043.636] lstrcmpiW (lpString1="hr", lpString2="Program Files (x86)") returned -1 [0043.636] lstrcmpiW (lpString1="hr", lpString2="$Recycle.bin") returned 1 [0043.636] lstrcmpiW (lpString1="hr", lpString2="System Volume Information") returned -1 [0043.636] lstrcmpiW (lpString1="hr", lpString2=".") returned 1 [0043.636] lstrcmpiW (lpString1="hr", lpString2="..") returned 1 [0043.636] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr") returned 142 [0043.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.637] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr" [0043.637] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*" [0043.637] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.637] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.637] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.637] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.637] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.637] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.637] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.637] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.637] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.637] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.637] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.637] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.637] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.637] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.637] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.637] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.637] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.637] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.637] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.637] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.637] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.637] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.637] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.637] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json") returned 156 [0043.637] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.637] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.637] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json") returned 156 [0043.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3eba808 [0043.637] lstrcpyW (in: lpString1=0x3eba808, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" [0043.637] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.642] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.642] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.642] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.642] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\LOLKEK.txt") returned 153 [0043.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0043.642] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.642] WriteFile (in: hFile=0x234, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.643] CloseHandle (hObject=0x234) returned 1 [0043.643] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.643] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0043.643] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0043.643] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0043.643] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0043.643] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0043.643] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0043.643] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0043.643] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0043.643] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu") returned 142 [0043.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.643] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu" [0043.643] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*" [0043.643] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.646] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.646] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.646] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.646] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.646] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.646] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.646] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.646] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.646] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.646] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.646] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.646] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.646] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.646] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.646] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.646] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.646] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.646] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.646] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.646] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.646] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.646] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.646] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json") returned 156 [0043.646] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.646] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.646] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json") returned 156 [0043.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebaa90 [0043.646] lstrcpyW (in: lpString1=0x3ebaa90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" [0043.646] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.646] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.647] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.647] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.647] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\LOLKEK.txt") returned 153 [0043.647] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.647] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.647] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.648] CloseHandle (hObject=0x190) returned 1 [0043.648] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.648] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0043.648] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0043.648] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0043.648] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0043.648] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0043.648] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0043.648] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0043.648] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0043.648] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id") returned 142 [0043.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.648] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id" [0043.648] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*" [0043.648] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.648] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.648] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.648] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.649] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.649] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.649] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.649] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.649] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.649] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.649] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.649] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.649] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.649] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.649] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.649] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.649] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.649] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.649] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.649] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.649] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.649] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.649] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.649] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json") returned 156 [0043.649] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.649] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.649] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json") returned 156 [0043.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebad18 [0043.649] lstrcpyW (in: lpString1=0x3ebad18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" [0043.649] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.653] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.653] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.654] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.654] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\LOLKEK.txt") returned 153 [0043.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.654] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.654] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.655] CloseHandle (hObject=0x190) returned 1 [0043.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.655] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0043.655] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0043.655] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0043.655] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0043.655] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0043.655] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0043.655] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0043.655] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0043.655] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it") returned 142 [0043.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.655] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it" [0043.655] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*" [0043.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.659] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.659] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.659] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.659] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.659] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.659] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.659] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.659] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.659] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.659] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.659] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.659] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.659] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.659] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.659] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.659] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.659] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.659] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.659] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.659] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.659] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.659] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.659] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json") returned 156 [0043.659] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.659] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.659] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json") returned 156 [0043.659] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebafa0 [0043.659] lstrcpyW (in: lpString1=0x3ebafa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" [0043.660] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.660] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.660] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.660] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.660] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\LOLKEK.txt") returned 153 [0043.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.660] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.660] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.661] CloseHandle (hObject=0x190) returned 1 [0043.661] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.661] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0043.661] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0043.661] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0043.661] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0043.661] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0043.661] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0043.661] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0043.661] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0043.661] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja") returned 142 [0043.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.661] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja" [0043.661] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*" [0043.661] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.661] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.661] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.661] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.661] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.661] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.661] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.661] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.661] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.661] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.661] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.661] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.661] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.661] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.661] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.661] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.662] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.662] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.662] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.662] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.662] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.662] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.662] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.662] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json") returned 156 [0043.662] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.662] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.662] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json") returned 156 [0043.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebb228 [0043.662] lstrcpyW (in: lpString1=0x3ebb228, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" [0043.662] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.665] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.666] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.666] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.666] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\LOLKEK.txt") returned 153 [0043.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.666] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.666] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.667] CloseHandle (hObject=0x190) returned 1 [0043.667] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.667] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0043.667] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0043.667] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0043.667] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0043.667] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0043.667] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0043.667] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0043.667] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0043.667] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko") returned 142 [0043.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.667] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko" [0043.667] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*" [0043.667] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.671] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.671] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.671] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.671] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.671] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.671] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.671] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.671] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.671] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.671] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.671] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.671] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.671] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.671] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.671] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.671] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.671] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.672] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.672] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.672] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.672] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.672] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.672] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json") returned 156 [0043.672] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.672] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.672] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json") returned 156 [0043.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebb4b0 [0043.672] lstrcpyW (in: lpString1=0x3ebb4b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" [0043.672] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.672] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.672] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.672] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.672] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\LOLKEK.txt") returned 153 [0043.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.672] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.672] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.673] CloseHandle (hObject=0x190) returned 1 [0043.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.673] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0043.673] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0043.673] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0043.673] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0043.673] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0043.673] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0043.673] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0043.673] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0043.673] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt") returned 142 [0043.673] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.673] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt" [0043.673] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*" [0043.673] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dad8 [0043.673] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.673] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.674] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.674] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.674] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.674] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.674] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.674] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.674] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.674] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.674] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.674] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.674] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.674] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.674] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.674] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.674] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.674] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.674] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.674] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.674] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.674] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.674] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json") returned 156 [0043.674] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.674] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.674] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json") returned 156 [0043.674] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebb738 [0043.674] lstrcpyW (in: lpString1=0x3ebb738, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" [0043.674] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.678] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.678] FindNextFileW (in: hFindFile=0x62dad8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.678] FindClose (in: hFindFile=0x62dad8 | out: hFindFile=0x62dad8) returned 1 [0043.678] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\LOLKEK.txt") returned 153 [0043.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0043.679] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.679] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.679] CloseHandle (hObject=0x190) returned 1 [0043.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.679] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0043.679] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0043.679] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0043.679] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0043.679] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0043.680] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0043.680] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0043.680] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0043.680] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv") returned 142 [0043.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.680] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv" [0043.680] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*" [0043.680] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0043.715] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.716] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.716] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.716] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.716] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.716] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.716] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.716] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.716] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.716] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.716] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.716] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.716] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.716] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.716] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.716] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.716] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.716] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.716] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.716] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.716] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.716] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.716] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json") returned 156 [0043.716] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.716] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.716] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json") returned 156 [0043.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebb9c0 [0043.716] lstrcpyW (in: lpString1=0x3ebb9c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" [0043.716] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.716] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.716] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.716] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0043.717] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\LOLKEK.txt") returned 153 [0043.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0043.717] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.717] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.718] CloseHandle (hObject=0x198) returned 1 [0043.718] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.719] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ms", cAlternateFileName="")) returned 1 [0043.719] lstrcmpiW (lpString1="ms", lpString2="Windows") returned -1 [0043.719] lstrcmpiW (lpString1="ms", lpString2="Program Files") returned -1 [0043.719] lstrcmpiW (lpString1="ms", lpString2="Program Files (x86)") returned -1 [0043.719] lstrcmpiW (lpString1="ms", lpString2="$Recycle.bin") returned 1 [0043.719] lstrcmpiW (lpString1="ms", lpString2="System Volume Information") returned -1 [0043.719] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0043.719] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0043.719] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms") returned 142 [0043.719] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.720] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms" [0043.720] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*" [0043.720] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0043.720] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.720] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.720] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.720] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.720] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.720] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.720] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.720] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.720] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.720] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.720] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.720] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.720] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.720] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.720] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.720] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.720] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.720] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.720] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.720] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.720] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.720] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.720] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json") returned 156 [0043.721] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.721] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.721] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json") returned 156 [0043.721] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ca9668 [0043.721] lstrcpyW (in: lpString1=0x3ca9668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" [0043.721] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.755] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.755] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.755] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0043.755] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\LOLKEK.txt") returned 153 [0043.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0043.755] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.755] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.756] CloseHandle (hObject=0x198) returned 1 [0043.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.758] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0043.758] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0043.758] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0043.758] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0043.758] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0043.758] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0043.758] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0043.758] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0043.758] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl") returned 142 [0043.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.758] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl" [0043.758] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*" [0043.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0043.760] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.760] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.760] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.760] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.760] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.760] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.760] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.760] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.760] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.760] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.760] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.760] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.760] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.760] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.760] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.760] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.760] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.760] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.760] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.760] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.760] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.760] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.760] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json") returned 156 [0043.760] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.760] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.760] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json") returned 156 [0043.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ca98f0 [0043.761] lstrcpyW (in: lpString1=0x3ca98f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" [0043.761] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.836] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.836] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.836] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0043.836] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\LOLKEK.txt") returned 153 [0043.836] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0043.837] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.837] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.838] CloseHandle (hObject=0x198) returned 1 [0043.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.841] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="no", cAlternateFileName="")) returned 1 [0043.841] lstrcmpiW (lpString1="no", lpString2="Windows") returned -1 [0043.841] lstrcmpiW (lpString1="no", lpString2="Program Files") returned -1 [0043.841] lstrcmpiW (lpString1="no", lpString2="Program Files (x86)") returned -1 [0043.841] lstrcmpiW (lpString1="no", lpString2="$Recycle.bin") returned 1 [0043.841] lstrcmpiW (lpString1="no", lpString2="System Volume Information") returned -1 [0043.841] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0043.841] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0043.841] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no") returned 142 [0043.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.841] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no" [0043.841] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*" [0043.841] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0043.842] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.842] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.842] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.842] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.842] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.842] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.842] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.842] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.842] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.842] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.842] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.842] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.842] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.842] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.842] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.842] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.842] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.842] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.842] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.842] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.842] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.842] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.842] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json") returned 156 [0043.842] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.842] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.842] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json") returned 156 [0043.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ca9b78 [0043.842] lstrcpyW (in: lpString1=0x3ca9b78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" [0043.842] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.884] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.884] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.884] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0043.884] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\LOLKEK.txt") returned 153 [0043.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0043.884] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.884] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.885] CloseHandle (hObject=0x198) returned 1 [0043.885] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.885] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0043.885] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0043.885] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0043.885] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0043.885] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0043.885] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0043.885] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0043.885] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0043.885] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl") returned 142 [0043.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.885] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl" [0043.885] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*" [0043.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0043.899] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.899] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.899] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.899] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.899] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.899] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.899] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.899] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.899] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.899] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.899] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.899] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.899] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.900] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.900] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.900] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.900] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.900] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.900] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.900] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.900] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.900] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.900] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json") returned 156 [0043.900] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.900] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.900] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json") returned 156 [0043.900] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ca9e00 [0043.900] lstrcpyW (in: lpString1=0x3ca9e00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" [0043.900] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0043.947] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0043.947] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0043.947] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0043.947] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\LOLKEK.txt") returned 153 [0043.947] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0043.947] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0043.947] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0043.948] CloseHandle (hObject=0x160) returned 1 [0043.948] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0043.948] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0043.948] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0043.948] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0043.948] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0043.948] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0043.948] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0043.948] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0043.948] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0043.948] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR") returned 145 [0043.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0043.948] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR" [0043.948] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*" [0043.948] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0043.949] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0043.949] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0043.949] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0043.949] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0043.949] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0043.949] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.949] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0043.949] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0043.949] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0043.949] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0043.949] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0043.949] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0043.949] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.949] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.949] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0043.949] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0043.949] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0043.949] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0043.949] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0043.949] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0043.949] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0043.949] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0043.949] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json") returned 159 [0043.949] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0043.949] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0043.949] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json") returned 159 [0043.949] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3caa088 [0043.949] lstrcpyW (in: lpString1=0x3caa088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" [0043.949] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.004] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.004] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.004] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.004] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\LOLKEK.txt") returned 156 [0044.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.004] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.004] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.005] CloseHandle (hObject=0x160) returned 1 [0044.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.005] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0044.005] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0044.005] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0044.005] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0044.005] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0044.005] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0044.005] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0044.005] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0044.005] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT") returned 145 [0044.005] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.005] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT" [0044.005] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*" [0044.005] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.009] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.009] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.009] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.009] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.009] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.009] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.009] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.009] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.009] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.009] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.009] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.009] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.009] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.009] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.009] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.009] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.009] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.009] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.009] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.010] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.010] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.010] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.010] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json") returned 159 [0044.010] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.010] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.010] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json") returned 159 [0044.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3caa310 [0044.010] lstrcpyW (in: lpString1=0x3caa310, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" [0044.010] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.010] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.010] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.010] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.010] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\LOLKEK.txt") returned 156 [0044.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.010] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.010] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.011] CloseHandle (hObject=0x160) returned 1 [0044.011] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.011] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0044.011] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0044.011] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0044.011] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0044.011] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0044.011] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0044.011] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0044.011] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0044.011] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro") returned 142 [0044.011] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.011] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro" [0044.011] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*" [0044.011] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.012] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.012] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.012] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.012] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.012] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.012] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.012] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.012] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.012] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.012] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.012] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.012] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.012] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.012] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.012] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.012] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.012] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.012] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.012] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.012] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.012] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.012] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.012] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json") returned 156 [0044.012] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.012] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.012] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json") returned 156 [0044.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3caa598 [0044.012] lstrcpyW (in: lpString1=0x3caa598, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" [0044.012] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.087] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.087] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.087] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.087] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\LOLKEK.txt") returned 153 [0044.087] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.088] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.088] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.088] CloseHandle (hObject=0x160) returned 1 [0044.088] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.094] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0044.094] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0044.094] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0044.094] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0044.094] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0044.094] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0044.094] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0044.094] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0044.094] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru") returned 142 [0044.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.095] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru" [0044.095] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*" [0044.095] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.101] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.101] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.101] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.101] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.101] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.101] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.101] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.101] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.101] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.101] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.101] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.101] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.101] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.101] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.101] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.101] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.101] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.101] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.101] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.101] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.101] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.101] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.101] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json") returned 156 [0044.101] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.101] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.101] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json") returned 156 [0044.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3caa820 [0044.101] lstrcpyW (in: lpString1=0x3caa820, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" [0044.101] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.149] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.149] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.149] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.149] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\LOLKEK.txt") returned 153 [0044.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.150] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.150] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.150] CloseHandle (hObject=0x160) returned 1 [0044.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.153] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0044.154] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0044.154] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0044.154] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0044.154] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0044.154] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0044.154] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0044.154] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0044.154] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk") returned 142 [0044.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.154] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk" [0044.154] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*" [0044.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.154] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.154] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.154] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.154] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.154] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.154] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.154] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.154] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.154] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.154] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.154] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.154] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.154] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.154] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.155] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.155] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.155] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.155] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.155] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.155] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.155] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.155] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.155] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json") returned 156 [0044.155] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.155] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.155] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json") returned 156 [0044.155] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3caaaa8 [0044.155] lstrcpyW (in: lpString1=0x3caaaa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" [0044.155] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.196] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.196] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.196] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.196] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\LOLKEK.txt") returned 153 [0044.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0044.197] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.197] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.197] CloseHandle (hObject=0x198) returned 1 [0044.197] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.197] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0044.198] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0044.198] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0044.198] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0044.198] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0044.198] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0044.198] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0044.198] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0044.198] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl") returned 142 [0044.198] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.198] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl" [0044.198] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*" [0044.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.208] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.208] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.208] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.208] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.208] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.208] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.208] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.208] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.208] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.208] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.208] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.208] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.208] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.209] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.209] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.209] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.209] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.209] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.209] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.209] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.209] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.209] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.209] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json") returned 156 [0044.209] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.209] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.209] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json") returned 156 [0044.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3caad30 [0044.209] lstrcpyW (in: lpString1=0x3caad30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" [0044.209] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.241] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.241] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.241] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.241] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\LOLKEK.txt") returned 153 [0044.241] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0044.242] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.242] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.243] CloseHandle (hObject=0x198) returned 1 [0044.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.243] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0044.243] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0044.243] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0044.243] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0044.243] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0044.243] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0044.243] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0044.243] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0044.243] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr") returned 142 [0044.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.243] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr" [0044.243] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*" [0044.243] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.244] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.244] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.244] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.244] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.244] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.244] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.244] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.244] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.244] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.244] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.244] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.244] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.244] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.244] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.244] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.244] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.244] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.244] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.244] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.244] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.244] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.244] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.244] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json") returned 156 [0044.244] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.244] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.244] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json") returned 156 [0044.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3caafb8 [0044.244] lstrcpyW (in: lpString1=0x3caafb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" [0044.244] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.317] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.317] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.317] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.317] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\LOLKEK.txt") returned 153 [0044.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0044.317] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.317] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.318] CloseHandle (hObject=0x198) returned 1 [0044.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.318] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sv", cAlternateFileName="")) returned 1 [0044.318] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0044.318] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0044.318] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0044.318] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0044.318] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0044.318] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0044.318] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0044.318] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv") returned 142 [0044.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.318] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv" [0044.318] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*" [0044.318] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.324] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.325] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.325] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.325] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.325] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.325] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.325] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.325] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.325] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.325] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.325] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.325] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.325] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.325] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.325] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.325] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.325] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.325] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.325] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.325] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.325] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.325] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.325] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json") returned 156 [0044.325] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.325] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.325] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json") returned 156 [0044.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3cab240 [0044.325] lstrcpyW (in: lpString1=0x3cab240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" [0044.325] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.368] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.368] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.368] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.368] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\LOLKEK.txt") returned 153 [0044.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.368] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.368] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.369] CloseHandle (hObject=0x160) returned 1 [0044.369] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.374] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0044.374] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0044.374] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0044.374] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0044.374] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0044.374] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0044.374] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0044.374] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0044.374] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th") returned 142 [0044.374] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.375] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th" [0044.375] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*" [0044.375] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.375] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.375] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.375] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.375] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.375] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.375] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.375] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.375] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.375] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.375] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.375] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.375] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.375] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.375] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.375] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.375] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.375] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.375] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.375] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.375] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.375] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.375] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.375] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json") returned 156 [0044.375] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.375] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.375] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json") returned 156 [0044.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebbd00 [0044.376] lstrcpyW (in: lpString1=0x3ebbd00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" [0044.376] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.431] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.431] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.431] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.431] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\LOLKEK.txt") returned 153 [0044.432] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0044.432] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.432] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.433] CloseHandle (hObject=0x198) returned 1 [0044.433] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.434] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0044.434] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0044.434] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0044.434] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0044.434] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0044.434] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0044.434] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0044.434] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0044.434] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr") returned 142 [0044.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.434] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr" [0044.435] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*" [0044.435] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.437] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.437] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.437] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.437] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.437] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.437] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.437] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.437] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.437] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.437] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.437] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.437] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.437] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.437] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.437] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.437] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.437] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.438] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.438] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.438] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.438] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.438] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.438] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json") returned 156 [0044.438] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.438] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.438] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json") returned 156 [0044.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebbf88 [0044.438] lstrcpyW (in: lpString1=0x3ebbf88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" [0044.438] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.470] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.470] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.470] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.470] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\LOLKEK.txt") returned 153 [0044.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.470] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.470] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.471] CloseHandle (hObject=0x160) returned 1 [0044.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.471] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0044.471] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0044.471] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0044.471] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0044.471] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0044.471] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0044.471] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0044.471] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0044.471] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk") returned 142 [0044.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.472] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk" [0044.472] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*" [0044.472] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.472] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.472] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.472] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.472] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.472] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.472] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.472] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.472] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.472] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.472] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.472] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.472] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.472] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.472] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.472] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.472] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.472] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.472] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.472] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.472] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.472] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.472] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.472] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json") returned 156 [0044.472] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.472] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.472] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json") returned 156 [0044.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebc210 [0044.472] lstrcpyW (in: lpString1=0x3ebc210, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" [0044.472] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.539] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.539] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.539] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.540] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\LOLKEK.txt") returned 153 [0044.540] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0044.540] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.540] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.541] CloseHandle (hObject=0x160) returned 1 [0044.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.553] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0044.553] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0044.553] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0044.553] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0044.553] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0044.553] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0044.553] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0044.553] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0044.553] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi") returned 142 [0044.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.553] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi" [0044.553] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*" [0044.553] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.559] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.559] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.559] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.559] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.559] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.559] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.559] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.559] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.559] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.560] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.560] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.560] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.560] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.560] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.560] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.560] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.560] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.560] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.560] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.560] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.560] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.560] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.560] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json") returned 156 [0044.560] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.560] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.560] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json") returned 156 [0044.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebc498 [0044.560] lstrcpyW (in: lpString1=0x3ebc498, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" [0044.560] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.601] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.601] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.602] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.602] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\LOLKEK.txt") returned 153 [0044.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0044.602] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.602] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.603] CloseHandle (hObject=0x198) returned 1 [0044.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.603] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0044.603] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0044.603] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0044.603] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0044.603] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0044.603] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0044.603] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0044.603] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0044.603] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN") returned 145 [0044.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.603] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN" [0044.603] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*" [0044.603] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.603] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.603] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.603] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.603] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.603] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.603] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.603] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.603] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.603] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.603] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.603] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.603] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.603] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.603] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.604] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.604] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.604] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.604] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.604] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.604] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.604] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.604] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.604] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json") returned 159 [0044.604] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.604] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.604] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json") returned 159 [0044.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ebc720 [0044.604] lstrcpyW (in: lpString1=0x3ebc720, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" [0044.604] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.664] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.664] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.664] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.664] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\LOLKEK.txt") returned 156 [0044.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0044.664] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.664] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.665] CloseHandle (hObject=0x198) returned 1 [0044.665] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.671] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0044.671] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0044.671] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0044.671] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0044.671] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0044.671] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0044.671] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0044.671] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0044.671] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW") returned 145 [0044.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.672] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW" [0044.672] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*" [0044.672] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ded8 [0044.678] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.678] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.678] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.678] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.678] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.678] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.678] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.678] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.678] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.678] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.678] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.678] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.678] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.678] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.678] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.678] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.678] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.678] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.678] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.678] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.678] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.678] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.678] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json") returned 159 [0044.678] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.678] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.678] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json") returned 159 [0044.678] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ebc9a8 [0044.678] lstrcpyW (in: lpString1=0x3ebc9a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" [0044.678] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.701] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.701] FindNextFileW (in: hFindFile=0x62ded8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.701] FindClose (in: hFindFile=0x62ded8 | out: hFindFile=0x62ded8) returned 1 [0044.701] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\LOLKEK.txt") returned 156 [0044.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0044.701] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.701] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.702] CloseHandle (hObject=0x198) returned 1 [0044.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0044.702] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0044.702] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0044.702] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\LOLKEK.txt") returned 150 [0044.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0044.736] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.736] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0044.737] CloseHandle (hObject=0x1ec) returned 1 [0044.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0044.738] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0044.738] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0044.738] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0044.738] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0044.738] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0044.738] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0044.738] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0044.738] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0044.738] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata") returned 140 [0044.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0044.739] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata" [0044.739] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*" [0044.739] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0044.739] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.739] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.739] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.739] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.739] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.739] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.739] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.739] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.739] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.739] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.739] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.739] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.739] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.739] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.739] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0044.739] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0044.739] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0044.739] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0044.739] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0044.739] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0044.739] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0044.739] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0044.740] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json") returned 163 [0044.740] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0044.740] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0044.740] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json") returned 163 [0044.740] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x290) returned 0x3ebffb0 [0044.740] lstrcpyW (in: lpString1=0x3ebffb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" [0044.740] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.789] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.789] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0044.789] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0044.789] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\LOLKEK.txt") returned 151 [0044.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0044.789] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.789] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0044.790] CloseHandle (hObject=0x1ec) returned 1 [0044.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0044.794] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0044.794] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0044.794] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\LOLKEK.txt") returned 141 [0044.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0044.794] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.794] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0044.795] CloseHandle (hObject=0x1b4) returned 1 [0044.795] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0044.795] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="14.1_0", cAlternateFileName="")) returned 0 [0044.795] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0044.795] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\LOLKEK.txt") returned 134 [0044.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0044.795] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.795] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0044.796] CloseHandle (hObject=0x270) returned 1 [0044.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0044.796] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="blpcfgokakmgnkcojhhkbfbldkacnbeo", cAlternateFileName="BLPCFG~1")) returned 1 [0044.796] lstrcmpiW (lpString1="blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2="Windows") returned -1 [0044.796] lstrcmpiW (lpString1="blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2="Program Files") returned -1 [0044.796] lstrcmpiW (lpString1="blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2="Program Files (x86)") returned -1 [0044.796] lstrcmpiW (lpString1="blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2="$Recycle.bin") returned 1 [0044.796] lstrcmpiW (lpString1="blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2="System Volume Information") returned -1 [0044.796] lstrcmpiW (lpString1="blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2=".") returned 1 [0044.796] lstrcmpiW (lpString1="blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2="..") returned 1 [0044.796] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo") returned 123 [0044.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0044.796] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo" [0044.796] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*" [0044.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0044.797] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.797] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.797] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.797] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.797] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.797] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.797] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.797] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.797] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.797] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.797] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.797] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.797] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.797] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.797] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4.2.8_0", cAlternateFileName="4278E1~1.8_0")) returned 1 [0044.797] lstrcmpiW (lpString1="4.2.8_0", lpString2="Windows") returned -1 [0044.797] lstrcmpiW (lpString1="4.2.8_0", lpString2="Program Files") returned -1 [0044.797] lstrcmpiW (lpString1="4.2.8_0", lpString2="Program Files (x86)") returned -1 [0044.797] lstrcmpiW (lpString1="4.2.8_0", lpString2="$Recycle.bin") returned 1 [0044.797] lstrcmpiW (lpString1="4.2.8_0", lpString2="System Volume Information") returned -1 [0044.797] lstrcmpiW (lpString1="4.2.8_0", lpString2=".") returned 1 [0044.797] lstrcmpiW (lpString1="4.2.8_0", lpString2="..") returned 1 [0044.797] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0") returned 131 [0044.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0044.797] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" [0044.797] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*" [0044.797] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0044.805] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.805] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.805] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.805] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.805] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.805] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.805] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.805] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.805] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.805] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.805] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.805] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.805] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.805] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.805] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="128.png", cAlternateFileName="")) returned 1 [0044.805] lstrcmpiW (lpString1="128.png", lpString2="Windows") returned -1 [0044.805] lstrcmpiW (lpString1="128.png", lpString2="Program Files") returned -1 [0044.805] lstrcmpiW (lpString1="128.png", lpString2="Program Files (x86)") returned -1 [0044.805] lstrcmpiW (lpString1="128.png", lpString2="$Recycle.bin") returned 1 [0044.805] lstrcmpiW (lpString1="128.png", lpString2="System Volume Information") returned -1 [0044.805] lstrcmpiW (lpString1="128.png", lpString2=".") returned 1 [0044.805] lstrcmpiW (lpString1="128.png", lpString2="..") returned 1 [0044.805] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png") returned 139 [0044.805] StrStrIW (lpFirst="128.png", lpSrch=".lolkek") returned 0x0 [0044.805] lstrcmpW (lpString1="128.png", lpString2="LOLKEK.txt") returned -1 [0044.805] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png") returned 139 [0044.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x5ebc58 [0044.805] lstrcpyW (in: lpString1=0x5ebc58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" [0044.805] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.851] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.851] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0044.851] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0044.851] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0044.851] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0044.851] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0044.851] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0044.851] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0044.851] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0044.851] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json") returned 145 [0044.851] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0044.851] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0044.851] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json") returned 145 [0044.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x248) returned 0x3dd4948 [0044.851] lstrcpyW (in: lpString1=0x3dd4948, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" [0044.851] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.898] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.898] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0044.898] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0044.898] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0044.898] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0044.898] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0044.898] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0044.898] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0044.898] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0044.898] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales") returned 140 [0044.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0044.905] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales" [0044.905] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*" [0044.905] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0044.912] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.912] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.912] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.912] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.913] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.913] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.913] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.913] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.913] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.913] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.913] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.913] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.913] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.913] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.913] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ar", cAlternateFileName="")) returned 1 [0044.913] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0044.913] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0044.913] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0044.913] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0044.913] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0044.913] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0044.913] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0044.913] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar") returned 143 [0044.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0044.913] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar" [0044.913] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*" [0044.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0044.914] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.914] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.914] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.914] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.914] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.914] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.914] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.914] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.914] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.914] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.914] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.914] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.914] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.914] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.914] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.914] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.914] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.914] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.914] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.914] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.914] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.914] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.914] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json") returned 157 [0044.914] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.914] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.914] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json") returned 157 [0044.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebcc30 [0044.914] lstrcpyW (in: lpString1=0x3ebcc30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" [0044.914] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0044.944] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0044.944] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0044.944] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0044.944] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\LOLKEK.txt") returned 154 [0044.944] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0044.945] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0044.945] WriteFile (in: hFile=0x1e8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0044.945] CloseHandle (hObject=0x1e8) returned 1 [0044.945] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0044.945] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0044.946] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0044.946] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0044.946] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0044.946] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0044.946] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0044.946] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0044.946] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0044.946] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg") returned 143 [0044.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0044.946] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg" [0044.946] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*" [0044.946] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0044.969] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0044.970] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0044.970] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0044.970] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0044.970] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0044.970] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0044.970] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0044.970] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0044.970] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0044.970] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0044.970] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0044.970] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0044.970] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0044.970] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0044.970] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0044.970] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0044.970] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0044.970] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0044.970] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0044.970] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0044.970] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0044.970] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0044.970] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json") returned 157 [0044.970] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0044.970] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0044.970] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json") returned 157 [0044.970] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebceb8 [0044.970] lstrcpyW (in: lpString1=0x3ebceb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" [0044.970] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.019] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.019] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.019] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0045.019] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\LOLKEK.txt") returned 154 [0045.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0045.020] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.020] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.020] CloseHandle (hObject=0x160) returned 1 [0045.020] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.022] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0045.022] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0045.022] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0045.022] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0045.022] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0045.022] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0045.022] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0045.022] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0045.022] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca") returned 143 [0045.022] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.022] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca" [0045.022] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*" [0045.022] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0045.022] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.022] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.022] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.023] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.023] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.023] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.023] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.023] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.023] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.023] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.023] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.023] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.023] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.023] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.023] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.023] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.023] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.023] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.023] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.023] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.023] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.023] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.023] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json") returned 157 [0045.023] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.023] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.023] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json") returned 157 [0045.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebd140 [0045.023] lstrcpyW (in: lpString1=0x3ebd140, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" [0045.023] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.075] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.076] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.076] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0045.076] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\LOLKEK.txt") returned 154 [0045.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0045.076] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.076] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.077] CloseHandle (hObject=0x160) returned 1 [0045.077] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.084] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0045.084] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0045.084] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0045.084] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0045.084] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0045.084] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0045.084] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0045.084] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0045.084] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs") returned 143 [0045.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.084] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs" [0045.084] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*" [0045.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0045.091] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.091] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.091] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.091] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.091] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.091] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.091] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.091] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.091] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.091] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.091] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.091] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.091] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.091] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.091] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.091] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.091] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.091] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.091] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.091] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.091] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.091] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.092] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json") returned 157 [0045.092] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.092] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.092] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json") returned 157 [0045.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebd3c8 [0045.092] lstrcpyW (in: lpString1=0x3ebd3c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" [0045.092] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.132] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.132] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.132] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0045.132] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\LOLKEK.txt") returned 154 [0045.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0045.133] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.133] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.133] CloseHandle (hObject=0x160) returned 1 [0045.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.133] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0045.133] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0045.133] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0045.133] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0045.134] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0045.134] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0045.134] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0045.134] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0045.134] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da") returned 143 [0045.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.134] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da" [0045.134] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*" [0045.134] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62ddd8 [0045.134] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.134] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.134] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.134] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.134] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.134] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.134] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.134] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.134] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.134] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.134] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.134] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.134] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.134] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.134] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.134] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.134] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.134] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.134] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.134] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.134] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.134] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.134] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json") returned 157 [0045.134] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.134] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.134] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json") returned 157 [0045.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebd650 [0045.134] lstrcpyW (in: lpString1=0x3ebd650, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" [0045.134] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.170] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.170] FindNextFileW (in: hFindFile=0x62ddd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.170] FindClose (in: hFindFile=0x62ddd8 | out: hFindFile=0x62ddd8) returned 1 [0045.170] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\LOLKEK.txt") returned 154 [0045.170] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0045.170] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.170] WriteFile (in: hFile=0x160, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.171] CloseHandle (hObject=0x160) returned 1 [0045.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.171] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0045.171] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0045.171] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0045.171] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0045.171] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0045.171] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0045.171] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0045.171] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0045.171] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de") returned 143 [0045.171] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.171] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de" [0045.171] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*" [0045.171] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0045.193] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.193] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.194] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.194] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.194] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.194] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.194] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.194] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.194] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.194] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.194] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.194] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.194] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.194] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.194] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.194] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.194] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.194] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.194] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.194] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.194] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.194] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.194] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json") returned 157 [0045.194] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.194] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.194] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json") returned 157 [0045.194] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebd8d8 [0045.194] lstrcpyW (in: lpString1=0x3ebd8d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" [0045.194] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.241] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.241] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.241] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0045.242] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\LOLKEK.txt") returned 154 [0045.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0045.242] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.242] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.243] CloseHandle (hObject=0x2b8) returned 1 [0045.243] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.246] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0045.246] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0045.246] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0045.246] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0045.246] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0045.246] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0045.246] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0045.246] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0045.246] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el") returned 143 [0045.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.246] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el" [0045.246] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*" [0045.246] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0045.246] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.247] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.247] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.247] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.247] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.247] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.247] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.247] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.247] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.247] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.247] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.247] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.247] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.247] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.247] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.247] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.247] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.247] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.247] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.247] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.247] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.247] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.247] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json") returned 157 [0045.247] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.247] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.247] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json") returned 157 [0045.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebdb60 [0045.247] lstrcpyW (in: lpString1=0x3ebdb60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" [0045.247] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.288] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.288] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.288] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0045.288] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\LOLKEK.txt") returned 154 [0045.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0045.288] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.289] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.289] CloseHandle (hObject=0x190) returned 1 [0045.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.289] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en", cAlternateFileName="")) returned 1 [0045.289] lstrcmpiW (lpString1="en", lpString2="Windows") returned -1 [0045.289] lstrcmpiW (lpString1="en", lpString2="Program Files") returned -1 [0045.289] lstrcmpiW (lpString1="en", lpString2="Program Files (x86)") returned -1 [0045.289] lstrcmpiW (lpString1="en", lpString2="$Recycle.bin") returned 1 [0045.289] lstrcmpiW (lpString1="en", lpString2="System Volume Information") returned -1 [0045.289] lstrcmpiW (lpString1="en", lpString2=".") returned 1 [0045.289] lstrcmpiW (lpString1="en", lpString2="..") returned 1 [0045.289] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en") returned 143 [0045.289] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.289] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en" [0045.289] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*" [0045.289] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0045.302] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.302] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.302] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.302] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.302] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.302] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.302] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.302] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.302] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.302] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.302] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.302] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.303] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.303] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.303] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.303] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.303] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.303] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.303] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.303] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.303] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.303] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.303] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json") returned 157 [0045.303] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.303] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.303] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json") returned 157 [0045.303] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebdde8 [0045.303] lstrcpyW (in: lpString1=0x3ebdde8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" [0045.303] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.351] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.351] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.351] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0045.351] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\LOLKEK.txt") returned 154 [0045.351] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0045.351] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.351] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.352] CloseHandle (hObject=0x2b8) returned 1 [0045.352] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.353] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0045.353] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0045.353] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0045.353] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0045.353] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0045.353] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0045.353] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0045.353] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0045.353] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es") returned 143 [0045.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.354] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es" [0045.354] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*" [0045.354] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e398 [0045.354] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.354] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.354] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.354] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.354] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.354] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.354] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.354] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.354] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.354] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.354] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.354] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.354] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.354] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.354] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.354] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.354] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.354] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.354] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.354] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.354] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.354] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.354] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json") returned 157 [0045.354] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.354] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.354] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json") returned 157 [0045.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebe070 [0045.354] lstrcpyW (in: lpString1=0x3ebe070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" [0045.354] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.383] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.383] FindNextFileW (in: hFindFile=0x62e398, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.383] FindClose (in: hFindFile=0x62e398 | out: hFindFile=0x62e398) returned 1 [0045.383] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\LOLKEK.txt") returned 154 [0045.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0045.383] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.383] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.384] CloseHandle (hObject=0x2b8) returned 1 [0045.384] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.384] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0045.384] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0045.384] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0045.384] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0045.384] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0045.384] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0045.384] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0045.384] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0045.384] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi") returned 143 [0045.384] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.384] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi" [0045.384] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*" [0045.384] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0045.407] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.407] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.407] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.407] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.407] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.407] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.407] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.407] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.407] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.407] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.407] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.407] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.407] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.407] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.407] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.407] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.407] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.407] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.407] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.407] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.407] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.407] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.407] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json") returned 157 [0045.407] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.407] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.407] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json") returned 157 [0045.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebe2f8 [0045.407] lstrcpyW (in: lpString1=0x3ebe2f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" [0045.407] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.456] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.456] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0045.456] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\LOLKEK.txt") returned 154 [0045.456] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0045.457] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.457] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.457] CloseHandle (hObject=0x190) returned 1 [0045.457] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.459] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0045.459] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0045.459] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0045.459] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0045.459] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0045.459] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0045.459] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0045.459] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0045.459] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil") returned 144 [0045.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.459] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil" [0045.459] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*" [0045.459] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0045.460] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.460] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.460] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.460] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.460] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.460] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.460] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.460] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.460] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.460] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.460] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.460] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.460] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.460] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.460] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.460] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.460] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.460] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.460] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.460] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.460] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.460] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.460] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json") returned 158 [0045.460] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.460] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.460] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json") returned 158 [0045.460] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3ebe580 [0045.460] lstrcpyW (in: lpString1=0x3ebe580, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" [0045.460] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.506] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.506] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.506] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0045.506] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\LOLKEK.txt") returned 155 [0045.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0045.507] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.507] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.508] CloseHandle (hObject=0x190) returned 1 [0045.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.514] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0045.514] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0045.514] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0045.514] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0045.514] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0045.514] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0045.514] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0045.514] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0045.514] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr") returned 143 [0045.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.515] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr" [0045.515] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*" [0045.515] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0045.521] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.521] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.521] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.521] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.521] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.521] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.521] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.521] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.521] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.521] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.521] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.521] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.521] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.521] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.521] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.521] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.521] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.521] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.521] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.521] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.521] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.521] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.521] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json") returned 157 [0045.521] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.521] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.521] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json") returned 157 [0045.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebe808 [0045.521] lstrcpyW (in: lpString1=0x3ebe808, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" [0045.521] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.567] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.567] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.568] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0045.568] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\LOLKEK.txt") returned 154 [0045.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0045.568] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.568] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.569] CloseHandle (hObject=0x190) returned 1 [0045.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.570] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="he", cAlternateFileName="")) returned 1 [0045.570] lstrcmpiW (lpString1="he", lpString2="Windows") returned -1 [0045.570] lstrcmpiW (lpString1="he", lpString2="Program Files") returned -1 [0045.570] lstrcmpiW (lpString1="he", lpString2="Program Files (x86)") returned -1 [0045.570] lstrcmpiW (lpString1="he", lpString2="$Recycle.bin") returned 1 [0045.570] lstrcmpiW (lpString1="he", lpString2="System Volume Information") returned -1 [0045.570] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0045.570] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0045.570] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he") returned 143 [0045.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.571] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he" [0045.571] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*" [0045.571] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0045.571] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.571] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.571] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.571] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.571] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.571] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.571] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.571] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.571] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.571] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.571] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.571] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.571] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.571] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.571] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.571] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.571] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.571] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.571] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.571] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.571] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.571] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.571] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json") returned 157 [0045.571] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.571] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.571] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json") returned 157 [0045.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebea90 [0045.571] lstrcpyW (in: lpString1=0x3ebea90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" [0045.571] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.602] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.602] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.602] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0045.602] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\LOLKEK.txt") returned 154 [0045.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0045.603] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.603] WriteFile (in: hFile=0x190, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.604] CloseHandle (hObject=0x190) returned 1 [0045.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.604] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0045.604] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0045.604] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0045.604] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0045.604] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0045.604] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0045.604] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0045.604] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0045.604] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi") returned 143 [0045.604] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.604] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi" [0045.604] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*" [0045.604] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0045.629] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.629] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.629] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.629] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.629] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.629] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.629] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.629] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.629] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.629] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.629] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.629] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.629] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.629] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.629] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.629] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.629] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.629] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.629] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.629] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.629] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.629] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.629] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json") returned 157 [0045.629] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.629] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.629] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json") returned 157 [0045.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebed18 [0045.629] lstrcpyW (in: lpString1=0x3ebed18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" [0045.629] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.678] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.679] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.679] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0045.679] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\LOLKEK.txt") returned 154 [0045.679] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0045.679] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.679] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.680] CloseHandle (hObject=0x198) returned 1 [0045.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.681] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hr", cAlternateFileName="")) returned 1 [0045.681] lstrcmpiW (lpString1="hr", lpString2="Windows") returned -1 [0045.681] lstrcmpiW (lpString1="hr", lpString2="Program Files") returned -1 [0045.681] lstrcmpiW (lpString1="hr", lpString2="Program Files (x86)") returned -1 [0045.681] lstrcmpiW (lpString1="hr", lpString2="$Recycle.bin") returned 1 [0045.681] lstrcmpiW (lpString1="hr", lpString2="System Volume Information") returned -1 [0045.681] lstrcmpiW (lpString1="hr", lpString2=".") returned 1 [0045.681] lstrcmpiW (lpString1="hr", lpString2="..") returned 1 [0045.681] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr") returned 143 [0045.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.682] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr" [0045.682] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*" [0045.682] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0045.682] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.682] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.682] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.682] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.682] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.682] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.682] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.682] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.682] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.682] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.682] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.682] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.682] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.682] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.682] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.682] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.682] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.682] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.682] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.682] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.682] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.682] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.682] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json") returned 157 [0045.682] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.682] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.682] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json") returned 157 [0045.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebefa0 [0045.682] lstrcpyW (in: lpString1=0x3ebefa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" [0045.682] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.725] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.725] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.725] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0045.725] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\LOLKEK.txt") returned 154 [0045.725] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0045.726] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.726] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.727] CloseHandle (hObject=0x198) returned 1 [0045.727] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.738] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0045.739] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0045.739] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0045.739] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0045.739] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0045.739] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0045.739] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0045.739] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0045.739] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu") returned 143 [0045.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.739] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu" [0045.739] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*" [0045.739] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0045.748] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.748] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.748] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.748] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.748] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.748] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.748] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.748] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.748] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.748] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.748] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.748] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.748] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.748] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.748] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.748] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.748] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.748] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.748] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.748] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.748] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.748] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.748] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json") returned 157 [0045.748] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.748] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.748] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json") returned 157 [0045.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebf228 [0045.749] lstrcpyW (in: lpString1=0x3ebf228, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" [0045.749] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.803] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.803] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.803] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0045.803] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\LOLKEK.txt") returned 154 [0045.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0045.804] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.804] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.804] CloseHandle (hObject=0x2bc) returned 1 [0045.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.807] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0045.807] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0045.807] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0045.807] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0045.807] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0045.807] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0045.807] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0045.807] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0045.807] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id") returned 143 [0045.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.807] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id" [0045.807] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*" [0045.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0045.808] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.808] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.808] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.808] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.808] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.808] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.808] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.808] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.808] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.808] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.808] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.808] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.808] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.808] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.808] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.808] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.808] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.808] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.808] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.808] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.808] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.808] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.808] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json") returned 157 [0045.808] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.808] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.808] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json") returned 157 [0045.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebf4b0 [0045.808] lstrcpyW (in: lpString1=0x3ebf4b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" [0045.808] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.849] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.850] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.850] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0045.850] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\LOLKEK.txt") returned 154 [0045.850] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0045.850] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.850] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.851] CloseHandle (hObject=0x198) returned 1 [0045.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.851] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0045.851] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0045.851] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0045.851] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0045.851] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0045.851] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0045.851] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0045.851] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0045.851] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it") returned 143 [0045.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.851] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it" [0045.851] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*" [0045.851] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0045.862] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.862] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.862] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.862] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.862] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.862] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.862] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.862] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.862] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.862] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.862] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.862] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.862] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.862] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.862] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.862] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.862] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.862] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.862] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.862] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.862] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.862] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.862] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json") returned 157 [0045.862] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.862] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.862] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json") returned 157 [0045.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebf738 [0045.863] lstrcpyW (in: lpString1=0x3ebf738, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" [0045.863] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0045.912] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0045.912] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0045.912] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0045.912] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\LOLKEK.txt") returned 154 [0045.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0045.913] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0045.913] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0045.913] CloseHandle (hObject=0x198) returned 1 [0045.913] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0045.917] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0045.917] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0045.917] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0045.917] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0045.917] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0045.917] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0045.917] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0045.917] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0045.917] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja") returned 143 [0045.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0045.917] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja" [0045.917] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*" [0045.917] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0045.917] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0045.917] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0045.917] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0045.918] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0045.918] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0045.918] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0045.918] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0045.918] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0045.918] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0045.918] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0045.918] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0045.918] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0045.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0045.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0045.918] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0045.918] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0045.918] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0045.918] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0045.918] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0045.918] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0045.918] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0045.918] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0045.918] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json") returned 157 [0045.918] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0045.918] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0045.918] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json") returned 157 [0045.918] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ebf9c0 [0045.918] lstrcpyW (in: lpString1=0x3ebf9c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" [0045.918] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.021] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.021] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.021] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.022] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\LOLKEK.txt") returned 154 [0046.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.022] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.022] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.023] CloseHandle (hObject=0x2bc) returned 1 [0046.023] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.024] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0046.024] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0046.024] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0046.024] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0046.024] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0046.024] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0046.024] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0046.024] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0046.024] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko") returned 143 [0046.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.025] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko" [0046.025] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*" [0046.025] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.031] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.031] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.031] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.031] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.031] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.031] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.031] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.031] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.031] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.031] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.031] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.031] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.031] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.031] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.031] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.031] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.031] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.031] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.031] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.031] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.031] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.031] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.031] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json") returned 157 [0046.031] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.032] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.032] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json") returned 157 [0046.032] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ea9b68 [0046.032] lstrcpyW (in: lpString1=0x3ea9b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" [0046.032] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.059] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.059] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.059] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.059] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\LOLKEK.txt") returned 154 [0046.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.060] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.060] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.060] CloseHandle (hObject=0x198) returned 1 [0046.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.060] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0046.060] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0046.060] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0046.060] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0046.060] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0046.060] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0046.060] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0046.060] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0046.061] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt") returned 143 [0046.061] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.061] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt" [0046.061] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*" [0046.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.061] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.061] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.061] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.061] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.061] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.061] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.061] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.061] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.061] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.061] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.061] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.061] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.061] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.061] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.061] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.061] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.061] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.061] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.061] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.061] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.061] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.061] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.061] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json") returned 157 [0046.061] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.061] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.061] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json") returned 157 [0046.061] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3ea9df0 [0046.061] lstrcpyW (in: lpString1=0x3ea9df0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" [0046.061] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.067] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.067] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.067] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.067] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\LOLKEK.txt") returned 154 [0046.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x198 [0046.067] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.067] WriteFile (in: hFile=0x198, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.068] CloseHandle (hObject=0x198) returned 1 [0046.068] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.068] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0046.068] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0046.068] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0046.068] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0046.068] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0046.068] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0046.068] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0046.068] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0046.068] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv") returned 143 [0046.068] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.068] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv" [0046.068] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*" [0046.068] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.076] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.076] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.076] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.076] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.076] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.076] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.076] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.076] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.076] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.076] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.076] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.076] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.076] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.077] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.077] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.077] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.077] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.077] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.077] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.077] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.077] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.077] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.077] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json") returned 157 [0046.077] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.077] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.077] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json") returned 157 [0046.077] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eaa078 [0046.077] lstrcpyW (in: lpString1=0x3eaa078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" [0046.077] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.077] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.077] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.077] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.077] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\LOLKEK.txt") returned 154 [0046.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.077] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.077] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.078] CloseHandle (hObject=0x1f8) returned 1 [0046.078] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.078] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0046.078] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0046.078] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0046.078] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0046.078] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0046.078] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0046.078] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0046.078] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0046.078] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl") returned 143 [0046.078] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.078] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl" [0046.078] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*" [0046.078] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.079] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.079] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.079] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.079] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.079] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.079] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.079] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.079] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.079] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.079] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.079] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.079] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.079] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.079] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.079] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.079] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.079] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.079] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.079] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.079] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.079] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.079] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.079] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json") returned 157 [0046.079] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.079] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.079] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json") returned 157 [0046.079] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eaa300 [0046.079] lstrcpyW (in: lpString1=0x3eaa300, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" [0046.079] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.083] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.083] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.083] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.083] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\LOLKEK.txt") returned 154 [0046.083] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.084] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.084] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.084] CloseHandle (hObject=0x1f8) returned 1 [0046.084] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.084] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="no", cAlternateFileName="")) returned 1 [0046.084] lstrcmpiW (lpString1="no", lpString2="Windows") returned -1 [0046.084] lstrcmpiW (lpString1="no", lpString2="Program Files") returned -1 [0046.084] lstrcmpiW (lpString1="no", lpString2="Program Files (x86)") returned -1 [0046.085] lstrcmpiW (lpString1="no", lpString2="$Recycle.bin") returned 1 [0046.085] lstrcmpiW (lpString1="no", lpString2="System Volume Information") returned -1 [0046.085] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0046.085] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0046.085] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no") returned 143 [0046.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.085] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no" [0046.085] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*" [0046.085] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.086] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.086] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.086] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.086] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.086] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.086] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.086] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.086] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.086] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.086] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.086] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.086] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.086] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.086] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.086] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.086] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.086] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.086] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.087] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.087] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.087] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.087] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.087] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json") returned 157 [0046.087] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.087] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.087] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json") returned 157 [0046.087] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eaa588 [0046.087] lstrcpyW (in: lpString1=0x3eaa588, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" [0046.087] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.090] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.090] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.090] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.090] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\LOLKEK.txt") returned 154 [0046.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.090] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.090] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.091] CloseHandle (hObject=0x1f8) returned 1 [0046.091] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.091] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0046.091] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0046.091] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0046.091] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0046.091] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0046.091] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0046.091] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0046.091] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0046.091] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl") returned 143 [0046.091] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.091] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl" [0046.091] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*" [0046.091] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.091] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.091] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.091] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.091] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.091] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.091] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.091] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.091] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.092] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.092] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.092] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.092] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.092] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.092] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.092] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.092] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.092] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.092] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.092] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.092] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.092] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.092] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.092] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json") returned 157 [0046.092] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.092] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.092] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json") returned 157 [0046.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eaa810 [0046.092] lstrcpyW (in: lpString1=0x3eaa810, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" [0046.092] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.096] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.096] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.096] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.096] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\LOLKEK.txt") returned 154 [0046.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.096] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.096] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.097] CloseHandle (hObject=0x1f8) returned 1 [0046.097] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.097] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0046.097] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0046.097] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0046.097] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0046.097] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0046.097] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0046.097] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0046.097] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0046.097] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR") returned 146 [0046.097] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.097] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR" [0046.097] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*" [0046.097] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.098] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.098] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.098] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.098] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.098] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.098] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.098] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.098] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.098] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.098] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.098] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.098] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.098] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.099] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.099] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.099] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.099] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.099] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.099] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.099] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.099] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.099] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.099] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json") returned 160 [0046.099] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.099] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.099] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json") returned 160 [0046.099] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x66db60 [0046.099] lstrcpyW (in: lpString1=0x66db60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" [0046.099] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.103] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.103] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.103] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.103] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\LOLKEK.txt") returned 157 [0046.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.104] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.104] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.105] CloseHandle (hObject=0x1f8) returned 1 [0046.105] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.105] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0046.105] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0046.105] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0046.105] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0046.105] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0046.105] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0046.105] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0046.105] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0046.105] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT") returned 146 [0046.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.105] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT" [0046.105] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*" [0046.105] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.105] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.105] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.105] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.105] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.105] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.105] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.105] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.106] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.106] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.106] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.106] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.106] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.106] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.106] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.106] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.106] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.106] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.106] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.106] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.106] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.106] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.106] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.106] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json") returned 160 [0046.106] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.106] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.106] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json") returned 160 [0046.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x3de02e8 [0046.106] lstrcpyW (in: lpString1=0x3de02e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" [0046.106] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.108] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.108] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.109] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.109] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\LOLKEK.txt") returned 157 [0046.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.109] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.109] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.110] CloseHandle (hObject=0x1f8) returned 1 [0046.110] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.110] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0046.110] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0046.110] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0046.110] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0046.110] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0046.110] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0046.110] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0046.110] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0046.110] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro") returned 143 [0046.110] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.110] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro" [0046.110] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*" [0046.110] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.113] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.113] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.113] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.113] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.113] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.113] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.113] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.113] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.113] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.113] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.113] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.113] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.113] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.114] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.114] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.114] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.114] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.114] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.114] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.114] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.114] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.114] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.114] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json") returned 157 [0046.114] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.114] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.114] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json") returned 157 [0046.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eaaa98 [0046.114] lstrcpyW (in: lpString1=0x3eaaa98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" [0046.114] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.114] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.114] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.114] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.114] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\LOLKEK.txt") returned 154 [0046.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.114] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.114] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.115] CloseHandle (hObject=0x1f8) returned 1 [0046.115] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.115] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0046.115] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0046.115] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0046.115] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0046.115] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0046.115] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0046.115] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0046.115] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0046.115] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru") returned 143 [0046.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.115] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru" [0046.115] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*" [0046.115] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.116] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.116] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.116] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.116] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.116] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.116] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.116] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.116] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.116] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.116] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.116] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.116] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.116] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.116] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.116] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.116] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.116] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.116] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.116] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.116] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.116] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.116] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.116] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json") returned 157 [0046.116] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.116] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.116] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json") returned 157 [0046.116] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eaad20 [0046.116] lstrcpyW (in: lpString1=0x3eaad20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" [0046.116] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.121] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.121] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.121] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.121] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\LOLKEK.txt") returned 154 [0046.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.122] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.122] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.122] CloseHandle (hObject=0x1f8) returned 1 [0046.122] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.122] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0046.122] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0046.122] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0046.122] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0046.122] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0046.122] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0046.122] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0046.122] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0046.122] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk") returned 143 [0046.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.122] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk" [0046.123] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*" [0046.123] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.124] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.124] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.124] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.124] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.124] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.124] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.124] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.124] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.124] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.124] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.124] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.124] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.124] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.124] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.124] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.124] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.124] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.124] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.124] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.124] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.124] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.124] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.124] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json") returned 157 [0046.124] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.124] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.124] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json") returned 157 [0046.124] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eaafa8 [0046.124] lstrcpyW (in: lpString1=0x3eaafa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" [0046.124] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.126] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.126] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.126] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.126] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\LOLKEK.txt") returned 154 [0046.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.126] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.126] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.127] CloseHandle (hObject=0x1f8) returned 1 [0046.127] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.127] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0046.127] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0046.127] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0046.127] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0046.127] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0046.127] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0046.127] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0046.127] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0046.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl") returned 143 [0046.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.127] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl" [0046.127] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*" [0046.127] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.128] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.128] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.128] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.128] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.128] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.128] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.128] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.128] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.128] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.128] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.128] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.128] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.128] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.128] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.128] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.128] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.128] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.128] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.128] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.128] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.128] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.128] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.128] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json") returned 157 [0046.128] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.128] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.128] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json") returned 157 [0046.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eab230 [0046.128] lstrcpyW (in: lpString1=0x3eab230, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" [0046.128] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.193] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.193] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.193] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.193] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\LOLKEK.txt") returned 154 [0046.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.193] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.193] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.194] CloseHandle (hObject=0x1f8) returned 1 [0046.194] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.194] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0046.194] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0046.194] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0046.194] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0046.194] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0046.194] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0046.194] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0046.194] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0046.194] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr") returned 143 [0046.194] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.194] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr" [0046.194] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*" [0046.194] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.203] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.203] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.203] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.203] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.203] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.203] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.203] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.203] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.203] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.203] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.203] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.203] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.203] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.203] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.203] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.203] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.203] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.203] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.203] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.203] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.203] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.203] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.203] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json") returned 157 [0046.203] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.203] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.203] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json") returned 157 [0046.203] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eab4b8 [0046.204] lstrcpyW (in: lpString1=0x3eab4b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" [0046.204] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.253] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.253] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.253] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.253] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\LOLKEK.txt") returned 154 [0046.253] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.253] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.253] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.254] CloseHandle (hObject=0x1f8) returned 1 [0046.254] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.256] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sv", cAlternateFileName="")) returned 1 [0046.256] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0046.256] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0046.256] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0046.256] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0046.256] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0046.256] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0046.256] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0046.256] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv") returned 143 [0046.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.256] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv" [0046.256] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*" [0046.256] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.256] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.256] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.256] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.256] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.256] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.257] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.257] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.257] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.257] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.257] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.257] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.257] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.257] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.257] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.257] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.257] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.257] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.257] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.257] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.257] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.257] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.257] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.257] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json") returned 157 [0046.257] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.257] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.257] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json") returned 157 [0046.257] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eab740 [0046.257] lstrcpyW (in: lpString1=0x3eab740, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" [0046.257] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.302] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.302] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.302] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.302] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\LOLKEK.txt") returned 154 [0046.302] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.303] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.303] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.303] CloseHandle (hObject=0x1f8) returned 1 [0046.303] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.314] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0046.314] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0046.314] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0046.314] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0046.314] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0046.314] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0046.314] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0046.314] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0046.314] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th") returned 143 [0046.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.314] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th" [0046.314] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*" [0046.314] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.320] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.320] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.320] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.320] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.320] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.320] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.320] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.320] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.320] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.320] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.320] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.320] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.320] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.320] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.320] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.320] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.320] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.320] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.320] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.320] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.320] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.320] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.320] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json") returned 157 [0046.320] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.320] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.320] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json") returned 157 [0046.321] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eab9c8 [0046.321] lstrcpyW (in: lpString1=0x3eab9c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" [0046.321] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.365] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.365] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.365] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.365] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\LOLKEK.txt") returned 154 [0046.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.365] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.365] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.366] CloseHandle (hObject=0x2bc) returned 1 [0046.366] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.369] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0046.369] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0046.369] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0046.369] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0046.369] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0046.369] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0046.370] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0046.370] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0046.370] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr") returned 143 [0046.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.370] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr" [0046.370] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*" [0046.370] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.370] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.370] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.370] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.370] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.370] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.370] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.370] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.370] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.370] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.370] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.370] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.370] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.370] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.370] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.370] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.370] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.370] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.370] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.370] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.371] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.371] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.371] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.371] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json") returned 157 [0046.371] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.371] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.371] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json") returned 157 [0046.371] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eabc50 [0046.371] lstrcpyW (in: lpString1=0x3eabc50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" [0046.371] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.411] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.411] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.411] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.411] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\LOLKEK.txt") returned 154 [0046.411] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f8 [0046.412] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.412] WriteFile (in: hFile=0x1f8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.412] CloseHandle (hObject=0x1f8) returned 1 [0046.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.412] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0046.412] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0046.412] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0046.412] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0046.413] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0046.413] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0046.413] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0046.413] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0046.413] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk") returned 143 [0046.413] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.413] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk" [0046.413] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*" [0046.413] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.428] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.428] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.428] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.428] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.428] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.428] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.428] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.428] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.428] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.428] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.428] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.428] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.428] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.428] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.428] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.428] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.428] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.428] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.428] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.428] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.428] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.428] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.428] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json") returned 157 [0046.428] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.428] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.428] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json") returned 157 [0046.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eabed8 [0046.428] lstrcpyW (in: lpString1=0x3eabed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" [0046.428] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.457] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.457] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.457] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.457] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\LOLKEK.txt") returned 154 [0046.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.458] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.458] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.459] CloseHandle (hObject=0x2bc) returned 1 [0046.459] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.459] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0046.459] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0046.459] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0046.459] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0046.459] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0046.459] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0046.459] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0046.459] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0046.459] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi") returned 143 [0046.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.459] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi" [0046.459] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*" [0046.459] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.459] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.459] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.459] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.459] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.459] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.459] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.459] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.459] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.459] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.459] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.459] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.459] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.459] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.459] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.459] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.459] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.459] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.459] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.459] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.459] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.459] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.459] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.459] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json") returned 157 [0046.460] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.460] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.460] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json") returned 157 [0046.460] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3eac160 [0046.460] lstrcpyW (in: lpString1=0x3eac160, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" [0046.460] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.460] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.460] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.460] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.460] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\LOLKEK.txt") returned 154 [0046.460] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.460] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.460] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.461] CloseHandle (hObject=0x2bc) returned 1 [0046.461] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.461] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0046.461] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0046.461] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0046.461] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0046.461] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0046.461] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0046.461] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0046.461] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0046.461] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN") returned 146 [0046.461] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.461] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN" [0046.461] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*" [0046.461] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.469] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.469] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.469] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.469] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.469] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.469] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.469] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.469] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.469] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.469] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.469] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.469] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.469] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.470] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.470] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.470] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.470] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.470] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.470] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.470] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.470] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.470] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.470] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json") returned 160 [0046.470] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.470] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.470] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json") returned 160 [0046.470] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x3dc28b0 [0046.470] lstrcpyW (in: lpString1=0x3dc28b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" [0046.470] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.470] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.470] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.470] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.470] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\LOLKEK.txt") returned 157 [0046.470] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.470] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.470] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.471] CloseHandle (hObject=0x2bc) returned 1 [0046.471] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.471] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0046.471] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0046.471] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0046.471] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0046.471] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0046.471] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0046.471] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0046.471] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0046.471] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW") returned 146 [0046.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.471] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW" [0046.471] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*" [0046.471] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.472] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.472] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.472] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.472] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.472] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.472] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.472] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.472] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.472] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.472] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.472] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.472] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.472] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.472] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.472] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.472] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.472] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.472] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.472] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.472] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.472] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.472] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.472] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json") returned 160 [0046.472] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.472] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.472] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json") returned 160 [0046.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x66b510 [0046.472] lstrcpyW (in: lpString1=0x66b510, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" [0046.472] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.472] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.472] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.472] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.472] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\LOLKEK.txt") returned 157 [0046.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.473] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.473] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.473] CloseHandle (hObject=0x2bc) returned 1 [0046.473] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.473] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0046.473] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0046.473] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\LOLKEK.txt") returned 151 [0046.473] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.474] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.474] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0046.474] CloseHandle (hObject=0x1b4) returned 1 [0046.474] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.474] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0046.474] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0046.474] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0046.475] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0046.475] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0046.475] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0046.475] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0046.475] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0046.475] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata") returned 141 [0046.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.475] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata" [0046.475] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*" [0046.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0046.475] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.475] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.475] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.475] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.475] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.475] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.475] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.475] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.475] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.475] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.475] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.475] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.475] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.475] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.475] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0046.475] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0046.475] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0046.475] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0046.475] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0046.475] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0046.475] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0046.475] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0046.475] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json") returned 164 [0046.475] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0046.475] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0046.475] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json") returned 164 [0046.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x698400 [0046.475] lstrcpyW (in: lpString1=0x698400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" [0046.475] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.481] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.481] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0046.481] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0046.481] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\LOLKEK.txt") returned 152 [0046.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.481] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.481] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0046.482] CloseHandle (hObject=0x1b4) returned 1 [0046.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.482] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0046.482] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0046.482] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\LOLKEK.txt") returned 142 [0046.482] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0046.482] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.482] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0046.483] CloseHandle (hObject=0x1ec) returned 1 [0046.483] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.483] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4.2.8_0", cAlternateFileName="4278E1~1.8_0")) returned 0 [0046.483] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0046.483] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\LOLKEK.txt") returned 134 [0046.483] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0046.483] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.483] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0046.484] CloseHandle (hObject=0x270) returned 1 [0046.484] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0046.485] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="felcaaldnbdncclmgdcncolpebgiejap", cAlternateFileName="FELCAA~1")) returned 1 [0046.485] lstrcmpiW (lpString1="felcaaldnbdncclmgdcncolpebgiejap", lpString2="Windows") returned -1 [0046.485] lstrcmpiW (lpString1="felcaaldnbdncclmgdcncolpebgiejap", lpString2="Program Files") returned -1 [0046.485] lstrcmpiW (lpString1="felcaaldnbdncclmgdcncolpebgiejap", lpString2="Program Files (x86)") returned -1 [0046.485] lstrcmpiW (lpString1="felcaaldnbdncclmgdcncolpebgiejap", lpString2="$Recycle.bin") returned 1 [0046.486] lstrcmpiW (lpString1="felcaaldnbdncclmgdcncolpebgiejap", lpString2="System Volume Information") returned -1 [0046.486] lstrcmpiW (lpString1="felcaaldnbdncclmgdcncolpebgiejap", lpString2=".") returned 1 [0046.486] lstrcmpiW (lpString1="felcaaldnbdncclmgdcncolpebgiejap", lpString2="..") returned 1 [0046.486] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap") returned 123 [0046.486] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0046.486] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" [0046.486] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*" [0046.486] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0046.492] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.492] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.492] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.492] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.492] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.492] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.492] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.492] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.492] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.492] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.492] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.492] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.492] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.493] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.493] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.1_0", cAlternateFileName="")) returned 1 [0046.493] lstrcmpiW (lpString1="1.1_0", lpString2="Windows") returned -1 [0046.493] lstrcmpiW (lpString1="1.1_0", lpString2="Program Files") returned -1 [0046.493] lstrcmpiW (lpString1="1.1_0", lpString2="Program Files (x86)") returned -1 [0046.493] lstrcmpiW (lpString1="1.1_0", lpString2="$Recycle.bin") returned 1 [0046.493] lstrcmpiW (lpString1="1.1_0", lpString2="System Volume Information") returned -1 [0046.493] lstrcmpiW (lpString1="1.1_0", lpString2=".") returned 1 [0046.493] lstrcmpiW (lpString1="1.1_0", lpString2="..") returned 1 [0046.493] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0") returned 129 [0046.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.493] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" [0046.493] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*" [0046.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0046.514] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.514] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.514] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.514] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.514] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.514] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.514] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.514] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.514] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.514] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.514] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.514] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.514] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.514] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.514] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84234950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd47, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0046.514] lstrcmpiW (lpString1="icon_128.png", lpString2="Windows") returned -1 [0046.514] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files") returned -1 [0046.514] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files (x86)") returned -1 [0046.514] lstrcmpiW (lpString1="icon_128.png", lpString2="$Recycle.bin") returned 1 [0046.514] lstrcmpiW (lpString1="icon_128.png", lpString2="System Volume Information") returned -1 [0046.514] lstrcmpiW (lpString1="icon_128.png", lpString2=".") returned 1 [0046.514] lstrcmpiW (lpString1="icon_128.png", lpString2="..") returned 1 [0046.514] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png") returned 142 [0046.514] StrStrIW (lpFirst="icon_128.png", lpSrch=".lolkek") returned 0x0 [0046.514] lstrcmpW (lpString1="icon_128.png", lpString2="LOLKEK.txt") returned -1 [0046.514] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png") returned 142 [0046.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x23c) returned 0x698d80 [0046.514] lstrcpyW (in: lpString1=0x698d80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" [0046.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.515] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84239770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0046.515] lstrcmpiW (lpString1="icon_16.png", lpString2="Windows") returned -1 [0046.515] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files") returned -1 [0046.515] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files (x86)") returned -1 [0046.515] lstrcmpiW (lpString1="icon_16.png", lpString2="$Recycle.bin") returned 1 [0046.515] lstrcmpiW (lpString1="icon_16.png", lpString2="System Volume Information") returned -1 [0046.515] lstrcmpiW (lpString1="icon_16.png", lpString2=".") returned 1 [0046.515] lstrcmpiW (lpString1="icon_16.png", lpString2="..") returned 1 [0046.515] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png") returned 141 [0046.515] StrStrIW (lpFirst="icon_16.png", lpSrch=".lolkek") returned 0x0 [0046.515] lstrcmpW (lpString1="icon_16.png", lpString2="LOLKEK.txt") returned -1 [0046.515] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png") returned 141 [0046.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x61b308 [0046.515] lstrcpyW (in: lpString1=0x61b308, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" [0046.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.515] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8423be80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8423e590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0046.515] lstrcmpiW (lpString1="main.html", lpString2="Windows") returned -1 [0046.515] lstrcmpiW (lpString1="main.html", lpString2="Program Files") returned -1 [0046.515] lstrcmpiW (lpString1="main.html", lpString2="Program Files (x86)") returned -1 [0046.515] lstrcmpiW (lpString1="main.html", lpString2="$Recycle.bin") returned 1 [0046.515] lstrcmpiW (lpString1="main.html", lpString2="System Volume Information") returned -1 [0046.515] lstrcmpiW (lpString1="main.html", lpString2=".") returned 1 [0046.515] lstrcmpiW (lpString1="main.html", lpString2="..") returned 1 [0046.515] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html") returned 139 [0046.515] StrStrIW (lpFirst="main.html", lpSrch=".lolkek") returned 0x0 [0046.515] lstrcmpW (lpString1="main.html", lpString2="LOLKEK.txt") returned 1 [0046.515] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html") returned 139 [0046.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x62f8a0 [0046.515] lstrcpyW (in: lpString1=0x62f8a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" [0046.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.515] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84240ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84240ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="main.js", cAlternateFileName="")) returned 1 [0046.515] lstrcmpiW (lpString1="main.js", lpString2="Windows") returned -1 [0046.515] lstrcmpiW (lpString1="main.js", lpString2="Program Files") returned -1 [0046.515] lstrcmpiW (lpString1="main.js", lpString2="Program Files (x86)") returned -1 [0046.515] lstrcmpiW (lpString1="main.js", lpString2="$Recycle.bin") returned 1 [0046.515] lstrcmpiW (lpString1="main.js", lpString2="System Volume Information") returned -1 [0046.515] lstrcmpiW (lpString1="main.js", lpString2=".") returned 1 [0046.515] lstrcmpiW (lpString1="main.js", lpString2="..") returned 1 [0046.515] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js") returned 137 [0046.515] StrStrIW (lpFirst="main.js", lpSrch=".lolkek") returned 0x0 [0046.516] lstrcmpW (lpString1="main.js", lpString2="LOLKEK.txt") returned 1 [0046.516] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js") returned 137 [0046.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eadb68 [0046.516] lstrcpyW (in: lpString1=0x3eadb68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" [0046.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.516] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x840205b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84245ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844aa770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0046.516] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0046.516] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0046.516] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0046.516] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0046.516] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0046.516] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0046.516] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0046.516] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json") returned 143 [0046.516] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0046.516] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0046.516] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json") returned 143 [0046.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x240) returned 0x6986a0 [0046.516] lstrcpyW (in: lpString1=0x6986a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" [0046.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.516] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.516] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0046.516] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0046.516] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0046.516] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0046.516] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0046.516] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0046.516] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0046.516] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0046.516] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales") returned 138 [0046.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.516] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" [0046.516] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*" [0046.516] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0046.525] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.525] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.525] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0046.525] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.525] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.525] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.525] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.525] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.525] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.525] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.525] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="ar", cAlternateFileName="")) returned 1 [0046.525] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0046.525] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0046.525] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0046.525] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0046.525] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0046.525] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0046.525] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0046.525] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar") returned 141 [0046.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.525] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" [0046.525] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*" [0046.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.525] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.525] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.525] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.525] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.526] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.526] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.526] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.526] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.526] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.526] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.526] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.526] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.526] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.526] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.526] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.526] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.526] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.526] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.526] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.526] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json") returned 155 [0046.526] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.526] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.526] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json") returned 155 [0046.526] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eac3e8 [0046.526] lstrcpyW (in: lpString1=0x3eac3e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" [0046.526] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.526] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.526] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.526] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.526] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\LOLKEK.txt") returned 152 [0046.526] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.526] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.526] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.527] CloseHandle (hObject=0x2bc) returned 1 [0046.527] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.527] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="bg", cAlternateFileName="")) returned 1 [0046.527] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0046.527] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0046.527] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0046.527] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0046.527] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0046.527] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0046.527] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0046.527] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg") returned 141 [0046.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.527] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" [0046.527] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*" [0046.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.538] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.538] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.538] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.538] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.538] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.538] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.538] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.538] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.538] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.538] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.538] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.538] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.538] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.538] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.538] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.538] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.538] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.538] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.538] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.538] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.538] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.538] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.538] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json") returned 155 [0046.538] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.538] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.538] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json") returned 155 [0046.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eac670 [0046.538] lstrcpyW (in: lpString1=0x3eac670, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" [0046.538] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.538] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.538] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.538] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.538] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\LOLKEK.txt") returned 152 [0046.538] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.539] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.539] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.539] CloseHandle (hObject=0x2bc) returned 1 [0046.539] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.539] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="ca", cAlternateFileName="")) returned 1 [0046.539] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0046.539] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0046.539] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0046.539] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0046.539] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0046.539] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0046.539] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0046.539] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca") returned 141 [0046.539] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.540] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" [0046.540] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*" [0046.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.540] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.540] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.540] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.540] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.540] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.540] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.540] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.540] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.540] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.540] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.540] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.540] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.540] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.540] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.540] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.540] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.540] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.540] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.540] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.540] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.540] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.540] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.540] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json") returned 155 [0046.540] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.540] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.540] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json") returned 155 [0046.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eac8f8 [0046.540] lstrcpyW (in: lpString1=0x3eac8f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" [0046.540] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.540] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.540] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.540] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.541] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\LOLKEK.txt") returned 152 [0046.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.541] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.541] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.541] CloseHandle (hObject=0x2bc) returned 1 [0046.541] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.541] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="cs", cAlternateFileName="")) returned 1 [0046.541] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0046.541] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0046.542] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0046.542] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0046.542] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0046.542] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0046.542] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0046.542] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs") returned 141 [0046.542] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.542] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" [0046.542] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*" [0046.542] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.550] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.550] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.550] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.550] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.550] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.550] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.550] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.550] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.550] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.550] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.550] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.550] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.550] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.550] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.550] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.550] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.550] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.550] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.550] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.550] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.550] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.550] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.550] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json") returned 155 [0046.550] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.550] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.550] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json") returned 155 [0046.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eacb80 [0046.550] lstrcpyW (in: lpString1=0x3eacb80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" [0046.550] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.550] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.550] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.551] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.551] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\LOLKEK.txt") returned 152 [0046.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.551] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.551] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.552] CloseHandle (hObject=0x2bc) returned 1 [0046.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.552] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="da", cAlternateFileName="")) returned 1 [0046.552] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0046.552] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0046.552] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0046.552] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0046.552] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0046.552] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0046.552] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0046.552] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da") returned 141 [0046.552] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.552] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" [0046.552] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*" [0046.552] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.552] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.552] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.552] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.552] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.552] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.552] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.552] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.552] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.552] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.552] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.552] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.552] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.552] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.552] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.552] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.552] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.553] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.553] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.553] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.553] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.553] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.553] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.553] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json") returned 155 [0046.553] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.553] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.553] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json") returned 155 [0046.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eace08 [0046.553] lstrcpyW (in: lpString1=0x3eace08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" [0046.553] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.553] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.553] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.553] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.553] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\LOLKEK.txt") returned 152 [0046.553] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.553] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.553] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.554] CloseHandle (hObject=0x2bc) returned 1 [0046.554] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.554] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="de", cAlternateFileName="")) returned 1 [0046.554] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0046.554] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0046.554] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0046.554] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0046.554] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0046.554] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0046.554] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0046.554] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de") returned 141 [0046.554] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.554] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" [0046.554] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*" [0046.554] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.562] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.562] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.562] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.562] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.562] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.562] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.562] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.562] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.562] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.562] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.562] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.562] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.562] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.562] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.562] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.562] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.562] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.562] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.562] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.562] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.562] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.562] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.563] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json") returned 155 [0046.563] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.563] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.563] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json") returned 155 [0046.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ead090 [0046.563] lstrcpyW (in: lpString1=0x3ead090, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" [0046.563] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.563] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.563] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.563] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.563] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\LOLKEK.txt") returned 152 [0046.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.563] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.563] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.564] CloseHandle (hObject=0x2bc) returned 1 [0046.564] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.564] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="el", cAlternateFileName="")) returned 1 [0046.564] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0046.564] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0046.564] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0046.564] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0046.564] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0046.564] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0046.564] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0046.564] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el") returned 141 [0046.564] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.564] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" [0046.564] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*" [0046.564] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.564] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.564] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.564] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.564] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.564] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.564] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.564] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.564] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.564] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.564] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.564] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.565] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.565] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.565] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.565] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.565] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.565] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.565] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.565] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.565] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.565] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.565] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json") returned 155 [0046.565] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.565] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.565] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json") returned 155 [0046.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ead318 [0046.565] lstrcpyW (in: lpString1=0x3ead318, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" [0046.565] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.565] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.565] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.565] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.565] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\LOLKEK.txt") returned 152 [0046.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.565] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.565] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.566] CloseHandle (hObject=0x2bc) returned 1 [0046.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.566] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="en_GB", cAlternateFileName="")) returned 1 [0046.566] lstrcmpiW (lpString1="en_GB", lpString2="Windows") returned -1 [0046.566] lstrcmpiW (lpString1="en_GB", lpString2="Program Files") returned -1 [0046.566] lstrcmpiW (lpString1="en_GB", lpString2="Program Files (x86)") returned -1 [0046.566] lstrcmpiW (lpString1="en_GB", lpString2="$Recycle.bin") returned 1 [0046.566] lstrcmpiW (lpString1="en_GB", lpString2="System Volume Information") returned -1 [0046.566] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0046.566] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0046.566] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB") returned 144 [0046.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.566] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" [0046.566] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*" [0046.566] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.570] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.570] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.570] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.570] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.570] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.570] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.570] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.570] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.570] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.570] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.570] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.570] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.570] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.570] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.570] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.570] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.570] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.570] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.570] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.571] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.571] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.571] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.571] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json") returned 158 [0046.571] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.571] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.571] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json") returned 158 [0046.571] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3ead5a0 [0046.571] lstrcpyW (in: lpString1=0x3ead5a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" [0046.571] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.571] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.571] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.571] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.571] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\LOLKEK.txt") returned 155 [0046.571] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.571] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.571] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.572] CloseHandle (hObject=0x2bc) returned 1 [0046.572] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.572] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="en_US", cAlternateFileName="")) returned 1 [0046.572] lstrcmpiW (lpString1="en_US", lpString2="Windows") returned -1 [0046.572] lstrcmpiW (lpString1="en_US", lpString2="Program Files") returned -1 [0046.572] lstrcmpiW (lpString1="en_US", lpString2="Program Files (x86)") returned -1 [0046.572] lstrcmpiW (lpString1="en_US", lpString2="$Recycle.bin") returned 1 [0046.572] lstrcmpiW (lpString1="en_US", lpString2="System Volume Information") returned -1 [0046.572] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0046.572] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0046.572] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US") returned 144 [0046.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.572] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" [0046.572] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*" [0046.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.572] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.572] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.572] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.572] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.572] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.572] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.572] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.572] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.572] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.572] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.572] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.573] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.573] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.573] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.573] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.573] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.573] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.573] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.573] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.573] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.573] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.573] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.573] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json") returned 158 [0046.573] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.573] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.573] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json") returned 158 [0046.573] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3ead828 [0046.573] lstrcpyW (in: lpString1=0x3ead828, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" [0046.573] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.573] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.573] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.573] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.573] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\LOLKEK.txt") returned 155 [0046.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.573] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.573] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.574] CloseHandle (hObject=0x2bc) returned 1 [0046.574] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.574] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="es", cAlternateFileName="")) returned 1 [0046.574] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0046.574] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0046.574] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0046.574] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0046.574] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0046.574] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0046.574] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0046.574] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es") returned 141 [0046.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.574] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" [0046.574] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*" [0046.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.581] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.581] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.581] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.581] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.581] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.581] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.581] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.581] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.581] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.581] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.581] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.581] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.581] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.581] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.581] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.581] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.581] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.581] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.581] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.581] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.581] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.581] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.581] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json") returned 155 [0046.581] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.581] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.581] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json") returned 155 [0046.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb1b68 [0046.581] lstrcpyW (in: lpString1=0x3eb1b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" [0046.581] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.581] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.582] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.582] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.582] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\LOLKEK.txt") returned 152 [0046.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.582] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.582] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.583] CloseHandle (hObject=0x1bc) returned 1 [0046.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.583] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="es_419", cAlternateFileName="")) returned 1 [0046.583] lstrcmpiW (lpString1="es_419", lpString2="Windows") returned -1 [0046.583] lstrcmpiW (lpString1="es_419", lpString2="Program Files") returned -1 [0046.583] lstrcmpiW (lpString1="es_419", lpString2="Program Files (x86)") returned -1 [0046.583] lstrcmpiW (lpString1="es_419", lpString2="$Recycle.bin") returned 1 [0046.583] lstrcmpiW (lpString1="es_419", lpString2="System Volume Information") returned -1 [0046.583] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0046.583] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0046.583] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419") returned 145 [0046.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.583] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" [0046.583] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*" [0046.583] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.583] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.583] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.583] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.583] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.583] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.583] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.583] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.583] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.583] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.583] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.583] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.584] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.584] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.584] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.584] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.584] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.584] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.584] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.584] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.584] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.584] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.584] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.584] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json") returned 159 [0046.584] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.584] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.584] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json") returned 159 [0046.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb1df0 [0046.584] lstrcpyW (in: lpString1=0x3eb1df0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" [0046.584] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.584] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.584] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.584] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.584] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\LOLKEK.txt") returned 156 [0046.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.584] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.584] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.585] CloseHandle (hObject=0x1bc) returned 1 [0046.585] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.585] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="et", cAlternateFileName="")) returned 1 [0046.585] lstrcmpiW (lpString1="et", lpString2="Windows") returned -1 [0046.585] lstrcmpiW (lpString1="et", lpString2="Program Files") returned -1 [0046.585] lstrcmpiW (lpString1="et", lpString2="Program Files (x86)") returned -1 [0046.585] lstrcmpiW (lpString1="et", lpString2="$Recycle.bin") returned 1 [0046.585] lstrcmpiW (lpString1="et", lpString2="System Volume Information") returned -1 [0046.585] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0046.585] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0046.585] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et") returned 141 [0046.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.585] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" [0046.585] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*" [0046.585] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.586] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.587] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.587] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.587] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.587] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.587] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.587] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.587] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.587] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.587] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.587] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.587] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.587] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.587] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.587] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.587] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.587] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.587] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.587] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.587] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.587] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.587] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json") returned 155 [0046.587] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.587] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.587] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json") returned 155 [0046.587] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb2078 [0046.587] lstrcpyW (in: lpString1=0x3eb2078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" [0046.587] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.587] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.587] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.587] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.587] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\LOLKEK.txt") returned 152 [0046.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.588] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.588] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.588] CloseHandle (hObject=0x1bc) returned 1 [0046.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.588] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="fi", cAlternateFileName="")) returned 1 [0046.588] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0046.588] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0046.589] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0046.589] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0046.589] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0046.589] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0046.589] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0046.589] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi") returned 141 [0046.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.589] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" [0046.589] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*" [0046.589] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.589] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.589] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.589] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.589] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.589] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.589] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.589] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.589] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.589] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.589] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.589] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.589] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.589] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.589] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.589] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.589] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.589] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.589] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.589] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.589] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.589] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.589] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.589] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json") returned 155 [0046.589] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.589] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.589] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json") returned 155 [0046.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb2300 [0046.589] lstrcpyW (in: lpString1=0x3eb2300, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" [0046.589] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.589] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.590] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.590] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.590] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\LOLKEK.txt") returned 152 [0046.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.590] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.590] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.591] CloseHandle (hObject=0x1bc) returned 1 [0046.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.591] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="fil", cAlternateFileName="")) returned 1 [0046.591] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0046.591] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0046.591] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0046.591] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0046.591] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0046.591] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0046.591] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0046.591] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil") returned 142 [0046.591] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.591] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" [0046.591] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*" [0046.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.593] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.593] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.593] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.593] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.593] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.593] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.593] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.593] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.593] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.593] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.593] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.593] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.593] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.593] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.593] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.593] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.593] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.593] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.593] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.594] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.594] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.594] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.594] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json") returned 156 [0046.594] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.594] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.594] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json") returned 156 [0046.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3eb2588 [0046.594] lstrcpyW (in: lpString1=0x3eb2588, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" [0046.594] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.594] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.594] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.594] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.594] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\LOLKEK.txt") returned 153 [0046.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.594] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.594] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.595] CloseHandle (hObject=0x2bc) returned 1 [0046.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.595] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="fr", cAlternateFileName="")) returned 1 [0046.595] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0046.595] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0046.595] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0046.595] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0046.595] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0046.595] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0046.595] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0046.595] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr") returned 141 [0046.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.595] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" [0046.595] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*" [0046.595] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.595] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.595] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.595] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.595] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.595] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.595] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.595] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.596] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.596] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.596] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.596] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.596] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.596] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.596] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.596] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.596] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.596] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.596] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.596] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.596] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.596] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.596] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.596] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json") returned 155 [0046.596] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.596] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.596] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json") returned 155 [0046.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb2810 [0046.596] lstrcpyW (in: lpString1=0x3eb2810, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" [0046.596] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.596] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.596] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.596] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.596] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\LOLKEK.txt") returned 152 [0046.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.596] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.596] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.597] CloseHandle (hObject=0x2bc) returned 1 [0046.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.597] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="he", cAlternateFileName="")) returned 1 [0046.597] lstrcmpiW (lpString1="he", lpString2="Windows") returned -1 [0046.597] lstrcmpiW (lpString1="he", lpString2="Program Files") returned -1 [0046.597] lstrcmpiW (lpString1="he", lpString2="Program Files (x86)") returned -1 [0046.597] lstrcmpiW (lpString1="he", lpString2="$Recycle.bin") returned 1 [0046.597] lstrcmpiW (lpString1="he", lpString2="System Volume Information") returned -1 [0046.597] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0046.597] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0046.597] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he") returned 141 [0046.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.597] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" [0046.597] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*" [0046.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.603] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.603] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.603] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.603] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.603] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.603] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.603] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.603] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.603] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.603] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.603] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.603] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.603] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.603] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.603] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.603] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.603] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.603] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.603] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.603] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.603] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.603] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.603] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json") returned 155 [0046.603] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.603] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.603] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json") returned 155 [0046.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb2a98 [0046.603] lstrcpyW (in: lpString1=0x3eb2a98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" [0046.603] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.603] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.604] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.604] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.604] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\LOLKEK.txt") returned 152 [0046.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.604] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.604] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.605] CloseHandle (hObject=0x1bc) returned 1 [0046.605] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.605] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="hi", cAlternateFileName="")) returned 1 [0046.605] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0046.605] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0046.605] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0046.605] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0046.605] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0046.605] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0046.605] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0046.605] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi") returned 141 [0046.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.605] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" [0046.605] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*" [0046.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.605] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.605] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.605] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.605] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.605] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.605] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.605] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.605] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.605] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.605] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.605] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.605] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.605] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.605] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.605] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.605] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.605] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.605] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.605] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.606] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.606] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.606] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.606] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json") returned 155 [0046.606] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.606] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.606] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json") returned 155 [0046.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb2d20 [0046.606] lstrcpyW (in: lpString1=0x3eb2d20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" [0046.606] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.606] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.606] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.606] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.606] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\LOLKEK.txt") returned 152 [0046.606] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.606] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.606] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.607] CloseHandle (hObject=0x1bc) returned 1 [0046.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.607] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="hu", cAlternateFileName="")) returned 1 [0046.607] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0046.607] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0046.607] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0046.607] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0046.607] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0046.607] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0046.607] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0046.607] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu") returned 141 [0046.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.607] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" [0046.607] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*" [0046.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.609] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.609] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.609] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.609] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.609] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.609] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.609] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.609] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.609] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.609] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.609] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.609] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.609] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.609] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.609] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.609] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.609] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.609] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.609] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.609] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.609] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.609] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.609] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json") returned 155 [0046.609] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.609] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.609] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json") returned 155 [0046.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb2fa8 [0046.609] lstrcpyW (in: lpString1=0x3eb2fa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" [0046.609] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.609] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.609] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.610] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.610] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\LOLKEK.txt") returned 152 [0046.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.610] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.610] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.611] CloseHandle (hObject=0x1bc) returned 1 [0046.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.611] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="id", cAlternateFileName="")) returned 1 [0046.611] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0046.611] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0046.611] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0046.611] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0046.611] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0046.611] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0046.611] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0046.611] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id") returned 141 [0046.611] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.611] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" [0046.611] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*" [0046.611] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.611] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.611] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.611] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.611] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.611] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.611] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.611] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.611] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.611] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.611] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.611] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.611] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.611] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.611] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.611] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.611] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.611] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.611] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.611] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.611] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.611] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.612] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.612] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json") returned 155 [0046.612] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.612] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.612] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json") returned 155 [0046.612] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb3230 [0046.612] lstrcpyW (in: lpString1=0x3eb3230, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" [0046.612] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.612] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.612] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.612] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.612] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\LOLKEK.txt") returned 152 [0046.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.612] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.612] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.613] CloseHandle (hObject=0x1bc) returned 1 [0046.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.613] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="it", cAlternateFileName="")) returned 1 [0046.613] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0046.613] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0046.613] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0046.613] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0046.613] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0046.613] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0046.613] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0046.613] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it") returned 141 [0046.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.613] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" [0046.613] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*" [0046.613] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.619] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.619] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.619] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.619] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.619] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.619] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.619] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.619] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.619] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.619] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.619] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.619] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.619] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.619] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.619] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.619] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.619] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.619] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.619] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.619] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.619] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.619] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.619] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json") returned 155 [0046.619] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.619] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.619] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json") returned 155 [0046.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb34b8 [0046.619] lstrcpyW (in: lpString1=0x3eb34b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" [0046.619] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.619] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.619] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.619] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.619] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\LOLKEK.txt") returned 152 [0046.619] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.620] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.620] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.620] CloseHandle (hObject=0x1bc) returned 1 [0046.620] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.620] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="ja", cAlternateFileName="")) returned 1 [0046.620] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0046.620] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0046.620] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0046.621] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0046.621] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0046.621] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0046.621] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0046.621] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja") returned 141 [0046.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.621] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" [0046.621] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*" [0046.621] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.621] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.621] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.621] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.621] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.621] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.621] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.621] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.621] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.621] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.621] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.621] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.621] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.621] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.621] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.621] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.621] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.621] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.621] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.621] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.621] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.621] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.621] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.621] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json") returned 155 [0046.621] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.621] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.621] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json") returned 155 [0046.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb3740 [0046.621] lstrcpyW (in: lpString1=0x3eb3740, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" [0046.621] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.622] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.622] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.622] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.622] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\LOLKEK.txt") returned 152 [0046.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.622] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.622] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.623] CloseHandle (hObject=0x1bc) returned 1 [0046.623] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.623] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="ko", cAlternateFileName="")) returned 1 [0046.623] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0046.623] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0046.623] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0046.623] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0046.623] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0046.623] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0046.623] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0046.623] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko") returned 141 [0046.623] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.623] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" [0046.623] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*" [0046.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.624] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.624] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.624] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.624] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.624] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.624] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.624] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.624] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.624] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.625] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.625] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.625] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.625] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.625] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.625] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.625] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.625] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.625] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.625] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.625] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.625] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.625] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.625] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json") returned 155 [0046.625] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.625] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.625] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json") returned 155 [0046.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb39c8 [0046.625] lstrcpyW (in: lpString1=0x3eb39c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" [0046.625] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.625] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.625] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.625] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.625] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\LOLKEK.txt") returned 152 [0046.625] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.625] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.625] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.626] CloseHandle (hObject=0x1bc) returned 1 [0046.626] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.626] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="lt", cAlternateFileName="")) returned 1 [0046.626] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0046.626] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0046.626] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0046.626] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0046.626] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0046.626] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0046.626] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0046.626] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt") returned 141 [0046.626] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.626] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" [0046.626] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*" [0046.626] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.627] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.627] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.627] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.627] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.627] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.627] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.627] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.627] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.627] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.627] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.627] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.627] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.627] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.627] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.627] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.627] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.627] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.627] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.627] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.627] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.627] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.627] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.627] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json") returned 155 [0046.627] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.627] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.627] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json") returned 155 [0046.627] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb3c50 [0046.627] lstrcpyW (in: lpString1=0x3eb3c50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" [0046.627] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.628] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.628] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.628] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.628] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\LOLKEK.txt") returned 152 [0046.628] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.628] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.628] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.629] CloseHandle (hObject=0x1bc) returned 1 [0046.629] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.629] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="lv", cAlternateFileName="")) returned 1 [0046.629] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0046.629] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0046.629] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0046.629] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0046.629] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0046.629] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0046.629] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0046.629] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv") returned 141 [0046.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.630] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" [0046.630] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*" [0046.630] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.638] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.638] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.638] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.638] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.638] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.638] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.638] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.638] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.638] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.638] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.638] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.638] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.638] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.638] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.638] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.638] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.638] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.638] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.638] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.638] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.638] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.638] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.638] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json") returned 155 [0046.638] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.638] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.638] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json") returned 155 [0046.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb3ed8 [0046.638] lstrcpyW (in: lpString1=0x3eb3ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" [0046.638] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.638] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.638] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.638] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.638] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\LOLKEK.txt") returned 152 [0046.638] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.639] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.639] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.639] CloseHandle (hObject=0x1bc) returned 1 [0046.639] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.639] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="ms", cAlternateFileName="")) returned 1 [0046.639] lstrcmpiW (lpString1="ms", lpString2="Windows") returned -1 [0046.639] lstrcmpiW (lpString1="ms", lpString2="Program Files") returned -1 [0046.639] lstrcmpiW (lpString1="ms", lpString2="Program Files (x86)") returned -1 [0046.640] lstrcmpiW (lpString1="ms", lpString2="$Recycle.bin") returned 1 [0046.640] lstrcmpiW (lpString1="ms", lpString2="System Volume Information") returned -1 [0046.640] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0046.640] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0046.640] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms") returned 141 [0046.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.640] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" [0046.640] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*" [0046.640] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.640] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.640] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.640] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.640] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.640] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.640] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.640] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.640] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.640] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.640] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.640] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.640] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.640] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.640] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.640] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.640] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.640] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.640] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.640] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.640] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.640] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.640] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.640] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json") returned 155 [0046.640] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.640] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.640] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json") returned 155 [0046.640] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb4160 [0046.640] lstrcpyW (in: lpString1=0x3eb4160, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" [0046.640] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.646] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.646] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.646] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.646] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\LOLKEK.txt") returned 152 [0046.646] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.646] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.646] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.647] CloseHandle (hObject=0x1bc) returned 1 [0046.647] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.647] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="nl", cAlternateFileName="")) returned 1 [0046.647] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0046.647] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0046.647] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0046.647] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0046.647] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0046.647] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0046.647] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0046.647] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl") returned 141 [0046.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.647] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" [0046.647] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*" [0046.647] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.649] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.649] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.649] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.649] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.649] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.649] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.649] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.649] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.649] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.649] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.649] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.649] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.649] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.649] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.649] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.649] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.649] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.649] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.649] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.649] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.649] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.649] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.649] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json") returned 155 [0046.649] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.649] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.649] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json") returned 155 [0046.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb43e8 [0046.649] lstrcpyW (in: lpString1=0x3eb43e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" [0046.649] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.651] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.651] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.651] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.651] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\LOLKEK.txt") returned 152 [0046.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.652] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.652] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.652] CloseHandle (hObject=0x1bc) returned 1 [0046.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.652] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="no", cAlternateFileName="")) returned 1 [0046.652] lstrcmpiW (lpString1="no", lpString2="Windows") returned -1 [0046.652] lstrcmpiW (lpString1="no", lpString2="Program Files") returned -1 [0046.652] lstrcmpiW (lpString1="no", lpString2="Program Files (x86)") returned -1 [0046.652] lstrcmpiW (lpString1="no", lpString2="$Recycle.bin") returned 1 [0046.652] lstrcmpiW (lpString1="no", lpString2="System Volume Information") returned -1 [0046.652] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0046.652] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0046.652] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no") returned 141 [0046.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.652] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" [0046.653] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*" [0046.653] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.653] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.653] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.653] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.653] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.653] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.653] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.653] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.653] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.653] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.653] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.653] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.653] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.653] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.653] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.653] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.653] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.653] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.653] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.653] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.653] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.653] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.653] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.653] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json") returned 155 [0046.653] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.653] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.653] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json") returned 155 [0046.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb4670 [0046.653] lstrcpyW (in: lpString1=0x3eb4670, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" [0046.653] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.658] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.659] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.659] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.659] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\LOLKEK.txt") returned 152 [0046.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.659] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.659] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.660] CloseHandle (hObject=0x1bc) returned 1 [0046.660] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.660] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="pl", cAlternateFileName="")) returned 1 [0046.660] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0046.660] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0046.660] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0046.660] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0046.660] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0046.660] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0046.660] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0046.660] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl") returned 141 [0046.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.660] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" [0046.660] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*" [0046.660] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.662] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.662] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.662] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.662] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.662] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.662] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.662] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.662] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.662] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.662] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.662] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.662] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.662] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.662] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.662] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.662] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.662] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.662] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.662] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.662] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.662] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.662] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.662] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json") returned 155 [0046.662] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.662] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.662] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json") returned 155 [0046.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb48f8 [0046.662] lstrcpyW (in: lpString1=0x3eb48f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" [0046.662] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.667] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.667] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.667] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.667] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\LOLKEK.txt") returned 152 [0046.667] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.667] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.667] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.668] CloseHandle (hObject=0x1bc) returned 1 [0046.668] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.668] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0046.668] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0046.668] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0046.668] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0046.668] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0046.668] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0046.668] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0046.668] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0046.668] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR") returned 144 [0046.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.668] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" [0046.668] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*" [0046.668] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.668] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.668] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.668] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.668] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.668] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.668] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.668] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.669] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.669] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.669] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.669] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.669] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.669] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.669] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.669] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.669] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.669] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.669] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.669] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.669] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.669] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.669] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.669] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json") returned 158 [0046.669] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.669] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.669] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json") returned 158 [0046.669] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3eb4b80 [0046.669] lstrcpyW (in: lpString1=0x3eb4b80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" [0046.669] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.682] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.682] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.682] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.682] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\LOLKEK.txt") returned 155 [0046.682] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.682] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.682] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.684] CloseHandle (hObject=0x1bc) returned 1 [0046.684] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.684] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0046.684] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0046.684] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0046.684] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0046.684] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0046.684] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0046.685] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0046.685] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0046.685] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT") returned 144 [0046.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.685] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" [0046.685] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*" [0046.685] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.687] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.687] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.687] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.687] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.687] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.687] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.687] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.687] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.687] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.687] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.687] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.687] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.687] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.687] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.687] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.687] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.687] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.687] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.687] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.687] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.687] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.687] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.687] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json") returned 158 [0046.687] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.687] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.687] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json") returned 158 [0046.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3eb4e08 [0046.687] lstrcpyW (in: lpString1=0x3eb4e08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" [0046.687] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.692] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.692] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.692] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.692] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\LOLKEK.txt") returned 155 [0046.692] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.693] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.693] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.693] CloseHandle (hObject=0x2bc) returned 1 [0046.693] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.693] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="ro", cAlternateFileName="")) returned 1 [0046.693] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0046.693] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0046.693] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0046.693] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0046.693] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0046.693] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0046.693] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0046.693] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro") returned 141 [0046.693] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.694] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" [0046.694] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*" [0046.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.694] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.694] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.694] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.694] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.694] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.694] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.694] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.694] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.694] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.694] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.694] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.694] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.694] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.694] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.694] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.694] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.694] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.694] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.694] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.694] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.694] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.694] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.694] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json") returned 155 [0046.694] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.694] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.694] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json") returned 155 [0046.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb5090 [0046.694] lstrcpyW (in: lpString1=0x3eb5090, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" [0046.694] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.697] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.697] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.697] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.697] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\LOLKEK.txt") returned 152 [0046.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.697] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.697] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.698] CloseHandle (hObject=0x2bc) returned 1 [0046.698] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.698] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="ru", cAlternateFileName="")) returned 1 [0046.698] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0046.698] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0046.698] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0046.698] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0046.698] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0046.698] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0046.698] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0046.698] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru") returned 141 [0046.698] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.698] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" [0046.698] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*" [0046.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.700] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.700] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.700] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.700] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.700] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.700] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.700] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.700] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.700] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.700] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.700] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.700] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.700] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.700] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.700] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.700] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.700] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.700] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.700] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.700] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.700] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.700] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.700] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json") returned 155 [0046.700] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.700] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.700] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json") returned 155 [0046.700] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb5318 [0046.700] lstrcpyW (in: lpString1=0x3eb5318, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" [0046.700] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.702] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.702] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.702] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.702] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\LOLKEK.txt") returned 152 [0046.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.703] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.703] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.704] CloseHandle (hObject=0x2bc) returned 1 [0046.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.704] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="sk", cAlternateFileName="")) returned 1 [0046.704] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0046.704] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0046.704] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0046.704] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0046.704] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0046.704] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0046.704] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0046.704] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk") returned 141 [0046.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.704] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" [0046.704] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*" [0046.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.704] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.704] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.704] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.704] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.704] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.704] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.704] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.704] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.704] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.704] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.704] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.704] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.704] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.704] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.705] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.705] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.705] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.705] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.705] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.705] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.705] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.705] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.705] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json") returned 155 [0046.705] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.705] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.705] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json") returned 155 [0046.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb55a0 [0046.705] lstrcpyW (in: lpString1=0x3eb55a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" [0046.705] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.733] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.733] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.733] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.733] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\LOLKEK.txt") returned 152 [0046.733] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.734] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.734] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.734] CloseHandle (hObject=0x2bc) returned 1 [0046.734] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.734] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="sl", cAlternateFileName="")) returned 1 [0046.734] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0046.735] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0046.735] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0046.735] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0046.735] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0046.735] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0046.735] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0046.735] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl") returned 141 [0046.735] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.735] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" [0046.735] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*" [0046.735] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.739] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.739] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.739] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.739] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.739] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.739] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.739] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.739] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.739] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.739] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.739] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.739] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.739] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.739] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.739] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.739] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.739] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.739] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.739] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.739] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.739] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.739] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.739] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json") returned 155 [0046.739] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.739] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.739] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json") returned 155 [0046.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb5828 [0046.739] lstrcpyW (in: lpString1=0x3eb5828, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" [0046.739] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.739] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.739] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.739] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.739] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\LOLKEK.txt") returned 152 [0046.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.740] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.740] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.740] CloseHandle (hObject=0x2bc) returned 1 [0046.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.740] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="sr", cAlternateFileName="")) returned 1 [0046.740] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0046.740] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0046.740] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0046.741] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0046.741] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0046.741] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0046.741] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0046.741] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr") returned 141 [0046.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.741] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" [0046.741] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*" [0046.741] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.741] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.741] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.741] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.741] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.741] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.741] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.741] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.741] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.741] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.741] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.741] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.741] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.741] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.741] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.741] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.741] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.741] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.741] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.741] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.741] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.741] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.741] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.741] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json") returned 155 [0046.741] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.741] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.741] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json") returned 155 [0046.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e69e70 [0046.741] lstrcpyW (in: lpString1=0x3e69e70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" [0046.741] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.745] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.745] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.746] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\LOLKEK.txt") returned 152 [0046.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.746] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.746] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.747] CloseHandle (hObject=0x2bc) returned 1 [0046.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.747] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="sv", cAlternateFileName="")) returned 1 [0046.747] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0046.747] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0046.747] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0046.747] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0046.747] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0046.747] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0046.747] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0046.747] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv") returned 141 [0046.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.747] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" [0046.747] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*" [0046.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.749] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.749] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.749] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.749] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.749] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.749] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.749] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.750] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.750] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.750] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.750] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.750] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.750] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.750] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.750] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.750] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.750] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.750] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.750] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.750] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.750] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.750] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.750] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json") returned 155 [0046.750] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.750] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.750] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json") returned 155 [0046.750] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a0f8 [0046.750] lstrcpyW (in: lpString1=0x3e6a0f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" [0046.750] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.756] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.756] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.756] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.756] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\LOLKEK.txt") returned 152 [0046.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.756] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.756] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.757] CloseHandle (hObject=0x2bc) returned 1 [0046.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.757] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="th", cAlternateFileName="")) returned 1 [0046.757] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0046.757] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0046.757] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0046.757] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0046.757] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0046.757] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0046.757] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0046.757] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th") returned 141 [0046.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.757] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" [0046.757] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*" [0046.757] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.758] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.758] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.758] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.758] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.758] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.758] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.758] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.758] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.758] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.758] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.758] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.758] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.758] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.758] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.758] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.758] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.758] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.758] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.758] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.758] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.758] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.758] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.758] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json") returned 155 [0046.758] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.758] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.758] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json") returned 155 [0046.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a380 [0046.758] lstrcpyW (in: lpString1=0x3e6a380, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" [0046.758] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.758] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.758] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.758] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.758] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\LOLKEK.txt") returned 152 [0046.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.759] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.759] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.759] CloseHandle (hObject=0x2bc) returned 1 [0046.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.759] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="tr", cAlternateFileName="")) returned 1 [0046.760] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0046.760] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0046.760] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0046.760] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0046.760] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0046.760] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0046.760] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0046.760] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr") returned 141 [0046.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.760] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" [0046.760] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*" [0046.760] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.763] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.763] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.763] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.763] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.763] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.763] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.763] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.763] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.763] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.763] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.763] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.763] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.763] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.763] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.763] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.763] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.763] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.763] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.763] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.763] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.763] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.763] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.763] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json") returned 155 [0046.763] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.763] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.763] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json") returned 155 [0046.763] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a608 [0046.763] lstrcpyW (in: lpString1=0x3e6a608, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" [0046.763] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.770] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.770] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.770] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.770] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\LOLKEK.txt") returned 152 [0046.770] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.771] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.771] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.771] CloseHandle (hObject=0x2bc) returned 1 [0046.771] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.771] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="uk", cAlternateFileName="")) returned 1 [0046.771] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0046.772] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0046.772] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0046.772] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0046.772] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0046.772] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0046.772] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0046.772] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk") returned 141 [0046.772] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.772] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" [0046.772] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*" [0046.772] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.772] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.772] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.772] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.772] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.772] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.772] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.772] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.772] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.772] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.772] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.772] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.772] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.772] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.772] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.772] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.772] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.772] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.772] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.772] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.772] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.772] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.773] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.773] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json") returned 155 [0046.773] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.773] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.773] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json") returned 155 [0046.773] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a890 [0046.773] lstrcpyW (in: lpString1=0x3e6a890, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" [0046.773] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.773] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.773] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.773] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.773] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\LOLKEK.txt") returned 152 [0046.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.773] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.773] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.774] CloseHandle (hObject=0x2bc) returned 1 [0046.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.774] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="vi", cAlternateFileName="")) returned 1 [0046.774] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0046.774] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0046.774] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0046.774] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0046.774] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0046.774] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0046.774] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0046.774] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi") returned 141 [0046.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.774] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" [0046.774] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*" [0046.774] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.775] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.775] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.775] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.775] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.775] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.776] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.776] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.776] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.776] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.776] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.776] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.776] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.776] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.776] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.776] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.776] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.776] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.776] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.776] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.776] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.776] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.776] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.776] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json") returned 155 [0046.776] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.776] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.776] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json") returned 155 [0046.776] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6ab18 [0046.776] lstrcpyW (in: lpString1=0x3e6ab18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" [0046.776] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.790] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.790] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.790] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.790] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\LOLKEK.txt") returned 152 [0046.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.790] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.790] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.791] CloseHandle (hObject=0x2bc) returned 1 [0046.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.791] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0046.791] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0046.791] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0046.791] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0046.791] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0046.791] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0046.791] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0046.791] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0046.791] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN") returned 144 [0046.791] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.791] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" [0046.791] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*" [0046.791] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.792] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.792] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.792] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.792] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.792] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.792] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.792] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.792] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.792] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.792] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.792] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.792] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.792] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.792] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.792] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.792] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.792] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.792] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.792] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.792] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.792] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.792] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.792] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json") returned 158 [0046.792] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.792] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.792] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json") returned 158 [0046.792] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3e6ada0 [0046.792] lstrcpyW (in: lpString1=0x3e6ada0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" [0046.792] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.792] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.792] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.792] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.792] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\LOLKEK.txt") returned 155 [0046.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.793] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.793] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.793] CloseHandle (hObject=0x2bc) returned 1 [0046.793] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.793] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0046.793] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0046.793] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0046.793] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0046.793] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0046.793] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0046.793] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0046.793] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0046.793] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW") returned 144 [0046.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.794] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" [0046.794] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*" [0046.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.798] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.798] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.798] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.798] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.798] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.798] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.798] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.798] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.798] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.798] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.798] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.798] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.798] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.798] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.798] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.798] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.798] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.798] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.798] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.798] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.798] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.798] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.798] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json") returned 158 [0046.798] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.798] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.798] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json") returned 158 [0046.798] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3e6b028 [0046.798] lstrcpyW (in: lpString1=0x3e6b028, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" [0046.798] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.805] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.805] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.805] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.805] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\LOLKEK.txt") returned 155 [0046.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.805] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.805] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.806] CloseHandle (hObject=0x2bc) returned 1 [0046.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0046.806] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0046.806] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0046.806] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\LOLKEK.txt") returned 149 [0046.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0046.807] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.807] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0046.807] CloseHandle (hObject=0x1b4) returned 1 [0046.807] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.807] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0046.807] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0046.807] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0046.807] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0046.807] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0046.807] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0046.807] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0046.807] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0046.808] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata") returned 139 [0046.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.808] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" [0046.808] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*" [0046.808] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0046.811] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.811] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.811] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.811] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.811] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.811] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.811] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0046.811] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.811] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.811] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.811] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.811] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.811] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.811] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.811] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x844eed30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0046.811] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Windows") returned -1 [0046.811] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files") returned -1 [0046.811] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files (x86)") returned -1 [0046.811] lstrcmpiW (lpString1="computed_hashes.json", lpString2="$Recycle.bin") returned 1 [0046.811] lstrcmpiW (lpString1="computed_hashes.json", lpString2="System Volume Information") returned -1 [0046.811] lstrcmpiW (lpString1="computed_hashes.json", lpString2=".") returned 1 [0046.811] lstrcmpiW (lpString1="computed_hashes.json", lpString2="..") returned 1 [0046.811] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json") returned 160 [0046.811] StrStrIW (lpFirst="computed_hashes.json", lpSrch=".lolkek") returned 0x0 [0046.811] lstrcmpW (lpString1="computed_hashes.json", lpString2="LOLKEK.txt") returned -1 [0046.811] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json") returned 160 [0046.811] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x62f598 [0046.811] lstrcpyW (in: lpString1=0x62f598, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" [0046.811] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.811] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.811] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0046.811] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0046.811] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0046.811] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0046.811] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0046.811] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0046.811] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0046.812] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0046.812] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json") returned 162 [0046.812] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0046.812] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0046.812] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json") returned 162 [0046.812] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec0258 [0046.812] lstrcpyW (in: lpString1=0x3ec0258, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" [0046.812] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.819] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.819] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x5dafc0, dwReserved1=0x1, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0046.819] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0046.819] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\LOLKEK.txt") returned 150 [0046.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.822] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.822] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0046.822] CloseHandle (hObject=0x2bc) returned 1 [0046.823] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0046.823] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0046.823] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0046.823] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\LOLKEK.txt") returned 140 [0046.823] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0046.823] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.823] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0046.824] CloseHandle (hObject=0x1ec) returned 1 [0046.824] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.824] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.1_0", cAlternateFileName="")) returned 0 [0046.824] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0046.824] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\LOLKEK.txt") returned 134 [0046.824] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0046.824] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.824] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0046.825] CloseHandle (hObject=0x270) returned 1 [0046.825] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0046.826] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0046.826] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="Windows") returned -1 [0046.826] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="Program Files") returned -1 [0046.826] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="Program Files (x86)") returned -1 [0046.826] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="$Recycle.bin") returned 1 [0046.826] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="System Volume Information") returned -1 [0046.826] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2=".") returned 1 [0046.826] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="..") returned 1 [0046.827] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned 123 [0046.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0046.827] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0046.827] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*" [0046.827] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0046.830] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.830] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.830] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.830] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.830] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.830] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.830] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.830] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.830] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.830] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.831] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.831] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.831] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.831] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.831] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.4_0", cAlternateFileName="")) returned 1 [0046.831] lstrcmpiW (lpString1="1.4_0", lpString2="Windows") returned -1 [0046.831] lstrcmpiW (lpString1="1.4_0", lpString2="Program Files") returned -1 [0046.831] lstrcmpiW (lpString1="1.4_0", lpString2="Program Files (x86)") returned -1 [0046.831] lstrcmpiW (lpString1="1.4_0", lpString2="$Recycle.bin") returned 1 [0046.831] lstrcmpiW (lpString1="1.4_0", lpString2="System Volume Information") returned -1 [0046.831] lstrcmpiW (lpString1="1.4_0", lpString2=".") returned 1 [0046.831] lstrcmpiW (lpString1="1.4_0", lpString2="..") returned 1 [0046.831] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0") returned 129 [0046.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0046.831] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" [0046.831] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*" [0046.831] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0046.833] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.833] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.833] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.833] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.833] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.833] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.833] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.833] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.833] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.833] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.833] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.833] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.833] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.833] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.833] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1378, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="128.png", cAlternateFileName="")) returned 1 [0046.833] lstrcmpiW (lpString1="128.png", lpString2="Windows") returned -1 [0046.833] lstrcmpiW (lpString1="128.png", lpString2="Program Files") returned -1 [0046.833] lstrcmpiW (lpString1="128.png", lpString2="Program Files (x86)") returned -1 [0046.833] lstrcmpiW (lpString1="128.png", lpString2="$Recycle.bin") returned 1 [0046.833] lstrcmpiW (lpString1="128.png", lpString2="System Volume Information") returned -1 [0046.833] lstrcmpiW (lpString1="128.png", lpString2=".") returned 1 [0046.833] lstrcmpiW (lpString1="128.png", lpString2="..") returned 1 [0046.833] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png") returned 137 [0046.833] StrStrIW (lpFirst="128.png", lpSrch=".lolkek") returned 0x0 [0046.833] lstrcmpW (lpString1="128.png", lpString2="LOLKEK.txt") returned -1 [0046.833] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png") returned 137 [0046.833] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eaddb0 [0046.833] lstrcpyW (in: lpString1=0x3eaddb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" [0046.833] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.833] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.833] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="contentscript_bin_prod.js", cAlternateFileName="CONTEN~1.JS")) returned 1 [0046.833] lstrcmpiW (lpString1="contentscript_bin_prod.js", lpString2="Windows") returned -1 [0046.833] lstrcmpiW (lpString1="contentscript_bin_prod.js", lpString2="Program Files") returned -1 [0046.833] lstrcmpiW (lpString1="contentscript_bin_prod.js", lpString2="Program Files (x86)") returned -1 [0046.833] lstrcmpiW (lpString1="contentscript_bin_prod.js", lpString2="$Recycle.bin") returned 1 [0046.834] lstrcmpiW (lpString1="contentscript_bin_prod.js", lpString2="System Volume Information") returned -1 [0046.834] lstrcmpiW (lpString1="contentscript_bin_prod.js", lpString2=".") returned 1 [0046.834] lstrcmpiW (lpString1="contentscript_bin_prod.js", lpString2="..") returned 1 [0046.834] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js") returned 155 [0046.834] StrStrIW (lpFirst="contentscript_bin_prod.js", lpSrch=".lolkek") returned 0x0 [0046.834] lstrcmpW (lpString1="contentscript_bin_prod.js", lpString2="LOLKEK.txt") returned -1 [0046.834] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js") returned 155 [0046.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6b2b0 [0046.834] lstrcpyW (in: lpString1=0x3e6b2b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" [0046.834] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.837] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.837] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x356, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dasherSettingSchema.json", cAlternateFileName="DASHER~1.JSO")) returned 1 [0046.837] lstrcmpiW (lpString1="dasherSettingSchema.json", lpString2="Windows") returned -1 [0046.837] lstrcmpiW (lpString1="dasherSettingSchema.json", lpString2="Program Files") returned -1 [0046.837] lstrcmpiW (lpString1="dasherSettingSchema.json", lpString2="Program Files (x86)") returned -1 [0046.837] lstrcmpiW (lpString1="dasherSettingSchema.json", lpString2="$Recycle.bin") returned 1 [0046.837] lstrcmpiW (lpString1="dasherSettingSchema.json", lpString2="System Volume Information") returned -1 [0046.837] lstrcmpiW (lpString1="dasherSettingSchema.json", lpString2=".") returned 1 [0046.837] lstrcmpiW (lpString1="dasherSettingSchema.json", lpString2="..") returned 1 [0046.837] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json") returned 154 [0046.837] StrStrIW (lpFirst="dasherSettingSchema.json", lpSrch=".lolkek") returned 0x0 [0046.837] lstrcmpW (lpString1="dasherSettingSchema.json", lpString2="LOLKEK.txt") returned -1 [0046.837] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json") returned 154 [0046.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x26c) returned 0x3e6b538 [0046.837] lstrcpyW (in: lpString1=0x3e6b538, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" [0046.837] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.837] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.837] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x5b6c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eventpage_bin_prod.js", cAlternateFileName="EVENTP~1.JS")) returned 1 [0046.837] lstrcmpiW (lpString1="eventpage_bin_prod.js", lpString2="Windows") returned -1 [0046.837] lstrcmpiW (lpString1="eventpage_bin_prod.js", lpString2="Program Files") returned -1 [0046.837] lstrcmpiW (lpString1="eventpage_bin_prod.js", lpString2="Program Files (x86)") returned -1 [0046.837] lstrcmpiW (lpString1="eventpage_bin_prod.js", lpString2="$Recycle.bin") returned 1 [0046.837] lstrcmpiW (lpString1="eventpage_bin_prod.js", lpString2="System Volume Information") returned -1 [0046.837] lstrcmpiW (lpString1="eventpage_bin_prod.js", lpString2=".") returned 1 [0046.837] lstrcmpiW (lpString1="eventpage_bin_prod.js", lpString2="..") returned 1 [0046.837] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js") returned 151 [0046.837] StrStrIW (lpFirst="eventpage_bin_prod.js", lpSrch=".lolkek") returned 0x0 [0046.837] lstrcmpW (lpString1="eventpage_bin_prod.js", lpString2="LOLKEK.txt") returned -1 [0046.837] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js") returned 151 [0046.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3de1b60 [0046.837] lstrcpyW (in: lpString1=0x3de1b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" [0046.837] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.848] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.848] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0046.848] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0046.848] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0046.848] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0046.848] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0046.848] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0046.848] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0046.849] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0046.849] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json") returned 143 [0046.849] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0046.849] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0046.849] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json") returned 143 [0046.849] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x240) returned 0x3cc9da0 [0046.849] lstrcpyW (in: lpString1=0x3cc9da0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" [0046.849] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.849] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.849] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="page_embed_script.js", cAlternateFileName="PAGE_E~1.JS")) returned 1 [0046.849] lstrcmpiW (lpString1="page_embed_script.js", lpString2="Windows") returned -1 [0046.849] lstrcmpiW (lpString1="page_embed_script.js", lpString2="Program Files") returned -1 [0046.849] lstrcmpiW (lpString1="page_embed_script.js", lpString2="Program Files (x86)") returned -1 [0046.849] lstrcmpiW (lpString1="page_embed_script.js", lpString2="$Recycle.bin") returned 1 [0046.849] lstrcmpiW (lpString1="page_embed_script.js", lpString2="System Volume Information") returned -1 [0046.849] lstrcmpiW (lpString1="page_embed_script.js", lpString2=".") returned 1 [0046.849] lstrcmpiW (lpString1="page_embed_script.js", lpString2="..") returned 1 [0046.849] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js") returned 150 [0046.849] StrStrIW (lpFirst="page_embed_script.js", lpSrch=".lolkek") returned 0x0 [0046.849] lstrcmpW (lpString1="page_embed_script.js", lpString2="LOLKEK.txt") returned 1 [0046.849] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js") returned 150 [0046.849] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x25c) returned 0x61c2b8 [0046.849] lstrcpyW (in: lpString1=0x61c2b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" [0046.849] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.858] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.858] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0046.858] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0046.858] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0046.858] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0046.858] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0046.858] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0046.858] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0046.858] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0046.858] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales") returned 138 [0046.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0046.858] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" [0046.858] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*" [0046.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0046.862] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.862] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.862] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.862] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.862] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.862] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.862] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.862] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.862] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.863] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.863] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.863] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.863] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.863] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.863] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="af", cAlternateFileName="")) returned 1 [0046.863] lstrcmpiW (lpString1="af", lpString2="Windows") returned -1 [0046.863] lstrcmpiW (lpString1="af", lpString2="Program Files") returned -1 [0046.863] lstrcmpiW (lpString1="af", lpString2="Program Files (x86)") returned -1 [0046.863] lstrcmpiW (lpString1="af", lpString2="$Recycle.bin") returned 1 [0046.863] lstrcmpiW (lpString1="af", lpString2="System Volume Information") returned -1 [0046.863] lstrcmpiW (lpString1="af", lpString2=".") returned 1 [0046.863] lstrcmpiW (lpString1="af", lpString2="..") returned 1 [0046.863] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af") returned 141 [0046.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.863] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" [0046.863] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*" [0046.863] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.864] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.864] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.864] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.864] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.864] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.864] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.864] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.864] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.864] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.864] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.864] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.864] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.864] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.864] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.864] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.864] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.864] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.864] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.864] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.864] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.864] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.864] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.864] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json") returned 155 [0046.864] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.864] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.864] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json") returned 155 [0046.864] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6b7c0 [0046.864] lstrcpyW (in: lpString1=0x3e6b7c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" [0046.864] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.865] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.865] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.865] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.865] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\LOLKEK.txt") returned 152 [0046.865] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.865] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.865] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.866] CloseHandle (hObject=0x2bc) returned 1 [0046.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.866] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="am", cAlternateFileName="")) returned 1 [0046.866] lstrcmpiW (lpString1="am", lpString2="Windows") returned -1 [0046.866] lstrcmpiW (lpString1="am", lpString2="Program Files") returned -1 [0046.866] lstrcmpiW (lpString1="am", lpString2="Program Files (x86)") returned -1 [0046.866] lstrcmpiW (lpString1="am", lpString2="$Recycle.bin") returned 1 [0046.866] lstrcmpiW (lpString1="am", lpString2="System Volume Information") returned -1 [0046.866] lstrcmpiW (lpString1="am", lpString2=".") returned 1 [0046.866] lstrcmpiW (lpString1="am", lpString2="..") returned 1 [0046.866] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am") returned 141 [0046.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.866] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" [0046.866] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*" [0046.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.866] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.866] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.866] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.866] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.866] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.866] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.866] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.866] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.866] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.866] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.867] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.867] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.867] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.867] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.867] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.867] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.867] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.867] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.867] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.867] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.867] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.867] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.867] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json") returned 155 [0046.867] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.867] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.867] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json") returned 155 [0046.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6ba48 [0046.867] lstrcpyW (in: lpString1=0x3e6ba48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" [0046.867] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.877] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.877] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.877] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.877] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\LOLKEK.txt") returned 152 [0046.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.878] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.878] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.878] CloseHandle (hObject=0x2bc) returned 1 [0046.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.878] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ar", cAlternateFileName="")) returned 1 [0046.879] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0046.879] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0046.879] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0046.879] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0046.879] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0046.879] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0046.879] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0046.879] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar") returned 141 [0046.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.879] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" [0046.879] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*" [0046.879] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.879] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.879] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.879] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.879] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.879] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.879] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.879] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.879] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.880] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.880] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.880] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.880] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.880] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.880] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.880] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.880] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.880] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.880] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.880] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.880] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.880] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.880] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.880] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json") returned 155 [0046.880] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.880] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.880] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json") returned 155 [0046.880] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6bcd0 [0046.880] lstrcpyW (in: lpString1=0x3e6bcd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" [0046.880] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.884] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.884] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.884] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.884] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\LOLKEK.txt") returned 152 [0046.884] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.884] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.884] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.885] CloseHandle (hObject=0x2bc) returned 1 [0046.885] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.885] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="az", cAlternateFileName="")) returned 1 [0046.885] lstrcmpiW (lpString1="az", lpString2="Windows") returned -1 [0046.885] lstrcmpiW (lpString1="az", lpString2="Program Files") returned -1 [0046.885] lstrcmpiW (lpString1="az", lpString2="Program Files (x86)") returned -1 [0046.885] lstrcmpiW (lpString1="az", lpString2="$Recycle.bin") returned 1 [0046.885] lstrcmpiW (lpString1="az", lpString2="System Volume Information") returned -1 [0046.885] lstrcmpiW (lpString1="az", lpString2=".") returned 1 [0046.885] lstrcmpiW (lpString1="az", lpString2="..") returned 1 [0046.885] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az") returned 141 [0046.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.885] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" [0046.885] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*" [0046.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.885] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.885] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.885] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.885] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.885] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.885] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.885] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.885] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.885] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.885] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.886] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.886] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.886] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.886] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.886] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.886] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.886] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.886] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.886] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.886] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.886] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.886] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.886] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json") returned 155 [0046.886] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.886] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.886] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json") returned 155 [0046.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6bf58 [0046.886] lstrcpyW (in: lpString1=0x3e6bf58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" [0046.886] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.892] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.892] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.892] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.892] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\LOLKEK.txt") returned 152 [0046.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.893] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.893] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.894] CloseHandle (hObject=0x2bc) returned 1 [0046.894] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.894] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0046.894] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0046.894] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0046.894] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0046.894] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0046.894] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0046.894] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0046.894] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0046.894] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg") returned 141 [0046.894] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.894] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" [0046.894] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*" [0046.895] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.899] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.899] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.899] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.899] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.899] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.899] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.899] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.899] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.899] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.899] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.899] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.899] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.899] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.899] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.899] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.899] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.899] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.899] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.899] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.899] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.899] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.899] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.899] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json") returned 155 [0046.899] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.899] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.899] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json") returned 155 [0046.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6c1e0 [0046.899] lstrcpyW (in: lpString1=0x3e6c1e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" [0046.899] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.899] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.899] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.899] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.899] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\LOLKEK.txt") returned 152 [0046.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.900] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.900] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.901] CloseHandle (hObject=0x1bc) returned 1 [0046.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.901] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bn", cAlternateFileName="")) returned 1 [0046.901] lstrcmpiW (lpString1="bn", lpString2="Windows") returned -1 [0046.901] lstrcmpiW (lpString1="bn", lpString2="Program Files") returned -1 [0046.901] lstrcmpiW (lpString1="bn", lpString2="Program Files (x86)") returned -1 [0046.901] lstrcmpiW (lpString1="bn", lpString2="$Recycle.bin") returned 1 [0046.901] lstrcmpiW (lpString1="bn", lpString2="System Volume Information") returned -1 [0046.901] lstrcmpiW (lpString1="bn", lpString2=".") returned 1 [0046.901] lstrcmpiW (lpString1="bn", lpString2="..") returned 1 [0046.901] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn") returned 141 [0046.901] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.901] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" [0046.901] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*" [0046.901] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.902] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.902] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.902] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.902] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.902] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.902] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.902] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.902] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.902] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.902] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.902] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.902] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.902] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.902] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.902] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.902] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.902] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.902] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.902] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.902] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.902] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.902] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.902] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json") returned 155 [0046.902] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.902] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.902] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json") returned 155 [0046.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6c468 [0046.902] lstrcpyW (in: lpString1=0x3e6c468, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" [0046.902] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.908] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.908] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.908] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.908] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\LOLKEK.txt") returned 152 [0046.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.908] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.908] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.909] CloseHandle (hObject=0x1bc) returned 1 [0046.909] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.909] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0046.909] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0046.909] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0046.909] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0046.909] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0046.909] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0046.909] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0046.909] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0046.909] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca") returned 141 [0046.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.909] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" [0046.909] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*" [0046.909] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.913] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.913] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.913] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.913] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.913] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.913] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.913] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.913] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.913] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.913] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.913] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.913] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.913] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.913] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.913] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.913] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.913] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.913] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.913] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.913] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.913] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.913] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.913] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json") returned 155 [0046.913] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.913] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.913] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json") returned 155 [0046.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6c6f0 [0046.913] lstrcpyW (in: lpString1=0x3e6c6f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" [0046.913] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.913] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.913] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.913] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.913] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\LOLKEK.txt") returned 152 [0046.913] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.914] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.914] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.914] CloseHandle (hObject=0x2bc) returned 1 [0046.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.914] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0046.914] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0046.914] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0046.915] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0046.915] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0046.915] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0046.915] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0046.915] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0046.915] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs") returned 141 [0046.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.915] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" [0046.915] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*" [0046.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.915] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.915] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.915] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.915] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.915] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.915] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.915] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.915] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.915] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.915] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.915] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.915] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.915] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.915] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.915] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.915] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.915] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.915] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.915] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.915] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.915] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.915] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.915] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json") returned 155 [0046.915] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.915] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.915] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json") returned 155 [0046.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6c978 [0046.915] lstrcpyW (in: lpString1=0x3e6c978, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" [0046.915] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.920] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.920] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.920] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.920] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\LOLKEK.txt") returned 152 [0046.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.921] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.921] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.921] CloseHandle (hObject=0x2bc) returned 1 [0046.921] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.921] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0046.921] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0046.921] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0046.921] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0046.921] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0046.922] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0046.922] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0046.922] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0046.922] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da") returned 141 [0046.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.922] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" [0046.922] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*" [0046.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.935] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.935] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.935] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.935] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.935] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.935] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.935] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.935] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.935] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.935] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.935] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.935] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.935] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.935] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.935] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.935] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.935] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.935] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.935] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.935] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.935] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.935] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.935] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json") returned 155 [0046.935] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.935] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.935] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json") returned 155 [0046.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6cc00 [0046.935] lstrcpyW (in: lpString1=0x3e6cc00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" [0046.935] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.935] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.935] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.935] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.936] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\LOLKEK.txt") returned 152 [0046.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.936] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.936] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.937] CloseHandle (hObject=0x2bc) returned 1 [0046.937] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.937] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0046.937] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0046.937] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0046.937] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0046.937] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0046.937] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0046.937] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0046.937] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0046.937] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de") returned 141 [0046.937] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.937] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" [0046.937] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*" [0046.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.937] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.937] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.937] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.937] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.937] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.937] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.937] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.937] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.937] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.937] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.937] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.937] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.937] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.937] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.937] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.937] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.937] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.937] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.937] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.937] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.937] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.938] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.938] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json") returned 155 [0046.938] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.938] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.938] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json") returned 155 [0046.938] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6ce88 [0046.938] lstrcpyW (in: lpString1=0x3e6ce88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" [0046.938] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.991] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.991] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.991] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.992] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\LOLKEK.txt") returned 152 [0046.992] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0046.992] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.992] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.993] CloseHandle (hObject=0x2bc) returned 1 [0046.993] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0046.993] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0046.993] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0046.993] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0046.993] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0046.993] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0046.993] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0046.993] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0046.993] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0046.993] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el") returned 141 [0046.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0046.993] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" [0046.993] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*" [0046.993] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0046.998] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0046.998] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0046.998] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0046.998] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0046.998] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0046.998] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.998] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0046.998] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0046.998] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0046.998] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0046.998] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0046.998] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0046.998] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.998] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.998] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0046.998] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0046.998] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0046.998] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0046.998] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0046.998] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0046.998] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0046.998] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0046.998] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json") returned 155 [0046.998] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0046.998] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0046.998] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json") returned 155 [0046.998] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6d110 [0046.998] lstrcpyW (in: lpString1=0x3e6d110, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" [0046.998] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0046.998] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0046.998] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0046.998] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0046.998] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\LOLKEK.txt") returned 152 [0046.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0046.999] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0046.999] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0046.999] CloseHandle (hObject=0x1bc) returned 1 [0047.000] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0047.000] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_GB", cAlternateFileName="")) returned 1 [0047.000] lstrcmpiW (lpString1="en_GB", lpString2="Windows") returned -1 [0047.000] lstrcmpiW (lpString1="en_GB", lpString2="Program Files") returned -1 [0047.000] lstrcmpiW (lpString1="en_GB", lpString2="Program Files (x86)") returned -1 [0047.000] lstrcmpiW (lpString1="en_GB", lpString2="$Recycle.bin") returned 1 [0047.000] lstrcmpiW (lpString1="en_GB", lpString2="System Volume Information") returned -1 [0047.000] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0047.000] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0047.000] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB") returned 144 [0047.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0047.000] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" [0047.000] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*" [0047.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0047.000] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.000] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.000] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.000] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.000] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.000] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.000] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.000] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.000] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.000] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.000] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.000] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.000] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.000] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.000] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.000] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.000] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.000] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.000] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.000] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.000] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.000] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.000] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json") returned 158 [0047.000] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.000] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.001] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json") returned 158 [0047.001] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3e6d398 [0047.001] lstrcpyW (in: lpString1=0x3e6d398, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" [0047.001] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.001] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.001] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.001] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0047.001] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\LOLKEK.txt") returned 155 [0047.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0047.001] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.001] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.002] CloseHandle (hObject=0x1bc) returned 1 [0047.002] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0047.002] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_US", cAlternateFileName="")) returned 1 [0047.002] lstrcmpiW (lpString1="en_US", lpString2="Windows") returned -1 [0047.002] lstrcmpiW (lpString1="en_US", lpString2="Program Files") returned -1 [0047.002] lstrcmpiW (lpString1="en_US", lpString2="Program Files (x86)") returned -1 [0047.002] lstrcmpiW (lpString1="en_US", lpString2="$Recycle.bin") returned 1 [0047.002] lstrcmpiW (lpString1="en_US", lpString2="System Volume Information") returned -1 [0047.002] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0047.002] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0047.002] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US") returned 144 [0047.002] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0047.002] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" [0047.002] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*" [0047.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0047.007] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.008] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.008] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.008] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.008] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.008] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.008] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.008] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.008] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.008] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.008] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.008] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.008] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.008] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.008] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.008] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.008] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.008] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.008] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.008] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.008] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json") returned 158 [0047.008] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.008] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.008] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json") returned 158 [0047.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3e6d620 [0047.008] lstrcpyW (in: lpString1=0x3e6d620, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" [0047.008] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.008] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.008] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.008] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0047.008] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\LOLKEK.txt") returned 155 [0047.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0047.009] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.009] WriteFile (in: hFile=0x1bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.009] CloseHandle (hObject=0x1bc) returned 1 [0047.009] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0047.009] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0047.009] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0047.009] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0047.009] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0047.009] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0047.010] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0047.010] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0047.010] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0047.010] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es") returned 141 [0047.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc3cc0 [0047.010] lstrcpyW (in: lpString1=0x3dc3cc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" [0047.010] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*" [0047.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd98 [0047.010] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.010] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.010] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.010] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.010] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.010] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.010] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.010] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.010] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.010] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.010] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.010] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.010] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.010] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.010] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.010] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.010] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.010] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.010] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.010] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.010] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.010] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.010] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json") returned 155 [0047.010] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.010] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.010] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json") returned 155 [0047.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6d8a8 [0047.010] lstrcpyW (in: lpString1=0x3e6d8a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" [0047.010] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.054] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.054] FindNextFileW (in: hFindFile=0x62dd98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.054] FindClose (in: hFindFile=0x62dd98 | out: hFindFile=0x62dd98) returned 1 [0047.054] wsprintfW (in: param_1=0x3dc3cc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\LOLKEK.txt") returned 152 [0047.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.252] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.252] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.278] CloseHandle (hObject=0x25c) returned 1 [0047.279] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc3cc0 | out: hHeap=0x5a0000) returned 1 [0047.279] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es_419", cAlternateFileName="")) returned 1 [0047.279] lstrcmpiW (lpString1="es_419", lpString2="Windows") returned -1 [0047.279] lstrcmpiW (lpString1="es_419", lpString2="Program Files") returned -1 [0047.279] lstrcmpiW (lpString1="es_419", lpString2="Program Files (x86)") returned -1 [0047.279] lstrcmpiW (lpString1="es_419", lpString2="$Recycle.bin") returned 1 [0047.279] lstrcmpiW (lpString1="es_419", lpString2="System Volume Information") returned -1 [0047.279] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0047.279] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0047.280] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419") returned 145 [0047.280] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3da0048 [0047.280] lstrcpyW (in: lpString1=0x3da0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" [0047.280] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*" [0047.280] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.281] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.281] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.281] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.281] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.281] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.281] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.281] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.281] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.281] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.281] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.281] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.281] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.281] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.281] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.281] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.281] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.281] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.281] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.281] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.281] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.281] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.281] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.281] wsprintfW (in: param_1=0x3da0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json") returned 159 [0047.281] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.281] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.281] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json") returned 159 [0047.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3e6db30 [0047.281] lstrcpyW (in: lpString1=0x3e6db30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" [0047.281] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.281] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.281] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.281] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.281] wsprintfW (in: param_1=0x3da0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\LOLKEK.txt") returned 156 [0047.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.284] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.284] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.286] CloseHandle (hObject=0x2bc) returned 1 [0047.286] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3da0048 | out: hHeap=0x5a0000) returned 1 [0047.286] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="et", cAlternateFileName="")) returned 1 [0047.286] lstrcmpiW (lpString1="et", lpString2="Windows") returned -1 [0047.286] lstrcmpiW (lpString1="et", lpString2="Program Files") returned -1 [0047.286] lstrcmpiW (lpString1="et", lpString2="Program Files (x86)") returned -1 [0047.286] lstrcmpiW (lpString1="et", lpString2="$Recycle.bin") returned 1 [0047.286] lstrcmpiW (lpString1="et", lpString2="System Volume Information") returned -1 [0047.286] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0047.286] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0047.286] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et") returned 141 [0047.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.286] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" [0047.286] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*" [0047.287] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.287] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.287] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.287] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.287] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.287] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.287] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.287] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.287] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.287] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.287] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.287] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.287] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.287] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.287] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.287] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.287] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.287] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.287] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.287] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.287] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.287] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.287] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.287] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json") returned 155 [0047.287] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.287] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.287] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json") returned 155 [0047.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca7668 [0047.287] lstrcpyW (in: lpString1=0x3ca7668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" [0047.287] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.287] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.287] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.287] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.287] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\LOLKEK.txt") returned 152 [0047.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.288] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.288] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.289] CloseHandle (hObject=0x25c) returned 1 [0047.289] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.289] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eu", cAlternateFileName="")) returned 1 [0047.290] lstrcmpiW (lpString1="eu", lpString2="Windows") returned -1 [0047.290] lstrcmpiW (lpString1="eu", lpString2="Program Files") returned -1 [0047.290] lstrcmpiW (lpString1="eu", lpString2="Program Files (x86)") returned -1 [0047.290] lstrcmpiW (lpString1="eu", lpString2="$Recycle.bin") returned 1 [0047.290] lstrcmpiW (lpString1="eu", lpString2="System Volume Information") returned -1 [0047.290] lstrcmpiW (lpString1="eu", lpString2=".") returned 1 [0047.290] lstrcmpiW (lpString1="eu", lpString2="..") returned 1 [0047.290] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu") returned 141 [0047.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.290] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" [0047.290] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*" [0047.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.290] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.290] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.290] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.290] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.290] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.290] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.290] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.291] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.291] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.291] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.291] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.291] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.291] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.291] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.291] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.291] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.291] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.291] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.291] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.291] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.291] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.291] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.291] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json") returned 155 [0047.291] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.291] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.291] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json") returned 155 [0047.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca78f0 [0047.291] lstrcpyW (in: lpString1=0x3ca78f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" [0047.291] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.291] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.291] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.291] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.291] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\LOLKEK.txt") returned 152 [0047.291] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.291] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.291] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.292] CloseHandle (hObject=0x25c) returned 1 [0047.292] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.292] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fa", cAlternateFileName="")) returned 1 [0047.292] lstrcmpiW (lpString1="fa", lpString2="Windows") returned -1 [0047.292] lstrcmpiW (lpString1="fa", lpString2="Program Files") returned -1 [0047.292] lstrcmpiW (lpString1="fa", lpString2="Program Files (x86)") returned -1 [0047.292] lstrcmpiW (lpString1="fa", lpString2="$Recycle.bin") returned 1 [0047.292] lstrcmpiW (lpString1="fa", lpString2="System Volume Information") returned -1 [0047.292] lstrcmpiW (lpString1="fa", lpString2=".") returned 1 [0047.292] lstrcmpiW (lpString1="fa", lpString2="..") returned 1 [0047.292] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa") returned 141 [0047.292] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.292] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" [0047.292] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*" [0047.293] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.293] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.293] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.293] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.293] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.293] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.293] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.293] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.293] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.293] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.293] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.293] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.293] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.293] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.293] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.293] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.293] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.293] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.293] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.293] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.293] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.293] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.293] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.293] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json") returned 155 [0047.293] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.293] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.293] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json") returned 155 [0047.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca7b78 [0047.293] lstrcpyW (in: lpString1=0x3ca7b78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" [0047.293] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.293] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.293] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.293] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.293] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\LOLKEK.txt") returned 152 [0047.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.294] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.294] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.294] CloseHandle (hObject=0x25c) returned 1 [0047.294] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.294] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0047.294] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0047.294] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0047.294] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0047.294] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0047.294] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0047.295] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0047.295] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0047.295] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi") returned 141 [0047.295] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.295] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" [0047.295] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*" [0047.295] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.295] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.295] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.295] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.295] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.295] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.295] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.295] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.295] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.295] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.295] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.295] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.295] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.296] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.296] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.296] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.296] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.296] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.296] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.296] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.296] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.296] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.296] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.296] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json") returned 155 [0047.296] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.296] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.296] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json") returned 155 [0047.296] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca7e00 [0047.296] lstrcpyW (in: lpString1=0x3ca7e00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" [0047.296] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.296] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.296] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.296] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.296] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\LOLKEK.txt") returned 152 [0047.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.296] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.296] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.297] CloseHandle (hObject=0x25c) returned 1 [0047.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.297] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0047.297] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0047.297] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0047.297] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0047.297] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0047.297] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0047.297] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0047.297] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0047.297] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil") returned 142 [0047.297] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.297] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" [0047.297] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*" [0047.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.297] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.297] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.297] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.297] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.297] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.298] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.298] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.298] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.298] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.298] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.298] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.298] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.298] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.298] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.298] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.298] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.298] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.298] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.298] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.298] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.298] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.298] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.298] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json") returned 156 [0047.298] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.298] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.298] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json") returned 156 [0047.298] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ca8088 [0047.298] lstrcpyW (in: lpString1=0x3ca8088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" [0047.298] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.298] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.298] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.298] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.298] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\LOLKEK.txt") returned 153 [0047.298] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.298] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.298] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.299] CloseHandle (hObject=0x25c) returned 1 [0047.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.299] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0047.299] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0047.299] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0047.299] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0047.299] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0047.299] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0047.299] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0047.299] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0047.299] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr") returned 141 [0047.299] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.299] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" [0047.299] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*" [0047.299] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.300] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.300] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.300] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.301] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.301] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.301] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.301] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.301] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.301] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.301] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.301] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.301] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.301] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.301] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.301] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.301] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.301] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.301] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.301] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.301] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.301] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.301] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.301] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json") returned 155 [0047.301] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.301] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.301] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json") returned 155 [0047.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca8310 [0047.301] lstrcpyW (in: lpString1=0x3ca8310, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" [0047.301] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.301] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.301] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.301] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.301] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\LOLKEK.txt") returned 152 [0047.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.301] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.301] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.302] CloseHandle (hObject=0x25c) returned 1 [0047.302] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.302] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr_CA", cAlternateFileName="")) returned 1 [0047.302] lstrcmpiW (lpString1="fr_CA", lpString2="Windows") returned -1 [0047.302] lstrcmpiW (lpString1="fr_CA", lpString2="Program Files") returned -1 [0047.302] lstrcmpiW (lpString1="fr_CA", lpString2="Program Files (x86)") returned -1 [0047.302] lstrcmpiW (lpString1="fr_CA", lpString2="$Recycle.bin") returned 1 [0047.302] lstrcmpiW (lpString1="fr_CA", lpString2="System Volume Information") returned -1 [0047.302] lstrcmpiW (lpString1="fr_CA", lpString2=".") returned 1 [0047.302] lstrcmpiW (lpString1="fr_CA", lpString2="..") returned 1 [0047.302] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA") returned 144 [0047.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.302] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" [0047.302] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*" [0047.302] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.303] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.303] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.303] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.303] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.303] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.303] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.303] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.303] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.303] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.303] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.303] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.303] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.303] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.303] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.303] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.303] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.303] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.303] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.303] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.303] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.303] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.303] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.303] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json") returned 158 [0047.303] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.303] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.304] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json") returned 158 [0047.304] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3ca8598 [0047.304] lstrcpyW (in: lpString1=0x3ca8598, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" [0047.304] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.304] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.304] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.304] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.304] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\LOLKEK.txt") returned 155 [0047.304] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.304] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.304] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.305] CloseHandle (hObject=0x258) returned 1 [0047.305] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.305] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gl", cAlternateFileName="")) returned 1 [0047.305] lstrcmpiW (lpString1="gl", lpString2="Windows") returned -1 [0047.305] lstrcmpiW (lpString1="gl", lpString2="Program Files") returned -1 [0047.305] lstrcmpiW (lpString1="gl", lpString2="Program Files (x86)") returned -1 [0047.305] lstrcmpiW (lpString1="gl", lpString2="$Recycle.bin") returned 1 [0047.305] lstrcmpiW (lpString1="gl", lpString2="System Volume Information") returned -1 [0047.305] lstrcmpiW (lpString1="gl", lpString2=".") returned 1 [0047.305] lstrcmpiW (lpString1="gl", lpString2="..") returned 1 [0047.305] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl") returned 141 [0047.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.305] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" [0047.305] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*" [0047.305] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.305] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.305] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.305] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.305] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.305] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.305] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.305] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.305] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.305] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.305] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.305] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.305] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.305] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.305] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.305] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.305] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.306] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.306] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.306] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.306] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.306] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.306] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.306] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json") returned 155 [0047.306] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.306] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.306] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json") returned 155 [0047.306] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca8820 [0047.306] lstrcpyW (in: lpString1=0x3ca8820, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" [0047.306] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.306] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.306] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.306] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.306] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\LOLKEK.txt") returned 152 [0047.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.306] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.306] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.307] CloseHandle (hObject=0x258) returned 1 [0047.307] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.307] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gu", cAlternateFileName="")) returned 1 [0047.307] lstrcmpiW (lpString1="gu", lpString2="Windows") returned -1 [0047.307] lstrcmpiW (lpString1="gu", lpString2="Program Files") returned -1 [0047.307] lstrcmpiW (lpString1="gu", lpString2="Program Files (x86)") returned -1 [0047.307] lstrcmpiW (lpString1="gu", lpString2="$Recycle.bin") returned 1 [0047.307] lstrcmpiW (lpString1="gu", lpString2="System Volume Information") returned -1 [0047.307] lstrcmpiW (lpString1="gu", lpString2=".") returned 1 [0047.307] lstrcmpiW (lpString1="gu", lpString2="..") returned 1 [0047.307] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu") returned 141 [0047.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.307] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" [0047.307] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*" [0047.307] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.308] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.308] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.308] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.308] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.308] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.308] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.308] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.308] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.308] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.308] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.308] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.308] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.308] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.308] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.308] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.308] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.308] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.308] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.308] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.308] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.308] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.308] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.308] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json") returned 155 [0047.308] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.308] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.308] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json") returned 155 [0047.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca8aa8 [0047.308] lstrcpyW (in: lpString1=0x3ca8aa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" [0047.308] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.308] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.308] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.308] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.308] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\LOLKEK.txt") returned 152 [0047.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.309] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.309] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.309] CloseHandle (hObject=0x258) returned 1 [0047.309] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.309] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0047.309] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0047.309] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0047.309] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0047.309] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0047.309] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0047.309] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0047.310] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0047.310] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi") returned 141 [0047.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.310] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" [0047.310] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*" [0047.310] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.310] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.310] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.310] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.310] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.310] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.310] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.310] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.310] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.310] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.310] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.310] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.310] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.310] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.310] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.310] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.310] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.310] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.310] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.310] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.310] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.310] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.310] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.310] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json") returned 155 [0047.310] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.310] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.310] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json") returned 155 [0047.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca8d30 [0047.310] lstrcpyW (in: lpString1=0x3ca8d30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" [0047.310] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.316] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.316] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.316] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.317] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\LOLKEK.txt") returned 152 [0047.317] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.317] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.317] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.318] CloseHandle (hObject=0x258) returned 1 [0047.318] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.318] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hr", cAlternateFileName="")) returned 1 [0047.318] lstrcmpiW (lpString1="hr", lpString2="Windows") returned -1 [0047.318] lstrcmpiW (lpString1="hr", lpString2="Program Files") returned -1 [0047.318] lstrcmpiW (lpString1="hr", lpString2="Program Files (x86)") returned -1 [0047.318] lstrcmpiW (lpString1="hr", lpString2="$Recycle.bin") returned 1 [0047.318] lstrcmpiW (lpString1="hr", lpString2="System Volume Information") returned -1 [0047.318] lstrcmpiW (lpString1="hr", lpString2=".") returned 1 [0047.318] lstrcmpiW (lpString1="hr", lpString2="..") returned 1 [0047.318] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr") returned 141 [0047.318] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.318] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" [0047.318] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*" [0047.318] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.324] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.324] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.324] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.324] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.324] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.324] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.325] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.325] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.325] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.325] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.325] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.325] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.325] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.325] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.325] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.325] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.325] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.325] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.325] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.325] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.325] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.325] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.325] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json") returned 155 [0047.325] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.325] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.325] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json") returned 155 [0047.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca8fb8 [0047.325] lstrcpyW (in: lpString1=0x3ca8fb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" [0047.325] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.325] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.325] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.325] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.325] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\LOLKEK.txt") returned 152 [0047.325] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.325] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.326] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.326] CloseHandle (hObject=0x258) returned 1 [0047.326] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.326] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0047.326] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0047.326] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0047.326] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0047.326] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0047.326] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0047.326] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0047.326] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0047.326] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu") returned 141 [0047.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.326] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" [0047.326] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*" [0047.326] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.327] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.327] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.327] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.327] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.327] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.327] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.327] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.327] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.327] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.327] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.327] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.327] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.327] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.327] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.327] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.327] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.327] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.327] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.327] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.327] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.327] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.327] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.327] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json") returned 155 [0047.327] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.327] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.327] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json") returned 155 [0047.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ca9240 [0047.327] lstrcpyW (in: lpString1=0x3ca9240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" [0047.327] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.327] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.327] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.327] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.327] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\LOLKEK.txt") returned 152 [0047.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.328] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.328] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.328] CloseHandle (hObject=0x258) returned 1 [0047.328] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.328] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hy", cAlternateFileName="")) returned 1 [0047.328] lstrcmpiW (lpString1="hy", lpString2="Windows") returned -1 [0047.328] lstrcmpiW (lpString1="hy", lpString2="Program Files") returned -1 [0047.328] lstrcmpiW (lpString1="hy", lpString2="Program Files (x86)") returned -1 [0047.328] lstrcmpiW (lpString1="hy", lpString2="$Recycle.bin") returned 1 [0047.328] lstrcmpiW (lpString1="hy", lpString2="System Volume Information") returned -1 [0047.328] lstrcmpiW (lpString1="hy", lpString2=".") returned 1 [0047.328] lstrcmpiW (lpString1="hy", lpString2="..") returned 1 [0047.328] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy") returned 141 [0047.328] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.329] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" [0047.329] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*" [0047.329] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.333] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.333] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.333] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.333] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.333] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.333] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.333] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.333] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.334] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.334] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.334] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.334] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.334] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.334] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.334] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.334] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.334] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.334] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.334] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.334] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.334] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.334] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.334] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json") returned 155 [0047.334] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.334] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.334] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json") returned 155 [0047.334] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da4068 [0047.334] lstrcpyW (in: lpString1=0x3da4068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" [0047.334] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.334] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.334] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.334] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.334] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\LOLKEK.txt") returned 152 [0047.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.334] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.334] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.335] CloseHandle (hObject=0x2bc) returned 1 [0047.335] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.335] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0047.335] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0047.335] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0047.335] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0047.335] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0047.335] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0047.335] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0047.335] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0047.335] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id") returned 141 [0047.335] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.335] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" [0047.335] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*" [0047.335] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.336] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.336] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.336] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.336] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.336] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.336] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.336] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.336] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.336] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.336] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.336] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.336] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.336] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.336] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.336] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.336] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.336] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.336] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.336] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.336] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.336] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.336] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.336] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json") returned 155 [0047.336] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.336] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.336] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json") returned 155 [0047.336] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da42f0 [0047.336] lstrcpyW (in: lpString1=0x3da42f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" [0047.336] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.336] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.336] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.336] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.336] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\LOLKEK.txt") returned 152 [0047.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.337] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.337] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.337] CloseHandle (hObject=0x2bc) returned 1 [0047.337] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.337] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="is", cAlternateFileName="")) returned 1 [0047.337] lstrcmpiW (lpString1="is", lpString2="Windows") returned -1 [0047.337] lstrcmpiW (lpString1="is", lpString2="Program Files") returned -1 [0047.337] lstrcmpiW (lpString1="is", lpString2="Program Files (x86)") returned -1 [0047.337] lstrcmpiW (lpString1="is", lpString2="$Recycle.bin") returned 1 [0047.338] lstrcmpiW (lpString1="is", lpString2="System Volume Information") returned -1 [0047.338] lstrcmpiW (lpString1="is", lpString2=".") returned 1 [0047.338] lstrcmpiW (lpString1="is", lpString2="..") returned 1 [0047.338] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is") returned 141 [0047.338] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.338] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" [0047.338] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*" [0047.338] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.342] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.342] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.342] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.343] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.343] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.343] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.343] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.343] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.343] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.343] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.343] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.343] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.343] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.343] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.343] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.343] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.343] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.343] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.343] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.343] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.343] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.343] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.343] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json") returned 155 [0047.343] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.343] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.343] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json") returned 155 [0047.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da4578 [0047.343] lstrcpyW (in: lpString1=0x3da4578, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" [0047.343] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.343] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.343] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.343] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.343] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\LOLKEK.txt") returned 152 [0047.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.343] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.343] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.344] CloseHandle (hObject=0x258) returned 1 [0047.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.344] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0047.344] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0047.344] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0047.344] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0047.344] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0047.344] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0047.344] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0047.344] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0047.344] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it") returned 141 [0047.344] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.344] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" [0047.344] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*" [0047.344] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.345] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.345] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.345] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.345] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.345] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.345] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.345] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.345] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.345] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.345] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.345] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.345] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.345] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.345] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.345] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.345] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.345] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.345] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.345] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.345] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.345] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.345] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.345] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json") returned 155 [0047.345] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.345] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.345] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json") returned 155 [0047.345] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da4800 [0047.345] lstrcpyW (in: lpString1=0x3da4800, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" [0047.345] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.345] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.345] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.345] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.345] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\LOLKEK.txt") returned 152 [0047.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.346] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.346] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.346] CloseHandle (hObject=0x258) returned 1 [0047.346] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.346] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="iw", cAlternateFileName="")) returned 1 [0047.346] lstrcmpiW (lpString1="iw", lpString2="Windows") returned -1 [0047.346] lstrcmpiW (lpString1="iw", lpString2="Program Files") returned -1 [0047.346] lstrcmpiW (lpString1="iw", lpString2="Program Files (x86)") returned -1 [0047.346] lstrcmpiW (lpString1="iw", lpString2="$Recycle.bin") returned 1 [0047.346] lstrcmpiW (lpString1="iw", lpString2="System Volume Information") returned -1 [0047.346] lstrcmpiW (lpString1="iw", lpString2=".") returned 1 [0047.346] lstrcmpiW (lpString1="iw", lpString2="..") returned 1 [0047.346] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw") returned 141 [0047.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.347] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" [0047.347] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*" [0047.347] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.348] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.348] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.348] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.348] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.348] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.348] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.348] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.348] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.348] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.348] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.348] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.348] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.349] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.349] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.349] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.349] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.349] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.349] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.349] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.349] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.349] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.349] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.349] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json") returned 155 [0047.349] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.349] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.349] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json") returned 155 [0047.349] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da4a88 [0047.349] lstrcpyW (in: lpString1=0x3da4a88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" [0047.349] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.353] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.353] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.353] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.354] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\LOLKEK.txt") returned 152 [0047.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.354] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.354] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.354] CloseHandle (hObject=0x258) returned 1 [0047.355] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.355] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0047.355] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0047.355] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0047.355] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0047.355] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0047.355] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0047.355] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0047.355] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0047.355] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja") returned 141 [0047.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.355] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" [0047.355] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*" [0047.355] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.355] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.355] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.355] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.355] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.355] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.355] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.355] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.355] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.355] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.355] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.355] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.355] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.355] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.355] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.355] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.355] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.355] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.355] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.355] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.355] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.355] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.355] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.355] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json") returned 155 [0047.356] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.356] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.356] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json") returned 155 [0047.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da4d10 [0047.356] lstrcpyW (in: lpString1=0x3da4d10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" [0047.356] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.356] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.356] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.356] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.356] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\LOLKEK.txt") returned 152 [0047.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.356] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.356] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.357] CloseHandle (hObject=0x258) returned 1 [0047.357] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.357] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ka", cAlternateFileName="")) returned 1 [0047.357] lstrcmpiW (lpString1="ka", lpString2="Windows") returned -1 [0047.357] lstrcmpiW (lpString1="ka", lpString2="Program Files") returned -1 [0047.357] lstrcmpiW (lpString1="ka", lpString2="Program Files (x86)") returned -1 [0047.357] lstrcmpiW (lpString1="ka", lpString2="$Recycle.bin") returned 1 [0047.357] lstrcmpiW (lpString1="ka", lpString2="System Volume Information") returned -1 [0047.357] lstrcmpiW (lpString1="ka", lpString2=".") returned 1 [0047.357] lstrcmpiW (lpString1="ka", lpString2="..") returned 1 [0047.357] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka") returned 141 [0047.357] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.357] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" [0047.357] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*" [0047.357] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.363] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.363] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.363] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.363] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.363] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.363] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.363] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.363] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.363] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.363] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.363] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.363] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.363] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.363] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.363] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.364] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.364] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.364] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.364] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.364] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.364] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.364] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.364] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json") returned 155 [0047.364] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.364] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.364] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json") returned 155 [0047.364] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da4f98 [0047.364] lstrcpyW (in: lpString1=0x3da4f98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" [0047.364] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.364] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.364] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.364] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.364] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\LOLKEK.txt") returned 152 [0047.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.364] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.364] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.365] CloseHandle (hObject=0x258) returned 1 [0047.365] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.365] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="km", cAlternateFileName="")) returned 1 [0047.365] lstrcmpiW (lpString1="km", lpString2="Windows") returned -1 [0047.365] lstrcmpiW (lpString1="km", lpString2="Program Files") returned -1 [0047.365] lstrcmpiW (lpString1="km", lpString2="Program Files (x86)") returned -1 [0047.365] lstrcmpiW (lpString1="km", lpString2="$Recycle.bin") returned 1 [0047.365] lstrcmpiW (lpString1="km", lpString2="System Volume Information") returned -1 [0047.365] lstrcmpiW (lpString1="km", lpString2=".") returned 1 [0047.365] lstrcmpiW (lpString1="km", lpString2="..") returned 1 [0047.365] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km") returned 141 [0047.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.365] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" [0047.365] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*" [0047.365] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.365] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.365] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.365] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.365] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.365] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.365] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.365] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.366] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.366] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.366] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.366] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.366] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.366] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.366] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.366] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.366] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.366] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.366] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.366] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.366] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.366] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.366] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.366] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json") returned 155 [0047.366] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.366] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.366] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json") returned 155 [0047.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da5220 [0047.366] lstrcpyW (in: lpString1=0x3da5220, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" [0047.366] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.366] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.366] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.366] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.366] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\LOLKEK.txt") returned 152 [0047.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.366] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.366] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.367] CloseHandle (hObject=0x258) returned 1 [0047.367] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.367] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kn", cAlternateFileName="")) returned 1 [0047.367] lstrcmpiW (lpString1="kn", lpString2="Windows") returned -1 [0047.367] lstrcmpiW (lpString1="kn", lpString2="Program Files") returned -1 [0047.367] lstrcmpiW (lpString1="kn", lpString2="Program Files (x86)") returned -1 [0047.367] lstrcmpiW (lpString1="kn", lpString2="$Recycle.bin") returned 1 [0047.367] lstrcmpiW (lpString1="kn", lpString2="System Volume Information") returned -1 [0047.367] lstrcmpiW (lpString1="kn", lpString2=".") returned 1 [0047.367] lstrcmpiW (lpString1="kn", lpString2="..") returned 1 [0047.367] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn") returned 141 [0047.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.367] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" [0047.367] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*" [0047.367] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.370] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.370] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.370] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.370] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.370] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.370] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.370] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.370] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.370] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.370] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.370] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.370] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.370] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.370] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.370] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.370] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.370] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.370] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.370] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.370] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.370] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.370] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.370] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json") returned 155 [0047.370] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.370] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.370] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json") returned 155 [0047.370] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da54a8 [0047.370] lstrcpyW (in: lpString1=0x3da54a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" [0047.370] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.370] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.370] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.370] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.370] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\LOLKEK.txt") returned 152 [0047.371] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.371] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.371] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.371] CloseHandle (hObject=0x2bc) returned 1 [0047.371] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.371] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0047.372] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0047.372] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0047.372] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0047.372] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0047.372] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0047.372] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0047.372] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0047.372] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko") returned 141 [0047.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.372] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" [0047.372] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*" [0047.372] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.372] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.372] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.372] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.372] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.372] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.372] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.372] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.372] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.372] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.372] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.372] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.372] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.372] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.372] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.372] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.372] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.372] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.372] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.372] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.372] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.372] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.372] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.372] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json") returned 155 [0047.372] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.372] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.372] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json") returned 155 [0047.372] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da5730 [0047.372] lstrcpyW (in: lpString1=0x3da5730, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" [0047.373] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.393] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.393] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.393] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.393] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\LOLKEK.txt") returned 152 [0047.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.393] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.393] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.394] CloseHandle (hObject=0x2bc) returned 1 [0047.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.394] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lo", cAlternateFileName="")) returned 1 [0047.394] lstrcmpiW (lpString1="lo", lpString2="Windows") returned -1 [0047.395] lstrcmpiW (lpString1="lo", lpString2="Program Files") returned -1 [0047.395] lstrcmpiW (lpString1="lo", lpString2="Program Files (x86)") returned -1 [0047.395] lstrcmpiW (lpString1="lo", lpString2="$Recycle.bin") returned 1 [0047.395] lstrcmpiW (lpString1="lo", lpString2="System Volume Information") returned -1 [0047.395] lstrcmpiW (lpString1="lo", lpString2=".") returned 1 [0047.395] lstrcmpiW (lpString1="lo", lpString2="..") returned 1 [0047.395] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo") returned 141 [0047.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.395] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" [0047.395] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*" [0047.395] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.397] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.397] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.397] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.397] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.397] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.397] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.397] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.397] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.397] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.398] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.398] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.398] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.398] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.398] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.398] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.398] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.398] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.398] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.398] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.398] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.398] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.398] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.398] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json") returned 155 [0047.398] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.398] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.398] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json") returned 155 [0047.398] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da59b8 [0047.398] lstrcpyW (in: lpString1=0x3da59b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" [0047.398] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.398] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.398] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.398] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.398] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\LOLKEK.txt") returned 152 [0047.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.398] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.398] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.399] CloseHandle (hObject=0x258) returned 1 [0047.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.399] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0047.401] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0047.401] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0047.401] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0047.401] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0047.401] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0047.401] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0047.401] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0047.401] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt") returned 141 [0047.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc2b40 [0047.401] lstrcpyW (in: lpString1=0x3dc2b40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" [0047.401] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*" [0047.401] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.401] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.401] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.401] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.401] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.401] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.401] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.401] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.401] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.401] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.401] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.401] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.402] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.402] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.402] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.402] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.402] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.402] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.402] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.402] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.402] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.402] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.402] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.402] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json") returned 155 [0047.402] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.402] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.402] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json") returned 155 [0047.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da5c40 [0047.402] lstrcpyW (in: lpString1=0x3da5c40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" [0047.402] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.409] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.409] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.410] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.410] wsprintfW (in: param_1=0x3dc2b40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\LOLKEK.txt") returned 152 [0047.410] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.411] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.411] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.412] CloseHandle (hObject=0x258) returned 1 [0047.412] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc2b40 | out: hHeap=0x5a0000) returned 1 [0047.412] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0047.412] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0047.412] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0047.412] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0047.412] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0047.412] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0047.412] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0047.412] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0047.412] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv") returned 141 [0047.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.412] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" [0047.412] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*" [0047.412] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.418] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.418] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.418] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.418] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.418] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.418] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.418] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.418] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.418] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.418] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.418] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.418] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.418] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.418] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.418] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.418] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.418] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.418] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.418] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.418] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.418] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.418] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.418] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json") returned 155 [0047.418] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.418] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.418] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json") returned 155 [0047.418] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da5ec8 [0047.418] lstrcpyW (in: lpString1=0x3da5ec8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" [0047.418] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.418] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.418] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.418] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.418] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\LOLKEK.txt") returned 152 [0047.419] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.419] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.419] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.420] CloseHandle (hObject=0x258) returned 1 [0047.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.420] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ml", cAlternateFileName="")) returned 1 [0047.420] lstrcmpiW (lpString1="ml", lpString2="Windows") returned -1 [0047.420] lstrcmpiW (lpString1="ml", lpString2="Program Files") returned -1 [0047.420] lstrcmpiW (lpString1="ml", lpString2="Program Files (x86)") returned -1 [0047.420] lstrcmpiW (lpString1="ml", lpString2="$Recycle.bin") returned 1 [0047.420] lstrcmpiW (lpString1="ml", lpString2="System Volume Information") returned -1 [0047.420] lstrcmpiW (lpString1="ml", lpString2=".") returned 1 [0047.420] lstrcmpiW (lpString1="ml", lpString2="..") returned 1 [0047.420] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml") returned 141 [0047.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.420] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" [0047.420] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*" [0047.420] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.420] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.420] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.420] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.420] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.420] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.420] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.420] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.420] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.420] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.420] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.420] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.420] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.420] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.420] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.420] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.420] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.420] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.420] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.420] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.420] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.420] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.420] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.420] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json") returned 155 [0047.420] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.421] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.421] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json") returned 155 [0047.421] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da6150 [0047.421] lstrcpyW (in: lpString1=0x3da6150, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" [0047.421] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.426] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.426] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.427] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.427] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\LOLKEK.txt") returned 152 [0047.427] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.427] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.427] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.428] CloseHandle (hObject=0x258) returned 1 [0047.428] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.428] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mn", cAlternateFileName="")) returned 1 [0047.428] lstrcmpiW (lpString1="mn", lpString2="Windows") returned -1 [0047.428] lstrcmpiW (lpString1="mn", lpString2="Program Files") returned -1 [0047.428] lstrcmpiW (lpString1="mn", lpString2="Program Files (x86)") returned -1 [0047.428] lstrcmpiW (lpString1="mn", lpString2="$Recycle.bin") returned 1 [0047.428] lstrcmpiW (lpString1="mn", lpString2="System Volume Information") returned -1 [0047.428] lstrcmpiW (lpString1="mn", lpString2=".") returned 1 [0047.428] lstrcmpiW (lpString1="mn", lpString2="..") returned 1 [0047.428] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn") returned 141 [0047.428] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.428] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" [0047.428] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*" [0047.428] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.437] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.437] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.437] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.437] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.437] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.438] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.438] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.438] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.438] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.438] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.438] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.438] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.438] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.438] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.438] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.438] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.438] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.438] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.438] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.438] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.438] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.438] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.438] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json") returned 155 [0047.438] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.438] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.438] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json") returned 155 [0047.438] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da63d8 [0047.438] lstrcpyW (in: lpString1=0x3da63d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" [0047.438] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.438] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.438] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.438] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.438] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\LOLKEK.txt") returned 152 [0047.438] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.439] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.439] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.439] CloseHandle (hObject=0x258) returned 1 [0047.439] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.439] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mr", cAlternateFileName="")) returned 1 [0047.439] lstrcmpiW (lpString1="mr", lpString2="Windows") returned -1 [0047.439] lstrcmpiW (lpString1="mr", lpString2="Program Files") returned -1 [0047.439] lstrcmpiW (lpString1="mr", lpString2="Program Files (x86)") returned -1 [0047.439] lstrcmpiW (lpString1="mr", lpString2="$Recycle.bin") returned 1 [0047.439] lstrcmpiW (lpString1="mr", lpString2="System Volume Information") returned -1 [0047.439] lstrcmpiW (lpString1="mr", lpString2=".") returned 1 [0047.439] lstrcmpiW (lpString1="mr", lpString2="..") returned 1 [0047.439] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr") returned 141 [0047.439] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.440] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" [0047.440] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*" [0047.440] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.440] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.440] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.440] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.440] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.440] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.440] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.440] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.440] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.440] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.440] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.440] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.440] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.440] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.440] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.440] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.440] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.440] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.440] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.440] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.440] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.440] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.440] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.440] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json") returned 155 [0047.440] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.440] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.440] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json") returned 155 [0047.440] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da6660 [0047.440] lstrcpyW (in: lpString1=0x3da6660, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" [0047.440] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.440] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.441] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.441] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.441] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\LOLKEK.txt") returned 152 [0047.441] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.441] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.441] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.442] CloseHandle (hObject=0x258) returned 1 [0047.442] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.442] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ms", cAlternateFileName="")) returned 1 [0047.442] lstrcmpiW (lpString1="ms", lpString2="Windows") returned -1 [0047.442] lstrcmpiW (lpString1="ms", lpString2="Program Files") returned -1 [0047.442] lstrcmpiW (lpString1="ms", lpString2="Program Files (x86)") returned -1 [0047.442] lstrcmpiW (lpString1="ms", lpString2="$Recycle.bin") returned 1 [0047.442] lstrcmpiW (lpString1="ms", lpString2="System Volume Information") returned -1 [0047.442] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0047.442] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0047.442] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms") returned 141 [0047.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.442] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" [0047.442] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*" [0047.442] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.442] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.442] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.442] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.442] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.442] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.442] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.442] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.442] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.442] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.442] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.442] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.442] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.442] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.442] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.442] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.442] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.442] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.442] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.442] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.442] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.442] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.443] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.443] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json") returned 155 [0047.443] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.443] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.443] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json") returned 155 [0047.443] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da68e8 [0047.443] lstrcpyW (in: lpString1=0x3da68e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" [0047.443] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.443] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.443] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.443] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.443] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\LOLKEK.txt") returned 152 [0047.443] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.443] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.443] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.444] CloseHandle (hObject=0x258) returned 1 [0047.444] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.444] lstrcmpiW (lpString1="ne", lpString2="Windows") returned -1 [0047.444] lstrcmpiW (lpString1="ne", lpString2="Program Files") returned -1 [0047.444] lstrcmpiW (lpString1="ne", lpString2="Program Files (x86)") returned -1 [0047.444] lstrcmpiW (lpString1="ne", lpString2="$Recycle.bin") returned 1 [0047.444] lstrcmpiW (lpString1="ne", lpString2="System Volume Information") returned -1 [0047.444] lstrcmpiW (lpString1="ne", lpString2=".") returned 1 [0047.444] lstrcmpiW (lpString1="ne", lpString2="..") returned 1 [0047.444] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne") returned 141 [0047.444] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.444] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" [0047.444] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*" [0047.444] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.460] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.460] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.460] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.460] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.460] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.460] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.461] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.461] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.461] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.461] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.461] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.461] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.461] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.461] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.461] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.461] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.461] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.461] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.461] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.461] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.461] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json") returned 155 [0047.461] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.461] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.461] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json") returned 155 [0047.461] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da6b70 [0047.461] lstrcpyW (in: lpString1=0x3da6b70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" [0047.462] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.462] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.462] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.462] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\LOLKEK.txt") returned 152 [0047.462] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.462] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.462] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.463] CloseHandle (hObject=0x258) returned 1 [0047.463] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.463] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0047.463] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0047.463] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0047.463] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0047.463] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0047.463] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0047.463] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0047.463] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0047.463] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl") returned 141 [0047.463] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.463] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" [0047.463] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*" [0047.463] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.471] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.471] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.471] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.471] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.471] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.471] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.471] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.471] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.471] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.471] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.471] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.471] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.471] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.471] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.471] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.471] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.471] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.471] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.471] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.471] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.471] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.471] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.471] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json") returned 155 [0047.471] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.471] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.471] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json") returned 155 [0047.471] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da6df8 [0047.471] lstrcpyW (in: lpString1=0x3da6df8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" [0047.471] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.471] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.471] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.472] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.472] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\LOLKEK.txt") returned 152 [0047.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.472] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.472] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.473] CloseHandle (hObject=0x258) returned 1 [0047.473] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.473] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="no", cAlternateFileName="")) returned 1 [0047.473] lstrcmpiW (lpString1="no", lpString2="Windows") returned -1 [0047.473] lstrcmpiW (lpString1="no", lpString2="Program Files") returned -1 [0047.473] lstrcmpiW (lpString1="no", lpString2="Program Files (x86)") returned -1 [0047.473] lstrcmpiW (lpString1="no", lpString2="$Recycle.bin") returned 1 [0047.473] lstrcmpiW (lpString1="no", lpString2="System Volume Information") returned -1 [0047.473] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0047.473] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0047.473] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no") returned 141 [0047.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.473] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" [0047.473] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*" [0047.473] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.473] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.473] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.473] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.473] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.473] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.473] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.473] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.473] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.473] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.473] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.473] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.473] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.473] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.474] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.474] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.474] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.474] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.474] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.474] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.474] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.474] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.474] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.474] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json") returned 155 [0047.474] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.474] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.474] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json") returned 155 [0047.474] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da7080 [0047.474] lstrcpyW (in: lpString1=0x3da7080, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" [0047.474] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.474] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.474] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.474] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.474] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\LOLKEK.txt") returned 152 [0047.474] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.474] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.474] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.475] CloseHandle (hObject=0x258) returned 1 [0047.475] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.475] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0047.475] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0047.475] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0047.475] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0047.475] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0047.475] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0047.475] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0047.475] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0047.475] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl") returned 141 [0047.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.475] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" [0047.475] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*" [0047.475] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.480] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.480] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.480] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.480] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.480] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.480] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.480] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.480] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.480] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.480] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.480] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.480] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.480] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.480] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.480] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.480] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.480] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.480] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.480] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.480] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.480] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.480] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.480] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json") returned 155 [0047.480] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.481] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.481] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json") returned 155 [0047.481] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da7308 [0047.481] lstrcpyW (in: lpString1=0x3da7308, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" [0047.481] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.481] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.481] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.481] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.481] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\LOLKEK.txt") returned 152 [0047.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.481] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.481] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.482] CloseHandle (hObject=0x258) returned 1 [0047.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.482] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0047.482] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0047.482] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0047.482] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0047.482] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0047.482] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0047.482] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0047.482] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0047.483] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR") returned 144 [0047.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.483] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" [0047.483] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*" [0047.483] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.483] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.483] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.483] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.483] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.483] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.483] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.483] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.483] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.483] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.483] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.483] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.483] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.483] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.483] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.483] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.483] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.483] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.483] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.483] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.483] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.483] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.483] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.483] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json") returned 158 [0047.483] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.483] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.483] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json") returned 158 [0047.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3da7590 [0047.484] lstrcpyW (in: lpString1=0x3da7590, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" [0047.484] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.484] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.484] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.484] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.484] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\LOLKEK.txt") returned 155 [0047.484] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.484] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.484] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.485] CloseHandle (hObject=0x258) returned 1 [0047.485] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.485] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0047.485] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0047.485] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0047.485] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0047.485] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0047.485] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0047.485] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0047.485] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0047.485] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT") returned 144 [0047.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.485] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" [0047.485] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*" [0047.485] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.495] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.495] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.495] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.495] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.495] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.495] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.495] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.495] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.495] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.495] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.495] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.495] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.495] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.495] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.495] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.495] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.496] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.496] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.496] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.496] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.496] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.496] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.496] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json") returned 158 [0047.496] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.496] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.496] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json") returned 158 [0047.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3da7818 [0047.496] lstrcpyW (in: lpString1=0x3da7818, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" [0047.496] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.496] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.496] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.496] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.496] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\LOLKEK.txt") returned 155 [0047.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.497] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.497] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.497] CloseHandle (hObject=0x25c) returned 1 [0047.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.497] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0047.497] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0047.497] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0047.497] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0047.497] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0047.497] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0047.497] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0047.497] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0047.497] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro") returned 141 [0047.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.498] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" [0047.498] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*" [0047.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.498] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.498] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.498] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.498] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.498] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.498] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.498] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.498] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.498] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.498] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.498] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.498] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.498] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.498] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.498] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.498] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.498] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.498] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.498] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.498] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.498] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.498] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.498] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json") returned 155 [0047.498] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.498] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.498] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json") returned 155 [0047.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da7aa0 [0047.498] lstrcpyW (in: lpString1=0x3da7aa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" [0047.498] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.499] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.499] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.499] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.499] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\LOLKEK.txt") returned 152 [0047.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.499] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.499] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.500] CloseHandle (hObject=0x25c) returned 1 [0047.500] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.500] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0047.500] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0047.500] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0047.500] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0047.500] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0047.500] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0047.500] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0047.500] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0047.500] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru") returned 141 [0047.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.500] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" [0047.500] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*" [0047.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.516] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.516] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.516] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.516] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.516] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.516] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.516] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.516] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.516] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.516] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.516] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.516] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.516] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.517] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.517] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.517] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.517] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.517] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.517] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.517] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.517] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.517] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.517] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json") returned 155 [0047.517] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.517] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.517] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json") returned 155 [0047.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da7d28 [0047.517] lstrcpyW (in: lpString1=0x3da7d28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" [0047.517] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.517] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.517] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.517] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.517] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\LOLKEK.txt") returned 152 [0047.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.518] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.518] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.518] CloseHandle (hObject=0x25c) returned 1 [0047.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.518] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="si", cAlternateFileName="")) returned 1 [0047.518] lstrcmpiW (lpString1="si", lpString2="Windows") returned -1 [0047.518] lstrcmpiW (lpString1="si", lpString2="Program Files") returned 1 [0047.518] lstrcmpiW (lpString1="si", lpString2="Program Files (x86)") returned 1 [0047.518] lstrcmpiW (lpString1="si", lpString2="$Recycle.bin") returned 1 [0047.518] lstrcmpiW (lpString1="si", lpString2="System Volume Information") returned -1 [0047.518] lstrcmpiW (lpString1="si", lpString2=".") returned 1 [0047.518] lstrcmpiW (lpString1="si", lpString2="..") returned 1 [0047.518] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si") returned 141 [0047.519] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.519] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" [0047.519] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*" [0047.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.519] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.519] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.519] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.519] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.519] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.519] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.519] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.519] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.519] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.519] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.519] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.519] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.519] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.519] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.519] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.519] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.519] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.519] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.519] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.519] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.519] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.519] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.519] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json") returned 155 [0047.519] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.520] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.520] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json") returned 155 [0047.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da8068 [0047.520] lstrcpyW (in: lpString1=0x3da8068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" [0047.520] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.520] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.520] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.520] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.520] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\LOLKEK.txt") returned 152 [0047.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.520] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.520] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.521] CloseHandle (hObject=0x25c) returned 1 [0047.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.521] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0047.521] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0047.521] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0047.521] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0047.521] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0047.521] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0047.521] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0047.521] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0047.521] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk") returned 141 [0047.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.521] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" [0047.521] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*" [0047.521] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.541] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.541] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.541] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.541] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.541] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.541] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.541] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.541] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.541] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.541] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.541] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.541] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.542] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.542] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.542] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.542] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.542] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.542] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.542] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.542] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.542] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.542] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.542] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json") returned 155 [0047.542] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.542] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.542] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json") returned 155 [0047.542] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da82f0 [0047.542] lstrcpyW (in: lpString1=0x3da82f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" [0047.542] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.542] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.542] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.542] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.542] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\LOLKEK.txt") returned 152 [0047.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.543] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.543] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.543] CloseHandle (hObject=0x25c) returned 1 [0047.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.543] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0047.543] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0047.543] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0047.544] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0047.544] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0047.544] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0047.544] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0047.544] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0047.544] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl") returned 141 [0047.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.544] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" [0047.544] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*" [0047.544] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.544] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.544] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.544] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.544] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.544] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.544] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.544] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.544] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.544] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.544] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.544] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.544] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.544] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.544] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.544] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.544] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.544] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.544] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.544] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.544] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.544] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.545] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.545] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json") returned 155 [0047.545] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.545] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.545] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json") returned 155 [0047.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da8578 [0047.545] lstrcpyW (in: lpString1=0x3da8578, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" [0047.545] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.545] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.545] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.545] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.545] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\LOLKEK.txt") returned 152 [0047.545] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.545] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.545] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.546] CloseHandle (hObject=0x25c) returned 1 [0047.546] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.546] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0047.546] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0047.546] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0047.546] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0047.546] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0047.546] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0047.546] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0047.546] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0047.546] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr") returned 141 [0047.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.546] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" [0047.546] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*" [0047.546] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.582] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.582] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.582] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.582] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.582] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.582] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.583] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.583] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.583] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.583] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.583] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.583] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.583] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.583] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.583] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.583] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.583] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.583] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.583] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.583] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.583] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.583] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.583] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json") returned 155 [0047.583] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.583] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.583] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json") returned 155 [0047.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da8800 [0047.583] lstrcpyW (in: lpString1=0x3da8800, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" [0047.583] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.583] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.583] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.583] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.583] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\LOLKEK.txt") returned 152 [0047.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.584] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.584] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.584] CloseHandle (hObject=0x258) returned 1 [0047.585] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.585] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sv", cAlternateFileName="")) returned 1 [0047.585] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0047.585] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0047.585] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0047.585] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0047.585] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0047.585] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0047.585] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0047.585] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv") returned 141 [0047.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.585] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" [0047.585] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*" [0047.585] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.585] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.585] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.585] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.585] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.585] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.585] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.585] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.585] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.585] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.585] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.585] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.585] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.585] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.585] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.585] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.585] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.585] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.585] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.585] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.586] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.586] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.586] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.586] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json") returned 155 [0047.586] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.586] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.586] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json") returned 155 [0047.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da8a88 [0047.586] lstrcpyW (in: lpString1=0x3da8a88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" [0047.586] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.586] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.586] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.586] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.586] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\LOLKEK.txt") returned 152 [0047.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.586] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.586] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.587] CloseHandle (hObject=0x258) returned 1 [0047.587] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.587] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sw", cAlternateFileName="")) returned 1 [0047.587] lstrcmpiW (lpString1="sw", lpString2="Windows") returned -1 [0047.587] lstrcmpiW (lpString1="sw", lpString2="Program Files") returned 1 [0047.587] lstrcmpiW (lpString1="sw", lpString2="Program Files (x86)") returned 1 [0047.587] lstrcmpiW (lpString1="sw", lpString2="$Recycle.bin") returned 1 [0047.587] lstrcmpiW (lpString1="sw", lpString2="System Volume Information") returned -1 [0047.587] lstrcmpiW (lpString1="sw", lpString2=".") returned 1 [0047.587] lstrcmpiW (lpString1="sw", lpString2="..") returned 1 [0047.587] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw") returned 141 [0047.587] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.587] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" [0047.587] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*" [0047.587] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.628] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.628] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.628] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.628] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.629] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.629] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.629] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.629] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.629] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.629] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.629] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.629] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.629] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.629] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.629] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.629] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.629] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.629] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.629] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.629] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.629] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.629] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.629] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json") returned 155 [0047.629] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.629] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.629] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json") returned 155 [0047.629] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x60eef0 [0047.630] lstrcpyW (in: lpString1=0x60eef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" [0047.630] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.630] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.630] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.630] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.630] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\LOLKEK.txt") returned 152 [0047.630] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.630] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.630] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.631] CloseHandle (hObject=0x25c) returned 1 [0047.631] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.631] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ta", cAlternateFileName="")) returned 1 [0047.631] lstrcmpiW (lpString1="ta", lpString2="Windows") returned -1 [0047.631] lstrcmpiW (lpString1="ta", lpString2="Program Files") returned 1 [0047.631] lstrcmpiW (lpString1="ta", lpString2="Program Files (x86)") returned 1 [0047.631] lstrcmpiW (lpString1="ta", lpString2="$Recycle.bin") returned 1 [0047.631] lstrcmpiW (lpString1="ta", lpString2="System Volume Information") returned 1 [0047.631] lstrcmpiW (lpString1="ta", lpString2=".") returned 1 [0047.631] lstrcmpiW (lpString1="ta", lpString2="..") returned 1 [0047.631] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta") returned 141 [0047.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.631] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" [0047.631] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*" [0047.631] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.632] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.632] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.632] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.632] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.632] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.632] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.632] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.632] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.632] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.632] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.632] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.632] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.632] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.632] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.632] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.632] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.632] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.632] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.632] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.632] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.632] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.632] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.632] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json") returned 155 [0047.632] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.632] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.632] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json") returned 155 [0047.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3da8d10 [0047.632] lstrcpyW (in: lpString1=0x3da8d10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" [0047.632] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.632] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.632] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.632] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.632] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\LOLKEK.txt") returned 152 [0047.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.633] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.633] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.633] CloseHandle (hObject=0x25c) returned 1 [0047.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.633] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="te", cAlternateFileName="")) returned 1 [0047.633] lstrcmpiW (lpString1="te", lpString2="Windows") returned -1 [0047.633] lstrcmpiW (lpString1="te", lpString2="Program Files") returned 1 [0047.633] lstrcmpiW (lpString1="te", lpString2="Program Files (x86)") returned 1 [0047.633] lstrcmpiW (lpString1="te", lpString2="$Recycle.bin") returned 1 [0047.634] lstrcmpiW (lpString1="te", lpString2="System Volume Information") returned 1 [0047.634] lstrcmpiW (lpString1="te", lpString2=".") returned 1 [0047.634] lstrcmpiW (lpString1="te", lpString2="..") returned 1 [0047.634] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te") returned 141 [0047.634] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.634] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" [0047.634] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*" [0047.634] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.694] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.694] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.694] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.694] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.694] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.694] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.694] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.694] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.694] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.695] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.695] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.695] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.695] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.695] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.695] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.695] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.695] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.695] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.695] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.695] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.695] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.695] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.695] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json") returned 155 [0047.695] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.695] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.695] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json") returned 155 [0047.695] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb4088 [0047.695] lstrcpyW (in: lpString1=0x3cb4088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" [0047.695] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.695] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.695] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.695] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.695] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\LOLKEK.txt") returned 152 [0047.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.696] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.696] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.696] CloseHandle (hObject=0x25c) returned 1 [0047.696] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.696] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0047.696] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0047.696] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0047.696] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0047.697] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0047.697] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0047.697] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0047.697] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0047.697] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th") returned 141 [0047.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.697] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" [0047.697] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*" [0047.697] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.697] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.697] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.697] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.697] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.697] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.697] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.697] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.697] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.697] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.697] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.697] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.697] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.697] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.697] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.697] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.697] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.697] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.697] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.697] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.697] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.697] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.697] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.697] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json") returned 155 [0047.697] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.697] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.697] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json") returned 155 [0047.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb3e00 [0047.697] lstrcpyW (in: lpString1=0x3cb3e00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" [0047.697] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.697] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.697] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.698] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.698] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\LOLKEK.txt") returned 152 [0047.698] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.698] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.698] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.699] CloseHandle (hObject=0x25c) returned 1 [0047.699] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.699] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0047.699] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0047.699] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0047.699] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0047.699] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0047.699] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0047.699] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0047.699] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0047.699] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr") returned 141 [0047.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.699] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" [0047.699] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*" [0047.699] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.702] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.702] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.702] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.702] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.702] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.702] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.702] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.702] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.702] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.702] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.702] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.702] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.702] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.702] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.702] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.702] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.702] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.702] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.702] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.702] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.702] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.702] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.702] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json") returned 155 [0047.702] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.702] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.702] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json") returned 155 [0047.702] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb38f0 [0047.702] lstrcpyW (in: lpString1=0x3cb38f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" [0047.702] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.702] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.702] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.702] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.702] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\LOLKEK.txt") returned 152 [0047.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.703] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.703] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.703] CloseHandle (hObject=0x25c) returned 1 [0047.704] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.704] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0047.704] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0047.704] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0047.704] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0047.704] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0047.704] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0047.704] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0047.704] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0047.704] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk") returned 141 [0047.704] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.704] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" [0047.704] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*" [0047.704] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.704] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.704] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.704] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.704] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.704] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.704] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.704] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.704] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.704] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.704] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.704] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.704] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.704] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.704] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.704] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.704] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.704] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.705] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.705] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.705] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.705] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.705] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.705] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json") returned 155 [0047.705] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.705] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.705] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json") returned 155 [0047.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb3b78 [0047.705] lstrcpyW (in: lpString1=0x3cb3b78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" [0047.705] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.705] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.705] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.705] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.705] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\LOLKEK.txt") returned 152 [0047.705] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.705] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.705] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.706] CloseHandle (hObject=0x25c) returned 1 [0047.706] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.706] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ur", cAlternateFileName="")) returned 1 [0047.706] lstrcmpiW (lpString1="ur", lpString2="Windows") returned -1 [0047.706] lstrcmpiW (lpString1="ur", lpString2="Program Files") returned 1 [0047.706] lstrcmpiW (lpString1="ur", lpString2="Program Files (x86)") returned 1 [0047.706] lstrcmpiW (lpString1="ur", lpString2="$Recycle.bin") returned 1 [0047.706] lstrcmpiW (lpString1="ur", lpString2="System Volume Information") returned 1 [0047.706] lstrcmpiW (lpString1="ur", lpString2=".") returned 1 [0047.707] lstrcmpiW (lpString1="ur", lpString2="..") returned 1 [0047.707] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur") returned 141 [0047.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.707] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" [0047.707] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*" [0047.707] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.768] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.768] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.768] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.769] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.769] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.769] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.769] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.769] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.769] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.769] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.769] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.769] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.769] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.769] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.769] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.769] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.769] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.769] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.769] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.769] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.769] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.769] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.769] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json") returned 155 [0047.769] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.769] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.769] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json") returned 155 [0047.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb5ee8 [0047.769] lstrcpyW (in: lpString1=0x3cb5ee8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" [0047.769] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.769] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.769] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.769] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.769] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\LOLKEK.txt") returned 152 [0047.769] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.771] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.771] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.772] CloseHandle (hObject=0x2bc) returned 1 [0047.773] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.773] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0047.773] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0047.773] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0047.773] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0047.773] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0047.774] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0047.774] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0047.774] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0047.774] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi") returned 141 [0047.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.774] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" [0047.774] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*" [0047.774] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.774] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.774] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.774] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.774] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.774] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.774] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.774] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.774] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.774] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.774] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.774] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.774] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.774] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.774] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.774] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.774] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.774] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.774] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.774] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.774] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.774] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.774] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.774] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json") returned 155 [0047.774] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.774] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.774] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json") returned 155 [0047.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb5c60 [0047.775] lstrcpyW (in: lpString1=0x3cb5c60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" [0047.775] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.775] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.775] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.775] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.775] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\LOLKEK.txt") returned 152 [0047.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.776] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.776] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.777] CloseHandle (hObject=0x2bc) returned 1 [0047.779] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.779] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0047.779] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0047.779] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0047.779] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0047.779] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0047.779] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0047.779] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0047.779] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0047.779] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN") returned 144 [0047.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.779] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" [0047.779] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*" [0047.779] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.780] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.780] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.780] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.780] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.780] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.780] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.780] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.780] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.780] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.780] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.780] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.780] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.780] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.780] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.780] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.780] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.780] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.780] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.780] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.780] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.780] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.780] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.780] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json") returned 158 [0047.780] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.780] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.780] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json") returned 158 [0047.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3cb6170 [0047.780] lstrcpyW (in: lpString1=0x3cb6170, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" [0047.780] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.780] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.780] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.780] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.780] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\LOLKEK.txt") returned 155 [0047.781] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.783] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.783] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.784] CloseHandle (hObject=0x258) returned 1 [0047.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.786] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_HK", cAlternateFileName="")) returned 1 [0047.786] lstrcmpiW (lpString1="zh_HK", lpString2="Windows") returned 1 [0047.786] lstrcmpiW (lpString1="zh_HK", lpString2="Program Files") returned 1 [0047.786] lstrcmpiW (lpString1="zh_HK", lpString2="Program Files (x86)") returned 1 [0047.786] lstrcmpiW (lpString1="zh_HK", lpString2="$Recycle.bin") returned 1 [0047.786] lstrcmpiW (lpString1="zh_HK", lpString2="System Volume Information") returned 1 [0047.786] lstrcmpiW (lpString1="zh_HK", lpString2=".") returned 1 [0047.786] lstrcmpiW (lpString1="zh_HK", lpString2="..") returned 1 [0047.786] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK") returned 144 [0047.786] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.786] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" [0047.786] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*" [0047.786] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.787] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.787] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.787] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.787] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.787] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.787] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.787] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.787] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.787] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.787] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.787] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.787] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.787] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.787] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.787] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.787] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.787] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.787] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.787] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.787] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.787] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.787] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.787] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json") returned 158 [0047.787] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.787] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.787] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json") returned 158 [0047.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3cb59d8 [0047.787] lstrcpyW (in: lpString1=0x3cb59d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" [0047.787] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.787] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.788] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.788] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.788] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\LOLKEK.txt") returned 155 [0047.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.789] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.789] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.791] CloseHandle (hObject=0x258) returned 1 [0047.794] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.794] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0047.794] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0047.794] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0047.794] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0047.794] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0047.794] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0047.794] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0047.794] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0047.794] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW") returned 144 [0047.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.794] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" [0047.794] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*" [0047.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.795] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.795] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.795] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.795] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.795] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.795] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.795] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.795] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.795] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.795] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.795] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.795] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.795] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.795] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.795] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.795] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.796] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.796] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.796] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.796] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.796] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.796] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.796] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json") returned 158 [0047.796] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.796] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.796] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json") returned 158 [0047.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3cb6680 [0047.796] lstrcpyW (in: lpString1=0x3cb6680, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" [0047.796] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.796] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.796] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.796] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.796] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\LOLKEK.txt") returned 155 [0047.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.800] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.800] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.802] CloseHandle (hObject=0x25c) returned 1 [0047.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.803] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zu", cAlternateFileName="")) returned 1 [0047.803] lstrcmpiW (lpString1="zu", lpString2="Windows") returned 1 [0047.803] lstrcmpiW (lpString1="zu", lpString2="Program Files") returned 1 [0047.803] lstrcmpiW (lpString1="zu", lpString2="Program Files (x86)") returned 1 [0047.803] lstrcmpiW (lpString1="zu", lpString2="$Recycle.bin") returned 1 [0047.803] lstrcmpiW (lpString1="zu", lpString2="System Volume Information") returned 1 [0047.803] lstrcmpiW (lpString1="zu", lpString2=".") returned 1 [0047.803] lstrcmpiW (lpString1="zu", lpString2="..") returned 1 [0047.803] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu") returned 141 [0047.803] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.803] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" [0047.803] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*" [0047.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.804] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.804] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.804] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.804] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.804] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.804] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.804] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.804] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.804] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.804] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.804] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.804] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.804] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.804] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.804] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xc2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.804] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.804] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.804] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.804] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.804] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.804] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.804] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.804] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json") returned 155 [0047.804] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.804] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.804] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json") returned 155 [0047.804] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb63f8 [0047.804] lstrcpyW (in: lpString1=0x3cb63f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" [0047.804] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.805] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.805] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xc2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.805] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.805] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\LOLKEK.txt") returned 152 [0047.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.806] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.806] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.807] CloseHandle (hObject=0x258) returned 1 [0047.808] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.808] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zu", cAlternateFileName="")) returned 0 [0047.808] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0047.808] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\LOLKEK.txt") returned 149 [0047.808] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.810] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.810] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0047.812] CloseHandle (hObject=0x2bc) returned 1 [0047.815] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0047.817] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0047.817] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0047.817] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0047.817] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0047.817] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0047.817] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0047.817] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0047.817] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0047.817] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata") returned 139 [0047.817] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0047.817] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" [0047.817] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*" [0047.817] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0047.819] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.819] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.819] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.819] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.819] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.819] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.819] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.819] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.819] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.819] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.819] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.819] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.819] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.819] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.819] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8636e710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0047.819] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Windows") returned -1 [0047.819] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files") returned -1 [0047.819] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files (x86)") returned -1 [0047.819] lstrcmpiW (lpString1="computed_hashes.json", lpString2="$Recycle.bin") returned 1 [0047.819] lstrcmpiW (lpString1="computed_hashes.json", lpString2="System Volume Information") returned -1 [0047.819] lstrcmpiW (lpString1="computed_hashes.json", lpString2=".") returned 1 [0047.819] lstrcmpiW (lpString1="computed_hashes.json", lpString2="..") returned 1 [0047.819] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json") returned 160 [0047.819] StrStrIW (lpFirst="computed_hashes.json", lpSrch=".lolkek") returned 0x0 [0047.819] lstrcmpW (lpString1="computed_hashes.json", lpString2="LOLKEK.txt") returned -1 [0047.819] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json") returned 160 [0047.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x610ed8 [0047.819] lstrcpyW (in: lpString1=0x610ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" [0047.819] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.819] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.820] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x4454, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0047.820] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0047.820] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0047.820] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0047.820] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0047.820] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0047.820] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0047.820] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0047.820] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json") returned 162 [0047.820] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0047.820] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0047.820] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json") returned 162 [0047.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec0500 [0047.820] lstrcpyW (in: lpString1=0x3ec0500, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" [0047.820] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.820] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.820] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x4454, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0047.820] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0047.820] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\LOLKEK.txt") returned 150 [0047.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0047.823] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.823] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0047.826] CloseHandle (hObject=0x258) returned 1 [0047.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0047.826] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0047.826] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0047.826] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\LOLKEK.txt") returned 140 [0047.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.829] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.829] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0047.830] CloseHandle (hObject=0x2bc) returned 1 [0047.831] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0047.831] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.4_0", cAlternateFileName="")) returned 0 [0047.831] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0047.831] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOLKEK.txt") returned 134 [0047.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0047.832] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.832] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0047.833] CloseHandle (hObject=0x270) returned 1 [0047.836] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0047.836] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nmmhkkegccagdldgiimedpiccmgmieda", cAlternateFileName="NMMHKK~1")) returned 1 [0047.836] lstrcmpiW (lpString1="nmmhkkegccagdldgiimedpiccmgmieda", lpString2="Windows") returned -1 [0047.836] lstrcmpiW (lpString1="nmmhkkegccagdldgiimedpiccmgmieda", lpString2="Program Files") returned -1 [0047.836] lstrcmpiW (lpString1="nmmhkkegccagdldgiimedpiccmgmieda", lpString2="Program Files (x86)") returned -1 [0047.836] lstrcmpiW (lpString1="nmmhkkegccagdldgiimedpiccmgmieda", lpString2="$Recycle.bin") returned 1 [0047.836] lstrcmpiW (lpString1="nmmhkkegccagdldgiimedpiccmgmieda", lpString2="System Volume Information") returned -1 [0047.837] lstrcmpiW (lpString1="nmmhkkegccagdldgiimedpiccmgmieda", lpString2=".") returned 1 [0047.837] lstrcmpiW (lpString1="nmmhkkegccagdldgiimedpiccmgmieda", lpString2="..") returned 1 [0047.837] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda") returned 123 [0047.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0047.837] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" [0047.837] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*" [0047.837] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0047.837] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.837] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.837] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.837] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.837] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.837] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.837] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.837] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.837] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.837] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.837] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.837] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.837] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.837] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.837] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.0.0.2_0", cAlternateFileName="100~1.2_0")) returned 1 [0047.837] lstrcmpiW (lpString1="1.0.0.2_0", lpString2="Windows") returned -1 [0047.837] lstrcmpiW (lpString1="1.0.0.2_0", lpString2="Program Files") returned -1 [0047.837] lstrcmpiW (lpString1="1.0.0.2_0", lpString2="Program Files (x86)") returned -1 [0047.837] lstrcmpiW (lpString1="1.0.0.2_0", lpString2="$Recycle.bin") returned 1 [0047.837] lstrcmpiW (lpString1="1.0.0.2_0", lpString2="System Volume Information") returned -1 [0047.837] lstrcmpiW (lpString1="1.0.0.2_0", lpString2=".") returned 1 [0047.837] lstrcmpiW (lpString1="1.0.0.2_0", lpString2="..") returned 1 [0047.837] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0") returned 133 [0047.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0047.838] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" [0047.838] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*" [0047.838] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0047.842] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.842] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.842] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.842] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.842] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.842] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.842] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.842] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.842] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.842] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.842] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.842] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.842] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.842] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.842] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82888510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8288ac20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x32a2e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="craw_background.js", cAlternateFileName="CRAW_B~1.JS")) returned 1 [0047.842] lstrcmpiW (lpString1="craw_background.js", lpString2="Windows") returned -1 [0047.842] lstrcmpiW (lpString1="craw_background.js", lpString2="Program Files") returned -1 [0047.842] lstrcmpiW (lpString1="craw_background.js", lpString2="Program Files (x86)") returned -1 [0047.842] lstrcmpiW (lpString1="craw_background.js", lpString2="$Recycle.bin") returned 1 [0047.843] lstrcmpiW (lpString1="craw_background.js", lpString2="System Volume Information") returned -1 [0047.843] lstrcmpiW (lpString1="craw_background.js", lpString2=".") returned 1 [0047.843] lstrcmpiW (lpString1="craw_background.js", lpString2="..") returned 1 [0047.843] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js") returned 152 [0047.843] StrStrIW (lpFirst="craw_background.js", lpSrch=".lolkek") returned 0x0 [0047.843] lstrcmpW (lpString1="craw_background.js", lpString2="LOLKEK.txt") returned -1 [0047.843] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js") returned 152 [0047.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x697d88 [0047.843] lstrcpyW (in: lpString1=0x697d88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" [0047.843] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.843] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.843] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8288d330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82892150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x3b059, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="craw_window.js", cAlternateFileName="CRAW_W~1.JS")) returned 1 [0047.843] lstrcmpiW (lpString1="craw_window.js", lpString2="Windows") returned -1 [0047.843] lstrcmpiW (lpString1="craw_window.js", lpString2="Program Files") returned -1 [0047.843] lstrcmpiW (lpString1="craw_window.js", lpString2="Program Files (x86)") returned -1 [0047.843] lstrcmpiW (lpString1="craw_window.js", lpString2="$Recycle.bin") returned 1 [0047.843] lstrcmpiW (lpString1="craw_window.js", lpString2="System Volume Information") returned -1 [0047.843] lstrcmpiW (lpString1="craw_window.js", lpString2=".") returned 1 [0047.843] lstrcmpiW (lpString1="craw_window.js", lpString2="..") returned 1 [0047.843] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js") returned 148 [0047.843] StrStrIW (lpFirst="craw_window.js", lpSrch=".lolkek") returned 0x0 [0047.843] lstrcmpW (lpString1="craw_window.js", lpString2="LOLKEK.txt") returned -1 [0047.843] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js") returned 148 [0047.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x254) returned 0x618c88 [0047.843] lstrcpyW (in: lpString1=0x618c88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" [0047.843] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.843] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.843] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="css", cAlternateFileName="")) returned 1 [0047.843] lstrcmpiW (lpString1="css", lpString2="Windows") returned -1 [0047.843] lstrcmpiW (lpString1="css", lpString2="Program Files") returned -1 [0047.843] lstrcmpiW (lpString1="css", lpString2="Program Files (x86)") returned -1 [0047.843] lstrcmpiW (lpString1="css", lpString2="$Recycle.bin") returned 1 [0047.843] lstrcmpiW (lpString1="css", lpString2="System Volume Information") returned -1 [0047.843] lstrcmpiW (lpString1="css", lpString2=".") returned 1 [0047.843] lstrcmpiW (lpString1="css", lpString2="..") returned 1 [0047.843] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css") returned 137 [0047.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0047.844] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" [0047.844] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*" [0047.844] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0047.845] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.845] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.845] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.845] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.845] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.845] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.845] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.845] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.845] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.845] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.845] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.845] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.845] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.846] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.846] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82899680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaae46e00, ftLastWriteTime.dwHighDateTime=0x1cec2fb, nFileSizeHigh=0x0, nFileSizeLow=0x6cd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="craw_window.css", cAlternateFileName="CRAW_W~1.CSS")) returned 1 [0047.846] lstrcmpiW (lpString1="craw_window.css", lpString2="Windows") returned -1 [0047.846] lstrcmpiW (lpString1="craw_window.css", lpString2="Program Files") returned -1 [0047.846] lstrcmpiW (lpString1="craw_window.css", lpString2="Program Files (x86)") returned -1 [0047.846] lstrcmpiW (lpString1="craw_window.css", lpString2="$Recycle.bin") returned 1 [0047.846] lstrcmpiW (lpString1="craw_window.css", lpString2="System Volume Information") returned -1 [0047.846] lstrcmpiW (lpString1="craw_window.css", lpString2=".") returned 1 [0047.846] lstrcmpiW (lpString1="craw_window.css", lpString2="..") returned 1 [0047.846] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css") returned 153 [0047.846] StrStrIW (lpFirst="craw_window.css", lpSrch=".lolkek") returned 0x0 [0047.846] lstrcmpW (lpString1="craw_window.css", lpString2="LOLKEK.txt") returned -1 [0047.846] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css") returned 153 [0047.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x268) returned 0x631ed0 [0047.846] lstrcpyW (in: lpString1=0x631ed0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" [0047.846] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.846] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.846] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82899680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaae46e00, ftLastWriteTime.dwHighDateTime=0x1cec2fb, nFileSizeHigh=0x0, nFileSizeLow=0x6cd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="craw_window.css", cAlternateFileName="CRAW_W~1.CSS")) returned 0 [0047.846] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0047.846] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\LOLKEK.txt") returned 148 [0047.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.847] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.847] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0047.849] CloseHandle (hObject=0x1ec) returned 1 [0047.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0047.850] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="html", cAlternateFileName="")) returned 1 [0047.850] lstrcmpiW (lpString1="html", lpString2="Windows") returned -1 [0047.850] lstrcmpiW (lpString1="html", lpString2="Program Files") returned -1 [0047.850] lstrcmpiW (lpString1="html", lpString2="Program Files (x86)") returned -1 [0047.850] lstrcmpiW (lpString1="html", lpString2="$Recycle.bin") returned 1 [0047.850] lstrcmpiW (lpString1="html", lpString2="System Volume Information") returned -1 [0047.850] lstrcmpiW (lpString1="html", lpString2=".") returned 1 [0047.850] lstrcmpiW (lpString1="html", lpString2="..") returned 1 [0047.850] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html") returned 138 [0047.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0047.850] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" [0047.850] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*" [0047.850] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0047.850] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.850] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.850] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.850] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.850] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.850] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.850] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.850] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.850] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.850] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.850] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.850] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.850] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.850] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.850] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a0bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x32a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="craw_window.html", cAlternateFileName="CRAW_W~1.HTM")) returned 1 [0047.851] lstrcmpiW (lpString1="craw_window.html", lpString2="Windows") returned -1 [0047.851] lstrcmpiW (lpString1="craw_window.html", lpString2="Program Files") returned -1 [0047.851] lstrcmpiW (lpString1="craw_window.html", lpString2="Program Files (x86)") returned -1 [0047.851] lstrcmpiW (lpString1="craw_window.html", lpString2="$Recycle.bin") returned 1 [0047.851] lstrcmpiW (lpString1="craw_window.html", lpString2="System Volume Information") returned -1 [0047.851] lstrcmpiW (lpString1="craw_window.html", lpString2=".") returned 1 [0047.851] lstrcmpiW (lpString1="craw_window.html", lpString2="..") returned 1 [0047.851] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html") returned 155 [0047.851] StrStrIW (lpFirst="craw_window.html", lpSrch=".lolkek") returned 0x0 [0047.851] lstrcmpW (lpString1="craw_window.html", lpString2="LOLKEK.txt") returned -1 [0047.851] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html") returned 155 [0047.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3eb7f88 [0047.851] lstrcpyW (in: lpString1=0x3eb7f88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" [0047.851] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.851] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.851] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a0bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x32a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="craw_window.html", cAlternateFileName="CRAW_W~1.HTM")) returned 0 [0047.851] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0047.851] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\LOLKEK.txt") returned 149 [0047.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.853] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.853] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0047.854] CloseHandle (hObject=0x1ec) returned 1 [0047.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0047.856] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="images", cAlternateFileName="")) returned 1 [0047.857] lstrcmpiW (lpString1="images", lpString2="Windows") returned -1 [0047.857] lstrcmpiW (lpString1="images", lpString2="Program Files") returned -1 [0047.857] lstrcmpiW (lpString1="images", lpString2="Program Files (x86)") returned -1 [0047.857] lstrcmpiW (lpString1="images", lpString2="$Recycle.bin") returned 1 [0047.857] lstrcmpiW (lpString1="images", lpString2="System Volume Information") returned -1 [0047.857] lstrcmpiW (lpString1="images", lpString2=".") returned 1 [0047.857] lstrcmpiW (lpString1="images", lpString2="..") returned 1 [0047.857] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images") returned 140 [0047.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0047.857] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" [0047.857] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*" [0047.857] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0047.859] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.860] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.860] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.860] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.860] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.860] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.860] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.860] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.860] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.860] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.860] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.860] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.860] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.860] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.860] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a80e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828aa7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x112dc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="flapper.gif", cAlternateFileName="")) returned 1 [0047.860] lstrcmpiW (lpString1="flapper.gif", lpString2="Windows") returned -1 [0047.860] lstrcmpiW (lpString1="flapper.gif", lpString2="Program Files") returned -1 [0047.860] lstrcmpiW (lpString1="flapper.gif", lpString2="Program Files (x86)") returned -1 [0047.860] lstrcmpiW (lpString1="flapper.gif", lpString2="$Recycle.bin") returned 1 [0047.860] lstrcmpiW (lpString1="flapper.gif", lpString2="System Volume Information") returned -1 [0047.860] lstrcmpiW (lpString1="flapper.gif", lpString2=".") returned 1 [0047.860] lstrcmpiW (lpString1="flapper.gif", lpString2="..") returned 1 [0047.860] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif") returned 152 [0047.860] StrStrIW (lpFirst="flapper.gif", lpSrch=".lolkek") returned 0x0 [0047.860] lstrcmpW (lpString1="flapper.gif", lpString2="LOLKEK.txt") returned -1 [0047.860] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif") returned 152 [0047.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x60eb70 [0047.860] lstrcpyW (in: lpString1=0x60eb70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" [0047.860] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.860] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.860] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828af610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1109, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0047.860] lstrcmpiW (lpString1="icon_128.png", lpString2="Windows") returned -1 [0047.860] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files") returned -1 [0047.860] lstrcmpiW (lpString1="icon_128.png", lpString2="Program Files (x86)") returned -1 [0047.860] lstrcmpiW (lpString1="icon_128.png", lpString2="$Recycle.bin") returned 1 [0047.860] lstrcmpiW (lpString1="icon_128.png", lpString2="System Volume Information") returned -1 [0047.860] lstrcmpiW (lpString1="icon_128.png", lpString2=".") returned 1 [0047.860] lstrcmpiW (lpString1="icon_128.png", lpString2="..") returned 1 [0047.860] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png") returned 153 [0047.861] StrStrIW (lpFirst="icon_128.png", lpSrch=".lolkek") returned 0x0 [0047.861] lstrcmpW (lpString1="icon_128.png", lpString2="LOLKEK.txt") returned -1 [0047.861] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png") returned 153 [0047.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x268) returned 0x645fb8 [0047.861] lstrcpyW (in: lpString1=0x645fb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" [0047.861] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.861] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.861] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828c7cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0047.861] lstrcmpiW (lpString1="icon_16.png", lpString2="Windows") returned -1 [0047.861] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files") returned -1 [0047.861] lstrcmpiW (lpString1="icon_16.png", lpString2="Program Files (x86)") returned -1 [0047.861] lstrcmpiW (lpString1="icon_16.png", lpString2="$Recycle.bin") returned 1 [0047.861] lstrcmpiW (lpString1="icon_16.png", lpString2="System Volume Information") returned -1 [0047.861] lstrcmpiW (lpString1="icon_16.png", lpString2=".") returned 1 [0047.861] lstrcmpiW (lpString1="icon_16.png", lpString2="..") returned 1 [0047.861] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png") returned 152 [0047.861] StrStrIW (lpFirst="icon_16.png", lpSrch=".lolkek") returned 0x0 [0047.861] lstrcmpW (lpString1="icon_16.png", lpString2="LOLKEK.txt") returned -1 [0047.861] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png") returned 152 [0047.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x66aa10 [0047.861] lstrcpyW (in: lpString1=0x66aa10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" [0047.861] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.861] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.861] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ccad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ccad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="topbar_floating_button.png", cAlternateFileName="TOPBAR~1.PNG")) returned 1 [0047.861] lstrcmpiW (lpString1="topbar_floating_button.png", lpString2="Windows") returned -1 [0047.861] lstrcmpiW (lpString1="topbar_floating_button.png", lpString2="Program Files") returned 1 [0047.861] lstrcmpiW (lpString1="topbar_floating_button.png", lpString2="Program Files (x86)") returned 1 [0047.861] lstrcmpiW (lpString1="topbar_floating_button.png", lpString2="$Recycle.bin") returned 1 [0047.861] lstrcmpiW (lpString1="topbar_floating_button.png", lpString2="System Volume Information") returned 1 [0047.861] lstrcmpiW (lpString1="topbar_floating_button.png", lpString2=".") returned 1 [0047.861] lstrcmpiW (lpString1="topbar_floating_button.png", lpString2="..") returned 1 [0047.861] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png") returned 167 [0047.861] StrStrIW (lpFirst="topbar_floating_button.png", lpSrch=".lolkek") returned 0x0 [0047.861] lstrcmpW (lpString1="topbar_floating_button.png", lpString2="LOLKEK.txt") returned 1 [0047.861] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png") returned 167 [0047.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a0) returned 0x62fad8 [0047.861] lstrcpyW (in: lpString1=0x62fad8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" [0047.861] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.862] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.862] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828cf1e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d18f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="topbar_floating_button_close.png", cAlternateFileName="TOPBAR~2.PNG")) returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_close.png", lpString2="Windows") returned -1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_close.png", lpString2="Program Files") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_close.png", lpString2="Program Files (x86)") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_close.png", lpString2="$Recycle.bin") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_close.png", lpString2="System Volume Information") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_close.png", lpString2=".") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_close.png", lpString2="..") returned 1 [0047.862] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png") returned 173 [0047.862] StrStrIW (lpFirst="topbar_floating_button_close.png", lpSrch=".lolkek") returned 0x0 [0047.862] lstrcmpW (lpString1="topbar_floating_button_close.png", lpString2="LOLKEK.txt") returned 1 [0047.862] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png") returned 173 [0047.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2b8) returned 0x6988e8 [0047.862] lstrcpyW (in: lpString1=0x6988e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" [0047.862] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.862] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.862] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d6710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d6710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="topbar_floating_button_hover.png", cAlternateFileName="TOPBAR~3.PNG")) returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_hover.png", lpString2="Windows") returned -1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_hover.png", lpString2="Program Files") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_hover.png", lpString2="Program Files (x86)") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_hover.png", lpString2="$Recycle.bin") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_hover.png", lpString2="System Volume Information") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_hover.png", lpString2=".") returned 1 [0047.862] lstrcmpiW (lpString1="topbar_floating_button_hover.png", lpString2="..") returned 1 [0047.862] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png") returned 173 [0047.862] StrStrIW (lpFirst="topbar_floating_button_hover.png", lpSrch=".lolkek") returned 0x0 [0047.862] lstrcmpW (lpString1="topbar_floating_button_hover.png", lpString2="LOLKEK.txt") returned 1 [0047.862] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png") returned 173 [0047.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2b8) returned 0x61a030 [0047.862] lstrcpyW (in: lpString1=0x61a030, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" [0047.862] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.863] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.863] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d8e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d8e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="topbar_floating_button_maximize.png", cAlternateFileName="TOPBAR~4.PNG")) returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_maximize.png", lpString2="Windows") returned -1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_maximize.png", lpString2="Program Files") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_maximize.png", lpString2="Program Files (x86)") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_maximize.png", lpString2="$Recycle.bin") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_maximize.png", lpString2="System Volume Information") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_maximize.png", lpString2=".") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_maximize.png", lpString2="..") returned 1 [0047.863] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png") returned 176 [0047.863] StrStrIW (lpFirst="topbar_floating_button_maximize.png", lpSrch=".lolkek") returned 0x0 [0047.863] lstrcmpW (lpString1="topbar_floating_button_maximize.png", lpString2="LOLKEK.txt") returned 1 [0047.863] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png") returned 176 [0047.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2c4) returned 0x3dddd10 [0047.863] lstrcpyW (in: lpString1=0x3dddd10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" [0047.863] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.863] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.863] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="topbar_floating_button_pressed.png", cAlternateFileName="TOF9E1~1.PNG")) returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_pressed.png", lpString2="Windows") returned -1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_pressed.png", lpString2="Program Files") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_pressed.png", lpString2="Program Files (x86)") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_pressed.png", lpString2="$Recycle.bin") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_pressed.png", lpString2="System Volume Information") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_pressed.png", lpString2=".") returned 1 [0047.863] lstrcmpiW (lpString1="topbar_floating_button_pressed.png", lpString2="..") returned 1 [0047.863] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png") returned 175 [0047.863] StrStrIW (lpFirst="topbar_floating_button_pressed.png", lpSrch=".lolkek") returned 0x0 [0047.863] lstrcmpW (lpString1="topbar_floating_button_pressed.png", lpString2="LOLKEK.txt") returned 1 [0047.863] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png") returned 175 [0047.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2c0) returned 0x3bf0f40 [0047.863] lstrcpyW (in: lpString1=0x3bf0f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" [0047.863] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.863] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.863] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="topbar_floating_button_pressed.png", cAlternateFileName="TOF9E1~1.PNG")) returned 0 [0047.864] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0047.864] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\LOLKEK.txt") returned 151 [0047.864] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.865] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.866] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0047.866] CloseHandle (hObject=0x1ec) returned 1 [0047.868] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0047.868] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826545a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e2a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aa3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0047.868] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0047.868] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0047.868] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0047.868] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0047.869] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0047.869] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0047.869] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0047.869] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json") returned 147 [0047.869] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0047.869] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0047.869] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json") returned 147 [0047.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x250) returned 0x61be60 [0047.869] lstrcpyW (in: lpString1=0x61be60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" [0047.869] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.869] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.869] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0047.869] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0047.869] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0047.869] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0047.869] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0047.869] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0047.869] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0047.869] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0047.869] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales") returned 142 [0047.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0047.869] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" [0047.869] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*" [0047.869] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0047.872] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.872] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.872] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.872] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.872] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.872] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.872] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.872] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.872] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.872] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.872] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.872] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.872] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.872] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.872] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0047.872] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0047.872] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0047.872] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0047.872] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0047.872] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0047.872] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0047.872] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0047.873] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg") returned 145 [0047.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.873] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" [0047.873] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*" [0047.873] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.873] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.873] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.873] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.873] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.873] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.873] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.873] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.873] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.873] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.873] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.873] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.873] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.873] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.873] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.873] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.873] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.873] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.873] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.873] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.873] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.873] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.873] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.873] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json") returned 159 [0047.873] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.873] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.873] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json") returned 159 [0047.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb8498 [0047.873] lstrcpyW (in: lpString1=0x3eb8498, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" [0047.873] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.874] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.874] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.874] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.874] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\LOLKEK.txt") returned 156 [0047.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.875] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.875] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.876] CloseHandle (hObject=0x2bc) returned 1 [0047.877] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.877] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0047.877] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0047.877] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0047.877] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0047.878] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0047.878] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0047.878] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0047.878] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0047.878] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca") returned 145 [0047.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.878] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" [0047.878] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*" [0047.878] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.879] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.879] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.879] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.879] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.879] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.879] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.879] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.879] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.879] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.879] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.879] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.879] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.879] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.879] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.879] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.879] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.879] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.879] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.879] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.879] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.879] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.879] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.879] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json") returned 159 [0047.879] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.879] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.879] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json") returned 159 [0047.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb8210 [0047.879] lstrcpyW (in: lpString1=0x3eb8210, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" [0047.879] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.879] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.880] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.880] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.880] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\LOLKEK.txt") returned 156 [0047.880] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.880] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.880] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.883] CloseHandle (hObject=0x2bc) returned 1 [0047.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.884] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0047.884] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0047.884] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0047.884] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0047.884] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0047.884] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0047.884] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0047.884] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0047.884] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs") returned 145 [0047.884] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.884] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" [0047.884] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*" [0047.884] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.884] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.884] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.884] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.884] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.884] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.884] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.884] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.885] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.885] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.885] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.885] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.885] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.885] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.885] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.885] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.885] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.885] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.885] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.885] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.885] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.885] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.885] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.885] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json") returned 159 [0047.885] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.885] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.885] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json") returned 159 [0047.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb8720 [0047.885] lstrcpyW (in: lpString1=0x3eb8720, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" [0047.885] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.885] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.885] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.885] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.885] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\LOLKEK.txt") returned 156 [0047.885] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.887] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.887] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.889] CloseHandle (hObject=0x1ec) returned 1 [0047.889] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.889] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0047.889] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0047.889] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0047.890] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0047.890] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0047.890] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0047.890] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0047.890] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0047.890] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da") returned 145 [0047.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.890] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" [0047.890] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*" [0047.890] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.891] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.891] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.891] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.891] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.891] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.891] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.891] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.891] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.891] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.891] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.891] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.891] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.891] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.891] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.891] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.891] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.891] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.891] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.891] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.891] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.891] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.891] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.892] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json") returned 159 [0047.892] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.892] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.892] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json") returned 159 [0047.892] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb89a8 [0047.892] lstrcpyW (in: lpString1=0x3eb89a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" [0047.892] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.892] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.892] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.892] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.892] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\LOLKEK.txt") returned 156 [0047.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.893] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.893] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.895] CloseHandle (hObject=0x25c) returned 1 [0047.896] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.896] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0047.896] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0047.896] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0047.896] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0047.896] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0047.896] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0047.896] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0047.896] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0047.896] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de") returned 145 [0047.896] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.896] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" [0047.896] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*" [0047.896] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.896] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.896] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.896] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.896] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.896] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.896] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.896] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.896] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.896] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.896] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.896] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.896] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.896] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.896] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.896] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.896] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.896] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.897] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.897] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.897] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.897] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.897] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.897] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json") returned 159 [0047.897] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.897] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.897] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json") returned 159 [0047.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb8c30 [0047.897] lstrcpyW (in: lpString1=0x3eb8c30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" [0047.897] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.897] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.897] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.897] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.897] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\LOLKEK.txt") returned 156 [0047.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.899] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.899] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.900] CloseHandle (hObject=0x1ec) returned 1 [0047.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.901] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0047.901] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0047.901] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0047.902] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0047.902] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0047.902] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0047.902] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0047.902] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0047.902] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el") returned 145 [0047.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.902] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" [0047.902] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*" [0047.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.905] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.905] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.905] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.905] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.905] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.905] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.905] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.905] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.905] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.905] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.905] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.905] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.905] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.905] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.905] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.905] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.905] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.905] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.905] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.905] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.905] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.905] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.905] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json") returned 159 [0047.905] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.905] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.905] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json") returned 159 [0047.905] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb7d00 [0047.905] lstrcpyW (in: lpString1=0x3eb7d00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" [0047.905] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.905] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.905] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.905] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.906] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\LOLKEK.txt") returned 156 [0047.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.907] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.907] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.908] CloseHandle (hObject=0x25c) returned 1 [0047.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.910] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en", cAlternateFileName="")) returned 1 [0047.910] lstrcmpiW (lpString1="en", lpString2="Windows") returned -1 [0047.910] lstrcmpiW (lpString1="en", lpString2="Program Files") returned -1 [0047.910] lstrcmpiW (lpString1="en", lpString2="Program Files (x86)") returned -1 [0047.910] lstrcmpiW (lpString1="en", lpString2="$Recycle.bin") returned 1 [0047.910] lstrcmpiW (lpString1="en", lpString2="System Volume Information") returned -1 [0047.910] lstrcmpiW (lpString1="en", lpString2=".") returned 1 [0047.910] lstrcmpiW (lpString1="en", lpString2="..") returned 1 [0047.910] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en") returned 145 [0047.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.910] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" [0047.910] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*" [0047.910] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.911] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.911] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.911] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.911] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.911] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.911] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.911] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.911] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.911] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.911] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.911] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.911] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.911] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.911] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.911] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.911] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.911] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.911] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.911] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.911] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.911] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.911] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.911] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json") returned 159 [0047.911] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.911] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.911] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json") returned 159 [0047.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb9140 [0047.911] lstrcpyW (in: lpString1=0x3eb9140, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" [0047.911] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.911] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.911] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.911] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.912] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\LOLKEK.txt") returned 156 [0047.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.914] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.914] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.915] CloseHandle (hObject=0x1ec) returned 1 [0047.916] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.916] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en_GB", cAlternateFileName="")) returned 1 [0047.916] lstrcmpiW (lpString1="en_GB", lpString2="Windows") returned -1 [0047.916] lstrcmpiW (lpString1="en_GB", lpString2="Program Files") returned -1 [0047.916] lstrcmpiW (lpString1="en_GB", lpString2="Program Files (x86)") returned -1 [0047.916] lstrcmpiW (lpString1="en_GB", lpString2="$Recycle.bin") returned 1 [0047.916] lstrcmpiW (lpString1="en_GB", lpString2="System Volume Information") returned -1 [0047.916] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0047.916] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0047.916] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB") returned 148 [0047.916] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.916] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" [0047.916] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*" [0047.916] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.918] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.918] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.918] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.918] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.918] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.918] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.918] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.918] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.918] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.918] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.918] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.918] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.918] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.918] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.918] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.918] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.918] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.918] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.918] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.918] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.918] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json") returned 162 [0047.918] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.918] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.918] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json") returned 162 [0047.918] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec07a8 [0047.918] lstrcpyW (in: lpString1=0x3ec07a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" [0047.918] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.918] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.918] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.918] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.918] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\LOLKEK.txt") returned 159 [0047.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.919] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.919] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.920] CloseHandle (hObject=0x1ec) returned 1 [0047.922] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.922] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0047.922] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0047.922] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0047.922] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0047.922] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0047.922] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0047.922] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0047.922] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0047.922] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es") returned 145 [0047.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.922] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" [0047.922] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*" [0047.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.923] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.923] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.923] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.923] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.923] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.923] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.923] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.923] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.923] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.923] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.923] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.923] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.923] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.923] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.923] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.923] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.923] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.923] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.923] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.923] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.923] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.923] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.923] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json") returned 159 [0047.923] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.923] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.923] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json") returned 159 [0047.923] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb9650 [0047.923] lstrcpyW (in: lpString1=0x3eb9650, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" [0047.923] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.923] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.923] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.923] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.923] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\LOLKEK.txt") returned 156 [0047.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.931] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.931] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.932] CloseHandle (hObject=0x25c) returned 1 [0047.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.933] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es_419", cAlternateFileName="")) returned 1 [0047.933] lstrcmpiW (lpString1="es_419", lpString2="Windows") returned -1 [0047.933] lstrcmpiW (lpString1="es_419", lpString2="Program Files") returned -1 [0047.933] lstrcmpiW (lpString1="es_419", lpString2="Program Files (x86)") returned -1 [0047.933] lstrcmpiW (lpString1="es_419", lpString2="$Recycle.bin") returned 1 [0047.933] lstrcmpiW (lpString1="es_419", lpString2="System Volume Information") returned -1 [0047.933] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0047.933] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0047.933] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419") returned 149 [0047.933] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.933] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" [0047.933] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*" [0047.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.934] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.934] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.934] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.934] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.934] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.934] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.934] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.934] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.934] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.934] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.934] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.934] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.934] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.934] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.934] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.934] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.935] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.935] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.935] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.935] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.935] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.935] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.935] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json") returned 163 [0047.935] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.935] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.935] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json") returned 163 [0047.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x290) returned 0x3ec0a50 [0047.935] lstrcpyW (in: lpString1=0x3ec0a50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" [0047.935] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.935] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.935] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.935] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.935] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\LOLKEK.txt") returned 160 [0047.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.936] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.936] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.937] CloseHandle (hObject=0x1ec) returned 1 [0047.939] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.939] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="et", cAlternateFileName="")) returned 1 [0047.939] lstrcmpiW (lpString1="et", lpString2="Windows") returned -1 [0047.939] lstrcmpiW (lpString1="et", lpString2="Program Files") returned -1 [0047.939] lstrcmpiW (lpString1="et", lpString2="Program Files (x86)") returned -1 [0047.939] lstrcmpiW (lpString1="et", lpString2="$Recycle.bin") returned 1 [0047.939] lstrcmpiW (lpString1="et", lpString2="System Volume Information") returned -1 [0047.939] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0047.939] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0047.939] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et") returned 145 [0047.939] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.939] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" [0047.939] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*" [0047.939] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.939] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.939] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.939] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.939] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.939] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.939] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.939] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.940] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.940] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.940] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.940] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.940] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.940] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.940] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.940] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.940] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.940] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.940] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.940] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.940] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.940] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.940] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.940] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json") returned 159 [0047.940] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.940] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.940] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json") returned 159 [0047.940] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb9b60 [0047.940] lstrcpyW (in: lpString1=0x3eb9b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" [0047.940] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.940] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.940] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.940] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.940] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\LOLKEK.txt") returned 156 [0047.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.941] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.941] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.943] CloseHandle (hObject=0x1ec) returned 1 [0047.944] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.944] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0047.944] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0047.944] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0047.944] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0047.944] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0047.944] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0047.944] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0047.944] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0047.944] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi") returned 145 [0047.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.944] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" [0047.944] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*" [0047.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.945] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.945] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.945] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.945] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.945] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.945] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.945] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.945] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.945] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.945] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.945] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.945] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.945] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.945] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.945] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.945] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.946] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.946] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.946] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.946] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.946] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.946] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.946] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json") returned 159 [0047.946] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.946] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.946] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json") returned 159 [0047.946] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb98d8 [0047.946] lstrcpyW (in: lpString1=0x3eb98d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" [0047.946] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.946] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.946] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.946] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.946] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\LOLKEK.txt") returned 156 [0047.946] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.947] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.947] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.948] CloseHandle (hObject=0x25c) returned 1 [0047.949] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.949] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0047.949] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0047.949] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0047.949] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0047.949] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0047.949] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0047.949] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0047.949] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0047.949] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil") returned 146 [0047.949] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.949] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" [0047.949] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*" [0047.949] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.949] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.949] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.949] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.949] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.949] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.949] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.949] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.949] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.949] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.949] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.949] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.949] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.949] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.949] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.949] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.949] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.949] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.949] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.949] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.949] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.949] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.949] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.949] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json") returned 160 [0047.949] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.950] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.950] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json") returned 160 [0047.950] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x3c94aa8 [0047.950] lstrcpyW (in: lpString1=0x3c94aa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" [0047.950] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.950] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.950] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.950] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.950] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\LOLKEK.txt") returned 157 [0047.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0047.952] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.952] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.953] CloseHandle (hObject=0x1ec) returned 1 [0047.956] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.956] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0047.956] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0047.957] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0047.957] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0047.957] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0047.957] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0047.957] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0047.957] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0047.957] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr") returned 145 [0047.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.957] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" [0047.957] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*" [0047.957] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.958] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.958] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.958] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.958] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.958] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.958] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.958] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.958] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.958] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.958] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.958] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.958] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.958] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.958] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.958] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.958] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.958] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.958] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.958] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.958] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.958] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.958] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.958] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json") returned 159 [0047.958] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.958] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.958] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json") returned 159 [0047.958] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb9de8 [0047.959] lstrcpyW (in: lpString1=0x3eb9de8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" [0047.959] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.959] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.959] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.959] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.959] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\LOLKEK.txt") returned 156 [0047.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.960] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.960] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.961] CloseHandle (hObject=0x25c) returned 1 [0047.961] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.961] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0047.961] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0047.961] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0047.961] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0047.961] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0047.961] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0047.961] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0047.961] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0047.961] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi") returned 145 [0047.961] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.961] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" [0047.962] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*" [0047.962] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.962] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.962] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.962] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.962] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.962] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.962] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.962] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.962] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.962] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.962] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.962] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.962] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.962] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.962] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.962] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.962] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.962] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.962] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.962] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.962] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.962] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.962] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.962] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json") returned 159 [0047.962] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.962] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.962] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json") returned 159 [0047.962] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eba070 [0047.962] lstrcpyW (in: lpString1=0x3eba070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" [0047.962] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.962] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.962] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.962] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.962] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\LOLKEK.txt") returned 156 [0047.963] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.963] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.963] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.963] CloseHandle (hObject=0x25c) returned 1 [0047.963] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.964] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hr", cAlternateFileName="")) returned 1 [0047.964] lstrcmpiW (lpString1="hr", lpString2="Windows") returned -1 [0047.964] lstrcmpiW (lpString1="hr", lpString2="Program Files") returned -1 [0047.964] lstrcmpiW (lpString1="hr", lpString2="Program Files (x86)") returned -1 [0047.964] lstrcmpiW (lpString1="hr", lpString2="$Recycle.bin") returned 1 [0047.964] lstrcmpiW (lpString1="hr", lpString2="System Volume Information") returned -1 [0047.964] lstrcmpiW (lpString1="hr", lpString2=".") returned 1 [0047.964] lstrcmpiW (lpString1="hr", lpString2="..") returned 1 [0047.964] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr") returned 145 [0047.964] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.964] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" [0047.964] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*" [0047.964] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.964] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.964] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.964] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.964] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.964] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.964] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.965] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.965] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.965] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.965] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.965] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.965] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.965] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.965] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.965] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.965] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.965] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.965] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.965] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.965] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.965] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.965] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.965] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json") returned 159 [0047.965] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.965] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.965] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json") returned 159 [0047.965] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb93c8 [0047.965] lstrcpyW (in: lpString1=0x3eb93c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" [0047.965] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.965] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.965] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.965] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.965] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\LOLKEK.txt") returned 156 [0047.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.966] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.966] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.966] CloseHandle (hObject=0x25c) returned 1 [0047.966] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.966] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0047.966] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0047.966] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0047.966] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0047.966] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0047.966] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0047.966] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0047.966] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0047.966] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu") returned 145 [0047.966] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.966] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" [0047.966] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*" [0047.967] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.967] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.967] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.967] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.967] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.967] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.967] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.967] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.967] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.967] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.967] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.967] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.967] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.967] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.967] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.967] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.967] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.967] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.967] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.967] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.967] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.967] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.967] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.967] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json") returned 159 [0047.967] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.967] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.967] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json") returned 159 [0047.967] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3eb8eb8 [0047.967] lstrcpyW (in: lpString1=0x3eb8eb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" [0047.967] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.967] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.967] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.967] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.967] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\LOLKEK.txt") returned 156 [0047.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.968] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.968] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.968] CloseHandle (hObject=0x25c) returned 1 [0047.968] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.968] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0047.968] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0047.969] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0047.969] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0047.969] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0047.969] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0047.969] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0047.969] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0047.969] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id") returned 145 [0047.969] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.969] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" [0047.969] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*" [0047.969] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.969] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.969] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.969] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.969] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.969] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.969] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.969] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.969] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.969] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.969] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.969] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.970] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.970] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.970] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.970] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.970] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.970] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.970] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.970] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.970] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.970] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.970] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.970] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json") returned 159 [0047.970] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.970] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.970] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json") returned 159 [0047.970] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da8f98 [0047.970] lstrcpyW (in: lpString1=0x3da8f98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" [0047.970] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.970] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.970] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.970] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.970] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\LOLKEK.txt") returned 156 [0047.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.970] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.970] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.971] CloseHandle (hObject=0x25c) returned 1 [0047.971] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.971] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0047.971] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0047.971] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0047.971] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0047.971] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0047.971] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0047.971] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0047.971] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0047.971] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it") returned 145 [0047.971] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.971] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" [0047.971] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*" [0047.971] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.972] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.972] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.972] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.972] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.972] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.972] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.972] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.972] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.972] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.972] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.972] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.972] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.972] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.972] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.972] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.972] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.972] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.972] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.972] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.972] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.972] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.972] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.972] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json") returned 159 [0047.972] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.972] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.972] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json") returned 159 [0047.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da9220 [0047.972] lstrcpyW (in: lpString1=0x3da9220, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" [0047.972] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.972] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.972] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.972] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.972] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\LOLKEK.txt") returned 156 [0047.972] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.973] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.973] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.973] CloseHandle (hObject=0x25c) returned 1 [0047.973] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.973] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0047.973] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0047.973] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0047.973] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0047.973] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0047.973] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0047.973] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0047.973] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0047.973] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja") returned 145 [0047.974] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.974] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" [0047.974] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*" [0047.974] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.974] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.974] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.974] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.974] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.974] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.974] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.974] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.974] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.974] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.974] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.974] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.974] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.974] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.975] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.975] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.975] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.975] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.975] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.975] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.975] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.975] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.975] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.975] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json") returned 159 [0047.975] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.975] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.975] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json") returned 159 [0047.975] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da94a8 [0047.975] lstrcpyW (in: lpString1=0x3da94a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" [0047.975] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.975] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.975] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.975] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.975] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\LOLKEK.txt") returned 156 [0047.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.975] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.975] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.976] CloseHandle (hObject=0x25c) returned 1 [0047.976] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.976] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0047.976] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0047.976] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0047.976] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0047.976] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0047.976] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0047.976] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0047.976] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0047.976] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko") returned 145 [0047.976] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.976] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" [0047.976] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*" [0047.976] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.977] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.977] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.977] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.977] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.977] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.977] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.977] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.977] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.977] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.977] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.977] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.977] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.977] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.977] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.977] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.977] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.977] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.977] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.977] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.977] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.977] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.977] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.977] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json") returned 159 [0047.977] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.977] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.977] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json") returned 159 [0047.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da9730 [0047.977] lstrcpyW (in: lpString1=0x3da9730, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" [0047.977] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.977] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.977] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.977] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.977] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\LOLKEK.txt") returned 156 [0047.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.978] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.978] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.978] CloseHandle (hObject=0x25c) returned 1 [0047.978] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.978] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0047.978] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0047.978] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0047.978] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0047.978] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0047.978] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0047.978] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0047.978] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0047.978] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt") returned 145 [0047.978] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.978] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" [0047.978] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*" [0047.979] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.979] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.979] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.979] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.979] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.979] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.979] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.979] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.979] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.979] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.979] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.979] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.979] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.979] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.979] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.979] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.979] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.979] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.979] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.979] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.980] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.980] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.980] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.980] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json") returned 159 [0047.980] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.980] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.980] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json") returned 159 [0047.980] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da99b8 [0047.980] lstrcpyW (in: lpString1=0x3da99b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" [0047.980] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.980] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.980] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.980] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.980] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\LOLKEK.txt") returned 156 [0047.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.980] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.980] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.981] CloseHandle (hObject=0x25c) returned 1 [0047.981] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.981] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0047.981] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0047.981] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0047.981] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0047.981] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0047.981] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0047.981] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0047.981] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0047.981] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv") returned 145 [0047.981] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.981] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" [0047.981] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*" [0047.981] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.982] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.982] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.982] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.982] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.982] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.982] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.982] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.982] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.982] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.982] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.982] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.982] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.982] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.982] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.982] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.982] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.982] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.982] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.982] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.982] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.982] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.982] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.982] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json") returned 159 [0047.982] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.982] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.982] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json") returned 159 [0047.982] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da9c40 [0047.982] lstrcpyW (in: lpString1=0x3da9c40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" [0047.982] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.982] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.982] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.982] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.982] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\LOLKEK.txt") returned 156 [0047.982] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.983] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.983] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.983] CloseHandle (hObject=0x25c) returned 1 [0047.983] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.983] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nb", cAlternateFileName="")) returned 1 [0047.983] lstrcmpiW (lpString1="nb", lpString2="Windows") returned -1 [0047.983] lstrcmpiW (lpString1="nb", lpString2="Program Files") returned -1 [0047.983] lstrcmpiW (lpString1="nb", lpString2="Program Files (x86)") returned -1 [0047.983] lstrcmpiW (lpString1="nb", lpString2="$Recycle.bin") returned 1 [0047.983] lstrcmpiW (lpString1="nb", lpString2="System Volume Information") returned -1 [0047.984] lstrcmpiW (lpString1="nb", lpString2=".") returned 1 [0047.984] lstrcmpiW (lpString1="nb", lpString2="..") returned 1 [0047.984] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb") returned 145 [0047.984] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.984] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" [0047.984] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*" [0047.984] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.984] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.984] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.984] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.984] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.984] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.984] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.984] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.984] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.984] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.984] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.984] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.984] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.984] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.985] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.985] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.985] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.985] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.985] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.985] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.985] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.985] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.985] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.985] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json") returned 159 [0047.985] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.985] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.985] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json") returned 159 [0047.985] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da9ec8 [0047.985] lstrcpyW (in: lpString1=0x3da9ec8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" [0047.985] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.985] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.985] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.985] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.985] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\LOLKEK.txt") returned 156 [0047.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.985] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.985] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.986] CloseHandle (hObject=0x25c) returned 1 [0047.986] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.986] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0047.986] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0047.986] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0047.986] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0047.986] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0047.986] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0047.986] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0047.986] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0047.986] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl") returned 145 [0047.986] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.986] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" [0047.986] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*" [0047.986] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.987] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.987] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.987] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.987] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.987] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.987] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.987] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.987] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.987] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.987] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.987] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.987] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.987] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.987] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.987] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.987] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.987] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.987] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.987] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.987] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.987] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.987] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.987] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json") returned 159 [0047.987] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.987] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.987] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json") returned 159 [0047.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3daa150 [0047.987] lstrcpyW (in: lpString1=0x3daa150, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" [0047.987] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.987] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.987] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.987] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.987] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\LOLKEK.txt") returned 156 [0047.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.988] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.988] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.988] CloseHandle (hObject=0x25c) returned 1 [0047.988] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.988] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0047.988] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0047.988] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0047.989] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0047.989] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0047.989] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0047.989] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0047.989] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0047.989] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl") returned 145 [0047.989] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.989] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" [0047.989] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*" [0047.989] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.989] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.989] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.989] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.990] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.990] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.990] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.990] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.990] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.990] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.990] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.990] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.990] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.990] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.990] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.990] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.990] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.990] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.990] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.990] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.990] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.990] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.990] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.990] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json") returned 159 [0047.990] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.990] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.990] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json") returned 159 [0047.990] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3daa3d8 [0047.990] lstrcpyW (in: lpString1=0x3daa3d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" [0047.990] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.990] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.990] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.990] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.990] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\LOLKEK.txt") returned 156 [0047.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.991] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.991] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.991] CloseHandle (hObject=0x25c) returned 1 [0047.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.991] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0047.991] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0047.991] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0047.992] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0047.992] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0047.992] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0047.992] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0047.992] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0047.992] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR") returned 148 [0047.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.992] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" [0047.992] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*" [0047.992] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.992] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.992] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.992] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.992] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.992] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.992] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.992] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.992] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.992] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.992] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.992] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.992] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.992] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.992] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.992] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.992] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.992] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.992] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.992] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.992] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.992] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.992] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.992] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json") returned 162 [0047.992] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.993] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.993] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json") returned 162 [0047.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec0cf8 [0047.993] lstrcpyW (in: lpString1=0x3ec0cf8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" [0047.993] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.993] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.993] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.993] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.993] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\LOLKEK.txt") returned 159 [0047.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0047.993] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.993] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.994] CloseHandle (hObject=0x25c) returned 1 [0047.994] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.994] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0047.994] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0047.994] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0047.994] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0047.994] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0047.994] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0047.994] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0047.994] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0047.994] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT") returned 148 [0047.994] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.994] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" [0047.994] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*" [0047.994] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.995] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.995] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.995] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.995] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.995] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.995] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.995] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.995] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.995] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.995] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.995] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.995] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.995] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.995] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.995] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.995] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.995] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.995] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.995] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.995] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.995] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.995] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.995] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json") returned 162 [0047.995] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.996] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.996] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json") returned 162 [0047.996] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec0fa0 [0047.996] lstrcpyW (in: lpString1=0x3ec0fa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" [0047.996] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.996] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.996] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.996] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.996] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\LOLKEK.txt") returned 159 [0047.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.996] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.996] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.997] CloseHandle (hObject=0x2bc) returned 1 [0047.997] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.997] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0047.997] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0047.997] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0047.997] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0047.997] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0047.997] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0047.997] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0047.997] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0047.997] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro") returned 145 [0047.997] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0047.997] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" [0047.997] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*" [0047.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0047.997] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0047.997] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0047.997] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0047.997] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0047.998] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0047.998] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.998] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0047.998] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0047.998] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0047.998] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0047.998] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0047.998] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0047.998] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.998] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.998] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0047.998] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0047.998] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0047.998] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0047.998] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0047.998] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0047.998] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0047.998] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0047.998] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json") returned 159 [0047.998] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0047.998] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0047.998] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json") returned 159 [0047.998] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3daa660 [0047.998] lstrcpyW (in: lpString1=0x3daa660, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" [0047.998] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0047.998] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0047.998] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0047.998] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0047.998] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\LOLKEK.txt") returned 156 [0047.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0047.999] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0047.999] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0047.999] CloseHandle (hObject=0x2bc) returned 1 [0047.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0047.999] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0047.999] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0047.999] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0047.999] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0047.999] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0047.999] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0047.999] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0047.999] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0048.000] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru") returned 145 [0048.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.000] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" [0048.000] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*" [0048.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.002] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.002] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.002] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.002] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.002] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.002] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.003] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.003] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.003] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.003] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.003] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.003] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.003] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.003] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.004] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.004] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.004] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.004] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.004] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.004] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.004] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json") returned 159 [0048.004] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.004] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.004] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json") returned 159 [0048.004] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3daa8e8 [0048.004] lstrcpyW (in: lpString1=0x3daa8e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" [0048.004] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.004] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.004] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.004] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\LOLKEK.txt") returned 156 [0048.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.004] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.004] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.005] CloseHandle (hObject=0x25c) returned 1 [0048.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.005] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0048.005] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0048.005] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0048.005] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0048.005] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0048.005] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0048.005] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0048.005] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0048.005] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk") returned 145 [0048.005] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.005] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" [0048.005] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*" [0048.005] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.006] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.006] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.006] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.006] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.006] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.006] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.006] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.006] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.006] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.006] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.006] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.006] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.006] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.006] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.006] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.006] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.006] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.006] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.006] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.006] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.006] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.006] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.006] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json") returned 159 [0048.006] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.006] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.006] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json") returned 159 [0048.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3daab70 [0048.006] lstrcpyW (in: lpString1=0x3daab70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" [0048.006] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.006] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.006] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.006] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.006] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\LOLKEK.txt") returned 156 [0048.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.007] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.007] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.008] CloseHandle (hObject=0x25c) returned 1 [0048.008] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.008] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0048.008] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0048.008] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0048.008] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0048.008] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0048.008] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0048.008] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0048.008] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0048.008] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl") returned 145 [0048.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.008] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" [0048.008] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*" [0048.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.012] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.012] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.012] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.012] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.012] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.012] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.012] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.012] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.012] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.012] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.012] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.012] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.012] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.012] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.012] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.012] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.012] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.012] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.012] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.012] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.012] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.012] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.012] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json") returned 159 [0048.012] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.012] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.012] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json") returned 159 [0048.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3daadf8 [0048.012] lstrcpyW (in: lpString1=0x3daadf8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" [0048.012] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.013] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.013] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.013] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.013] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\LOLKEK.txt") returned 156 [0048.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.013] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.013] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.014] CloseHandle (hObject=0x2bc) returned 1 [0048.014] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.014] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0048.014] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0048.014] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0048.014] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0048.014] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0048.014] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0048.014] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0048.014] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0048.014] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr") returned 145 [0048.014] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.014] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" [0048.014] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*" [0048.014] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.015] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.015] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.015] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.015] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.015] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.015] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.015] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.015] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.015] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.015] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.015] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.015] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.015] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.015] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.015] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.015] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.015] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.015] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.015] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.015] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.015] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.015] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.015] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json") returned 159 [0048.015] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.015] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.015] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json") returned 159 [0048.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3dab080 [0048.015] lstrcpyW (in: lpString1=0x3dab080, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" [0048.015] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.015] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.015] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.015] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.015] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\LOLKEK.txt") returned 156 [0048.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.016] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.016] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.016] CloseHandle (hObject=0x2bc) returned 1 [0048.017] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.017] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sv", cAlternateFileName="")) returned 1 [0048.017] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0048.017] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0048.017] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0048.017] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0048.017] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0048.017] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0048.017] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0048.017] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv") returned 145 [0048.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.017] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" [0048.017] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*" [0048.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.021] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.021] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.021] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.021] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.021] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.022] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.022] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.022] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.022] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.022] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.022] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.022] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.022] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.022] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.022] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.022] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.022] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.022] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.022] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.022] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.022] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.022] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.022] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json") returned 159 [0048.022] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.022] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.022] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json") returned 159 [0048.022] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3dab308 [0048.022] lstrcpyW (in: lpString1=0x3dab308, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" [0048.022] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.022] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.022] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.022] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.022] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\LOLKEK.txt") returned 156 [0048.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.023] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.023] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.023] CloseHandle (hObject=0x2bc) returned 1 [0048.023] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.023] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0048.023] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0048.023] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0048.023] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0048.023] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0048.024] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0048.024] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0048.024] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0048.024] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th") returned 145 [0048.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.024] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" [0048.024] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*" [0048.024] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.024] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.024] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.024] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.024] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.024] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.024] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.024] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.024] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.024] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.024] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.024] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.024] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.024] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.024] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.024] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.024] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.024] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.024] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.024] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.024] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.024] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.024] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.024] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json") returned 159 [0048.024] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.025] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.025] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json") returned 159 [0048.025] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3dab590 [0048.025] lstrcpyW (in: lpString1=0x3dab590, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" [0048.025] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.025] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.025] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.025] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.025] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\LOLKEK.txt") returned 156 [0048.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.025] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.025] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.026] CloseHandle (hObject=0x2bc) returned 1 [0048.026] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.026] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0048.026] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0048.026] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0048.026] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0048.026] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0048.026] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0048.026] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0048.026] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0048.026] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr") returned 145 [0048.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.026] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" [0048.026] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*" [0048.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.112] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.112] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.112] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.112] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.112] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.112] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.112] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.112] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.112] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.112] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.112] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.112] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.112] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.112] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.112] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.112] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.112] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.112] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.112] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.112] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.112] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.112] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.112] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json") returned 159 [0048.112] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.112] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.112] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json") returned 159 [0048.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ebb4b0 [0048.112] lstrcpyW (in: lpString1=0x3ebb4b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" [0048.112] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.112] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.112] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.112] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.113] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\LOLKEK.txt") returned 156 [0048.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.113] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.113] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.114] CloseHandle (hObject=0x2bc) returned 1 [0048.114] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.114] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0048.114] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0048.114] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0048.114] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0048.114] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0048.114] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0048.114] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0048.114] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0048.114] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk") returned 145 [0048.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.114] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" [0048.114] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*" [0048.114] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.114] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.114] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.114] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.114] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.114] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.114] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.114] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.114] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.114] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.114] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.114] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.114] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.114] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.114] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.114] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.115] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.115] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.115] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.115] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.115] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.115] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.115] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.115] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json") returned 159 [0048.115] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.115] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.115] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json") returned 159 [0048.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ebb228 [0048.115] lstrcpyW (in: lpString1=0x3ebb228, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" [0048.115] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.115] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.115] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.115] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.115] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\LOLKEK.txt") returned 156 [0048.115] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.115] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.115] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.116] CloseHandle (hObject=0x2bc) returned 1 [0048.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.116] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0048.116] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0048.116] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0048.116] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0048.116] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0048.116] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0048.116] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0048.116] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0048.116] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi") returned 145 [0048.116] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.116] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" [0048.116] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*" [0048.116] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.176] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.176] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.176] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.176] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.176] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.176] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.176] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.176] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.177] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.177] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.177] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.177] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.177] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.177] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.177] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.177] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.177] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.177] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.177] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.177] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.177] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.177] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.177] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json") returned 159 [0048.177] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.177] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.177] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json") returned 159 [0048.177] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3ebc9a8 [0048.177] lstrcpyW (in: lpString1=0x3ebc9a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" [0048.177] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.177] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.177] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.177] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.177] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\LOLKEK.txt") returned 156 [0048.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.178] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.178] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.178] CloseHandle (hObject=0x1ec) returned 1 [0048.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.178] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0048.178] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0048.178] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0048.178] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0048.178] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0048.178] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0048.178] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0048.178] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0048.179] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN") returned 148 [0048.179] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.179] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" [0048.179] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*" [0048.179] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.179] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.179] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.179] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.179] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.179] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.179] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.179] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.179] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.179] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.179] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.179] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.179] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.179] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.179] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.179] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.179] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.179] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.179] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.179] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.179] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.179] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.179] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.179] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json") returned 162 [0048.179] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.179] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.179] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json") returned 162 [0048.179] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ebfd08 [0048.179] lstrcpyW (in: lpString1=0x3ebfd08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" [0048.180] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.180] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.180] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.180] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.180] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\LOLKEK.txt") returned 159 [0048.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.180] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.180] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.181] CloseHandle (hObject=0x1ec) returned 1 [0048.181] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.181] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0048.181] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0048.181] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0048.181] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0048.181] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0048.181] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0048.181] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0048.181] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0048.181] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW") returned 148 [0048.181] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.181] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" [0048.181] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*" [0048.181] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.186] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.186] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.186] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.186] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.186] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.186] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.186] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.186] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.186] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.186] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.186] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.186] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.186] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.186] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.186] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.186] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.186] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.186] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.186] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.186] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.186] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.186] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.186] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json") returned 162 [0048.186] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.186] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.186] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json") returned 162 [0048.186] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec1248 [0048.186] lstrcpyW (in: lpString1=0x3ec1248, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" [0048.186] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.186] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.186] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.186] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.186] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\LOLKEK.txt") returned 159 [0048.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.187] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.187] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.188] CloseHandle (hObject=0x2bc) returned 1 [0048.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.188] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0048.188] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0048.188] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\LOLKEK.txt") returned 153 [0048.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.188] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.188] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0048.189] CloseHandle (hObject=0x258) returned 1 [0048.189] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0048.190] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0048.190] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0048.190] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0048.190] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0048.190] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0048.190] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0048.190] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0048.190] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0048.190] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata") returned 143 [0048.190] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0048.190] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" [0048.191] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*" [0048.191] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0048.196] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.196] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.196] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.196] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.196] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.196] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.196] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.196] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.196] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.196] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.196] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.196] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.196] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.196] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.196] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0048.196] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0048.196] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0048.196] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0048.196] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0048.196] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0048.196] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0048.196] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0048.196] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json") returned 166 [0048.196] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0048.196] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0048.196] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json") returned 166 [0048.196] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29c) returned 0x61b548 [0048.196] lstrcpyW (in: lpString1=0x61b548, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" [0048.196] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.196] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.196] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0048.196] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0048.196] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\LOLKEK.txt") returned 154 [0048.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.197] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.197] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0048.198] CloseHandle (hObject=0x258) returned 1 [0048.198] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0048.198] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0048.198] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0048.198] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\LOLKEK.txt") returned 144 [0048.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.198] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.198] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0048.199] CloseHandle (hObject=0x270) returned 1 [0048.199] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.199] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1.0.0.2_0", cAlternateFileName="100~1.2_0")) returned 0 [0048.199] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0048.199] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\LOLKEK.txt") returned 134 [0048.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0048.199] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.199] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0048.200] CloseHandle (hObject=0x1b4) returned 1 [0048.200] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0048.201] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pjkljhegncpnkpknbcohdijeoejaedia", cAlternateFileName="PJKLJH~1")) returned 1 [0048.201] lstrcmpiW (lpString1="pjkljhegncpnkpknbcohdijeoejaedia", lpString2="Windows") returned -1 [0048.201] lstrcmpiW (lpString1="pjkljhegncpnkpknbcohdijeoejaedia", lpString2="Program Files") returned -1 [0048.201] lstrcmpiW (lpString1="pjkljhegncpnkpknbcohdijeoejaedia", lpString2="Program Files (x86)") returned -1 [0048.201] lstrcmpiW (lpString1="pjkljhegncpnkpknbcohdijeoejaedia", lpString2="$Recycle.bin") returned 1 [0048.201] lstrcmpiW (lpString1="pjkljhegncpnkpknbcohdijeoejaedia", lpString2="System Volume Information") returned -1 [0048.201] lstrcmpiW (lpString1="pjkljhegncpnkpknbcohdijeoejaedia", lpString2=".") returned 1 [0048.201] lstrcmpiW (lpString1="pjkljhegncpnkpknbcohdijeoejaedia", lpString2="..") returned 1 [0048.201] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned 123 [0048.201] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0048.201] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" [0048.201] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*" [0048.201] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0048.201] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.201] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.201] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.201] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.202] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.202] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.202] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.202] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.202] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.202] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.202] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.202] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.202] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.202] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.202] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8.1_0", cAlternateFileName="")) returned 1 [0048.202] lstrcmpiW (lpString1="8.1_0", lpString2="Windows") returned -1 [0048.202] lstrcmpiW (lpString1="8.1_0", lpString2="Program Files") returned -1 [0048.202] lstrcmpiW (lpString1="8.1_0", lpString2="Program Files (x86)") returned -1 [0048.202] lstrcmpiW (lpString1="8.1_0", lpString2="$Recycle.bin") returned 1 [0048.202] lstrcmpiW (lpString1="8.1_0", lpString2="System Volume Information") returned -1 [0048.202] lstrcmpiW (lpString1="8.1_0", lpString2=".") returned 1 [0048.202] lstrcmpiW (lpString1="8.1_0", lpString2="..") returned 1 [0048.202] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned 129 [0048.202] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0048.202] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" [0048.202] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*" [0048.202] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0048.330] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.330] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.330] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.330] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.330] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.330] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.330] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.330] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.330] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.330] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.330] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.330] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.330] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.330] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.330] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x180f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="128.png", cAlternateFileName="")) returned 1 [0048.330] lstrcmpiW (lpString1="128.png", lpString2="Windows") returned -1 [0048.330] lstrcmpiW (lpString1="128.png", lpString2="Program Files") returned -1 [0048.330] lstrcmpiW (lpString1="128.png", lpString2="Program Files (x86)") returned -1 [0048.330] lstrcmpiW (lpString1="128.png", lpString2="$Recycle.bin") returned 1 [0048.330] lstrcmpiW (lpString1="128.png", lpString2="System Volume Information") returned -1 [0048.330] lstrcmpiW (lpString1="128.png", lpString2=".") returned 1 [0048.330] lstrcmpiW (lpString1="128.png", lpString2="..") returned 1 [0048.330] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png") returned 137 [0048.330] StrStrIW (lpFirst="128.png", lpSrch=".lolkek") returned 0x0 [0048.330] lstrcmpW (lpString1="128.png", lpString2="LOLKEK.txt") returned -1 [0048.330] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png") returned 137 [0048.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eadff8 [0048.330] lstrcpyW (in: lpString1=0x3eadff8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" [0048.330] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.330] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.330] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x869b0fb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0048.330] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0048.330] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0048.330] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0048.330] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0048.330] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0048.330] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0048.330] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0048.331] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json") returned 143 [0048.331] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0048.331] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0048.331] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json") returned 143 [0048.331] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x240) returned 0x61b7f0 [0048.331] lstrcpyW (in: lpString1=0x61b7f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" [0048.331] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.331] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.331] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_locales", cAlternateFileName="")) returned 1 [0048.331] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0048.331] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0048.331] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0048.331] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0048.331] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0048.331] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0048.331] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0048.331] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned 138 [0048.331] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.331] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" [0048.331] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*" [0048.331] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0048.424] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.424] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.424] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.424] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.424] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.424] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.424] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.424] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.424] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.424] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.424] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.424] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.424] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.424] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.424] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ar", cAlternateFileName="")) returned 1 [0048.424] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0048.424] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0048.424] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0048.424] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0048.424] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0048.424] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0048.424] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0048.424] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar") returned 141 [0048.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.425] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" [0048.425] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*" [0048.425] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.477] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.477] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.477] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.477] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.477] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.477] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.477] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.477] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.477] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.477] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.477] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.477] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.477] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.477] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.477] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.477] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.477] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.477] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.477] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.477] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.477] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.477] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.477] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json") returned 155 [0048.477] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.477] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.477] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json") returned 155 [0048.478] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6b028 [0048.478] lstrcpyW (in: lpString1=0x3e6b028, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" [0048.478] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.478] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.478] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.478] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.478] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\LOLKEK.txt") returned 152 [0048.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.478] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.478] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.479] CloseHandle (hObject=0x270) returned 1 [0048.479] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.479] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0048.479] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0048.479] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0048.479] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0048.479] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0048.479] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0048.479] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0048.479] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0048.479] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg") returned 141 [0048.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.479] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" [0048.479] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*" [0048.479] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.480] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.480] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.480] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.480] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.480] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.480] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.480] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.480] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.480] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.480] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.480] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.480] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.480] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.480] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.480] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.480] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.480] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.480] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.480] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.480] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.480] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.480] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.480] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json") returned 155 [0048.480] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.480] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.480] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json") returned 155 [0048.480] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6ab18 [0048.480] lstrcpyW (in: lpString1=0x3e6ab18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" [0048.480] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.480] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.480] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.480] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.481] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\LOLKEK.txt") returned 152 [0048.481] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.481] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.481] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.482] CloseHandle (hObject=0x270) returned 1 [0048.482] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.482] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0048.482] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0048.482] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0048.482] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0048.482] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0048.482] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0048.482] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0048.482] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0048.482] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca") returned 141 [0048.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.482] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" [0048.482] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*" [0048.482] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.491] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.491] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.491] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.491] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.491] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.491] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.491] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.491] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.491] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.491] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.491] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.491] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.491] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.491] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.491] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.491] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.491] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.491] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.491] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.491] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.491] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.491] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.491] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json") returned 155 [0048.491] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.491] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.491] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json") returned 155 [0048.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6ada0 [0048.492] lstrcpyW (in: lpString1=0x3e6ada0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" [0048.492] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.492] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.492] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.492] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.492] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\LOLKEK.txt") returned 152 [0048.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.492] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.492] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.493] CloseHandle (hObject=0x2bc) returned 1 [0048.493] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.493] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0048.493] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0048.493] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0048.493] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0048.493] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0048.493] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0048.493] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0048.493] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0048.493] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs") returned 141 [0048.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.493] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" [0048.493] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*" [0048.493] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.495] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.495] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.495] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.495] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.495] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.495] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.495] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.495] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.495] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.495] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.495] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.495] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.495] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.495] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.496] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.496] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.496] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.496] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.496] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.496] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.496] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.496] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.496] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json") returned 155 [0048.496] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.496] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.496] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json") returned 155 [0048.496] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a890 [0048.496] lstrcpyW (in: lpString1=0x3e6a890, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" [0048.496] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.496] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.496] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.496] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.496] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\LOLKEK.txt") returned 152 [0048.496] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.497] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.497] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.497] CloseHandle (hObject=0x2bc) returned 1 [0048.497] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.497] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0048.497] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0048.497] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0048.497] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0048.497] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0048.497] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0048.497] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0048.497] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0048.497] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da") returned 141 [0048.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.498] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" [0048.498] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*" [0048.498] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.502] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.502] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.502] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.502] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.502] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.502] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.502] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.502] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.502] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.502] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.502] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.502] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.502] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.502] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.502] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.502] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.502] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.502] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.502] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.502] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.502] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.502] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.502] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json") returned 155 [0048.502] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.502] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.502] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json") returned 155 [0048.503] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a608 [0048.503] lstrcpyW (in: lpString1=0x3e6a608, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" [0048.503] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.503] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.503] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.503] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.503] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\LOLKEK.txt") returned 152 [0048.503] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.503] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.503] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.504] CloseHandle (hObject=0x1ec) returned 1 [0048.504] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.504] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0048.504] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0048.504] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0048.504] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0048.504] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0048.504] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0048.504] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0048.504] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0048.504] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de") returned 141 [0048.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.504] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" [0048.504] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*" [0048.504] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.505] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.505] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.505] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.505] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.505] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.505] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.505] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.505] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.505] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.505] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.505] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.505] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.505] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.505] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.505] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.505] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.505] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.505] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.505] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.505] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.506] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.506] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.506] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json") returned 155 [0048.506] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.506] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.506] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json") returned 155 [0048.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a380 [0048.506] lstrcpyW (in: lpString1=0x3e6a380, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" [0048.506] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.506] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.506] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.506] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.506] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\LOLKEK.txt") returned 152 [0048.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.506] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.506] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.507] CloseHandle (hObject=0x1ec) returned 1 [0048.507] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.507] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0048.507] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0048.507] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0048.507] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0048.507] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0048.507] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0048.507] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0048.507] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0048.507] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el") returned 141 [0048.507] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.507] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" [0048.508] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*" [0048.508] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.508] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.508] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.508] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.508] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.508] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.508] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.508] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.508] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.508] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.508] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.508] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.509] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.509] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.509] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.509] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.509] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.509] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.509] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.509] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.509] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.509] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.509] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.509] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json") returned 155 [0048.509] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.509] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.509] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json") returned 155 [0048.509] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e6a0f8 [0048.509] lstrcpyW (in: lpString1=0x3e6a0f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" [0048.509] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.509] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.509] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.509] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.509] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\LOLKEK.txt") returned 152 [0048.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.510] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.510] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.510] CloseHandle (hObject=0x1ec) returned 1 [0048.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.510] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en", cAlternateFileName="")) returned 1 [0048.510] lstrcmpiW (lpString1="en", lpString2="Windows") returned -1 [0048.510] lstrcmpiW (lpString1="en", lpString2="Program Files") returned -1 [0048.510] lstrcmpiW (lpString1="en", lpString2="Program Files (x86)") returned -1 [0048.510] lstrcmpiW (lpString1="en", lpString2="$Recycle.bin") returned 1 [0048.510] lstrcmpiW (lpString1="en", lpString2="System Volume Information") returned -1 [0048.510] lstrcmpiW (lpString1="en", lpString2=".") returned 1 [0048.510] lstrcmpiW (lpString1="en", lpString2="..") returned 1 [0048.510] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en") returned 141 [0048.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.510] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" [0048.511] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*" [0048.511] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.511] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.511] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.511] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.511] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.511] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.511] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.511] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.511] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.511] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.511] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.511] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.511] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.511] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.511] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.511] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.511] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.511] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.511] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.511] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.511] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.511] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.511] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.511] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json") returned 155 [0048.511] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.511] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.511] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json") returned 155 [0048.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3e69e70 [0048.511] lstrcpyW (in: lpString1=0x3e69e70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" [0048.511] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.511] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.511] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.512] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.512] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\LOLKEK.txt") returned 152 [0048.512] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.512] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.512] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.513] CloseHandle (hObject=0x1ec) returned 1 [0048.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.513] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0048.513] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0048.513] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0048.513] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0048.513] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0048.513] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0048.513] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0048.513] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0048.513] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es") returned 141 [0048.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.513] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" [0048.513] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*" [0048.513] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.513] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.513] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.513] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.513] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.513] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.513] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.513] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.513] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.513] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.513] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.513] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.514] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.514] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.514] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.514] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.514] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.514] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.514] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.514] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.514] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.514] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.514] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.514] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json") returned 155 [0048.514] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.514] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.514] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json") returned 155 [0048.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebe580 [0048.514] lstrcpyW (in: lpString1=0x3ebe580, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" [0048.514] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.514] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.514] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.514] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.514] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\LOLKEK.txt") returned 152 [0048.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.514] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.515] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.515] CloseHandle (hObject=0x1ec) returned 1 [0048.515] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.515] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0048.515] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0048.515] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0048.515] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0048.515] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0048.515] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0048.515] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0048.515] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0048.515] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi") returned 141 [0048.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.515] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" [0048.515] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*" [0048.515] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.516] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.516] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.516] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.516] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.516] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.516] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.516] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.516] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.516] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.516] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.516] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.516] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.516] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.516] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.516] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.517] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.517] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.517] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.517] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.517] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.517] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.517] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.517] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json") returned 155 [0048.517] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.517] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.517] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json") returned 155 [0048.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebf9c0 [0048.517] lstrcpyW (in: lpString1=0x3ebf9c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" [0048.517] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.517] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.517] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.517] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.517] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\LOLKEK.txt") returned 152 [0048.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.518] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.518] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.518] CloseHandle (hObject=0x1ec) returned 1 [0048.518] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.518] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0048.518] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0048.518] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0048.518] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0048.518] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0048.518] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0048.518] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0048.518] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0048.518] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil") returned 142 [0048.518] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.519] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" [0048.519] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*" [0048.519] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.519] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.519] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.519] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.519] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.519] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.520] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.520] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.520] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.520] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.520] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.520] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.520] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.520] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.520] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.520] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.520] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.520] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.520] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.520] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.520] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.520] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.520] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.520] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json") returned 156 [0048.520] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.520] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.520] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json") returned 156 [0048.520] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x274) returned 0x3ebf738 [0048.520] lstrcpyW (in: lpString1=0x3ebf738, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" [0048.520] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.520] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.520] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.520] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.520] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\LOLKEK.txt") returned 153 [0048.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.521] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.521] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.521] CloseHandle (hObject=0x270) returned 1 [0048.521] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.521] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0048.521] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0048.521] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0048.521] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0048.521] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0048.521] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0048.521] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0048.521] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0048.521] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr") returned 141 [0048.521] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.521] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" [0048.522] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*" [0048.522] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.522] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.522] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.522] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.522] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.522] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.522] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.522] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.522] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.522] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.522] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.522] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.522] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.522] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.522] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.522] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.522] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.522] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.522] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.522] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.522] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.522] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.522] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.522] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json") returned 155 [0048.522] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.522] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.522] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json") returned 155 [0048.522] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebf4b0 [0048.522] lstrcpyW (in: lpString1=0x3ebf4b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" [0048.522] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.522] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.522] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.522] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.522] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\LOLKEK.txt") returned 152 [0048.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.523] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.523] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.523] CloseHandle (hObject=0x270) returned 1 [0048.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.524] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0048.524] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0048.524] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0048.524] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0048.524] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0048.524] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0048.524] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0048.524] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0048.524] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi") returned 141 [0048.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.524] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" [0048.524] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*" [0048.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.524] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.524] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.524] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.524] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.524] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.524] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.524] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.524] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.524] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.524] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.524] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.524] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.524] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.524] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.524] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.524] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.524] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.524] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.524] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.524] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.524] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.524] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.524] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json") returned 155 [0048.524] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.524] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.524] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json") returned 155 [0048.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebf228 [0048.524] lstrcpyW (in: lpString1=0x3ebf228, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" [0048.524] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.525] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.525] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.525] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.525] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\LOLKEK.txt") returned 152 [0048.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.525] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.525] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.526] CloseHandle (hObject=0x270) returned 1 [0048.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.526] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hr", cAlternateFileName="")) returned 1 [0048.526] lstrcmpiW (lpString1="hr", lpString2="Windows") returned -1 [0048.526] lstrcmpiW (lpString1="hr", lpString2="Program Files") returned -1 [0048.526] lstrcmpiW (lpString1="hr", lpString2="Program Files (x86)") returned -1 [0048.526] lstrcmpiW (lpString1="hr", lpString2="$Recycle.bin") returned 1 [0048.526] lstrcmpiW (lpString1="hr", lpString2="System Volume Information") returned -1 [0048.526] lstrcmpiW (lpString1="hr", lpString2=".") returned 1 [0048.526] lstrcmpiW (lpString1="hr", lpString2="..") returned 1 [0048.526] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr") returned 141 [0048.526] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.526] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" [0048.526] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*" [0048.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.526] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.526] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.526] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.526] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.526] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.526] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.526] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.526] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.526] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.526] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.526] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.526] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.526] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.526] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.526] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.526] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.526] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.526] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.527] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.527] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.527] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.527] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.527] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json") returned 155 [0048.527] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.527] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.527] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json") returned 155 [0048.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebefa0 [0048.527] lstrcpyW (in: lpString1=0x3ebefa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" [0048.527] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.527] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.527] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.527] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.527] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\LOLKEK.txt") returned 152 [0048.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.527] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.527] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.528] CloseHandle (hObject=0x270) returned 1 [0048.528] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.528] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0048.528] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0048.528] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0048.528] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0048.528] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0048.528] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0048.528] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0048.528] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0048.528] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu") returned 141 [0048.528] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.528] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" [0048.528] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*" [0048.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.529] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.529] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.529] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.529] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.529] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.529] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.529] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.529] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.529] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.529] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.529] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.529] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.529] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.529] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.529] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.529] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.529] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.529] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.529] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.529] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.529] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.529] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.529] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json") returned 155 [0048.529] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.529] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.529] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json") returned 155 [0048.529] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebed18 [0048.529] lstrcpyW (in: lpString1=0x3ebed18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" [0048.529] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.529] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.529] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.529] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.529] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\LOLKEK.txt") returned 152 [0048.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.530] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.530] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.530] CloseHandle (hObject=0x270) returned 1 [0048.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.530] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0048.530] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0048.530] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0048.530] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0048.530] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0048.530] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0048.530] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0048.530] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0048.531] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id") returned 141 [0048.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.531] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" [0048.531] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*" [0048.531] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.531] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.531] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.531] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.531] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.531] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.531] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.531] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.531] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.531] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.531] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.531] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.531] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.531] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.531] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.531] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.531] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.531] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.531] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.531] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.531] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.531] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.531] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.531] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json") returned 155 [0048.531] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.531] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.531] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json") returned 155 [0048.531] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebea90 [0048.531] lstrcpyW (in: lpString1=0x3ebea90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" [0048.531] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.531] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.531] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.532] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.532] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\LOLKEK.txt") returned 152 [0048.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.532] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.532] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.533] CloseHandle (hObject=0x270) returned 1 [0048.533] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.533] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0048.533] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0048.533] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0048.533] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0048.533] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0048.533] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0048.533] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0048.533] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0048.533] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it") returned 141 [0048.533] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.533] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" [0048.533] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*" [0048.533] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.534] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.534] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.534] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.534] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.534] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.534] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.534] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.534] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.534] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.534] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.534] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.534] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.534] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.534] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.534] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.534] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.534] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.534] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.534] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.534] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.534] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.534] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.534] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json") returned 155 [0048.534] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.534] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.534] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json") returned 155 [0048.534] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebe808 [0048.534] lstrcpyW (in: lpString1=0x3ebe808, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" [0048.534] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.534] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.534] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.534] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.534] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\LOLKEK.txt") returned 152 [0048.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.535] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.535] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.535] CloseHandle (hObject=0x1ec) returned 1 [0048.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.535] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0048.536] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0048.536] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0048.536] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0048.536] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0048.536] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0048.536] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0048.536] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0048.536] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja") returned 141 [0048.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.536] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" [0048.536] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*" [0048.536] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.536] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.536] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.536] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.536] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.536] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.536] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.536] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.536] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.536] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.536] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.536] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.536] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.536] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.536] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.536] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.536] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.536] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.536] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.536] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.536] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.536] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.536] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.536] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json") returned 155 [0048.536] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.536] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.536] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json") returned 155 [0048.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebe2f8 [0048.536] lstrcpyW (in: lpString1=0x3ebe2f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" [0048.537] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.537] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.537] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.537] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.537] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\LOLKEK.txt") returned 152 [0048.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.537] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.537] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.538] CloseHandle (hObject=0x1ec) returned 1 [0048.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.538] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0048.538] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0048.538] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0048.538] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0048.538] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0048.538] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0048.538] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0048.538] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0048.538] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko") returned 141 [0048.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.538] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" [0048.538] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*" [0048.538] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.538] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.538] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.538] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.538] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.538] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.538] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.538] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.538] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.538] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.538] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.538] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.538] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.538] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.538] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.538] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.538] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.539] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.539] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.539] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.539] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.539] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.539] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.539] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json") returned 155 [0048.539] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.539] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.539] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json") returned 155 [0048.539] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebe070 [0048.539] lstrcpyW (in: lpString1=0x3ebe070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" [0048.539] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.539] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.539] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.539] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.539] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\LOLKEK.txt") returned 152 [0048.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.539] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.539] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.540] CloseHandle (hObject=0x1ec) returned 1 [0048.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.540] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0048.540] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0048.540] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0048.540] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0048.540] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0048.540] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0048.540] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0048.540] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0048.540] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt") returned 141 [0048.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.540] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" [0048.540] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*" [0048.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.540] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.540] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.540] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.540] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.541] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.541] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.541] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.541] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.541] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.541] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.541] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.541] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.541] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.541] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.541] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.541] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.541] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.541] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.541] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.541] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.541] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.541] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.541] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json") returned 155 [0048.541] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.541] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.541] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json") returned 155 [0048.541] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebdde8 [0048.541] lstrcpyW (in: lpString1=0x3ebdde8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" [0048.541] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.541] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.541] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.541] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.541] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\LOLKEK.txt") returned 152 [0048.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.542] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.542] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.542] CloseHandle (hObject=0x1ec) returned 1 [0048.542] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.542] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0048.542] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0048.542] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0048.542] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0048.542] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0048.542] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0048.542] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0048.542] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0048.542] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv") returned 141 [0048.542] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.542] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" [0048.542] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*" [0048.542] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.543] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.543] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.543] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.543] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.543] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.543] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.543] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.543] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.543] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.543] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.543] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.543] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.543] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.543] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.543] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.543] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.543] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.543] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.543] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.543] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.543] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.543] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.543] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json") returned 155 [0048.543] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.543] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.543] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json") returned 155 [0048.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebdb60 [0048.543] lstrcpyW (in: lpString1=0x3ebdb60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" [0048.543] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.543] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.543] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.543] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.543] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\LOLKEK.txt") returned 152 [0048.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.544] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.544] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.544] CloseHandle (hObject=0x1ec) returned 1 [0048.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.544] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0048.544] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0048.544] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0048.544] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0048.545] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0048.545] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0048.545] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0048.545] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0048.545] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl") returned 141 [0048.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.545] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" [0048.545] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*" [0048.545] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.545] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.545] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.545] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.545] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.545] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.545] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.545] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.545] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.545] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.545] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.545] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.545] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.545] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.545] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.545] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.545] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.545] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.545] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.545] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.545] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.545] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.545] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.545] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json") returned 155 [0048.545] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.545] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.545] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json") returned 155 [0048.545] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebd8d8 [0048.545] lstrcpyW (in: lpString1=0x3ebd8d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" [0048.545] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.545] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.545] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.546] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.546] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\LOLKEK.txt") returned 152 [0048.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.546] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.546] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.547] CloseHandle (hObject=0x1ec) returned 1 [0048.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.547] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="no", cAlternateFileName="")) returned 1 [0048.547] lstrcmpiW (lpString1="no", lpString2="Windows") returned -1 [0048.547] lstrcmpiW (lpString1="no", lpString2="Program Files") returned -1 [0048.547] lstrcmpiW (lpString1="no", lpString2="Program Files (x86)") returned -1 [0048.547] lstrcmpiW (lpString1="no", lpString2="$Recycle.bin") returned 1 [0048.547] lstrcmpiW (lpString1="no", lpString2="System Volume Information") returned -1 [0048.547] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0048.547] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0048.547] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no") returned 141 [0048.547] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.547] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" [0048.547] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*" [0048.547] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.547] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.547] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.547] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.547] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.547] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.547] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.547] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.547] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.547] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.547] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.547] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.547] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.547] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.548] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.548] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.548] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.548] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.548] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.548] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.548] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.548] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.548] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.548] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json") returned 155 [0048.548] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.548] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.548] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json") returned 155 [0048.548] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebd650 [0048.548] lstrcpyW (in: lpString1=0x3ebd650, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" [0048.548] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.548] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.548] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.548] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.548] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\LOLKEK.txt") returned 152 [0048.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.548] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.548] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.549] CloseHandle (hObject=0x1ec) returned 1 [0048.549] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.549] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0048.549] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0048.549] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0048.549] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0048.549] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0048.549] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0048.549] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0048.549] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0048.549] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl") returned 141 [0048.549] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.549] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" [0048.549] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*" [0048.550] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.550] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.550] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.550] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.550] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.550] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.550] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.550] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.550] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.550] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.550] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.550] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.550] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.550] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.550] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.550] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.550] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.550] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.550] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.550] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.550] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.550] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.550] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.550] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json") returned 155 [0048.550] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.550] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.550] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json") returned 155 [0048.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebd3c8 [0048.550] lstrcpyW (in: lpString1=0x3ebd3c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" [0048.550] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.550] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.550] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.550] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.550] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\LOLKEK.txt") returned 152 [0048.550] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.551] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.551] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.552] CloseHandle (hObject=0x1ec) returned 1 [0048.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.552] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0048.552] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0048.552] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0048.552] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0048.552] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0048.552] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0048.552] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0048.552] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0048.552] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR") returned 144 [0048.552] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.552] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" [0048.552] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*" [0048.552] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.554] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.554] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.554] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.554] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.555] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.555] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.555] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.555] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.555] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.555] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.555] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.555] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.555] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.555] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.555] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.555] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.555] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.555] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.555] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.555] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.555] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.555] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.555] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json") returned 158 [0048.555] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.555] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.555] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json") returned 158 [0048.555] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3ebd140 [0048.555] lstrcpyW (in: lpString1=0x3ebd140, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" [0048.555] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.555] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.555] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.555] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.555] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\LOLKEK.txt") returned 155 [0048.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.556] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.556] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.556] CloseHandle (hObject=0x1ec) returned 1 [0048.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.556] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0048.556] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0048.556] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0048.556] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0048.556] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0048.556] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0048.556] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0048.556] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0048.556] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT") returned 144 [0048.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.557] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" [0048.557] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*" [0048.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.557] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.557] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.557] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.557] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.557] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.557] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.557] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.557] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.557] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.557] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.557] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.557] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.557] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.557] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.557] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.557] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.557] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.557] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.557] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.557] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.557] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.557] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.557] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json") returned 158 [0048.557] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.557] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.557] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json") returned 158 [0048.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3ebceb8 [0048.557] lstrcpyW (in: lpString1=0x3ebceb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" [0048.557] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.557] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.557] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.557] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.557] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\LOLKEK.txt") returned 155 [0048.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.559] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.559] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.560] CloseHandle (hObject=0x1ec) returned 1 [0048.560] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.560] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0048.560] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0048.560] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0048.560] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0048.560] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0048.560] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0048.560] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0048.560] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0048.560] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned 141 [0048.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.560] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" [0048.560] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*" [0048.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.561] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.561] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.561] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.561] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.561] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.561] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.561] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.561] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.561] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.561] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.561] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.561] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.561] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.561] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.561] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.561] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.561] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.561] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.561] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.561] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.561] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.561] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.561] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json") returned 155 [0048.561] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.561] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.561] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json") returned 155 [0048.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebcc30 [0048.561] lstrcpyW (in: lpString1=0x3ebcc30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" [0048.561] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.561] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.561] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.561] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.561] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\LOLKEK.txt") returned 152 [0048.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.562] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.562] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.562] CloseHandle (hObject=0x1ec) returned 1 [0048.562] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.562] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0048.562] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0048.562] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0048.562] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0048.562] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0048.562] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0048.562] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0048.562] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0048.562] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned 141 [0048.562] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.563] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" [0048.563] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*" [0048.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.563] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.563] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.563] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.563] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.563] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.563] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.563] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.563] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.563] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.563] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.563] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.563] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.563] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.563] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.563] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.563] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.563] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.563] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.563] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.563] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.563] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.563] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.563] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json") returned 155 [0048.563] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.563] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.563] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json") returned 155 [0048.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebbd00 [0048.563] lstrcpyW (in: lpString1=0x3ebbd00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" [0048.563] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.563] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.563] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.563] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.563] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\LOLKEK.txt") returned 152 [0048.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.564] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.564] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.565] CloseHandle (hObject=0x1ec) returned 1 [0048.565] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.565] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="se", cAlternateFileName="")) returned 1 [0048.565] lstrcmpiW (lpString1="se", lpString2="Windows") returned -1 [0048.565] lstrcmpiW (lpString1="se", lpString2="Program Files") returned 1 [0048.565] lstrcmpiW (lpString1="se", lpString2="Program Files (x86)") returned 1 [0048.565] lstrcmpiW (lpString1="se", lpString2="$Recycle.bin") returned 1 [0048.565] lstrcmpiW (lpString1="se", lpString2="System Volume Information") returned -1 [0048.565] lstrcmpiW (lpString1="se", lpString2=".") returned 1 [0048.565] lstrcmpiW (lpString1="se", lpString2="..") returned 1 [0048.565] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned 141 [0048.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.565] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" [0048.565] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*" [0048.565] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.565] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.565] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.565] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.565] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.565] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.565] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.565] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.565] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.565] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.565] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.565] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.565] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.565] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.565] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.565] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.565] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.565] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.565] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.565] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.565] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.565] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.565] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.565] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json") returned 155 [0048.565] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.566] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.566] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json") returned 155 [0048.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebc720 [0048.566] lstrcpyW (in: lpString1=0x3ebc720, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" [0048.566] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.566] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.566] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.566] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.566] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\LOLKEK.txt") returned 152 [0048.566] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.566] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.566] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.567] CloseHandle (hObject=0x1ec) returned 1 [0048.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.567] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0048.567] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0048.567] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0048.567] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0048.567] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0048.567] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0048.567] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0048.567] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0048.567] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned 141 [0048.567] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.567] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" [0048.567] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*" [0048.567] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.567] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.567] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.567] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.567] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.567] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.568] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.568] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.568] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.568] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.568] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.568] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.568] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.568] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.568] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.568] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.568] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.568] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.568] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.568] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.568] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.568] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.568] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.568] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json") returned 155 [0048.568] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.568] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.568] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json") returned 155 [0048.568] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebc498 [0048.568] lstrcpyW (in: lpString1=0x3ebc498, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" [0048.568] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.568] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.568] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.568] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.568] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\LOLKEK.txt") returned 152 [0048.568] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.569] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.569] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.569] CloseHandle (hObject=0x1ec) returned 1 [0048.569] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.569] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0048.569] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0048.569] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0048.569] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0048.569] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0048.569] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0048.569] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0048.569] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0048.569] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned 141 [0048.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.569] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" [0048.569] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*" [0048.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.570] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.570] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.570] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.570] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.570] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.570] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.570] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.570] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.570] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.570] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.570] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.570] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.570] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.570] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.570] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.570] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.570] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.570] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.570] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.570] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.570] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.570] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.570] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json") returned 155 [0048.570] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.570] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.570] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json") returned 155 [0048.570] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebc210 [0048.570] lstrcpyW (in: lpString1=0x3ebc210, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" [0048.570] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.570] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.570] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.570] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.570] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\LOLKEK.txt") returned 152 [0048.570] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.571] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.571] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.571] CloseHandle (hObject=0x1ec) returned 1 [0048.571] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.571] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0048.571] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0048.571] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0048.571] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0048.572] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0048.572] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0048.572] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0048.572] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0048.572] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned 141 [0048.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.572] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" [0048.572] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*" [0048.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.572] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.572] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.572] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.572] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.572] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.572] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.572] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.572] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.572] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.572] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.572] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.572] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.572] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.572] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.572] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.572] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.572] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.572] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.572] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.572] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.572] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.572] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.572] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json") returned 155 [0048.572] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.572] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.572] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json") returned 155 [0048.572] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3ebbf88 [0048.572] lstrcpyW (in: lpString1=0x3ebbf88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" [0048.572] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.572] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.573] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.573] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.573] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\LOLKEK.txt") returned 152 [0048.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.573] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.573] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.574] CloseHandle (hObject=0x1ec) returned 1 [0048.574] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.574] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0048.574] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0048.574] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0048.574] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0048.574] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0048.574] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0048.574] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0048.574] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0048.574] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned 141 [0048.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.574] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" [0048.574] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*" [0048.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.574] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.574] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.574] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.574] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.574] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.574] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.574] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.574] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.574] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.574] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.574] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.574] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.574] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.574] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.574] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.574] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.574] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.574] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.574] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.575] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.575] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.575] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.575] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json") returned 155 [0048.575] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.575] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.575] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json") returned 155 [0048.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb7328 [0048.575] lstrcpyW (in: lpString1=0x3cb7328, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" [0048.575] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.575] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.575] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.575] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.575] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\LOLKEK.txt") returned 152 [0048.575] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.575] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.575] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.576] CloseHandle (hObject=0x1ec) returned 1 [0048.576] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.576] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0048.576] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0048.576] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0048.576] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0048.576] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0048.576] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0048.576] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0048.576] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0048.576] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned 141 [0048.576] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.576] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" [0048.576] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*" [0048.576] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.576] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.576] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.576] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.576] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.576] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.576] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.576] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.577] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.577] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.577] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.577] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.577] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.577] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.577] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.577] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.577] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.577] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.577] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.577] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.577] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.577] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.577] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.577] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json") returned 155 [0048.577] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.577] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.577] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json") returned 155 [0048.577] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb70a0 [0048.577] lstrcpyW (in: lpString1=0x3cb70a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" [0048.577] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.577] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.577] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.577] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.577] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\LOLKEK.txt") returned 152 [0048.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.577] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.577] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.578] CloseHandle (hObject=0x1ec) returned 1 [0048.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.578] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0048.578] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0048.578] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0048.578] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0048.578] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0048.578] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0048.578] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0048.578] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0048.578] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned 141 [0048.578] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.578] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" [0048.578] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*" [0048.578] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.579] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.579] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.579] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.579] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.579] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.579] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.579] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.579] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.579] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.579] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.579] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.579] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.579] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.579] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.579] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.579] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.579] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.579] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.579] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.579] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.579] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.579] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.579] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json") returned 155 [0048.579] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.579] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.579] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json") returned 155 [0048.579] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb6e18 [0048.579] lstrcpyW (in: lpString1=0x3cb6e18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" [0048.579] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.579] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.579] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.579] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.579] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\LOLKEK.txt") returned 152 [0048.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.580] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.580] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.580] CloseHandle (hObject=0x1ec) returned 1 [0048.581] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.581] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0048.581] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0048.581] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0048.581] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0048.581] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0048.581] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0048.581] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0048.581] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0048.581] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned 141 [0048.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.581] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" [0048.581] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*" [0048.581] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.581] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.581] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.581] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.581] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.581] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.581] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.581] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.581] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.581] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.581] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.581] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.581] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.581] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.581] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.581] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.581] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.581] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.581] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.581] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.581] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.581] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.581] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.581] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json") returned 155 [0048.581] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.581] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.582] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json") returned 155 [0048.582] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x270) returned 0x3cb6b90 [0048.582] lstrcpyW (in: lpString1=0x3cb6b90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" [0048.582] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.582] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.582] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.582] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.582] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\LOLKEK.txt") returned 152 [0048.582] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.582] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.582] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.583] CloseHandle (hObject=0x1ec) returned 1 [0048.583] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.583] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0048.583] lstrcmpiW (lpString1="zh_CN", lpString2="Windows") returned 1 [0048.583] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files") returned 1 [0048.583] lstrcmpiW (lpString1="zh_CN", lpString2="Program Files (x86)") returned 1 [0048.583] lstrcmpiW (lpString1="zh_CN", lpString2="$Recycle.bin") returned 1 [0048.583] lstrcmpiW (lpString1="zh_CN", lpString2="System Volume Information") returned 1 [0048.583] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0048.583] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0048.583] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned 144 [0048.583] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.583] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" [0048.583] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*" [0048.583] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.583] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.583] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.583] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.583] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.583] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.583] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.583] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.583] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.583] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.583] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.583] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.583] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.584] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.584] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.584] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.584] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.584] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.584] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.584] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.584] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.584] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.584] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.584] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json") returned 158 [0048.584] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.584] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.584] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json") returned 158 [0048.584] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3cb6908 [0048.584] lstrcpyW (in: lpString1=0x3cb6908, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" [0048.584] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.584] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.584] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.584] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.584] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\LOLKEK.txt") returned 155 [0048.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.584] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.584] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.585] CloseHandle (hObject=0x1ec) returned 1 [0048.585] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.585] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0048.585] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0048.585] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0048.585] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0048.585] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0048.585] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0048.585] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0048.585] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0048.585] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned 144 [0048.585] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.585] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" [0048.585] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*" [0048.585] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.586] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.586] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.586] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.586] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.586] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.586] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.586] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.586] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.586] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.586] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.586] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.586] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.586] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.586] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.586] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.586] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.586] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.586] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.586] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.586] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.586] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.586] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.586] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json") returned 158 [0048.586] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.586] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.586] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json") returned 158 [0048.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3cb5750 [0048.586] lstrcpyW (in: lpString1=0x3cb5750, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" [0048.586] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.586] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.586] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.586] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.586] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\LOLKEK.txt") returned 155 [0048.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.587] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.587] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.587] CloseHandle (hObject=0x1ec) returned 1 [0048.587] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.587] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0048.588] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0048.588] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\LOLKEK.txt") returned 149 [0048.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.588] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.588] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0048.589] CloseHandle (hObject=0x258) returned 1 [0048.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.590] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0048.590] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0048.590] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0048.590] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0048.590] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0048.590] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0048.590] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0048.590] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0048.590] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned 139 [0048.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.590] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" [0048.590] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*" [0048.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0048.591] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.591] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.591] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.591] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.591] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.592] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.592] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.592] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.592] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.592] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.592] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.592] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.592] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0048.592] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0048.592] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0048.592] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0048.592] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0048.592] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0048.592] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0048.592] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0048.592] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json") returned 162 [0048.592] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0048.592] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0048.592] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json") returned 162 [0048.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec0258 [0048.592] lstrcpyW (in: lpString1=0x3ec0258, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" [0048.592] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.592] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.592] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0048.592] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0048.592] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\LOLKEK.txt") returned 150 [0048.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.593] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.593] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0048.593] CloseHandle (hObject=0x258) returned 1 [0048.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0048.593] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0048.594] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0048.594] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\LOLKEK.txt") returned 140 [0048.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0048.594] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.594] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0048.594] CloseHandle (hObject=0x25c) returned 1 [0048.595] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0048.595] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8.1_0", cAlternateFileName="")) returned 0 [0048.595] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0048.595] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\LOLKEK.txt") returned 134 [0048.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0048.595] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.595] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0048.596] CloseHandle (hObject=0x1b4) returned 1 [0048.596] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0048.596] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0048.596] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="Windows") returned -1 [0048.596] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="Program Files") returned -1 [0048.596] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="Program Files (x86)") returned -1 [0048.596] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="$Recycle.bin") returned 1 [0048.596] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="System Volume Information") returned -1 [0048.596] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2=".") returned 1 [0048.596] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="..") returned 1 [0048.596] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 123 [0048.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0048.596] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0048.596] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*" [0048.596] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0048.597] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.597] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.597] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.597] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.597] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.597] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.597] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.597] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.597] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.597] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.597] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.597] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.597] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.597] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.597] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5817.313.0.5_0", cAlternateFileName="581731~1.5_0")) returned 1 [0048.597] lstrcmpiW (lpString1="5817.313.0.5_0", lpString2="Windows") returned -1 [0048.597] lstrcmpiW (lpString1="5817.313.0.5_0", lpString2="Program Files") returned -1 [0048.597] lstrcmpiW (lpString1="5817.313.0.5_0", lpString2="Program Files (x86)") returned -1 [0048.597] lstrcmpiW (lpString1="5817.313.0.5_0", lpString2="$Recycle.bin") returned 1 [0048.597] lstrcmpiW (lpString1="5817.313.0.5_0", lpString2="System Volume Information") returned -1 [0048.597] lstrcmpiW (lpString1="5817.313.0.5_0", lpString2=".") returned 1 [0048.597] lstrcmpiW (lpString1="5817.313.0.5_0", lpString2="..") returned 1 [0048.597] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0") returned 138 [0048.597] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0048.597] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" [0048.597] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*" [0048.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0048.602] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.602] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.602] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.602] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.602] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.602] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.602] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.606] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.606] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.606] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.606] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.606] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.606] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.606] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.607] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83637bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8363f0f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x8c0bf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="angular.js", cAlternateFileName="")) returned 1 [0048.607] lstrcmpiW (lpString1="angular.js", lpString2="Windows") returned -1 [0048.607] lstrcmpiW (lpString1="angular.js", lpString2="Program Files") returned -1 [0048.607] lstrcmpiW (lpString1="angular.js", lpString2="Program Files (x86)") returned -1 [0048.607] lstrcmpiW (lpString1="angular.js", lpString2="$Recycle.bin") returned 1 [0048.607] lstrcmpiW (lpString1="angular.js", lpString2="System Volume Information") returned -1 [0048.607] lstrcmpiW (lpString1="angular.js", lpString2=".") returned 1 [0048.607] lstrcmpiW (lpString1="angular.js", lpString2="..") returned 1 [0048.607] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js") returned 149 [0048.607] StrStrIW (lpFirst="angular.js", lpSrch=".lolkek") returned 0x0 [0048.607] lstrcmpW (lpString1="angular.js", lpString2="LOLKEK.txt") returned -1 [0048.607] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js") returned 149 [0048.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x258) returned 0x698d80 [0048.607] lstrcpyW (in: lpString1=0x698d80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" [0048.607] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.607] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.607] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83641800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83643f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xa89c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="background_script.js", cAlternateFileName="BACKGR~1.JS")) returned 1 [0048.607] lstrcmpiW (lpString1="background_script.js", lpString2="Windows") returned -1 [0048.607] lstrcmpiW (lpString1="background_script.js", lpString2="Program Files") returned -1 [0048.607] lstrcmpiW (lpString1="background_script.js", lpString2="Program Files (x86)") returned -1 [0048.607] lstrcmpiW (lpString1="background_script.js", lpString2="$Recycle.bin") returned 1 [0048.607] lstrcmpiW (lpString1="background_script.js", lpString2="System Volume Information") returned -1 [0048.607] lstrcmpiW (lpString1="background_script.js", lpString2=".") returned 1 [0048.607] lstrcmpiW (lpString1="background_script.js", lpString2="..") returned 1 [0048.607] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js") returned 159 [0048.607] StrStrIW (lpFirst="background_script.js", lpSrch=".lolkek") returned 0x0 [0048.607] lstrcmpW (lpString1="background_script.js", lpString2="LOLKEK.txt") returned -1 [0048.607] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js") returned 159 [0048.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3e6b538 [0048.607] lstrcpyW (in: lpString1=0x3e6b538, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" [0048.607] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.607] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.607] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83646620, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83648d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x181aa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_game_sender.js", cAlternateFileName="CAST_G~1.JS")) returned 1 [0048.607] lstrcmpiW (lpString1="cast_game_sender.js", lpString2="Windows") returned -1 [0048.607] lstrcmpiW (lpString1="cast_game_sender.js", lpString2="Program Files") returned -1 [0048.607] lstrcmpiW (lpString1="cast_game_sender.js", lpString2="Program Files (x86)") returned -1 [0048.607] lstrcmpiW (lpString1="cast_game_sender.js", lpString2="$Recycle.bin") returned 1 [0048.607] lstrcmpiW (lpString1="cast_game_sender.js", lpString2="System Volume Information") returned -1 [0048.607] lstrcmpiW (lpString1="cast_game_sender.js", lpString2=".") returned 1 [0048.607] lstrcmpiW (lpString1="cast_game_sender.js", lpString2="..") returned 1 [0048.607] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js") returned 158 [0048.607] StrStrIW (lpFirst="cast_game_sender.js", lpSrch=".lolkek") returned 0x0 [0048.607] lstrcmpW (lpString1="cast_game_sender.js", lpString2="LOLKEK.txt") returned -1 [0048.607] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js") returned 158 [0048.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3cb54c8 [0048.607] lstrcpyW (in: lpString1=0x3cb54c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" [0048.608] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.608] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.608] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8364db50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8364db50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x111e1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_route_details.html", cAlternateFileName="CAST_R~1.HTM")) returned 1 [0048.608] lstrcmpiW (lpString1="cast_route_details.html", lpString2="Windows") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.html", lpString2="Program Files") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.html", lpString2="Program Files (x86)") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.html", lpString2="$Recycle.bin") returned 1 [0048.608] lstrcmpiW (lpString1="cast_route_details.html", lpString2="System Volume Information") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.html", lpString2=".") returned 1 [0048.608] lstrcmpiW (lpString1="cast_route_details.html", lpString2="..") returned 1 [0048.608] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html") returned 162 [0048.608] StrStrIW (lpFirst="cast_route_details.html", lpSrch=".lolkek") returned 0x0 [0048.608] lstrcmpW (lpString1="cast_route_details.html", lpString2="LOLKEK.txt") returned -1 [0048.608] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html") returned 162 [0048.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ebffb0 [0048.608] lstrcpyW (in: lpString1=0x3ebffb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" [0048.608] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.608] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.608] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83652970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83657790, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3a258, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_route_details.js", cAlternateFileName="CAST_R~1.JS")) returned 1 [0048.608] lstrcmpiW (lpString1="cast_route_details.js", lpString2="Windows") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.js", lpString2="Program Files") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.js", lpString2="Program Files (x86)") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.js", lpString2="$Recycle.bin") returned 1 [0048.608] lstrcmpiW (lpString1="cast_route_details.js", lpString2="System Volume Information") returned -1 [0048.608] lstrcmpiW (lpString1="cast_route_details.js", lpString2=".") returned 1 [0048.608] lstrcmpiW (lpString1="cast_route_details.js", lpString2="..") returned 1 [0048.608] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js") returned 160 [0048.608] StrStrIW (lpFirst="cast_route_details.js", lpSrch=".lolkek") returned 0x0 [0048.608] lstrcmpW (lpString1="cast_route_details.js", lpString2="LOLKEK.txt") returned -1 [0048.608] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js") returned 160 [0048.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x62f598 [0048.608] lstrcpyW (in: lpString1=0x62f598, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" [0048.608] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.608] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.608] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8365ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836613d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xce17, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_sender.js", cAlternateFileName="CAST_S~1.JS")) returned 1 [0048.608] lstrcmpiW (lpString1="cast_sender.js", lpString2="Windows") returned -1 [0048.608] lstrcmpiW (lpString1="cast_sender.js", lpString2="Program Files") returned -1 [0048.608] lstrcmpiW (lpString1="cast_sender.js", lpString2="Program Files (x86)") returned -1 [0048.608] lstrcmpiW (lpString1="cast_sender.js", lpString2="$Recycle.bin") returned 1 [0048.608] lstrcmpiW (lpString1="cast_sender.js", lpString2="System Volume Information") returned -1 [0048.608] lstrcmpiW (lpString1="cast_sender.js", lpString2=".") returned 1 [0048.608] lstrcmpiW (lpString1="cast_sender.js", lpString2="..") returned 1 [0048.608] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js") returned 153 [0048.609] StrStrIW (lpFirst="cast_sender.js", lpSrch=".lolkek") returned 0x0 [0048.609] lstrcmpW (lpString1="cast_sender.js", lpString2="LOLKEK.txt") returned -1 [0048.609] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js") returned 153 [0048.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x268) returned 0x66b510 [0048.609] lstrcpyW (in: lpString1=0x66b510, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" [0048.609] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.609] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.609] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_setup", cAlternateFileName="CAST_S~1")) returned 1 [0048.609] lstrcmpiW (lpString1="cast_setup", lpString2="Windows") returned -1 [0048.609] lstrcmpiW (lpString1="cast_setup", lpString2="Program Files") returned -1 [0048.609] lstrcmpiW (lpString1="cast_setup", lpString2="Program Files (x86)") returned -1 [0048.609] lstrcmpiW (lpString1="cast_setup", lpString2="$Recycle.bin") returned 1 [0048.609] lstrcmpiW (lpString1="cast_setup", lpString2="System Volume Information") returned -1 [0048.609] lstrcmpiW (lpString1="cast_setup", lpString2=".") returned 1 [0048.609] lstrcmpiW (lpString1="cast_setup", lpString2="..") returned 1 [0048.609] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned 149 [0048.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.609] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" [0048.609] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*" [0048.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0048.689] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.689] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.689] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.689] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.689] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.689] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.689] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.689] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.689] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.689] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.689] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.689] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.689] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.689] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.689] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836661f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836661f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1a1d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_app.css", cAlternateFileName="")) returned 1 [0048.689] lstrcmpiW (lpString1="cast_app.css", lpString2="Windows") returned -1 [0048.689] lstrcmpiW (lpString1="cast_app.css", lpString2="Program Files") returned -1 [0048.689] lstrcmpiW (lpString1="cast_app.css", lpString2="Program Files (x86)") returned -1 [0048.689] lstrcmpiW (lpString1="cast_app.css", lpString2="$Recycle.bin") returned 1 [0048.689] lstrcmpiW (lpString1="cast_app.css", lpString2="System Volume Information") returned -1 [0048.689] lstrcmpiW (lpString1="cast_app.css", lpString2=".") returned 1 [0048.689] lstrcmpiW (lpString1="cast_app.css", lpString2="..") returned 1 [0048.689] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css") returned 162 [0048.689] StrStrIW (lpFirst="cast_app.css", lpSrch=".lolkek") returned 0x0 [0048.689] lstrcmpW (lpString1="cast_app.css", lpString2="LOLKEK.txt") returned -1 [0048.689] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css") returned 162 [0048.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec14f0 [0048.689] lstrcpyW (in: lpString1=0x3ec14f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" [0048.689] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.689] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.689] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366b010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366d720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x221da, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_app.js", cAlternateFileName="")) returned 1 [0048.689] lstrcmpiW (lpString1="cast_app.js", lpString2="Windows") returned -1 [0048.689] lstrcmpiW (lpString1="cast_app.js", lpString2="Program Files") returned -1 [0048.690] lstrcmpiW (lpString1="cast_app.js", lpString2="Program Files (x86)") returned -1 [0048.690] lstrcmpiW (lpString1="cast_app.js", lpString2="$Recycle.bin") returned 1 [0048.690] lstrcmpiW (lpString1="cast_app.js", lpString2="System Volume Information") returned -1 [0048.690] lstrcmpiW (lpString1="cast_app.js", lpString2=".") returned 1 [0048.690] lstrcmpiW (lpString1="cast_app.js", lpString2="..") returned 1 [0048.690] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js") returned 161 [0048.690] StrStrIW (lpFirst="cast_app.js", lpSrch=".lolkek") returned 0x0 [0048.690] lstrcmpW (lpString1="cast_app.js", lpString2="LOLKEK.txt") returned -1 [0048.690] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js") returned 161 [0048.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x288) returned 0x3de1b60 [0048.690] lstrcpyW (in: lpString1=0x3de1b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" [0048.690] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.690] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.690] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366fe30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366fe30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cast_app_redirect.js", cAlternateFileName="CAST_A~1.JS")) returned 1 [0048.690] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2="Windows") returned -1 [0048.690] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2="Program Files") returned -1 [0048.690] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2="Program Files (x86)") returned -1 [0048.690] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2="$Recycle.bin") returned 1 [0048.690] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2="System Volume Information") returned -1 [0048.690] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2=".") returned 1 [0048.690] lstrcmpiW (lpString1="cast_app_redirect.js", lpString2="..") returned 1 [0048.690] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js") returned 170 [0048.690] StrStrIW (lpFirst="cast_app_redirect.js", lpSrch=".lolkek") returned 0x0 [0048.690] lstrcmpW (lpString1="cast_app_redirect.js", lpString2="LOLKEK.txt") returned -1 [0048.690] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js") returned 170 [0048.690] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2ac) returned 0x3de02e8 [0048.690] lstrcpyW (in: lpString1=0x3de02e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" [0048.690] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.690] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.690] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83674c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83674c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1bef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chromecast_logo_grey.png", cAlternateFileName="CHROME~1.PNG")) returned 1 [0048.690] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2="Windows") returned -1 [0048.690] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2="Program Files") returned -1 [0048.690] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2="Program Files (x86)") returned -1 [0048.690] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2="$Recycle.bin") returned 1 [0048.690] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2="System Volume Information") returned -1 [0048.690] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2=".") returned 1 [0048.690] lstrcmpiW (lpString1="chromecast_logo_grey.png", lpString2="..") returned 1 [0048.690] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png") returned 174 [0048.690] StrStrIW (lpFirst="chromecast_logo_grey.png", lpSrch=".lolkek") returned 0x0 [0048.691] lstrcmpW (lpString1="chromecast_logo_grey.png", lpString2="LOLKEK.txt") returned -1 [0048.691] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png") returned 174 [0048.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2bc) returned 0x698400 [0048.691] lstrcpyW (in: lpString1=0x698400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" [0048.691] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.691] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.691] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83679a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83679a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="devices.html", cAlternateFileName="DEVICE~1.HTM")) returned 1 [0048.691] lstrcmpiW (lpString1="devices.html", lpString2="Windows") returned -1 [0048.691] lstrcmpiW (lpString1="devices.html", lpString2="Program Files") returned -1 [0048.691] lstrcmpiW (lpString1="devices.html", lpString2="Program Files (x86)") returned -1 [0048.691] lstrcmpiW (lpString1="devices.html", lpString2="$Recycle.bin") returned 1 [0048.691] lstrcmpiW (lpString1="devices.html", lpString2="System Volume Information") returned -1 [0048.691] lstrcmpiW (lpString1="devices.html", lpString2=".") returned 1 [0048.691] lstrcmpiW (lpString1="devices.html", lpString2="..") returned 1 [0048.691] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html") returned 162 [0048.691] StrStrIW (lpFirst="devices.html", lpSrch=".lolkek") returned 0x0 [0048.691] lstrcmpW (lpString1="devices.html", lpString2="LOLKEK.txt") returned -1 [0048.691] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html") returned 162 [0048.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28c) returned 0x3ec1798 [0048.691] lstrcpyW (in: lpString1=0x3ec1798, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" [0048.691] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.691] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.691] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8367c180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8367c180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x828, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.html", cAlternateFileName="INDEX~1.HTM")) returned 1 [0048.691] lstrcmpiW (lpString1="index.html", lpString2="Windows") returned -1 [0048.691] lstrcmpiW (lpString1="index.html", lpString2="Program Files") returned -1 [0048.691] lstrcmpiW (lpString1="index.html", lpString2="Program Files (x86)") returned -1 [0048.691] lstrcmpiW (lpString1="index.html", lpString2="$Recycle.bin") returned 1 [0048.691] lstrcmpiW (lpString1="index.html", lpString2="System Volume Information") returned -1 [0048.691] lstrcmpiW (lpString1="index.html", lpString2=".") returned 1 [0048.691] lstrcmpiW (lpString1="index.html", lpString2="..") returned 1 [0048.691] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html") returned 160 [0048.691] StrStrIW (lpFirst="index.html", lpSrch=".lolkek") returned 0x0 [0048.691] lstrcmpW (lpString1="index.html", lpString2="LOLKEK.txt") returned -1 [0048.691] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html") returned 160 [0048.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x3e3b6a0 [0048.691] lstrcpyW (in: lpString1=0x3e3b6a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" [0048.691] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.691] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.692] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83685dc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83685dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="offers.html", cAlternateFileName="OFFERS~1.HTM")) returned 1 [0048.692] lstrcmpiW (lpString1="offers.html", lpString2="Windows") returned -1 [0048.692] lstrcmpiW (lpString1="offers.html", lpString2="Program Files") returned -1 [0048.692] lstrcmpiW (lpString1="offers.html", lpString2="Program Files (x86)") returned -1 [0048.692] lstrcmpiW (lpString1="offers.html", lpString2="$Recycle.bin") returned 1 [0048.692] lstrcmpiW (lpString1="offers.html", lpString2="System Volume Information") returned -1 [0048.692] lstrcmpiW (lpString1="offers.html", lpString2=".") returned 1 [0048.692] lstrcmpiW (lpString1="offers.html", lpString2="..") returned 1 [0048.692] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html") returned 161 [0048.692] StrStrIW (lpFirst="offers.html", lpSrch=".lolkek") returned 0x0 [0048.692] lstrcmpW (lpString1="offers.html", lpString2="LOLKEK.txt") returned 1 [0048.692] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html") returned 161 [0048.692] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x288) returned 0x3e3b930 [0048.692] lstrcpyW (in: lpString1=0x3e3b930, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" [0048.692] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.692] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.692] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="setup.html", cAlternateFileName="SETUP~1.HTM")) returned 1 [0048.692] lstrcmpiW (lpString1="setup.html", lpString2="Windows") returned -1 [0048.692] lstrcmpiW (lpString1="setup.html", lpString2="Program Files") returned 1 [0048.692] lstrcmpiW (lpString1="setup.html", lpString2="Program Files (x86)") returned 1 [0048.692] lstrcmpiW (lpString1="setup.html", lpString2="$Recycle.bin") returned 1 [0048.692] lstrcmpiW (lpString1="setup.html", lpString2="System Volume Information") returned -1 [0048.692] lstrcmpiW (lpString1="setup.html", lpString2=".") returned 1 [0048.692] lstrcmpiW (lpString1="setup.html", lpString2="..") returned 1 [0048.692] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html") returned 160 [0048.692] StrStrIW (lpFirst="setup.html", lpSrch=".lolkek") returned 0x0 [0048.692] lstrcmpW (lpString1="setup.html", lpString2="LOLKEK.txt") returned 1 [0048.692] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html") returned 160 [0048.692] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x61c0b8 [0048.692] lstrcpyW (in: lpString1=0x61c0b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" [0048.692] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.692] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.692] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="setup.html", cAlternateFileName="SETUP~1.HTM")) returned 0 [0048.692] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0048.693] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\LOLKEK.txt") returned 160 [0048.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.694] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.694] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0048.694] CloseHandle (hObject=0x270) returned 1 [0048.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.694] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cloud_route_details", cAlternateFileName="CLOUD_~1")) returned 1 [0048.694] lstrcmpiW (lpString1="cloud_route_details", lpString2="Windows") returned -1 [0048.694] lstrcmpiW (lpString1="cloud_route_details", lpString2="Program Files") returned -1 [0048.694] lstrcmpiW (lpString1="cloud_route_details", lpString2="Program Files (x86)") returned -1 [0048.694] lstrcmpiW (lpString1="cloud_route_details", lpString2="$Recycle.bin") returned 1 [0048.694] lstrcmpiW (lpString1="cloud_route_details", lpString2="System Volume Information") returned -1 [0048.694] lstrcmpiW (lpString1="cloud_route_details", lpString2=".") returned 1 [0048.694] lstrcmpiW (lpString1="cloud_route_details", lpString2="..") returned 1 [0048.694] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned 158 [0048.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.695] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" [0048.695] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*" [0048.695] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0048.731] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.731] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.731] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.731] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.731] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.731] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.731] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.731] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.731] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.731] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.731] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.731] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.731] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.731] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.731] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8368fa00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368fa00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x174c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="view.html", cAlternateFileName="VIEW~1.HTM")) returned 1 [0048.731] lstrcmpiW (lpString1="view.html", lpString2="Windows") returned -1 [0048.731] lstrcmpiW (lpString1="view.html", lpString2="Program Files") returned 1 [0048.731] lstrcmpiW (lpString1="view.html", lpString2="Program Files (x86)") returned 1 [0048.731] lstrcmpiW (lpString1="view.html", lpString2="$Recycle.bin") returned 1 [0048.731] lstrcmpiW (lpString1="view.html", lpString2="System Volume Information") returned 1 [0048.731] lstrcmpiW (lpString1="view.html", lpString2=".") returned 1 [0048.731] lstrcmpiW (lpString1="view.html", lpString2="..") returned 1 [0048.731] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html") returned 168 [0048.731] StrStrIW (lpFirst="view.html", lpSrch=".lolkek") returned 0x0 [0048.731] lstrcmpW (lpString1="view.html", lpString2="LOLKEK.txt") returned 1 [0048.732] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html") returned 168 [0048.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a4) returned 0x61c348 [0048.732] lstrcpyW (in: lpString1=0x61c348, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" [0048.732] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.732] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.732] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="view.js", cAlternateFileName="")) returned 1 [0048.732] lstrcmpiW (lpString1="view.js", lpString2="Windows") returned -1 [0048.732] lstrcmpiW (lpString1="view.js", lpString2="Program Files") returned 1 [0048.732] lstrcmpiW (lpString1="view.js", lpString2="Program Files (x86)") returned 1 [0048.732] lstrcmpiW (lpString1="view.js", lpString2="$Recycle.bin") returned 1 [0048.732] lstrcmpiW (lpString1="view.js", lpString2="System Volume Information") returned 1 [0048.732] lstrcmpiW (lpString1="view.js", lpString2=".") returned 1 [0048.732] lstrcmpiW (lpString1="view.js", lpString2="..") returned 1 [0048.732] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js") returned 166 [0048.732] StrStrIW (lpFirst="view.js", lpSrch=".lolkek") returned 0x0 [0048.732] lstrcmpW (lpString1="view.js", lpString2="LOLKEK.txt") returned 1 [0048.732] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js") returned 166 [0048.732] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29c) returned 0x3cbb000 [0048.732] lstrcpyW (in: lpString1=0x3cbb000, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" [0048.732] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.732] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.732] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="view.js", cAlternateFileName="")) returned 0 [0048.732] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0048.732] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\LOLKEK.txt") returned 169 [0048.732] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0048.740] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.740] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0048.740] CloseHandle (hObject=0x270) returned 1 [0048.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0048.740] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83696f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83699640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc878, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="common.js", cAlternateFileName="")) returned 1 [0048.740] lstrcmpiW (lpString1="common.js", lpString2="Windows") returned -1 [0048.740] lstrcmpiW (lpString1="common.js", lpString2="Program Files") returned -1 [0048.740] lstrcmpiW (lpString1="common.js", lpString2="Program Files (x86)") returned -1 [0048.740] lstrcmpiW (lpString1="common.js", lpString2="$Recycle.bin") returned 1 [0048.740] lstrcmpiW (lpString1="common.js", lpString2="System Volume Information") returned -1 [0048.740] lstrcmpiW (lpString1="common.js", lpString2=".") returned 1 [0048.740] lstrcmpiW (lpString1="common.js", lpString2="..") returned 1 [0048.740] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js") returned 148 [0048.741] StrStrIW (lpFirst="common.js", lpSrch=".lolkek") returned 0x0 [0048.741] lstrcmpW (lpString1="common.js", lpString2="LOLKEK.txt") returned -1 [0048.741] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js") returned 148 [0048.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x254) returned 0x3cbb2a8 [0048.741] lstrcpyW (in: lpString1=0x3cbb2a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" [0048.741] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.741] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.741] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8369bd50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8369bd50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc26, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="feedback.css", cAlternateFileName="")) returned 1 [0048.741] lstrcmpiW (lpString1="feedback.css", lpString2="Windows") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.css", lpString2="Program Files") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.css", lpString2="Program Files (x86)") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.css", lpString2="$Recycle.bin") returned 1 [0048.741] lstrcmpiW (lpString1="feedback.css", lpString2="System Volume Information") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.css", lpString2=".") returned 1 [0048.741] lstrcmpiW (lpString1="feedback.css", lpString2="..") returned 1 [0048.741] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css") returned 151 [0048.741] StrStrIW (lpFirst="feedback.css", lpSrch=".lolkek") returned 0x0 [0048.741] lstrcmpW (lpString1="feedback.css", lpString2="LOLKEK.txt") returned -1 [0048.741] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css") returned 151 [0048.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x618490 [0048.741] lstrcpyW (in: lpString1=0x618490, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" [0048.741] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.741] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.741] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a0b70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a0b70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x38a8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="feedback.html", cAlternateFileName="FEEDBA~1.HTM")) returned 1 [0048.741] lstrcmpiW (lpString1="feedback.html", lpString2="Windows") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.html", lpString2="Program Files") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.html", lpString2="Program Files (x86)") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.html", lpString2="$Recycle.bin") returned 1 [0048.741] lstrcmpiW (lpString1="feedback.html", lpString2="System Volume Information") returned -1 [0048.741] lstrcmpiW (lpString1="feedback.html", lpString2=".") returned 1 [0048.741] lstrcmpiW (lpString1="feedback.html", lpString2="..") returned 1 [0048.741] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html") returned 152 [0048.741] StrStrIW (lpFirst="feedback.html", lpSrch=".lolkek") returned 0x0 [0048.741] lstrcmpW (lpString1="feedback.html", lpString2="LOLKEK.txt") returned -1 [0048.741] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html") returned 152 [0048.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x6186f8 [0048.741] lstrcpyW (in: lpString1=0x6186f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" [0048.741] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.742] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a5990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a5990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2b20, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="feedback_script.js", cAlternateFileName="FEEDBA~1.JS")) returned 1 [0048.742] lstrcmpiW (lpString1="feedback_script.js", lpString2="Windows") returned -1 [0048.742] lstrcmpiW (lpString1="feedback_script.js", lpString2="Program Files") returned -1 [0048.742] lstrcmpiW (lpString1="feedback_script.js", lpString2="Program Files (x86)") returned -1 [0048.742] lstrcmpiW (lpString1="feedback_script.js", lpString2="$Recycle.bin") returned 1 [0048.742] lstrcmpiW (lpString1="feedback_script.js", lpString2="System Volume Information") returned -1 [0048.742] lstrcmpiW (lpString1="feedback_script.js", lpString2=".") returned 1 [0048.742] lstrcmpiW (lpString1="feedback_script.js", lpString2="..") returned 1 [0048.742] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js") returned 157 [0048.742] StrStrIW (lpFirst="feedback_script.js", lpSrch=".lolkek") returned 0x0 [0048.742] lstrcmpW (lpString1="feedback_script.js", lpString2="LOLKEK.txt") returned -1 [0048.742] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js") returned 157 [0048.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x278) returned 0x3da4f98 [0048.742] lstrcpyW (in: lpString1=0x3da4f98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" [0048.742] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.742] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836af5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8395fd70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0048.742] lstrcmpiW (lpString1="manifest.json", lpString2="Windows") returned -1 [0048.742] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files") returned -1 [0048.742] lstrcmpiW (lpString1="manifest.json", lpString2="Program Files (x86)") returned -1 [0048.742] lstrcmpiW (lpString1="manifest.json", lpString2="$Recycle.bin") returned 1 [0048.742] lstrcmpiW (lpString1="manifest.json", lpString2="System Volume Information") returned -1 [0048.742] lstrcmpiW (lpString1="manifest.json", lpString2=".") returned 1 [0048.742] lstrcmpiW (lpString1="manifest.json", lpString2="..") returned 1 [0048.742] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json") returned 152 [0048.742] StrStrIW (lpFirst="manifest.json", lpSrch=".lolkek") returned 0x0 [0048.742] lstrcmpW (lpString1="manifest.json", lpString2="LOLKEK.txt") returned 1 [0048.742] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json") returned 152 [0048.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ec70d0 [0048.742] lstrcpyW (in: lpString1=0x3ec70d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" [0048.742] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.742] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b1ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b43f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x46039, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="material_css_min.css", cAlternateFileName="MATERI~1.CSS")) returned 1 [0048.742] lstrcmpiW (lpString1="material_css_min.css", lpString2="Windows") returned -1 [0048.742] lstrcmpiW (lpString1="material_css_min.css", lpString2="Program Files") returned -1 [0048.743] lstrcmpiW (lpString1="material_css_min.css", lpString2="Program Files (x86)") returned -1 [0048.743] lstrcmpiW (lpString1="material_css_min.css", lpString2="$Recycle.bin") returned 1 [0048.743] lstrcmpiW (lpString1="material_css_min.css", lpString2="System Volume Information") returned -1 [0048.743] lstrcmpiW (lpString1="material_css_min.css", lpString2=".") returned 1 [0048.743] lstrcmpiW (lpString1="material_css_min.css", lpString2="..") returned 1 [0048.743] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css") returned 159 [0048.743] StrStrIW (lpFirst="material_css_min.css", lpSrch=".lolkek") returned 0x0 [0048.743] lstrcmpW (lpString1="material_css_min.css", lpString2="LOLKEK.txt") returned 1 [0048.743] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css") returned 159 [0048.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x280) returned 0x3da4d10 [0048.743] lstrcpyW (in: lpString1=0x3da4d10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" [0048.743] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.743] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.743] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b6b00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b9210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x7c33, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mirroring_cast_streaming.js", cAlternateFileName="MIRROR~1.JS")) returned 1 [0048.743] lstrcmpiW (lpString1="mirroring_cast_streaming.js", lpString2="Windows") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_cast_streaming.js", lpString2="Program Files") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_cast_streaming.js", lpString2="Program Files (x86)") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_cast_streaming.js", lpString2="$Recycle.bin") returned 1 [0048.743] lstrcmpiW (lpString1="mirroring_cast_streaming.js", lpString2="System Volume Information") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_cast_streaming.js", lpString2=".") returned 1 [0048.743] lstrcmpiW (lpString1="mirroring_cast_streaming.js", lpString2="..") returned 1 [0048.743] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js") returned 166 [0048.743] StrStrIW (lpFirst="mirroring_cast_streaming.js", lpSrch=".lolkek") returned 0x0 [0048.743] lstrcmpW (lpString1="mirroring_cast_streaming.js", lpString2="LOLKEK.txt") returned 1 [0048.743] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js") returned 166 [0048.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29c) returned 0x3ec7340 [0048.743] lstrcpyW (in: lpString1=0x3ec7340, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" [0048.743] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.743] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.743] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836c2e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836c5560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2adeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mirroring_common.js", cAlternateFileName="MIRROR~2.JS")) returned 1 [0048.743] lstrcmpiW (lpString1="mirroring_common.js", lpString2="Windows") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_common.js", lpString2="Program Files") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_common.js", lpString2="Program Files (x86)") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_common.js", lpString2="$Recycle.bin") returned 1 [0048.743] lstrcmpiW (lpString1="mirroring_common.js", lpString2="System Volume Information") returned -1 [0048.743] lstrcmpiW (lpString1="mirroring_common.js", lpString2=".") returned 1 [0048.743] lstrcmpiW (lpString1="mirroring_common.js", lpString2="..") returned 1 [0048.743] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js") returned 158 [0048.744] StrStrIW (lpFirst="mirroring_common.js", lpSrch=".lolkek") returned 0x0 [0048.744] lstrcmpW (lpString1="mirroring_common.js", lpString2="LOLKEK.txt") returned 1 [0048.744] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js") returned 158 [0048.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3da4a88 [0048.744] lstrcpyW (in: lpString1=0x3da4a88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" [0048.744] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.744] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836ca380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836cf1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x794cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mirroring_hangouts.js", cAlternateFileName="MIRROR~3.JS")) returned 1 [0048.744] lstrcmpiW (lpString1="mirroring_hangouts.js", lpString2="Windows") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_hangouts.js", lpString2="Program Files") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_hangouts.js", lpString2="Program Files (x86)") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_hangouts.js", lpString2="$Recycle.bin") returned 1 [0048.744] lstrcmpiW (lpString1="mirroring_hangouts.js", lpString2="System Volume Information") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_hangouts.js", lpString2=".") returned 1 [0048.744] lstrcmpiW (lpString1="mirroring_hangouts.js", lpString2="..") returned 1 [0048.744] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js") returned 160 [0048.744] StrStrIW (lpFirst="mirroring_hangouts.js", lpSrch=".lolkek") returned 0x0 [0048.744] lstrcmpW (lpString1="mirroring_hangouts.js", lpString2="LOLKEK.txt") returned 1 [0048.744] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js") returned 160 [0048.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x284) returned 0x3cc1658 [0048.744] lstrcpyW (in: lpString1=0x3cc1658, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" [0048.744] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.744] lstrcmpiW (lpString1="mirroring_webrtc.js", lpString2="Windows") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_webrtc.js", lpString2="Program Files") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_webrtc.js", lpString2="Program Files (x86)") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_webrtc.js", lpString2="$Recycle.bin") returned 1 [0048.744] lstrcmpiW (lpString1="mirroring_webrtc.js", lpString2="System Volume Information") returned -1 [0048.744] lstrcmpiW (lpString1="mirroring_webrtc.js", lpString2=".") returned 1 [0048.744] lstrcmpiW (lpString1="mirroring_webrtc.js", lpString2="..") returned 1 [0048.744] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js") returned 158 [0048.744] StrStrIW (lpFirst="mirroring_webrtc.js", lpSrch=".lolkek") returned 0x0 [0048.744] lstrcmpW (lpString1="mirroring_webrtc.js", lpString2="LOLKEK.txt") returned 1 [0048.744] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js") returned 158 [0048.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3da4800 [0048.744] lstrcpyW (in: lpString1=0x3da4800, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" [0048.744] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.745] lstrcmpiW (lpString1="_locales", lpString2="Windows") returned -1 [0048.745] lstrcmpiW (lpString1="_locales", lpString2="Program Files") returned -1 [0048.745] lstrcmpiW (lpString1="_locales", lpString2="Program Files (x86)") returned -1 [0048.745] lstrcmpiW (lpString1="_locales", lpString2="$Recycle.bin") returned 1 [0048.745] lstrcmpiW (lpString1="_locales", lpString2="System Volume Information") returned -1 [0048.745] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0048.745] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0048.745] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales") returned 147 [0048.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0048.745] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" [0048.745] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*" [0048.745] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0048.817] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.817] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.817] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.817] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.817] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.817] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.819] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.820] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.820] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.820] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.820] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.820] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.820] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.820] lstrcmpiW (lpString1="am", lpString2="Windows") returned -1 [0048.820] lstrcmpiW (lpString1="am", lpString2="Program Files") returned -1 [0048.820] lstrcmpiW (lpString1="am", lpString2="Program Files (x86)") returned -1 [0048.820] lstrcmpiW (lpString1="am", lpString2="$Recycle.bin") returned 1 [0048.820] lstrcmpiW (lpString1="am", lpString2="System Volume Information") returned -1 [0048.820] lstrcmpiW (lpString1="am", lpString2=".") returned 1 [0048.820] lstrcmpiW (lpString1="am", lpString2="..") returned 1 [0048.820] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned 150 [0048.820] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.820] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" [0048.820] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*" [0048.820] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.821] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.821] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.821] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.821] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.821] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.821] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.821] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.821] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.821] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.821] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.821] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.821] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.821] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.821] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.821] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.821] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.821] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.821] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.821] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.821] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.821] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json") returned 164 [0048.821] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.821] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.821] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json") returned 164 [0048.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3cc18e8 [0048.821] lstrcpyW (in: lpString1=0x3cc18e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" [0048.821] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.821] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.821] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.822] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\LOLKEK.txt") returned 161 [0048.822] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.823] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.823] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.825] CloseHandle (hObject=0x1ec) returned 1 [0048.825] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.825] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ar", cAlternateFileName="")) returned 1 [0048.825] lstrcmpiW (lpString1="ar", lpString2="Windows") returned -1 [0048.825] lstrcmpiW (lpString1="ar", lpString2="Program Files") returned -1 [0048.825] lstrcmpiW (lpString1="ar", lpString2="Program Files (x86)") returned -1 [0048.825] lstrcmpiW (lpString1="ar", lpString2="$Recycle.bin") returned 1 [0048.825] lstrcmpiW (lpString1="ar", lpString2="System Volume Information") returned -1 [0048.825] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0048.825] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0048.825] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned 150 [0048.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.825] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" [0048.825] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*" [0048.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.828] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.828] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.828] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.828] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.829] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.829] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.829] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.829] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.829] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.829] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.829] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.829] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.829] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.829] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.829] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.829] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.829] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.829] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.829] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.829] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.829] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.829] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.829] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json") returned 164 [0048.829] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.829] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.829] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json") returned 164 [0048.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x6357c8 [0048.829] lstrcpyW (in: lpString1=0x6357c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" [0048.829] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.829] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.829] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.829] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.829] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\LOLKEK.txt") returned 161 [0048.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.831] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.831] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.832] CloseHandle (hObject=0x2bc) returned 1 [0048.834] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.834] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bg", cAlternateFileName="")) returned 1 [0048.834] lstrcmpiW (lpString1="bg", lpString2="Windows") returned -1 [0048.834] lstrcmpiW (lpString1="bg", lpString2="Program Files") returned -1 [0048.834] lstrcmpiW (lpString1="bg", lpString2="Program Files (x86)") returned -1 [0048.834] lstrcmpiW (lpString1="bg", lpString2="$Recycle.bin") returned 1 [0048.834] lstrcmpiW (lpString1="bg", lpString2="System Volume Information") returned -1 [0048.834] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0048.835] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0048.835] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned 150 [0048.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.835] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" [0048.835] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*" [0048.835] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.835] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.835] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.835] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.835] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.835] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.835] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.835] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.835] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.835] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.835] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.835] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.835] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.835] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.835] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.835] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.835] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.835] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.835] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.835] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.835] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.835] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.835] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.835] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json") returned 164 [0048.835] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.835] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.835] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json") returned 164 [0048.835] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x635a68 [0048.835] lstrcpyW (in: lpString1=0x635a68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" [0048.835] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.835] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.835] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.836] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.836] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\LOLKEK.txt") returned 161 [0048.836] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.837] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.837] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.838] CloseHandle (hObject=0x1ec) returned 1 [0048.838] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.839] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bn", cAlternateFileName="")) returned 1 [0048.839] lstrcmpiW (lpString1="bn", lpString2="Windows") returned -1 [0048.839] lstrcmpiW (lpString1="bn", lpString2="Program Files") returned -1 [0048.839] lstrcmpiW (lpString1="bn", lpString2="Program Files (x86)") returned -1 [0048.839] lstrcmpiW (lpString1="bn", lpString2="$Recycle.bin") returned 1 [0048.839] lstrcmpiW (lpString1="bn", lpString2="System Volume Information") returned -1 [0048.839] lstrcmpiW (lpString1="bn", lpString2=".") returned 1 [0048.839] lstrcmpiW (lpString1="bn", lpString2="..") returned 1 [0048.839] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned 150 [0048.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.839] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" [0048.839] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*" [0048.839] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.841] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.841] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.841] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.841] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.841] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.841] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.841] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.841] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.841] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.841] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.841] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.841] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.841] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.841] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.841] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.841] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.841] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.841] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.841] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.841] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.841] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.841] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.842] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json") returned 164 [0048.842] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.842] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.842] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json") returned 164 [0048.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ddd270 [0048.842] lstrcpyW (in: lpString1=0x3ddd270, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" [0048.842] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.842] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.842] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.842] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.842] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\LOLKEK.txt") returned 161 [0048.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.843] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.843] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.844] CloseHandle (hObject=0x258) returned 1 [0048.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.846] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ca", cAlternateFileName="")) returned 1 [0048.846] lstrcmpiW (lpString1="ca", lpString2="Windows") returned -1 [0048.846] lstrcmpiW (lpString1="ca", lpString2="Program Files") returned -1 [0048.846] lstrcmpiW (lpString1="ca", lpString2="Program Files (x86)") returned -1 [0048.846] lstrcmpiW (lpString1="ca", lpString2="$Recycle.bin") returned 1 [0048.846] lstrcmpiW (lpString1="ca", lpString2="System Volume Information") returned -1 [0048.846] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0048.846] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0048.846] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned 150 [0048.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.846] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" [0048.846] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*" [0048.846] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.846] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.846] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.846] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.846] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.846] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.846] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.846] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.846] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.847] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.847] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.847] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.847] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.847] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.847] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.847] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.847] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.847] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.847] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.847] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.847] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.847] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.847] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.847] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json") returned 164 [0048.847] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.847] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.847] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json") returned 164 [0048.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ddd510 [0048.847] lstrcpyW (in: lpString1=0x3ddd510, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" [0048.847] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.847] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.847] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.847] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.847] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\LOLKEK.txt") returned 161 [0048.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.848] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.848] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.850] CloseHandle (hObject=0x1ec) returned 1 [0048.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.850] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cs", cAlternateFileName="")) returned 1 [0048.850] lstrcmpiW (lpString1="cs", lpString2="Windows") returned -1 [0048.850] lstrcmpiW (lpString1="cs", lpString2="Program Files") returned -1 [0048.850] lstrcmpiW (lpString1="cs", lpString2="Program Files (x86)") returned -1 [0048.850] lstrcmpiW (lpString1="cs", lpString2="$Recycle.bin") returned 1 [0048.850] lstrcmpiW (lpString1="cs", lpString2="System Volume Information") returned -1 [0048.850] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0048.850] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0048.850] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned 150 [0048.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.850] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" [0048.850] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*" [0048.850] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.853] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.853] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.853] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.853] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.853] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.853] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.853] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.853] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.853] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.853] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.853] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.853] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.853] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.853] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.853] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.853] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.853] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.853] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.853] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.853] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.853] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.853] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.853] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json") returned 164 [0048.853] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.853] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.853] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json") returned 164 [0048.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x619008 [0048.853] lstrcpyW (in: lpString1=0x619008, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" [0048.853] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.853] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.853] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.853] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.853] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\LOLKEK.txt") returned 161 [0048.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.855] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.855] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.856] CloseHandle (hObject=0x2bc) returned 1 [0048.858] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.858] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="da", cAlternateFileName="")) returned 1 [0048.858] lstrcmpiW (lpString1="da", lpString2="Windows") returned -1 [0048.858] lstrcmpiW (lpString1="da", lpString2="Program Files") returned -1 [0048.858] lstrcmpiW (lpString1="da", lpString2="Program Files (x86)") returned -1 [0048.858] lstrcmpiW (lpString1="da", lpString2="$Recycle.bin") returned 1 [0048.858] lstrcmpiW (lpString1="da", lpString2="System Volume Information") returned -1 [0048.858] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0048.858] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0048.858] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned 150 [0048.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.858] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" [0048.858] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*" [0048.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.859] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.859] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.859] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.859] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.859] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.859] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.859] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.859] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.859] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.859] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.859] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.859] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.859] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.859] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.859] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.859] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.859] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.859] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.859] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.859] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.859] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.859] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.859] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json") returned 164 [0048.859] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.859] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.859] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json") returned 164 [0048.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x6192a8 [0048.859] lstrcpyW (in: lpString1=0x6192a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" [0048.859] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.859] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.859] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.859] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.860] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\LOLKEK.txt") returned 161 [0048.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.861] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.861] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.862] CloseHandle (hObject=0x1ec) returned 1 [0048.863] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.863] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="de", cAlternateFileName="")) returned 1 [0048.863] lstrcmpiW (lpString1="de", lpString2="Windows") returned -1 [0048.863] lstrcmpiW (lpString1="de", lpString2="Program Files") returned -1 [0048.863] lstrcmpiW (lpString1="de", lpString2="Program Files (x86)") returned -1 [0048.863] lstrcmpiW (lpString1="de", lpString2="$Recycle.bin") returned 1 [0048.863] lstrcmpiW (lpString1="de", lpString2="System Volume Information") returned -1 [0048.863] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0048.863] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0048.863] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned 150 [0048.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.863] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" [0048.863] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*" [0048.863] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.865] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.865] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.865] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.865] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.865] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.865] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.865] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.865] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.865] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.865] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.865] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.866] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.866] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.866] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.866] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.866] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.866] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.866] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.866] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.866] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.866] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.866] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.866] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json") returned 164 [0048.866] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.866] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.866] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json") returned 164 [0048.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x619548 [0048.866] lstrcpyW (in: lpString1=0x619548, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" [0048.866] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.866] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.866] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.866] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.866] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\LOLKEK.txt") returned 161 [0048.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.867] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.867] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.868] CloseHandle (hObject=0x258) returned 1 [0048.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.870] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="el", cAlternateFileName="")) returned 1 [0048.870] lstrcmpiW (lpString1="el", lpString2="Windows") returned -1 [0048.870] lstrcmpiW (lpString1="el", lpString2="Program Files") returned -1 [0048.870] lstrcmpiW (lpString1="el", lpString2="Program Files (x86)") returned -1 [0048.870] lstrcmpiW (lpString1="el", lpString2="$Recycle.bin") returned 1 [0048.871] lstrcmpiW (lpString1="el", lpString2="System Volume Information") returned -1 [0048.871] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0048.871] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0048.871] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned 150 [0048.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.871] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" [0048.871] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*" [0048.871] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.871] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.871] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.871] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.871] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.871] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.871] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.871] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.871] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.871] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.871] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.871] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.871] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.871] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.871] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.871] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.871] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.871] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.871] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.871] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.871] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.871] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.871] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.871] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json") returned 164 [0048.871] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.871] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.871] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json") returned 164 [0048.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3de1298 [0048.872] lstrcpyW (in: lpString1=0x3de1298, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" [0048.872] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.872] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.872] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.872] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.872] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\LOLKEK.txt") returned 161 [0048.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.873] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.873] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.876] CloseHandle (hObject=0x1ec) returned 1 [0048.876] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.876] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en", cAlternateFileName="")) returned 1 [0048.876] lstrcmpiW (lpString1="en", lpString2="Windows") returned -1 [0048.876] lstrcmpiW (lpString1="en", lpString2="Program Files") returned -1 [0048.876] lstrcmpiW (lpString1="en", lpString2="Program Files (x86)") returned -1 [0048.876] lstrcmpiW (lpString1="en", lpString2="$Recycle.bin") returned 1 [0048.877] lstrcmpiW (lpString1="en", lpString2="System Volume Information") returned -1 [0048.877] lstrcmpiW (lpString1="en", lpString2=".") returned 1 [0048.877] lstrcmpiW (lpString1="en", lpString2="..") returned 1 [0048.877] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned 150 [0048.877] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.877] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" [0048.877] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*" [0048.877] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.880] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.880] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.880] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.880] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.880] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.881] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.881] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.881] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.881] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.881] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.881] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.881] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.881] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.881] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.881] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.881] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.881] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.881] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.881] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.881] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.881] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.881] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.881] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json") returned 164 [0048.881] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.881] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.881] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json") returned 164 [0048.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3de1538 [0048.881] lstrcpyW (in: lpString1=0x3de1538, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" [0048.881] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.881] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.881] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.881] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.881] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\LOLKEK.txt") returned 161 [0048.881] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.882] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.882] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.884] CloseHandle (hObject=0x2bc) returned 1 [0048.886] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.886] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="es", cAlternateFileName="")) returned 1 [0048.886] lstrcmpiW (lpString1="es", lpString2="Windows") returned -1 [0048.886] lstrcmpiW (lpString1="es", lpString2="Program Files") returned -1 [0048.886] lstrcmpiW (lpString1="es", lpString2="Program Files (x86)") returned -1 [0048.886] lstrcmpiW (lpString1="es", lpString2="$Recycle.bin") returned 1 [0048.886] lstrcmpiW (lpString1="es", lpString2="System Volume Information") returned -1 [0048.886] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0048.886] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0048.886] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned 150 [0048.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.886] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" [0048.886] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*" [0048.886] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.886] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.886] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.886] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.886] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.886] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.886] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.886] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.886] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.886] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.886] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.886] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.886] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.886] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.886] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.886] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.886] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.886] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.887] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.887] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.887] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.887] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.887] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.887] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json") returned 164 [0048.887] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.887] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.887] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json") returned 164 [0048.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3de17d8 [0048.887] lstrcpyW (in: lpString1=0x3de17d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" [0048.887] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.887] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.887] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.887] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.887] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\LOLKEK.txt") returned 161 [0048.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.888] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.888] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.889] CloseHandle (hObject=0x1ec) returned 1 [0048.890] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.890] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="et", cAlternateFileName="")) returned 1 [0048.890] lstrcmpiW (lpString1="et", lpString2="Windows") returned -1 [0048.890] lstrcmpiW (lpString1="et", lpString2="Program Files") returned -1 [0048.890] lstrcmpiW (lpString1="et", lpString2="Program Files (x86)") returned -1 [0048.890] lstrcmpiW (lpString1="et", lpString2="$Recycle.bin") returned 1 [0048.890] lstrcmpiW (lpString1="et", lpString2="System Volume Information") returned -1 [0048.890] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0048.890] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0048.890] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned 150 [0048.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.890] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" [0048.890] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*" [0048.890] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.893] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.893] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.893] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.893] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.893] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.893] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.893] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.893] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.893] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.893] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.893] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.893] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.893] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.893] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.893] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.893] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.893] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.893] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.893] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.893] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.893] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.893] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.893] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json") returned 164 [0048.893] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.893] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.893] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json") returned 164 [0048.893] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x613198 [0048.893] lstrcpyW (in: lpString1=0x613198, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" [0048.893] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.893] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.893] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.893] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.893] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\LOLKEK.txt") returned 161 [0048.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.895] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.895] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.896] CloseHandle (hObject=0x258) returned 1 [0048.898] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.898] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fa", cAlternateFileName="")) returned 1 [0048.898] lstrcmpiW (lpString1="fa", lpString2="Windows") returned -1 [0048.898] lstrcmpiW (lpString1="fa", lpString2="Program Files") returned -1 [0048.898] lstrcmpiW (lpString1="fa", lpString2="Program Files (x86)") returned -1 [0048.898] lstrcmpiW (lpString1="fa", lpString2="$Recycle.bin") returned 1 [0048.898] lstrcmpiW (lpString1="fa", lpString2="System Volume Information") returned -1 [0048.898] lstrcmpiW (lpString1="fa", lpString2=".") returned 1 [0048.898] lstrcmpiW (lpString1="fa", lpString2="..") returned 1 [0048.898] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned 150 [0048.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.898] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" [0048.898] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*" [0048.898] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.898] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.898] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.898] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.898] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.899] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.899] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.899] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.899] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.899] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.899] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.899] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.899] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.899] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.899] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.899] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.899] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.899] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.899] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.899] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.899] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.899] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.899] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.899] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json") returned 164 [0048.899] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.899] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.899] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json") returned 164 [0048.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x613438 [0048.899] lstrcpyW (in: lpString1=0x613438, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" [0048.899] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.899] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.899] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.899] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.899] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\LOLKEK.txt") returned 161 [0048.899] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.900] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.900] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.902] CloseHandle (hObject=0x1ec) returned 1 [0048.902] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.902] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fi", cAlternateFileName="")) returned 1 [0048.902] lstrcmpiW (lpString1="fi", lpString2="Windows") returned -1 [0048.902] lstrcmpiW (lpString1="fi", lpString2="Program Files") returned -1 [0048.902] lstrcmpiW (lpString1="fi", lpString2="Program Files (x86)") returned -1 [0048.902] lstrcmpiW (lpString1="fi", lpString2="$Recycle.bin") returned 1 [0048.902] lstrcmpiW (lpString1="fi", lpString2="System Volume Information") returned -1 [0048.902] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0048.902] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0048.902] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned 150 [0048.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.903] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" [0048.903] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*" [0048.903] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.905] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.905] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.905] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.905] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.905] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.905] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.905] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.905] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.905] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.905] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.905] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.905] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.905] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.905] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.905] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.905] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.905] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.905] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.905] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.905] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.906] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.906] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.906] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json") returned 164 [0048.906] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.906] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.906] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json") returned 164 [0048.906] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x6136d8 [0048.906] lstrcpyW (in: lpString1=0x6136d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" [0048.906] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.906] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.906] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.906] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.906] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\LOLKEK.txt") returned 161 [0048.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.907] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.907] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.908] CloseHandle (hObject=0x2bc) returned 1 [0048.910] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.910] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fil", cAlternateFileName="")) returned 1 [0048.910] lstrcmpiW (lpString1="fil", lpString2="Windows") returned -1 [0048.910] lstrcmpiW (lpString1="fil", lpString2="Program Files") returned -1 [0048.910] lstrcmpiW (lpString1="fil", lpString2="Program Files (x86)") returned -1 [0048.910] lstrcmpiW (lpString1="fil", lpString2="$Recycle.bin") returned 1 [0048.910] lstrcmpiW (lpString1="fil", lpString2="System Volume Information") returned -1 [0048.910] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0048.910] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0048.910] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned 151 [0048.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.910] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" [0048.910] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*" [0048.910] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.911] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.911] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.911] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.911] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.911] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.911] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.911] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.911] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.911] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.911] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.911] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.911] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.911] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.911] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.911] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.911] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.911] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.911] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.911] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.911] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.911] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.911] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.911] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json") returned 165 [0048.911] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.911] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.911] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json") returned 165 [0048.911] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x298) returned 0x61ac70 [0048.911] lstrcpyW (in: lpString1=0x61ac70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" [0048.911] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.911] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.911] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.912] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.912] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\LOLKEK.txt") returned 162 [0048.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.913] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.913] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.914] CloseHandle (hObject=0x1ec) returned 1 [0048.915] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.915] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fr", cAlternateFileName="")) returned 1 [0048.915] lstrcmpiW (lpString1="fr", lpString2="Windows") returned -1 [0048.915] lstrcmpiW (lpString1="fr", lpString2="Program Files") returned -1 [0048.915] lstrcmpiW (lpString1="fr", lpString2="Program Files (x86)") returned -1 [0048.915] lstrcmpiW (lpString1="fr", lpString2="$Recycle.bin") returned 1 [0048.915] lstrcmpiW (lpString1="fr", lpString2="System Volume Information") returned -1 [0048.915] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0048.915] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0048.915] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned 150 [0048.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0048.915] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" [0048.915] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*" [0048.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.917] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.917] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.917] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.917] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.917] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.917] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.918] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.918] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.918] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.918] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.918] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.918] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.918] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.918] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.918] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.918] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.918] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.918] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.918] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.918] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.918] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json") returned 164 [0048.918] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.918] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.918] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json") returned 164 [0048.918] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x61af10 [0048.918] lstrcpyW (in: lpString1=0x61af10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" [0048.918] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.919] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.919] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.919] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.919] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\LOLKEK.txt") returned 161 [0048.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.920] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.920] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.922] CloseHandle (hObject=0x258) returned 1 [0048.929] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0048.929] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gu", cAlternateFileName="")) returned 1 [0048.929] lstrcmpiW (lpString1="gu", lpString2="Windows") returned -1 [0048.929] lstrcmpiW (lpString1="gu", lpString2="Program Files") returned -1 [0048.929] lstrcmpiW (lpString1="gu", lpString2="Program Files (x86)") returned -1 [0048.929] lstrcmpiW (lpString1="gu", lpString2="$Recycle.bin") returned 1 [0048.929] lstrcmpiW (lpString1="gu", lpString2="System Volume Information") returned -1 [0048.929] lstrcmpiW (lpString1="gu", lpString2=".") returned 1 [0048.929] lstrcmpiW (lpString1="gu", lpString2="..") returned 1 [0048.929] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned 150 [0048.929] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.929] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" [0048.929] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*" [0048.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.930] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.930] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.930] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.930] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.930] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.930] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.930] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.930] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.930] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.930] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.930] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.930] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.930] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.930] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.930] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.930] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.930] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.930] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.930] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.930] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.930] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.930] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.930] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json") returned 164 [0048.930] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.930] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.930] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json") returned 164 [0048.930] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec1a40 [0048.930] lstrcpyW (in: lpString1=0x3ec1a40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" [0048.930] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.930] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.930] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.930] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.930] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\LOLKEK.txt") returned 161 [0048.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0048.932] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.932] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.933] CloseHandle (hObject=0x2bc) returned 1 [0048.934] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.934] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hi", cAlternateFileName="")) returned 1 [0048.934] lstrcmpiW (lpString1="hi", lpString2="Windows") returned -1 [0048.934] lstrcmpiW (lpString1="hi", lpString2="Program Files") returned -1 [0048.934] lstrcmpiW (lpString1="hi", lpString2="Program Files (x86)") returned -1 [0048.934] lstrcmpiW (lpString1="hi", lpString2="$Recycle.bin") returned 1 [0048.934] lstrcmpiW (lpString1="hi", lpString2="System Volume Information") returned -1 [0048.934] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0048.934] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0048.934] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned 150 [0048.934] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.934] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" [0048.934] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*" [0048.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.935] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.935] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.935] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.935] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.935] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.935] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.935] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.935] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.935] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.935] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.935] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.935] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.935] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.935] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.935] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.935] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.935] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.935] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.936] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.936] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.936] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.936] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.936] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json") returned 164 [0048.936] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.936] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.936] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json") returned 164 [0048.936] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec1ce8 [0048.936] lstrcpyW (in: lpString1=0x3ec1ce8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" [0048.936] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.936] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.936] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.936] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.936] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\LOLKEK.txt") returned 161 [0048.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.937] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.937] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.939] CloseHandle (hObject=0x258) returned 1 [0048.940] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.940] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hr", cAlternateFileName="")) returned 1 [0048.940] lstrcmpiW (lpString1="hr", lpString2="Windows") returned -1 [0048.940] lstrcmpiW (lpString1="hr", lpString2="Program Files") returned -1 [0048.940] lstrcmpiW (lpString1="hr", lpString2="Program Files (x86)") returned -1 [0048.940] lstrcmpiW (lpString1="hr", lpString2="$Recycle.bin") returned 1 [0048.940] lstrcmpiW (lpString1="hr", lpString2="System Volume Information") returned -1 [0048.940] lstrcmpiW (lpString1="hr", lpString2=".") returned 1 [0048.940] lstrcmpiW (lpString1="hr", lpString2="..") returned 1 [0048.940] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned 150 [0048.940] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.940] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" [0048.940] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*" [0048.940] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.941] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.941] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.941] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.941] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.941] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.941] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.941] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.941] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.941] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.941] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.941] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.941] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.941] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.941] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.941] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.941] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.941] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.941] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.941] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.941] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.941] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.941] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.941] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json") returned 164 [0048.941] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.941] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.941] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json") returned 164 [0048.941] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec0500 [0048.941] lstrcpyW (in: lpString1=0x3ec0500, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" [0048.941] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.941] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.941] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.941] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.941] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\LOLKEK.txt") returned 161 [0048.941] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.942] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.942] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.946] CloseHandle (hObject=0x258) returned 1 [0048.947] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.947] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hu", cAlternateFileName="")) returned 1 [0048.947] lstrcmpiW (lpString1="hu", lpString2="Windows") returned -1 [0048.947] lstrcmpiW (lpString1="hu", lpString2="Program Files") returned -1 [0048.947] lstrcmpiW (lpString1="hu", lpString2="Program Files (x86)") returned -1 [0048.947] lstrcmpiW (lpString1="hu", lpString2="$Recycle.bin") returned 1 [0048.947] lstrcmpiW (lpString1="hu", lpString2="System Volume Information") returned -1 [0048.947] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0048.947] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0048.947] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned 150 [0048.947] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.948] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" [0048.948] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*" [0048.948] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.954] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.954] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.954] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.954] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.954] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.954] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.954] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.954] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.954] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.954] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.954] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.954] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.954] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.954] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.954] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.954] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.954] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.954] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.954] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.954] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.954] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.954] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.954] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json") returned 164 [0048.954] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.954] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.954] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json") returned 164 [0048.954] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec1f90 [0048.955] lstrcpyW (in: lpString1=0x3ec1f90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" [0048.955] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.955] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.955] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.955] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.955] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\LOLKEK.txt") returned 161 [0048.955] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.955] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.955] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.956] CloseHandle (hObject=0x258) returned 1 [0048.956] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.956] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="id", cAlternateFileName="")) returned 1 [0048.956] lstrcmpiW (lpString1="id", lpString2="Windows") returned -1 [0048.956] lstrcmpiW (lpString1="id", lpString2="Program Files") returned -1 [0048.956] lstrcmpiW (lpString1="id", lpString2="Program Files (x86)") returned -1 [0048.956] lstrcmpiW (lpString1="id", lpString2="$Recycle.bin") returned 1 [0048.956] lstrcmpiW (lpString1="id", lpString2="System Volume Information") returned -1 [0048.956] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0048.956] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0048.956] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned 150 [0048.956] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.956] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" [0048.956] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*" [0048.956] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.956] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.956] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.956] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.956] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.956] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.956] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.956] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.956] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.956] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.956] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.957] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.957] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.957] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.957] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.957] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.957] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.957] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.957] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.957] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.957] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.957] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.957] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.957] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json") returned 164 [0048.957] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.957] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.957] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json") returned 164 [0048.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec2238 [0048.957] lstrcpyW (in: lpString1=0x3ec2238, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" [0048.957] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.957] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.957] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.957] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.957] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\LOLKEK.txt") returned 161 [0048.957] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.957] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.957] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.958] CloseHandle (hObject=0x258) returned 1 [0048.958] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.958] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="it", cAlternateFileName="")) returned 1 [0048.958] lstrcmpiW (lpString1="it", lpString2="Windows") returned -1 [0048.958] lstrcmpiW (lpString1="it", lpString2="Program Files") returned -1 [0048.958] lstrcmpiW (lpString1="it", lpString2="Program Files (x86)") returned -1 [0048.958] lstrcmpiW (lpString1="it", lpString2="$Recycle.bin") returned 1 [0048.958] lstrcmpiW (lpString1="it", lpString2="System Volume Information") returned -1 [0048.958] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0048.958] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0048.958] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned 150 [0048.958] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.958] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" [0048.958] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*" [0048.958] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.966] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.966] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.966] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.966] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.966] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.966] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.966] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.966] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.966] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.966] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.966] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.966] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.966] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.966] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.966] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.966] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.966] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.966] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.966] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.966] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.966] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.966] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.966] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json") returned 164 [0048.966] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.966] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.966] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json") returned 164 [0048.966] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec24e0 [0048.966] lstrcpyW (in: lpString1=0x3ec24e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" [0048.966] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.966] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.967] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.967] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.967] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\LOLKEK.txt") returned 161 [0048.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.967] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.967] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.968] CloseHandle (hObject=0x258) returned 1 [0048.968] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.968] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="iw", cAlternateFileName="")) returned 1 [0048.968] lstrcmpiW (lpString1="iw", lpString2="Windows") returned -1 [0048.968] lstrcmpiW (lpString1="iw", lpString2="Program Files") returned -1 [0048.968] lstrcmpiW (lpString1="iw", lpString2="Program Files (x86)") returned -1 [0048.968] lstrcmpiW (lpString1="iw", lpString2="$Recycle.bin") returned 1 [0048.968] lstrcmpiW (lpString1="iw", lpString2="System Volume Information") returned -1 [0048.968] lstrcmpiW (lpString1="iw", lpString2=".") returned 1 [0048.968] lstrcmpiW (lpString1="iw", lpString2="..") returned 1 [0048.968] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned 150 [0048.968] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.968] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" [0048.968] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*" [0048.968] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.968] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.968] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.968] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.968] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.968] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.968] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.968] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.968] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.968] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.968] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.968] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.968] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.968] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.968] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.968] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.968] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.969] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.969] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.969] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.969] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.969] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.969] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.969] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json") returned 164 [0048.969] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.969] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.969] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json") returned 164 [0048.969] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec2788 [0048.969] lstrcpyW (in: lpString1=0x3ec2788, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" [0048.969] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.969] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.969] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.969] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.969] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\LOLKEK.txt") returned 161 [0048.969] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.969] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.969] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.970] CloseHandle (hObject=0x258) returned 1 [0048.970] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.970] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ja", cAlternateFileName="")) returned 1 [0048.970] lstrcmpiW (lpString1="ja", lpString2="Windows") returned -1 [0048.970] lstrcmpiW (lpString1="ja", lpString2="Program Files") returned -1 [0048.970] lstrcmpiW (lpString1="ja", lpString2="Program Files (x86)") returned -1 [0048.970] lstrcmpiW (lpString1="ja", lpString2="$Recycle.bin") returned 1 [0048.970] lstrcmpiW (lpString1="ja", lpString2="System Volume Information") returned -1 [0048.970] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0048.970] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0048.970] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned 150 [0048.970] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.970] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" [0048.970] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*" [0048.970] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.972] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.972] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.972] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.972] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.972] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.972] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.972] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.972] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.972] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.972] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.972] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.972] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.972] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.972] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.972] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.972] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.972] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.972] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.972] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.972] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.972] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.972] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.972] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json") returned 164 [0048.972] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.972] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.972] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json") returned 164 [0048.972] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec2a30 [0048.973] lstrcpyW (in: lpString1=0x3ec2a30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" [0048.973] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.973] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.973] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.973] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.973] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\LOLKEK.txt") returned 161 [0048.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.973] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.973] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.974] CloseHandle (hObject=0x258) returned 1 [0048.974] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.974] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kn", cAlternateFileName="")) returned 1 [0048.974] lstrcmpiW (lpString1="kn", lpString2="Windows") returned -1 [0048.974] lstrcmpiW (lpString1="kn", lpString2="Program Files") returned -1 [0048.974] lstrcmpiW (lpString1="kn", lpString2="Program Files (x86)") returned -1 [0048.974] lstrcmpiW (lpString1="kn", lpString2="$Recycle.bin") returned 1 [0048.974] lstrcmpiW (lpString1="kn", lpString2="System Volume Information") returned -1 [0048.974] lstrcmpiW (lpString1="kn", lpString2=".") returned 1 [0048.974] lstrcmpiW (lpString1="kn", lpString2="..") returned 1 [0048.974] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn") returned 150 [0048.974] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.974] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" [0048.974] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*" [0048.974] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.974] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.974] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.974] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.974] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.974] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.974] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.974] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.975] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.975] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.975] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.975] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.975] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.975] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.975] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.975] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.975] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.975] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.975] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.975] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.975] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.975] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.975] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.975] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json") returned 164 [0048.975] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.975] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.975] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json") returned 164 [0048.975] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec2cd8 [0048.975] lstrcpyW (in: lpString1=0x3ec2cd8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" [0048.975] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.975] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.975] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.975] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.975] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\LOLKEK.txt") returned 161 [0048.975] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0048.976] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.976] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.976] CloseHandle (hObject=0x258) returned 1 [0048.976] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.976] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ko", cAlternateFileName="")) returned 1 [0048.976] lstrcmpiW (lpString1="ko", lpString2="Windows") returned -1 [0048.976] lstrcmpiW (lpString1="ko", lpString2="Program Files") returned -1 [0048.976] lstrcmpiW (lpString1="ko", lpString2="Program Files (x86)") returned -1 [0048.976] lstrcmpiW (lpString1="ko", lpString2="$Recycle.bin") returned 1 [0048.976] lstrcmpiW (lpString1="ko", lpString2="System Volume Information") returned -1 [0048.977] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0048.977] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0048.977] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko") returned 150 [0048.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0048.977] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" [0048.977] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*" [0048.977] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.980] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.980] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.980] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.980] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.980] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.980] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.980] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.980] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.980] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.980] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.980] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.980] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.980] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.980] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.980] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.981] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.981] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.981] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.981] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.981] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.981] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.981] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.981] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json") returned 164 [0048.981] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.981] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.981] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json") returned 164 [0048.981] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec2f80 [0048.981] lstrcpyW (in: lpString1=0x3ec2f80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" [0048.981] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.981] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.981] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.981] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.981] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\LOLKEK.txt") returned 161 [0048.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.981] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.982] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.982] CloseHandle (hObject=0x1ec) returned 1 [0048.982] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0048.982] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lt", cAlternateFileName="")) returned 1 [0048.982] lstrcmpiW (lpString1="lt", lpString2="Windows") returned -1 [0048.982] lstrcmpiW (lpString1="lt", lpString2="Program Files") returned -1 [0048.982] lstrcmpiW (lpString1="lt", lpString2="Program Files (x86)") returned -1 [0048.982] lstrcmpiW (lpString1="lt", lpString2="$Recycle.bin") returned 1 [0048.982] lstrcmpiW (lpString1="lt", lpString2="System Volume Information") returned -1 [0048.982] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0048.982] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0048.982] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt") returned 150 [0048.982] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.982] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" [0048.982] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*" [0048.983] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.983] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.983] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.983] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.983] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.983] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.983] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.983] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.983] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.983] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.983] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.983] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.983] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.983] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.983] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.983] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.983] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.983] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.983] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.983] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.983] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.983] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.983] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.983] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json") returned 164 [0048.983] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.983] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.983] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json") returned 164 [0048.983] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec3228 [0048.983] lstrcpyW (in: lpString1=0x3ec3228, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" [0048.983] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.983] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.983] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.983] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.984] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\LOLKEK.txt") returned 161 [0048.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.984] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.984] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.985] CloseHandle (hObject=0x1ec) returned 1 [0048.985] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.985] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lv", cAlternateFileName="")) returned 1 [0048.985] lstrcmpiW (lpString1="lv", lpString2="Windows") returned -1 [0048.985] lstrcmpiW (lpString1="lv", lpString2="Program Files") returned -1 [0048.985] lstrcmpiW (lpString1="lv", lpString2="Program Files (x86)") returned -1 [0048.985] lstrcmpiW (lpString1="lv", lpString2="$Recycle.bin") returned 1 [0048.985] lstrcmpiW (lpString1="lv", lpString2="System Volume Information") returned -1 [0048.985] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0048.985] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0048.985] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv") returned 150 [0048.985] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.985] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" [0048.985] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*" [0048.985] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.986] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.986] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.986] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.986] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.986] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.986] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.986] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.986] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.986] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.986] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.986] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.986] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.986] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.986] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.986] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.986] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.986] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.986] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.986] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.986] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.986] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.986] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.986] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json") returned 164 [0048.986] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.986] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.987] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json") returned 164 [0048.987] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec34d0 [0048.987] lstrcpyW (in: lpString1=0x3ec34d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" [0048.987] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.987] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.987] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.987] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.987] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\LOLKEK.txt") returned 161 [0048.987] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.987] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.987] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.988] CloseHandle (hObject=0x1ec) returned 1 [0048.988] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.988] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ml", cAlternateFileName="")) returned 1 [0048.988] lstrcmpiW (lpString1="ml", lpString2="Windows") returned -1 [0048.988] lstrcmpiW (lpString1="ml", lpString2="Program Files") returned -1 [0048.988] lstrcmpiW (lpString1="ml", lpString2="Program Files (x86)") returned -1 [0048.988] lstrcmpiW (lpString1="ml", lpString2="$Recycle.bin") returned 1 [0048.988] lstrcmpiW (lpString1="ml", lpString2="System Volume Information") returned -1 [0048.988] lstrcmpiW (lpString1="ml", lpString2=".") returned 1 [0048.988] lstrcmpiW (lpString1="ml", lpString2="..") returned 1 [0048.988] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml") returned 150 [0048.988] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.988] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" [0048.988] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*" [0048.988] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.989] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.989] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.989] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.989] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.989] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.989] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.989] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.989] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.989] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.989] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.989] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.989] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.989] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.989] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.989] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.989] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.989] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.989] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.989] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.989] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.989] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.989] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.989] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json") returned 164 [0048.989] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.989] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.989] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json") returned 164 [0048.989] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec3778 [0048.989] lstrcpyW (in: lpString1=0x3ec3778, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" [0048.989] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.989] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.989] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.989] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.989] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\LOLKEK.txt") returned 161 [0048.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.990] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.990] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.991] CloseHandle (hObject=0x1ec) returned 1 [0048.991] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.991] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mr", cAlternateFileName="")) returned 1 [0048.991] lstrcmpiW (lpString1="mr", lpString2="Windows") returned -1 [0048.991] lstrcmpiW (lpString1="mr", lpString2="Program Files") returned -1 [0048.991] lstrcmpiW (lpString1="mr", lpString2="Program Files (x86)") returned -1 [0048.991] lstrcmpiW (lpString1="mr", lpString2="$Recycle.bin") returned 1 [0048.991] lstrcmpiW (lpString1="mr", lpString2="System Volume Information") returned -1 [0048.991] lstrcmpiW (lpString1="mr", lpString2=".") returned 1 [0048.991] lstrcmpiW (lpString1="mr", lpString2="..") returned 1 [0048.991] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr") returned 150 [0048.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.991] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" [0048.991] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*" [0048.991] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.992] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.992] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.992] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.992] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.992] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.992] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.992] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.992] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.992] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.992] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.992] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.992] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.992] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.992] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.992] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.992] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.992] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.992] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.992] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.992] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.992] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.992] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.992] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json") returned 164 [0048.992] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.992] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.992] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json") returned 164 [0048.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3ec3a20 [0048.992] lstrcpyW (in: lpString1=0x3ec3a20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" [0048.992] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.992] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.992] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.992] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.993] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\LOLKEK.txt") returned 161 [0048.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.993] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.993] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.994] CloseHandle (hObject=0x1ec) returned 1 [0048.994] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.994] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ms", cAlternateFileName="")) returned 1 [0048.994] lstrcmpiW (lpString1="ms", lpString2="Windows") returned -1 [0048.994] lstrcmpiW (lpString1="ms", lpString2="Program Files") returned -1 [0048.994] lstrcmpiW (lpString1="ms", lpString2="Program Files (x86)") returned -1 [0048.994] lstrcmpiW (lpString1="ms", lpString2="$Recycle.bin") returned 1 [0048.994] lstrcmpiW (lpString1="ms", lpString2="System Volume Information") returned -1 [0048.994] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0048.994] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0048.994] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms") returned 150 [0048.994] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.994] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" [0048.994] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*" [0048.994] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.994] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.994] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.994] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.994] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.994] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.994] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.994] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.994] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.994] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.994] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.995] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.995] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.995] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.995] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.995] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.995] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.995] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.995] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.995] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.995] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.995] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.995] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.995] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json") returned 164 [0048.995] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.995] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.995] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json") returned 164 [0048.995] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb1b68 [0048.995] lstrcpyW (in: lpString1=0x3eb1b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" [0048.995] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.995] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.995] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.995] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.995] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\LOLKEK.txt") returned 161 [0048.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.996] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.996] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.996] CloseHandle (hObject=0x1ec) returned 1 [0048.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.996] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nb", cAlternateFileName="")) returned 1 [0048.996] lstrcmpiW (lpString1="nb", lpString2="Windows") returned -1 [0048.996] lstrcmpiW (lpString1="nb", lpString2="Program Files") returned -1 [0048.996] lstrcmpiW (lpString1="nb", lpString2="Program Files (x86)") returned -1 [0048.996] lstrcmpiW (lpString1="nb", lpString2="$Recycle.bin") returned 1 [0048.996] lstrcmpiW (lpString1="nb", lpString2="System Volume Information") returned -1 [0048.996] lstrcmpiW (lpString1="nb", lpString2=".") returned 1 [0048.996] lstrcmpiW (lpString1="nb", lpString2="..") returned 1 [0048.997] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb") returned 150 [0048.997] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0048.997] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" [0048.997] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*" [0048.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0048.997] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0048.997] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0048.997] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0048.997] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0048.997] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0048.997] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.997] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0048.997] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0048.997] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0048.998] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0048.998] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0048.998] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0048.998] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.998] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.998] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0048.998] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0048.998] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0048.998] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0048.998] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0048.998] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0048.998] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0048.998] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0048.998] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json") returned 164 [0048.998] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0048.998] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0048.998] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json") returned 164 [0048.998] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb1e10 [0048.998] lstrcpyW (in: lpString1=0x3eb1e10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" [0048.998] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0048.998] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0048.998] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0048.998] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0048.998] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\LOLKEK.txt") returned 161 [0048.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0048.999] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0048.999] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0048.999] CloseHandle (hObject=0x1ec) returned 1 [0048.999] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0048.999] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nl", cAlternateFileName="")) returned 1 [0048.999] lstrcmpiW (lpString1="nl", lpString2="Windows") returned -1 [0048.999] lstrcmpiW (lpString1="nl", lpString2="Program Files") returned -1 [0048.999] lstrcmpiW (lpString1="nl", lpString2="Program Files (x86)") returned -1 [0048.999] lstrcmpiW (lpString1="nl", lpString2="$Recycle.bin") returned 1 [0048.999] lstrcmpiW (lpString1="nl", lpString2="System Volume Information") returned -1 [0048.999] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0048.999] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0048.999] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl") returned 150 [0049.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.000] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" [0049.000] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*" [0049.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.000] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.000] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.000] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.000] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.000] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.000] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.000] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.000] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.000] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.000] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.000] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.000] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.000] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.000] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.000] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.000] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.000] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.000] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.000] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.000] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.000] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.000] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.000] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json") returned 164 [0049.000] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.000] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.000] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json") returned 164 [0049.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb20b8 [0049.000] lstrcpyW (in: lpString1=0x3eb20b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" [0049.000] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.001] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.001] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.001] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.001] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\LOLKEK.txt") returned 161 [0049.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.001] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.001] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.002] CloseHandle (hObject=0x1ec) returned 1 [0049.002] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.002] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pl", cAlternateFileName="")) returned 1 [0049.002] lstrcmpiW (lpString1="pl", lpString2="Windows") returned -1 [0049.002] lstrcmpiW (lpString1="pl", lpString2="Program Files") returned -1 [0049.002] lstrcmpiW (lpString1="pl", lpString2="Program Files (x86)") returned -1 [0049.002] lstrcmpiW (lpString1="pl", lpString2="$Recycle.bin") returned 1 [0049.002] lstrcmpiW (lpString1="pl", lpString2="System Volume Information") returned -1 [0049.002] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0049.002] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0049.002] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl") returned 150 [0049.002] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.002] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" [0049.002] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*" [0049.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.003] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.003] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.003] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.003] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.003] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.003] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.003] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.003] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.003] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.003] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.003] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.003] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.003] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.003] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.003] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.003] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.003] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.003] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.003] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.003] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.003] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.003] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.003] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json") returned 164 [0049.003] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.003] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.004] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json") returned 164 [0049.004] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb2360 [0049.004] lstrcpyW (in: lpString1=0x3eb2360, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" [0049.004] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.004] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.004] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.004] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.004] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\LOLKEK.txt") returned 161 [0049.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.004] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.004] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.005] CloseHandle (hObject=0x1ec) returned 1 [0049.005] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.005] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt", cAlternateFileName="")) returned 1 [0049.005] lstrcmpiW (lpString1="pt", lpString2="Windows") returned -1 [0049.005] lstrcmpiW (lpString1="pt", lpString2="Program Files") returned 1 [0049.005] lstrcmpiW (lpString1="pt", lpString2="Program Files (x86)") returned 1 [0049.005] lstrcmpiW (lpString1="pt", lpString2="$Recycle.bin") returned 1 [0049.005] lstrcmpiW (lpString1="pt", lpString2="System Volume Information") returned -1 [0049.005] lstrcmpiW (lpString1="pt", lpString2=".") returned 1 [0049.005] lstrcmpiW (lpString1="pt", lpString2="..") returned 1 [0049.005] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt") returned 150 [0049.005] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.005] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" [0049.005] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*" [0049.005] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.005] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.005] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.005] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.005] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.005] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.005] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.005] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.005] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.006] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.006] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.006] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.006] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.006] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.006] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.006] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.006] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.006] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.006] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.006] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.006] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.006] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.006] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.006] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json") returned 164 [0049.006] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.006] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.006] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json") returned 164 [0049.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb2608 [0049.006] lstrcpyW (in: lpString1=0x3eb2608, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" [0049.006] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.006] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.006] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.006] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.006] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\LOLKEK.txt") returned 161 [0049.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.006] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.006] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.007] CloseHandle (hObject=0x1ec) returned 1 [0049.007] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.007] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0049.007] lstrcmpiW (lpString1="pt_BR", lpString2="Windows") returned -1 [0049.007] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files") returned 1 [0049.007] lstrcmpiW (lpString1="pt_BR", lpString2="Program Files (x86)") returned 1 [0049.007] lstrcmpiW (lpString1="pt_BR", lpString2="$Recycle.bin") returned 1 [0049.007] lstrcmpiW (lpString1="pt_BR", lpString2="System Volume Information") returned -1 [0049.007] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0049.007] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0049.007] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR") returned 153 [0049.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.007] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" [0049.007] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*" [0049.007] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.010] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.010] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.010] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.010] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.010] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.011] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.011] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.011] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.011] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.011] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.011] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.011] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.011] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.011] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.011] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.011] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.011] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.011] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.011] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.011] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.011] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.011] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.011] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json") returned 167 [0049.011] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.011] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.011] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json") returned 167 [0049.011] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a0) returned 0x610ed8 [0049.011] lstrcpyW (in: lpString1=0x610ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" [0049.011] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.011] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.011] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.011] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.011] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\LOLKEK.txt") returned 164 [0049.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.012] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.012] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.012] CloseHandle (hObject=0x1ec) returned 1 [0049.012] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.013] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0049.013] lstrcmpiW (lpString1="pt_PT", lpString2="Windows") returned -1 [0049.013] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files") returned 1 [0049.013] lstrcmpiW (lpString1="pt_PT", lpString2="Program Files (x86)") returned 1 [0049.013] lstrcmpiW (lpString1="pt_PT", lpString2="$Recycle.bin") returned 1 [0049.013] lstrcmpiW (lpString1="pt_PT", lpString2="System Volume Information") returned -1 [0049.013] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0049.013] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0049.013] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT") returned 153 [0049.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.013] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" [0049.013] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*" [0049.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.013] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.013] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.013] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.013] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.013] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.013] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.013] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.013] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.013] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.013] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.013] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.013] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.013] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.013] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.013] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.013] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.013] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.013] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.013] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.013] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.013] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.013] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.013] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json") returned 167 [0049.013] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.013] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.013] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json") returned 167 [0049.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a0) returned 0x60eb70 [0049.013] lstrcpyW (in: lpString1=0x60eb70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" [0049.013] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.014] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.014] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.014] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.014] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\LOLKEK.txt") returned 164 [0049.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.014] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.014] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.015] CloseHandle (hObject=0x1ec) returned 1 [0049.015] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.015] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ro", cAlternateFileName="")) returned 1 [0049.015] lstrcmpiW (lpString1="ro", lpString2="Windows") returned -1 [0049.015] lstrcmpiW (lpString1="ro", lpString2="Program Files") returned 1 [0049.015] lstrcmpiW (lpString1="ro", lpString2="Program Files (x86)") returned 1 [0049.015] lstrcmpiW (lpString1="ro", lpString2="$Recycle.bin") returned 1 [0049.015] lstrcmpiW (lpString1="ro", lpString2="System Volume Information") returned -1 [0049.015] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0049.015] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0049.015] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro") returned 150 [0049.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.015] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" [0049.015] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*" [0049.015] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.017] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.017] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.017] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.017] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.017] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.017] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.017] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.017] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.017] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.017] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.017] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.017] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.017] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.017] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.017] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.017] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.017] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.017] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.017] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.017] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.017] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.017] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.017] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json") returned 164 [0049.017] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.017] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.017] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json") returned 164 [0049.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb28b0 [0049.017] lstrcpyW (in: lpString1=0x3eb28b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" [0049.017] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.017] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.018] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.018] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.018] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\LOLKEK.txt") returned 161 [0049.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0049.018] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.018] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.019] CloseHandle (hObject=0x258) returned 1 [0049.019] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.019] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ru", cAlternateFileName="")) returned 1 [0049.019] lstrcmpiW (lpString1="ru", lpString2="Windows") returned -1 [0049.019] lstrcmpiW (lpString1="ru", lpString2="Program Files") returned 1 [0049.019] lstrcmpiW (lpString1="ru", lpString2="Program Files (x86)") returned 1 [0049.020] lstrcmpiW (lpString1="ru", lpString2="$Recycle.bin") returned 1 [0049.020] lstrcmpiW (lpString1="ru", lpString2="System Volume Information") returned -1 [0049.020] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0049.020] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0049.020] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru") returned 150 [0049.020] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.020] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" [0049.020] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*" [0049.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.020] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.020] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.020] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.020] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.020] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.020] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.020] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.020] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.020] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.020] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.020] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.020] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.020] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.020] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.020] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.020] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.020] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.020] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.020] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.021] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.021] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.021] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.021] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json") returned 164 [0049.021] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.021] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.021] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json") returned 164 [0049.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb2b58 [0049.021] lstrcpyW (in: lpString1=0x3eb2b58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" [0049.021] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.021] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.021] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.021] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.021] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\LOLKEK.txt") returned 161 [0049.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0049.022] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.022] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.022] CloseHandle (hObject=0x258) returned 1 [0049.022] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.022] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sk", cAlternateFileName="")) returned 1 [0049.022] lstrcmpiW (lpString1="sk", lpString2="Windows") returned -1 [0049.022] lstrcmpiW (lpString1="sk", lpString2="Program Files") returned 1 [0049.022] lstrcmpiW (lpString1="sk", lpString2="Program Files (x86)") returned 1 [0049.022] lstrcmpiW (lpString1="sk", lpString2="$Recycle.bin") returned 1 [0049.022] lstrcmpiW (lpString1="sk", lpString2="System Volume Information") returned -1 [0049.022] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0049.022] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0049.022] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk") returned 150 [0049.022] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.022] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" [0049.022] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*" [0049.023] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.023] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.023] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.023] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.023] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.023] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.023] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.024] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.024] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.024] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.024] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.024] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.024] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.024] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.024] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.024] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.024] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.024] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.024] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.024] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.024] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.024] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.024] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.024] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json") returned 164 [0049.024] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.024] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.024] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json") returned 164 [0049.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb2e00 [0049.024] lstrcpyW (in: lpString1=0x3eb2e00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" [0049.024] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.024] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.024] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.024] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.024] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\LOLKEK.txt") returned 161 [0049.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.025] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.025] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.025] CloseHandle (hObject=0x1ec) returned 1 [0049.025] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.025] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sl", cAlternateFileName="")) returned 1 [0049.025] lstrcmpiW (lpString1="sl", lpString2="Windows") returned -1 [0049.025] lstrcmpiW (lpString1="sl", lpString2="Program Files") returned 1 [0049.025] lstrcmpiW (lpString1="sl", lpString2="Program Files (x86)") returned 1 [0049.025] lstrcmpiW (lpString1="sl", lpString2="$Recycle.bin") returned 1 [0049.025] lstrcmpiW (lpString1="sl", lpString2="System Volume Information") returned -1 [0049.025] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0049.025] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0049.025] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl") returned 150 [0049.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.026] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" [0049.026] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*" [0049.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.026] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.026] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.026] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.026] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.026] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.026] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.026] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.026] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.026] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.026] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.026] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.026] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.026] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.026] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.026] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.026] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.026] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.026] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.026] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.026] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.026] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.026] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.026] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json") returned 164 [0049.026] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.026] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.026] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json") returned 164 [0049.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb30a8 [0049.026] lstrcpyW (in: lpString1=0x3eb30a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" [0049.026] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.026] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.026] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.026] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.027] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\LOLKEK.txt") returned 161 [0049.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.027] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.027] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.028] CloseHandle (hObject=0x1ec) returned 1 [0049.028] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.028] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sr", cAlternateFileName="")) returned 1 [0049.028] lstrcmpiW (lpString1="sr", lpString2="Windows") returned -1 [0049.028] lstrcmpiW (lpString1="sr", lpString2="Program Files") returned 1 [0049.028] lstrcmpiW (lpString1="sr", lpString2="Program Files (x86)") returned 1 [0049.028] lstrcmpiW (lpString1="sr", lpString2="$Recycle.bin") returned 1 [0049.028] lstrcmpiW (lpString1="sr", lpString2="System Volume Information") returned -1 [0049.028] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0049.028] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0049.028] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr") returned 150 [0049.028] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.028] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" [0049.028] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*" [0049.028] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.028] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.028] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.028] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.029] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.029] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.029] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.029] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.029] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.029] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.029] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.029] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.029] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.029] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.029] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.029] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.029] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.029] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.029] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.029] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.029] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.029] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.029] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.029] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json") returned 164 [0049.029] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.029] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.029] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json") returned 164 [0049.029] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb3350 [0049.029] lstrcpyW (in: lpString1=0x3eb3350, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" [0049.029] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.029] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.029] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.029] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.029] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\LOLKEK.txt") returned 161 [0049.029] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.030] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.030] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.030] CloseHandle (hObject=0x1ec) returned 1 [0049.030] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.030] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sv", cAlternateFileName="")) returned 1 [0049.030] lstrcmpiW (lpString1="sv", lpString2="Windows") returned -1 [0049.030] lstrcmpiW (lpString1="sv", lpString2="Program Files") returned 1 [0049.030] lstrcmpiW (lpString1="sv", lpString2="Program Files (x86)") returned 1 [0049.030] lstrcmpiW (lpString1="sv", lpString2="$Recycle.bin") returned 1 [0049.030] lstrcmpiW (lpString1="sv", lpString2="System Volume Information") returned -1 [0049.030] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0049.030] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0049.031] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv") returned 150 [0049.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.031] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" [0049.031] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*" [0049.031] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.031] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.031] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.031] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.031] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.031] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.031] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.031] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.031] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.031] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.031] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.031] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.031] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.031] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.031] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.031] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.031] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.031] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.031] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.031] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.031] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.031] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.031] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.031] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json") returned 164 [0049.031] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.031] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.031] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json") returned 164 [0049.031] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb35f8 [0049.031] lstrcpyW (in: lpString1=0x3eb35f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" [0049.031] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.031] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.031] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.031] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.032] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\LOLKEK.txt") returned 161 [0049.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.032] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.032] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.033] CloseHandle (hObject=0x1ec) returned 1 [0049.033] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.033] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sw", cAlternateFileName="")) returned 1 [0049.033] lstrcmpiW (lpString1="sw", lpString2="Windows") returned -1 [0049.033] lstrcmpiW (lpString1="sw", lpString2="Program Files") returned 1 [0049.033] lstrcmpiW (lpString1="sw", lpString2="Program Files (x86)") returned 1 [0049.033] lstrcmpiW (lpString1="sw", lpString2="$Recycle.bin") returned 1 [0049.033] lstrcmpiW (lpString1="sw", lpString2="System Volume Information") returned -1 [0049.033] lstrcmpiW (lpString1="sw", lpString2=".") returned 1 [0049.033] lstrcmpiW (lpString1="sw", lpString2="..") returned 1 [0049.033] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw") returned 150 [0049.033] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.033] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" [0049.033] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*" [0049.033] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.034] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.034] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.034] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.034] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.034] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.034] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.034] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.034] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.034] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.034] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.034] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.034] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.034] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.034] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.034] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.034] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.034] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.034] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.034] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.034] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.034] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.034] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.034] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json") returned 164 [0049.034] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.034] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.034] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json") returned 164 [0049.034] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb38a0 [0049.034] lstrcpyW (in: lpString1=0x3eb38a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" [0049.034] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.034] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.034] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.034] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.034] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\LOLKEK.txt") returned 161 [0049.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.035] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.035] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.035] CloseHandle (hObject=0x1ec) returned 1 [0049.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.037] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ta", cAlternateFileName="")) returned 1 [0049.037] lstrcmpiW (lpString1="ta", lpString2="Windows") returned -1 [0049.037] lstrcmpiW (lpString1="ta", lpString2="Program Files") returned 1 [0049.037] lstrcmpiW (lpString1="ta", lpString2="Program Files (x86)") returned 1 [0049.037] lstrcmpiW (lpString1="ta", lpString2="$Recycle.bin") returned 1 [0049.037] lstrcmpiW (lpString1="ta", lpString2="System Volume Information") returned 1 [0049.037] lstrcmpiW (lpString1="ta", lpString2=".") returned 1 [0049.037] lstrcmpiW (lpString1="ta", lpString2="..") returned 1 [0049.037] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta") returned 150 [0049.037] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.037] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" [0049.037] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*" [0049.037] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.037] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.037] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.038] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.038] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.038] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.038] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.038] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.038] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.038] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.038] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.038] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.038] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.038] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.038] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.038] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.038] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.038] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.038] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.038] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.038] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.038] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.038] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.038] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json") returned 164 [0049.038] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.038] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.038] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json") returned 164 [0049.038] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb3b48 [0049.038] lstrcpyW (in: lpString1=0x3eb3b48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" [0049.038] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.038] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.038] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.038] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.038] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\LOLKEK.txt") returned 161 [0049.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0049.039] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.039] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.039] CloseHandle (hObject=0x1ec) returned 1 [0049.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.039] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="te", cAlternateFileName="")) returned 1 [0049.039] lstrcmpiW (lpString1="te", lpString2="Windows") returned -1 [0049.039] lstrcmpiW (lpString1="te", lpString2="Program Files") returned 1 [0049.039] lstrcmpiW (lpString1="te", lpString2="Program Files (x86)") returned 1 [0049.039] lstrcmpiW (lpString1="te", lpString2="$Recycle.bin") returned 1 [0049.039] lstrcmpiW (lpString1="te", lpString2="System Volume Information") returned 1 [0049.039] lstrcmpiW (lpString1="te", lpString2=".") returned 1 [0049.039] lstrcmpiW (lpString1="te", lpString2="..") returned 1 [0049.039] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te") returned 150 [0049.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.040] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" [0049.040] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*" [0049.040] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.040] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.040] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.041] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.041] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.041] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.041] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.041] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.041] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.041] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.041] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.041] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.041] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.041] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.041] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.041] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.041] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.041] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.041] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.041] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.041] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.041] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.041] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.041] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json") returned 164 [0049.041] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.041] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.041] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json") returned 164 [0049.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb3df0 [0049.041] lstrcpyW (in: lpString1=0x3eb3df0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" [0049.041] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.041] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.041] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.041] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.041] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\LOLKEK.txt") returned 161 [0049.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.042] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.042] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.042] CloseHandle (hObject=0x2bc) returned 1 [0049.042] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.042] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th", cAlternateFileName="")) returned 1 [0049.042] lstrcmpiW (lpString1="th", lpString2="Windows") returned -1 [0049.042] lstrcmpiW (lpString1="th", lpString2="Program Files") returned 1 [0049.042] lstrcmpiW (lpString1="th", lpString2="Program Files (x86)") returned 1 [0049.043] lstrcmpiW (lpString1="th", lpString2="$Recycle.bin") returned 1 [0049.043] lstrcmpiW (lpString1="th", lpString2="System Volume Information") returned 1 [0049.043] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0049.043] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0049.043] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th") returned 150 [0049.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.043] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" [0049.043] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*" [0049.043] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.043] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.043] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.043] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.043] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.043] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.043] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.043] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.043] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.043] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.043] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.043] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.043] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.043] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.043] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.043] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.043] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.043] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.043] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.043] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.043] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.043] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.043] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.043] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json") returned 164 [0049.043] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.043] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.043] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json") returned 164 [0049.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb4098 [0049.043] lstrcpyW (in: lpString1=0x3eb4098, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" [0049.043] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.043] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.043] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.044] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.044] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\LOLKEK.txt") returned 161 [0049.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.044] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.044] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.045] CloseHandle (hObject=0x2bc) returned 1 [0049.045] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.045] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tr", cAlternateFileName="")) returned 1 [0049.045] lstrcmpiW (lpString1="tr", lpString2="Windows") returned -1 [0049.045] lstrcmpiW (lpString1="tr", lpString2="Program Files") returned 1 [0049.045] lstrcmpiW (lpString1="tr", lpString2="Program Files (x86)") returned 1 [0049.045] lstrcmpiW (lpString1="tr", lpString2="$Recycle.bin") returned 1 [0049.045] lstrcmpiW (lpString1="tr", lpString2="System Volume Information") returned 1 [0049.045] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0049.045] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0049.045] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr") returned 150 [0049.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0049.045] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" [0049.045] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*" [0049.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.046] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.046] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.046] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.046] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.046] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.046] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.046] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.046] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.046] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.046] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.046] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.046] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.046] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.046] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.046] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.046] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.046] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.046] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.046] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.046] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.046] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.046] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.046] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json") returned 164 [0049.046] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.046] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.046] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json") returned 164 [0049.046] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb4340 [0049.046] lstrcpyW (in: lpString1=0x3eb4340, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" [0049.046] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.046] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.046] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.046] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.046] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\LOLKEK.txt") returned 161 [0049.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.047] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.047] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.048] CloseHandle (hObject=0x2bc) returned 1 [0049.048] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0049.048] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uk", cAlternateFileName="")) returned 1 [0049.048] lstrcmpiW (lpString1="uk", lpString2="Windows") returned -1 [0049.048] lstrcmpiW (lpString1="uk", lpString2="Program Files") returned 1 [0049.048] lstrcmpiW (lpString1="uk", lpString2="Program Files (x86)") returned 1 [0049.048] lstrcmpiW (lpString1="uk", lpString2="$Recycle.bin") returned 1 [0049.048] lstrcmpiW (lpString1="uk", lpString2="System Volume Information") returned 1 [0049.048] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0049.048] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0049.048] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk") returned 150 [0049.048] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0049.048] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" [0049.048] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*" [0049.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.048] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.048] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.048] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.048] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.048] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.048] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.048] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.048] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.048] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.048] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.048] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.048] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.048] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.048] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.048] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.048] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.048] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.048] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.048] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.048] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.048] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.048] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.049] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json") returned 164 [0049.049] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.049] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.049] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json") returned 164 [0049.049] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb45e8 [0049.049] lstrcpyW (in: lpString1=0x3eb45e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" [0049.049] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.049] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.049] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.049] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.049] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\LOLKEK.txt") returned 161 [0049.049] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.049] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.049] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.050] CloseHandle (hObject=0x2bc) returned 1 [0049.050] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0049.050] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vi", cAlternateFileName="")) returned 1 [0049.050] lstrcmpiW (lpString1="vi", lpString2="Windows") returned -1 [0049.050] lstrcmpiW (lpString1="vi", lpString2="Program Files") returned 1 [0049.050] lstrcmpiW (lpString1="vi", lpString2="Program Files (x86)") returned 1 [0049.050] lstrcmpiW (lpString1="vi", lpString2="$Recycle.bin") returned 1 [0049.050] lstrcmpiW (lpString1="vi", lpString2="System Volume Information") returned 1 [0049.050] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0049.050] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0049.050] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi") returned 150 [0049.050] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0049.050] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" [0049.050] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*" [0049.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.051] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.051] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.051] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.051] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.051] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.051] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.051] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.051] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.051] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.051] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.051] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.051] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.051] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.051] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.051] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.051] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.051] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.051] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.051] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.051] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.051] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.051] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.051] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json") returned 164 [0049.051] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.051] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.051] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json") returned 164 [0049.051] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb4890 [0049.052] lstrcpyW (in: lpString1=0x3eb4890, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" [0049.052] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.052] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.052] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.052] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.052] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\LOLKEK.txt") returned 161 [0049.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.052] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.052] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.053] CloseHandle (hObject=0x2bc) returned 1 [0049.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0049.053] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh", cAlternateFileName="")) returned 1 [0049.053] lstrcmpiW (lpString1="zh", lpString2="Windows") returned 1 [0049.053] lstrcmpiW (lpString1="zh", lpString2="Program Files") returned 1 [0049.053] lstrcmpiW (lpString1="zh", lpString2="Program Files (x86)") returned 1 [0049.053] lstrcmpiW (lpString1="zh", lpString2="$Recycle.bin") returned 1 [0049.053] lstrcmpiW (lpString1="zh", lpString2="System Volume Information") returned 1 [0049.053] lstrcmpiW (lpString1="zh", lpString2=".") returned 1 [0049.053] lstrcmpiW (lpString1="zh", lpString2="..") returned 1 [0049.053] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh") returned 150 [0049.053] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0049.053] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" [0049.053] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*" [0049.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.053] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.053] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.053] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.054] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.054] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.054] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.054] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.054] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.054] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.054] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.054] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.054] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.054] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.054] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.054] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.054] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.054] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.054] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.054] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.054] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.054] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.054] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.054] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json") returned 164 [0049.054] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.054] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.054] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json") returned 164 [0049.054] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x294) returned 0x3eb4b38 [0049.054] lstrcpyW (in: lpString1=0x3eb4b38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" [0049.054] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.054] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.054] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.054] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.054] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\LOLKEK.txt") returned 161 [0049.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.055] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.055] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.056] CloseHandle (hObject=0x2bc) returned 1 [0049.056] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0049.056] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0049.056] lstrcmpiW (lpString1="zh_TW", lpString2="Windows") returned 1 [0049.056] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files") returned 1 [0049.056] lstrcmpiW (lpString1="zh_TW", lpString2="Program Files (x86)") returned 1 [0049.056] lstrcmpiW (lpString1="zh_TW", lpString2="$Recycle.bin") returned 1 [0049.056] lstrcmpiW (lpString1="zh_TW", lpString2="System Volume Information") returned 1 [0049.056] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0049.056] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0049.056] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW") returned 153 [0049.056] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e6de58 [0049.056] lstrcpyW (in: lpString1=0x3e6de58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" [0049.056] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*" [0049.056] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*", lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62de98 [0049.057] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.057] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.057] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.057] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.057] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.057] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.057] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.057] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.057] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.057] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.057] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.057] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.057] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.057] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.057] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0049.057] lstrcmpiW (lpString1="messages.json", lpString2="Windows") returned -1 [0049.057] lstrcmpiW (lpString1="messages.json", lpString2="Program Files") returned -1 [0049.057] lstrcmpiW (lpString1="messages.json", lpString2="Program Files (x86)") returned -1 [0049.057] lstrcmpiW (lpString1="messages.json", lpString2="$Recycle.bin") returned 1 [0049.057] lstrcmpiW (lpString1="messages.json", lpString2="System Volume Information") returned -1 [0049.057] lstrcmpiW (lpString1="messages.json", lpString2=".") returned 1 [0049.057] lstrcmpiW (lpString1="messages.json", lpString2="..") returned 1 [0049.057] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json") returned 167 [0049.057] StrStrIW (lpFirst="messages.json", lpSrch=".lolkek") returned 0x0 [0049.057] lstrcmpW (lpString1="messages.json", lpString2="LOLKEK.txt") returned 1 [0049.057] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json") returned 167 [0049.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a0) returned 0x645fb8 [0049.057] lstrcpyW (in: lpString1=0x645fb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" [0049.057] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.057] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.057] FindNextFileW (in: hFindFile=0x62de98, lpFindFileData=0x363d80c | out: lpFindFileData=0x363d80c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0049.057] FindClose (in: hFindFile=0x62de98 | out: hFindFile=0x62de98) returned 1 [0049.057] wsprintfW (in: param_1=0x3e6de58, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\LOLKEK.txt") returned 164 [0049.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.058] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.058] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363d804, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363d804*=0x10, lpOverlapped=0x0) returned 1 [0049.059] CloseHandle (hObject=0x2bc) returned 1 [0049.059] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e6de58 | out: hHeap=0x5a0000) returned 1 [0049.059] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0049.059] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0049.059] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\LOLKEK.txt") returned 158 [0049.059] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.059] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.059] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0049.060] CloseHandle (hObject=0x270) returned 1 [0049.060] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.061] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0049.061] lstrcmpiW (lpString1="_metadata", lpString2="Windows") returned -1 [0049.061] lstrcmpiW (lpString1="_metadata", lpString2="Program Files") returned -1 [0049.061] lstrcmpiW (lpString1="_metadata", lpString2="Program Files (x86)") returned -1 [0049.061] lstrcmpiW (lpString1="_metadata", lpString2="$Recycle.bin") returned 1 [0049.061] lstrcmpiW (lpString1="_metadata", lpString2="System Volume Information") returned -1 [0049.061] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0049.061] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0049.061] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata") returned 148 [0049.061] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.062] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" [0049.062] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*" [0049.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0049.063] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.063] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.063] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.063] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.063] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.063] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.063] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.063] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.063] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.063] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.063] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.063] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.063] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.063] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.063] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x839fe880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7299, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0049.063] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Windows") returned -1 [0049.063] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files") returned -1 [0049.063] lstrcmpiW (lpString1="computed_hashes.json", lpString2="Program Files (x86)") returned -1 [0049.063] lstrcmpiW (lpString1="computed_hashes.json", lpString2="$Recycle.bin") returned 1 [0049.063] lstrcmpiW (lpString1="computed_hashes.json", lpString2="System Volume Information") returned -1 [0049.063] lstrcmpiW (lpString1="computed_hashes.json", lpString2=".") returned 1 [0049.063] lstrcmpiW (lpString1="computed_hashes.json", lpString2="..") returned 1 [0049.063] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json") returned 169 [0049.063] StrStrIW (lpFirst="computed_hashes.json", lpSrch=".lolkek") returned 0x0 [0049.063] lstrcmpW (lpString1="computed_hashes.json", lpString2="LOLKEK.txt") returned -1 [0049.063] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json") returned 169 [0049.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a8) returned 0x61b1b0 [0049.063] lstrcpyW (in: lpString1=0x61b1b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" [0049.063] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.064] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.064] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0049.064] lstrcmpiW (lpString1="verified_contents.json", lpString2="Windows") returned -1 [0049.064] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files") returned 1 [0049.064] lstrcmpiW (lpString1="verified_contents.json", lpString2="Program Files (x86)") returned 1 [0049.064] lstrcmpiW (lpString1="verified_contents.json", lpString2="$Recycle.bin") returned 1 [0049.064] lstrcmpiW (lpString1="verified_contents.json", lpString2="System Volume Information") returned 1 [0049.064] lstrcmpiW (lpString1="verified_contents.json", lpString2=".") returned 1 [0049.064] lstrcmpiW (lpString1="verified_contents.json", lpString2="..") returned 1 [0049.064] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json") returned 171 [0049.064] StrStrIW (lpFirst="verified_contents.json", lpSrch=".lolkek") returned 0x0 [0049.064] lstrcmpW (lpString1="verified_contents.json", lpString2="LOLKEK.txt") returned 1 [0049.064] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json") returned 171 [0049.064] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2b0) returned 0x67ca98 [0049.064] lstrcpyW (in: lpString1=0x67ca98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" [0049.064] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.064] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.064] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0049.064] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0049.064] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\LOLKEK.txt") returned 159 [0049.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.068] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.068] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0049.069] CloseHandle (hObject=0x270) returned 1 [0049.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.069] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0049.069] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.069] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\LOLKEK.txt") returned 149 [0049.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.069] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.069] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.070] CloseHandle (hObject=0x25c) returned 1 [0049.070] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.070] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5817.313.0.5_0", cAlternateFileName="581731~1.5_0")) returned 0 [0049.070] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.070] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOLKEK.txt") returned 134 [0049.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.070] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.070] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.071] CloseHandle (hObject=0x1b4) returned 1 [0049.071] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.071] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 0 [0049.071] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.071] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\LOLKEK.txt") returned 101 [0049.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.072] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.072] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.072] CloseHandle (hObject=0x290) returned 1 [0049.072] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.074] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80db2b00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Favicons", cAlternateFileName="")) returned 1 [0049.074] lstrcmpiW (lpString1="Favicons", lpString2="Windows") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons", lpString2="Program Files") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons", lpString2="Program Files (x86)") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons", lpString2="$Recycle.bin") returned 1 [0049.074] lstrcmpiW (lpString1="Favicons", lpString2="System Volume Information") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons", lpString2=".") returned 1 [0049.074] lstrcmpiW (lpString1="Favicons", lpString2="..") returned 1 [0049.074] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons") returned 88 [0049.074] StrStrIW (lpFirst="Favicons", lpSrch=".lolkek") returned 0x0 [0049.074] lstrcmpW (lpString1="Favicons", lpString2="LOLKEK.txt") returned -1 [0049.074] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons") returned 88 [0049.074] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3dddfe0 [0049.074] lstrcpyW (in: lpString1=0x3dddfe0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" [0049.074] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.074] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.074] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80e97340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Favicons-journal", cAlternateFileName="FAVICO~1")) returned 1 [0049.074] lstrcmpiW (lpString1="Favicons-journal", lpString2="Windows") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons-journal", lpString2="Program Files") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons-journal", lpString2="Program Files (x86)") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons-journal", lpString2="$Recycle.bin") returned 1 [0049.074] lstrcmpiW (lpString1="Favicons-journal", lpString2="System Volume Information") returned -1 [0049.074] lstrcmpiW (lpString1="Favicons-journal", lpString2=".") returned 1 [0049.074] lstrcmpiW (lpString1="Favicons-journal", lpString2="..") returned 1 [0049.074] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal") returned 96 [0049.074] StrStrIW (lpFirst="Favicons-journal", lpSrch=".lolkek") returned 0x0 [0049.074] lstrcmpW (lpString1="Favicons-journal", lpString2="LOLKEK.txt") returned -1 [0049.074] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal") returned 96 [0049.074] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x184) returned 0x3eb7b50 [0049.074] lstrcpyW (in: lpString1=0x3eb7b50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" [0049.074] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.074] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.074] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Profile.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0049.074] lstrcmpiW (lpString1="Google Profile.ico", lpString2="Windows") returned -1 [0049.074] lstrcmpiW (lpString1="Google Profile.ico", lpString2="Program Files") returned -1 [0049.074] lstrcmpiW (lpString1="Google Profile.ico", lpString2="Program Files (x86)") returned -1 [0049.074] lstrcmpiW (lpString1="Google Profile.ico", lpString2="$Recycle.bin") returned 1 [0049.074] lstrcmpiW (lpString1="Google Profile.ico", lpString2="System Volume Information") returned -1 [0049.074] lstrcmpiW (lpString1="Google Profile.ico", lpString2=".") returned 1 [0049.074] lstrcmpiW (lpString1="Google Profile.ico", lpString2="..") returned 1 [0049.074] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico") returned 98 [0049.075] StrStrIW (lpFirst="Google Profile.ico", lpSrch=".lolkek") returned 0x0 [0049.075] lstrcmpW (lpString1="Google Profile.ico", lpString2="LOLKEK.txt") returned -1 [0049.075] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico") returned 98 [0049.075] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3cc1b88 [0049.075] lstrcpyW (in: lpString1=0x3cc1b88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" [0049.075] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.075] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.075] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f47590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History", cAlternateFileName="")) returned 1 [0049.075] lstrcmpiW (lpString1="History", lpString2="Windows") returned -1 [0049.075] lstrcmpiW (lpString1="History", lpString2="Program Files") returned -1 [0049.075] lstrcmpiW (lpString1="History", lpString2="Program Files (x86)") returned -1 [0049.075] lstrcmpiW (lpString1="History", lpString2="$Recycle.bin") returned 1 [0049.075] lstrcmpiW (lpString1="History", lpString2="System Volume Information") returned -1 [0049.075] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0049.075] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0049.075] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History") returned 87 [0049.075] StrStrIW (lpFirst="History", lpSrch=".lolkek") returned 0x0 [0049.075] lstrcmpW (lpString1="History", lpString2="LOLKEK.txt") returned -1 [0049.075] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History") returned 87 [0049.075] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb5cd0 [0049.075] lstrcpyW (in: lpString1=0x3eb5cd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" [0049.075] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.075] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.075] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824d3190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824d3190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b6860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History Provider Cache", cAlternateFileName="HISTOR~2")) returned 1 [0049.075] lstrcmpiW (lpString1="History Provider Cache", lpString2="Windows") returned -1 [0049.075] lstrcmpiW (lpString1="History Provider Cache", lpString2="Program Files") returned -1 [0049.075] lstrcmpiW (lpString1="History Provider Cache", lpString2="Program Files (x86)") returned -1 [0049.075] lstrcmpiW (lpString1="History Provider Cache", lpString2="$Recycle.bin") returned 1 [0049.075] lstrcmpiW (lpString1="History Provider Cache", lpString2="System Volume Information") returned -1 [0049.075] lstrcmpiW (lpString1="History Provider Cache", lpString2=".") returned 1 [0049.075] lstrcmpiW (lpString1="History Provider Cache", lpString2="..") returned 1 [0049.075] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache") returned 102 [0049.075] StrStrIW (lpFirst="History Provider Cache", lpSrch=".lolkek") returned 0x0 [0049.075] lstrcmpW (lpString1="History Provider Cache", lpString2="LOLKEK.txt") returned -1 [0049.075] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache") returned 102 [0049.075] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x618968 [0049.075] lstrcpyW (in: lpString1=0x618968, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" [0049.075] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.075] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.075] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f6d6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History-journal", cAlternateFileName="HISTOR~1")) returned 1 [0049.075] lstrcmpiW (lpString1="History-journal", lpString2="Windows") returned -1 [0049.075] lstrcmpiW (lpString1="History-journal", lpString2="Program Files") returned -1 [0049.075] lstrcmpiW (lpString1="History-journal", lpString2="Program Files (x86)") returned -1 [0049.075] lstrcmpiW (lpString1="History-journal", lpString2="$Recycle.bin") returned 1 [0049.076] lstrcmpiW (lpString1="History-journal", lpString2="System Volume Information") returned -1 [0049.076] lstrcmpiW (lpString1="History-journal", lpString2=".") returned 1 [0049.076] lstrcmpiW (lpString1="History-journal", lpString2="..") returned 1 [0049.076] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal") returned 95 [0049.076] StrStrIW (lpFirst="History-journal", lpSrch=".lolkek") returned 0x0 [0049.076] lstrcmpW (lpString1="History-journal", lpString2="LOLKEK.txt") returned -1 [0049.076] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal") returned 95 [0049.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x3de05a0 [0049.076] lstrcpyW (in: lpString1=0x3de05a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" [0049.076] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.076] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.076] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JumpListIcons", cAlternateFileName="JUMPLI~2")) returned 1 [0049.076] lstrcmpiW (lpString1="JumpListIcons", lpString2="Windows") returned -1 [0049.076] lstrcmpiW (lpString1="JumpListIcons", lpString2="Program Files") returned -1 [0049.076] lstrcmpiW (lpString1="JumpListIcons", lpString2="Program Files (x86)") returned -1 [0049.076] lstrcmpiW (lpString1="JumpListIcons", lpString2="$Recycle.bin") returned 1 [0049.076] lstrcmpiW (lpString1="JumpListIcons", lpString2="System Volume Information") returned -1 [0049.076] lstrcmpiW (lpString1="JumpListIcons", lpString2=".") returned 1 [0049.076] lstrcmpiW (lpString1="JumpListIcons", lpString2="..") returned 1 [0049.076] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned 93 [0049.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.076] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons" [0049.076] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*" [0049.076] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.077] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.077] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.077] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.077] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.078] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.078] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.078] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.078] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.078] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.078] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.078] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.078] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.078] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.078] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.078] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A058.tmp", cAlternateFileName="")) returned 1 [0049.078] lstrcmpiW (lpString1="A058.tmp", lpString2="Windows") returned -1 [0049.078] lstrcmpiW (lpString1="A058.tmp", lpString2="Program Files") returned -1 [0049.078] lstrcmpiW (lpString1="A058.tmp", lpString2="Program Files (x86)") returned -1 [0049.078] lstrcmpiW (lpString1="A058.tmp", lpString2="$Recycle.bin") returned 1 [0049.078] lstrcmpiW (lpString1="A058.tmp", lpString2="System Volume Information") returned -1 [0049.078] lstrcmpiW (lpString1="A058.tmp", lpString2=".") returned 1 [0049.078] lstrcmpiW (lpString1="A058.tmp", lpString2="..") returned 1 [0049.078] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp") returned 102 [0049.078] StrStrIW (lpFirst="A058.tmp", lpSrch=".lolkek") returned 0x0 [0049.078] lstrcmpW (lpString1="A058.tmp", lpString2="LOLKEK.txt") returned -1 [0049.078] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp") returned 102 [0049.078] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x635d08 [0049.078] lstrcpyW (in: lpString1=0x635d08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" [0049.078] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.078] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.078] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A059.tmp", cAlternateFileName="")) returned 1 [0049.078] lstrcmpiW (lpString1="A059.tmp", lpString2="Windows") returned -1 [0049.078] lstrcmpiW (lpString1="A059.tmp", lpString2="Program Files") returned -1 [0049.078] lstrcmpiW (lpString1="A059.tmp", lpString2="Program Files (x86)") returned -1 [0049.078] lstrcmpiW (lpString1="A059.tmp", lpString2="$Recycle.bin") returned 1 [0049.078] lstrcmpiW (lpString1="A059.tmp", lpString2="System Volume Information") returned -1 [0049.078] lstrcmpiW (lpString1="A059.tmp", lpString2=".") returned 1 [0049.078] lstrcmpiW (lpString1="A059.tmp", lpString2="..") returned 1 [0049.078] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp") returned 102 [0049.078] StrStrIW (lpFirst="A059.tmp", lpSrch=".lolkek") returned 0x0 [0049.078] lstrcmpW (lpString1="A059.tmp", lpString2="LOLKEK.txt") returned -1 [0049.078] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp") returned 102 [0049.078] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x66b780 [0049.078] lstrcpyW (in: lpString1=0x66b780, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" [0049.078] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.078] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.078] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A059.tmp", cAlternateFileName="")) returned 0 [0049.078] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.079] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\LOLKEK.txt") returned 104 [0049.079] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.079] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.079] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.080] CloseHandle (hObject=0x1b4) returned 1 [0049.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.080] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JumpListIconsOld", cAlternateFileName="JUMPLI~1")) returned 1 [0049.080] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="Windows") returned -1 [0049.080] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="Program Files") returned -1 [0049.080] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="Program Files (x86)") returned -1 [0049.080] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="$Recycle.bin") returned 1 [0049.080] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="System Volume Information") returned -1 [0049.080] lstrcmpiW (lpString1="JumpListIconsOld", lpString2=".") returned 1 [0049.080] lstrcmpiW (lpString1="JumpListIconsOld", lpString2="..") returned 1 [0049.080] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned 96 [0049.080] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.080] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" [0049.080] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*" [0049.080] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.080] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.080] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.080] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.080] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.080] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.080] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.080] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.080] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.080] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.081] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.081] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.081] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.081] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.081] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.081] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2B03.tmp", cAlternateFileName="")) returned 1 [0049.081] lstrcmpiW (lpString1="2B03.tmp", lpString2="Windows") returned -1 [0049.081] lstrcmpiW (lpString1="2B03.tmp", lpString2="Program Files") returned -1 [0049.081] lstrcmpiW (lpString1="2B03.tmp", lpString2="Program Files (x86)") returned -1 [0049.081] lstrcmpiW (lpString1="2B03.tmp", lpString2="$Recycle.bin") returned 1 [0049.081] lstrcmpiW (lpString1="2B03.tmp", lpString2="System Volume Information") returned -1 [0049.081] lstrcmpiW (lpString1="2B03.tmp", lpString2=".") returned 1 [0049.081] lstrcmpiW (lpString1="2B03.tmp", lpString2="..") returned 1 [0049.081] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp") returned 105 [0049.081] StrStrIW (lpFirst="2B03.tmp", lpSrch=".lolkek") returned 0x0 [0049.081] lstrcmpW (lpString1="2B03.tmp", lpString2="LOLKEK.txt") returned -1 [0049.081] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp") returned 105 [0049.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x3dd7b20 [0049.081] lstrcpyW (in: lpString1=0x3dd7b20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" [0049.081] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.081] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.081] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2B04.tmp", cAlternateFileName="")) returned 1 [0049.081] lstrcmpiW (lpString1="2B04.tmp", lpString2="Windows") returned -1 [0049.081] lstrcmpiW (lpString1="2B04.tmp", lpString2="Program Files") returned -1 [0049.081] lstrcmpiW (lpString1="2B04.tmp", lpString2="Program Files (x86)") returned -1 [0049.081] lstrcmpiW (lpString1="2B04.tmp", lpString2="$Recycle.bin") returned 1 [0049.081] lstrcmpiW (lpString1="2B04.tmp", lpString2="System Volume Information") returned -1 [0049.081] lstrcmpiW (lpString1="2B04.tmp", lpString2=".") returned 1 [0049.081] lstrcmpiW (lpString1="2B04.tmp", lpString2="..") returned 1 [0049.081] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp") returned 105 [0049.081] StrStrIW (lpFirst="2B04.tmp", lpSrch=".lolkek") returned 0x0 [0049.081] lstrcmpW (lpString1="2B04.tmp", lpString2="LOLKEK.txt") returned -1 [0049.081] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp") returned 105 [0049.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x658950 [0049.081] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" [0049.081] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.081] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.081] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2B04.tmp", cAlternateFileName="")) returned 0 [0049.081] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.081] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\LOLKEK.txt") returned 107 [0049.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.082] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.082] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.082] CloseHandle (hObject=0x1b4) returned 1 [0049.082] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.082] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Local Extension Settings", cAlternateFileName="LOCALE~1")) returned 1 [0049.083] lstrcmpiW (lpString1="Local Extension Settings", lpString2="Windows") returned -1 [0049.083] lstrcmpiW (lpString1="Local Extension Settings", lpString2="Program Files") returned -1 [0049.083] lstrcmpiW (lpString1="Local Extension Settings", lpString2="Program Files (x86)") returned -1 [0049.083] lstrcmpiW (lpString1="Local Extension Settings", lpString2="$Recycle.bin") returned 1 [0049.083] lstrcmpiW (lpString1="Local Extension Settings", lpString2="System Volume Information") returned -1 [0049.083] lstrcmpiW (lpString1="Local Extension Settings", lpString2=".") returned 1 [0049.083] lstrcmpiW (lpString1="Local Extension Settings", lpString2="..") returned 1 [0049.083] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned 104 [0049.083] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.083] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" [0049.083] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*" [0049.083] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.083] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.083] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.083] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.083] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.083] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.083] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.083] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.083] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.083] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.083] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.083] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.083] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.083] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.083] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.083] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0049.083] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="Windows") returned -1 [0049.083] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="Program Files") returned -1 [0049.083] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="Program Files (x86)") returned -1 [0049.083] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="$Recycle.bin") returned 1 [0049.083] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="System Volume Information") returned -1 [0049.083] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2=".") returned 1 [0049.083] lstrcmpiW (lpString1="ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="..") returned 1 [0049.083] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned 137 [0049.083] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.084] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" [0049.084] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*" [0049.084] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.090] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.091] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.091] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.091] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.091] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.091] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.091] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.091] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.091] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.091] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.091] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.091] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.091] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.091] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.091] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86513570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="000003.log", cAlternateFileName="")) returned 1 [0049.091] lstrcmpiW (lpString1="000003.log", lpString2="Windows") returned -1 [0049.091] lstrcmpiW (lpString1="000003.log", lpString2="Program Files") returned -1 [0049.091] lstrcmpiW (lpString1="000003.log", lpString2="Program Files (x86)") returned -1 [0049.091] lstrcmpiW (lpString1="000003.log", lpString2="$Recycle.bin") returned 1 [0049.091] lstrcmpiW (lpString1="000003.log", lpString2="System Volume Information") returned -1 [0049.091] lstrcmpiW (lpString1="000003.log", lpString2=".") returned 1 [0049.091] lstrcmpiW (lpString1="000003.log", lpString2="..") returned 1 [0049.091] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log") returned 148 [0049.091] StrStrIW (lpFirst="000003.log", lpSrch=".lolkek") returned 0x0 [0049.091] lstrcmpW (lpString1="000003.log", lpString2="LOLKEK.txt") returned -1 [0049.091] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log") returned 148 [0049.091] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x254) returned 0x618c88 [0049.091] lstrcpyW (in: lpString1=0x618c88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" [0049.091] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.091] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.091] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0049.091] lstrcmpiW (lpString1="CURRENT", lpString2="Windows") returned -1 [0049.091] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files") returned -1 [0049.091] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files (x86)") returned -1 [0049.091] lstrcmpiW (lpString1="CURRENT", lpString2="$Recycle.bin") returned 1 [0049.091] lstrcmpiW (lpString1="CURRENT", lpString2="System Volume Information") returned -1 [0049.091] lstrcmpiW (lpString1="CURRENT", lpString2=".") returned 1 [0049.091] lstrcmpiW (lpString1="CURRENT", lpString2="..") returned 1 [0049.091] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT") returned 145 [0049.091] StrStrIW (lpFirst="CURRENT", lpSrch=".lolkek") returned 0x0 [0049.091] lstrcmpW (lpString1="CURRENT", lpString2="LOLKEK.txt") returned -1 [0049.091] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT") returned 145 [0049.091] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x248) returned 0x3ddd7b0 [0049.091] lstrcpyW (in: lpString1=0x3ddd7b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" [0049.091] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.092] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.092] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOCK", cAlternateFileName="")) returned 1 [0049.092] lstrcmpiW (lpString1="LOCK", lpString2="Windows") returned -1 [0049.092] lstrcmpiW (lpString1="LOCK", lpString2="Program Files") returned -1 [0049.092] lstrcmpiW (lpString1="LOCK", lpString2="Program Files (x86)") returned -1 [0049.092] lstrcmpiW (lpString1="LOCK", lpString2="$Recycle.bin") returned 1 [0049.092] lstrcmpiW (lpString1="LOCK", lpString2="System Volume Information") returned -1 [0049.092] lstrcmpiW (lpString1="LOCK", lpString2=".") returned 1 [0049.092] lstrcmpiW (lpString1="LOCK", lpString2="..") returned 1 [0049.092] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK") returned 142 [0049.092] StrStrIW (lpFirst="LOCK", lpSrch=".lolkek") returned 0x0 [0049.092] lstrcmpW (lpString1="LOCK", lpString2="LOLKEK.txt") returned -1 [0049.092] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK") returned 142 [0049.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x23c) returned 0x3cc9da0 [0049.092] lstrcpyW (in: lpString1=0x3cc9da0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" [0049.092] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.092] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.092] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97256fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOG", cAlternateFileName="")) returned 1 [0049.092] lstrcmpiW (lpString1="LOG", lpString2="Windows") returned -1 [0049.092] lstrcmpiW (lpString1="LOG", lpString2="Program Files") returned -1 [0049.092] lstrcmpiW (lpString1="LOG", lpString2="Program Files (x86)") returned -1 [0049.092] lstrcmpiW (lpString1="LOG", lpString2="$Recycle.bin") returned 1 [0049.092] lstrcmpiW (lpString1="LOG", lpString2="System Volume Information") returned -1 [0049.092] lstrcmpiW (lpString1="LOG", lpString2=".") returned 1 [0049.092] lstrcmpiW (lpString1="LOG", lpString2="..") returned 1 [0049.092] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG") returned 141 [0049.092] StrStrIW (lpFirst="LOG", lpSrch=".lolkek") returned 0x0 [0049.092] lstrcmpW (lpString1="LOG", lpString2="LOLKEK.txt") returned -1 [0049.092] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG") returned 141 [0049.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x697d88 [0049.092] lstrcpyW (in: lpString1=0x697d88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" [0049.092] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.092] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.092] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0049.092] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Windows") returned -1 [0049.092] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files") returned -1 [0049.092] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files (x86)") returned -1 [0049.092] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="$Recycle.bin") returned 1 [0049.092] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="System Volume Information") returned -1 [0049.092] lstrcmpiW (lpString1="MANIFEST-000001", lpString2=".") returned 1 [0049.092] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="..") returned 1 [0049.092] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001") returned 153 [0049.092] StrStrIW (lpFirst="MANIFEST-000001", lpSrch=".lolkek") returned 0x0 [0049.092] lstrcmpW (lpString1="MANIFEST-000001", lpString2="LOLKEK.txt") returned 1 [0049.092] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001") returned 153 [0049.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x268) returned 0x631ed0 [0049.093] lstrcpyW (in: lpString1=0x631ed0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" [0049.093] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.093] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.093] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0049.093] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.093] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOLKEK.txt") returned 148 [0049.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.094] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.094] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.095] CloseHandle (hObject=0x25c) returned 1 [0049.095] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.095] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 0 [0049.095] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.095] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\LOLKEK.txt") returned 115 [0049.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.095] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.096] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.096] CloseHandle (hObject=0x1b4) returned 1 [0049.096] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.096] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Local Storage", cAlternateFileName="LOCALS~1")) returned 1 [0049.096] lstrcmpiW (lpString1="Local Storage", lpString2="Windows") returned -1 [0049.096] lstrcmpiW (lpString1="Local Storage", lpString2="Program Files") returned -1 [0049.096] lstrcmpiW (lpString1="Local Storage", lpString2="Program Files (x86)") returned -1 [0049.096] lstrcmpiW (lpString1="Local Storage", lpString2="$Recycle.bin") returned 1 [0049.096] lstrcmpiW (lpString1="Local Storage", lpString2="System Volume Information") returned -1 [0049.096] lstrcmpiW (lpString1="Local Storage", lpString2=".") returned 1 [0049.096] lstrcmpiW (lpString1="Local Storage", lpString2="..") returned 1 [0049.096] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage") returned 93 [0049.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.096] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage" [0049.096] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*" [0049.096] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.098] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.098] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.098] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.098] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.098] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.098] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.098] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.098] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.098] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.098] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.098] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.098] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.098] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.098] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.098] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9048b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", cAlternateFileName="CHROME~1.LOC")) returned 1 [0049.098] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2="Windows") returned -1 [0049.098] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2="Program Files") returned -1 [0049.098] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2="Program Files (x86)") returned -1 [0049.098] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2="$Recycle.bin") returned 1 [0049.098] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2="System Volume Information") returned -1 [0049.098] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2=".") returned 1 [0049.098] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2="..") returned 1 [0049.098] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage") returned 158 [0049.098] StrStrIW (lpFirst="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpSrch=".lolkek") returned 0x0 [0049.099] lstrcmpW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", lpString2="LOLKEK.txt") returned -1 [0049.099] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage") returned 158 [0049.099] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x27c) returned 0x3eb7f88 [0049.099] lstrcpyW (in: lpString1=0x3eb7f88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" [0049.099] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.099] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.099] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x904b1a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", cAlternateFileName="CHROME~2.LOC")) returned 1 [0049.099] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2="Windows") returned -1 [0049.099] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2="Program Files") returned -1 [0049.099] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2="Program Files (x86)") returned -1 [0049.099] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2="$Recycle.bin") returned 1 [0049.099] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2="System Volume Information") returned -1 [0049.099] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2=".") returned 1 [0049.099] lstrcmpiW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2="..") returned 1 [0049.099] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal") returned 166 [0049.099] StrStrIW (lpFirst="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpSrch=".lolkek") returned 0x0 [0049.099] lstrcmpW (lpString1="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", lpString2="LOLKEK.txt") returned -1 [0049.099] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal") returned 166 [0049.099] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29c) returned 0x67cd50 [0049.099] lstrcpyW (in: lpString1=0x67cd50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" [0049.099] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.099] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.099] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x904b1a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", cAlternateFileName="CHROME~2.LOC")) returned 0 [0049.099] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.100] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\LOLKEK.txt") returned 104 [0049.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.100] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.100] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.101] CloseHandle (hObject=0x1b4) returned 1 [0049.101] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.101] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Login Data", cAlternateFileName="LOGIND~1")) returned 1 [0049.101] lstrcmpiW (lpString1="Login Data", lpString2="Windows") returned -1 [0049.101] lstrcmpiW (lpString1="Login Data", lpString2="Program Files") returned -1 [0049.101] lstrcmpiW (lpString1="Login Data", lpString2="Program Files (x86)") returned -1 [0049.101] lstrcmpiW (lpString1="Login Data", lpString2="$Recycle.bin") returned 1 [0049.101] lstrcmpiW (lpString1="Login Data", lpString2="System Volume Information") returned -1 [0049.101] lstrcmpiW (lpString1="Login Data", lpString2=".") returned 1 [0049.101] lstrcmpiW (lpString1="Login Data", lpString2="..") returned 1 [0049.101] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 90 [0049.101] StrStrIW (lpFirst="Login Data", lpSrch=".lolkek") returned 0x0 [0049.101] lstrcmpW (lpString1="Login Data", lpString2="LOLKEK.txt") returned -1 [0049.101] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned 90 [0049.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16c) returned 0x3bf1208 [0049.101] lstrcpyW (in: lpString1=0x3bf1208, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" [0049.101] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.102] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.102] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Login Data-journal", cAlternateFileName="LOGIND~2")) returned 1 [0049.102] lstrcmpiW (lpString1="Login Data-journal", lpString2="Windows") returned -1 [0049.102] lstrcmpiW (lpString1="Login Data-journal", lpString2="Program Files") returned -1 [0049.102] lstrcmpiW (lpString1="Login Data-journal", lpString2="Program Files (x86)") returned -1 [0049.102] lstrcmpiW (lpString1="Login Data-journal", lpString2="$Recycle.bin") returned 1 [0049.102] lstrcmpiW (lpString1="Login Data-journal", lpString2="System Volume Information") returned -1 [0049.102] lstrcmpiW (lpString1="Login Data-journal", lpString2=".") returned 1 [0049.102] lstrcmpiW (lpString1="Login Data-journal", lpString2="..") returned 1 [0049.102] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 98 [0049.102] StrStrIW (lpFirst="Login Data-journal", lpSrch=".lolkek") returned 0x0 [0049.102] lstrcmpW (lpString1="Login Data-journal", lpString2="LOLKEK.txt") returned -1 [0049.102] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 98 [0049.102] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x62c750 [0049.102] lstrcpyW (in: lpString1=0x62c750, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" [0049.102] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.102] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.102] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Network Action Predictor", cAlternateFileName="NETWOR~1")) returned 1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor", lpString2="Windows") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor", lpString2="Program Files") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor", lpString2="Program Files (x86)") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor", lpString2="$Recycle.bin") returned 1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor", lpString2="System Volume Information") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor", lpString2=".") returned 1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor", lpString2="..") returned 1 [0049.102] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor") returned 104 [0049.102] StrStrIW (lpFirst="Network Action Predictor", lpSrch=".lolkek") returned 0x0 [0049.102] lstrcmpW (lpString1="Network Action Predictor", lpString2="LOLKEK.txt") returned 1 [0049.102] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor") returned 104 [0049.102] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3de0f28 [0049.102] lstrcpyW (in: lpString1=0x3de0f28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" [0049.102] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.102] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.102] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8262ad90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Network Action Predictor-journal", cAlternateFileName="NETWOR~2")) returned 1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor-journal", lpString2="Windows") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor-journal", lpString2="Program Files") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor-journal", lpString2="Program Files (x86)") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor-journal", lpString2="$Recycle.bin") returned 1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor-journal", lpString2="System Volume Information") returned -1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor-journal", lpString2=".") returned 1 [0049.102] lstrcmpiW (lpString1="Network Action Predictor-journal", lpString2="..") returned 1 [0049.102] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal") returned 112 [0049.102] StrStrIW (lpFirst="Network Action Predictor-journal", lpSrch=".lolkek") returned 0x0 [0049.102] lstrcmpW (lpString1="Network Action Predictor-journal", lpString2="LOLKEK.txt") returned 1 [0049.102] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal") returned 112 [0049.102] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c4) returned 0x3e368e0 [0049.102] lstrcpyW (in: lpString1=0x3e368e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" [0049.103] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.103] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.103] lstrcmpiW (lpString1="Network Persistent State", lpString2="Windows") returned -1 [0049.103] lstrcmpiW (lpString1="Network Persistent State", lpString2="Program Files") returned -1 [0049.103] lstrcmpiW (lpString1="Network Persistent State", lpString2="Program Files (x86)") returned -1 [0049.103] lstrcmpiW (lpString1="Network Persistent State", lpString2="$Recycle.bin") returned 1 [0049.103] lstrcmpiW (lpString1="Network Persistent State", lpString2="System Volume Information") returned -1 [0049.103] lstrcmpiW (lpString1="Network Persistent State", lpString2=".") returned 1 [0049.103] lstrcmpiW (lpString1="Network Persistent State", lpString2="..") returned 1 [0049.103] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State") returned 104 [0049.103] StrStrIW (lpFirst="Network Persistent State", lpSrch=".lolkek") returned 0x0 [0049.103] lstrcmpW (lpString1="Network Persistent State", lpString2="LOLKEK.txt") returned 1 [0049.103] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State") returned 104 [0049.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3e34ee0 [0049.103] lstrcpyW (in: lpString1=0x3e34ee0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" [0049.103] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.103] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="Windows") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="Program Files") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="Program Files (x86)") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="$Recycle.bin") returned 1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="System Volume Information") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs", lpString2=".") returned 1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs", lpString2="..") returned 1 [0049.103] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs") returned 98 [0049.103] StrStrIW (lpFirst="Origin Bound Certs", lpSrch=".lolkek") returned 0x0 [0049.103] lstrcmpW (lpString1="Origin Bound Certs", lpString2="LOLKEK.txt") returned 1 [0049.103] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs") returned 98 [0049.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x6986c8 [0049.103] lstrcpyW (in: lpString1=0x6986c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" [0049.103] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.103] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs-journal", lpString2="Windows") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs-journal", lpString2="Program Files") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs-journal", lpString2="Program Files (x86)") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs-journal", lpString2="$Recycle.bin") returned 1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs-journal", lpString2="System Volume Information") returned -1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs-journal", lpString2=".") returned 1 [0049.103] lstrcmpiW (lpString1="Origin Bound Certs-journal", lpString2="..") returned 1 [0049.103] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal") returned 106 [0049.103] StrStrIW (lpFirst="Origin Bound Certs-journal", lpSrch=".lolkek") returned 0x0 [0049.104] lstrcmpW (lpString1="Origin Bound Certs-journal", lpString2="LOLKEK.txt") returned 1 [0049.104] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal") returned 106 [0049.104] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3c94d38 [0049.104] lstrcpyW (in: lpString1=0x3c94d38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" [0049.104] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.104] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.104] lstrcmpiW (lpString1="Preferences", lpString2="Windows") returned -1 [0049.104] lstrcmpiW (lpString1="Preferences", lpString2="Program Files") returned -1 [0049.104] lstrcmpiW (lpString1="Preferences", lpString2="Program Files (x86)") returned -1 [0049.104] lstrcmpiW (lpString1="Preferences", lpString2="$Recycle.bin") returned 1 [0049.104] lstrcmpiW (lpString1="Preferences", lpString2="System Volume Information") returned -1 [0049.104] lstrcmpiW (lpString1="Preferences", lpString2=".") returned 1 [0049.104] lstrcmpiW (lpString1="Preferences", lpString2="..") returned 1 [0049.104] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences") returned 91 [0049.104] StrStrIW (lpFirst="Preferences", lpSrch=".lolkek") returned 0x0 [0049.104] lstrcmpW (lpString1="Preferences", lpString2="LOLKEK.txt") returned 1 [0049.104] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences") returned 91 [0049.104] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x698ba8 [0049.104] lstrcpyW (in: lpString1=0x698ba8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" [0049.104] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.104] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db", lpString2="Windows") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db", lpString2="Program Files") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db", lpString2="Program Files (x86)") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db", lpString2="$Recycle.bin") returned 1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db", lpString2="System Volume Information") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db", lpString2=".") returned 1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db", lpString2="..") returned 1 [0049.104] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db") returned 99 [0049.104] StrStrIW (lpFirst="previews_opt_out.db", lpSrch=".lolkek") returned 0x0 [0049.104] lstrcmpW (lpString1="previews_opt_out.db", lpString2="LOLKEK.txt") returned 1 [0049.104] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db") returned 99 [0049.104] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x62f8a0 [0049.104] lstrcpyW (in: lpString1=0x62f8a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" [0049.104] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.104] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db-journal", lpString2="Windows") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db-journal", lpString2="Program Files") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db-journal", lpString2="Program Files (x86)") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db-journal", lpString2="$Recycle.bin") returned 1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db-journal", lpString2="System Volume Information") returned -1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db-journal", lpString2=".") returned 1 [0049.104] lstrcmpiW (lpString1="previews_opt_out.db-journal", lpString2="..") returned 1 [0049.104] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal") returned 107 [0049.105] StrStrIW (lpFirst="previews_opt_out.db-journal", lpSrch=".lolkek") returned 0x0 [0049.105] lstrcmpW (lpString1="previews_opt_out.db-journal", lpString2="LOLKEK.txt") returned 1 [0049.105] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal") returned 107 [0049.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x5c2078 [0049.105] lstrcpyW (in: lpString1=0x5c2078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" [0049.105] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.105] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.105] lstrcmpiW (lpString1="QuotaManager", lpString2="Windows") returned -1 [0049.105] lstrcmpiW (lpString1="QuotaManager", lpString2="Program Files") returned 1 [0049.105] lstrcmpiW (lpString1="QuotaManager", lpString2="Program Files (x86)") returned 1 [0049.105] lstrcmpiW (lpString1="QuotaManager", lpString2="$Recycle.bin") returned 1 [0049.105] lstrcmpiW (lpString1="QuotaManager", lpString2="System Volume Information") returned -1 [0049.105] lstrcmpiW (lpString1="QuotaManager", lpString2=".") returned 1 [0049.105] lstrcmpiW (lpString1="QuotaManager", lpString2="..") returned 1 [0049.105] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager") returned 92 [0049.105] StrStrIW (lpFirst="QuotaManager", lpSrch=".lolkek") returned 0x0 [0049.105] lstrcmpW (lpString1="QuotaManager", lpString2="LOLKEK.txt") returned 1 [0049.105] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager") returned 92 [0049.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x3ec75e8 [0049.105] lstrcpyW (in: lpString1=0x3ec75e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" [0049.105] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.105] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.107] lstrcmpiW (lpString1="QuotaManager-journal", lpString2="Windows") returned -1 [0049.107] lstrcmpiW (lpString1="QuotaManager-journal", lpString2="Program Files") returned 1 [0049.107] lstrcmpiW (lpString1="QuotaManager-journal", lpString2="Program Files (x86)") returned 1 [0049.107] lstrcmpiW (lpString1="QuotaManager-journal", lpString2="$Recycle.bin") returned 1 [0049.107] lstrcmpiW (lpString1="QuotaManager-journal", lpString2="System Volume Information") returned -1 [0049.107] lstrcmpiW (lpString1="QuotaManager-journal", lpString2=".") returned 1 [0049.107] lstrcmpiW (lpString1="QuotaManager-journal", lpString2="..") returned 1 [0049.107] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal") returned 100 [0049.107] StrStrIW (lpFirst="QuotaManager-journal", lpSrch=".lolkek") returned 0x0 [0049.107] lstrcmpW (lpString1="QuotaManager-journal", lpString2="LOLKEK.txt") returned 1 [0049.107] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal") returned 100 [0049.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x67cff8 [0049.107] lstrcpyW (in: lpString1=0x67cff8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" [0049.107] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.107] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.107] lstrcmpiW (lpString1="README", lpString2="Windows") returned -1 [0049.107] lstrcmpiW (lpString1="README", lpString2="Program Files") returned 1 [0049.107] lstrcmpiW (lpString1="README", lpString2="Program Files (x86)") returned 1 [0049.107] lstrcmpiW (lpString1="README", lpString2="$Recycle.bin") returned 1 [0049.107] lstrcmpiW (lpString1="README", lpString2="System Volume Information") returned -1 [0049.107] lstrcmpiW (lpString1="README", lpString2=".") returned 1 [0049.107] lstrcmpiW (lpString1="README", lpString2="..") returned 1 [0049.107] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README") returned 86 [0049.107] StrStrIW (lpFirst="README", lpSrch=".lolkek") returned 0x0 [0049.108] lstrcmpW (lpString1="README", lpString2="LOLKEK.txt") returned 1 [0049.108] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README") returned 86 [0049.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb5b68 [0049.108] lstrcpyW (in: lpString1=0x3eb5b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" [0049.108] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.108] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.108] lstrcmpiW (lpString1="Secure Preferences", lpString2="Windows") returned -1 [0049.108] lstrcmpiW (lpString1="Secure Preferences", lpString2="Program Files") returned 1 [0049.108] lstrcmpiW (lpString1="Secure Preferences", lpString2="Program Files (x86)") returned 1 [0049.108] lstrcmpiW (lpString1="Secure Preferences", lpString2="$Recycle.bin") returned 1 [0049.108] lstrcmpiW (lpString1="Secure Preferences", lpString2="System Volume Information") returned -1 [0049.108] lstrcmpiW (lpString1="Secure Preferences", lpString2=".") returned 1 [0049.108] lstrcmpiW (lpString1="Secure Preferences", lpString2="..") returned 1 [0049.108] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences") returned 98 [0049.108] StrStrIW (lpFirst="Secure Preferences", lpSrch=".lolkek") returned 0x0 [0049.108] lstrcmpW (lpString1="Secure Preferences", lpString2="LOLKEK.txt") returned 1 [0049.108] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences") returned 98 [0049.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x67d198 [0049.108] lstrcpyW (in: lpString1=0x67d198, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" [0049.108] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.108] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts", lpString2="Windows") returned -1 [0049.108] lstrcmpiW (lpString1="Shortcuts", lpString2="Program Files") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts", lpString2="Program Files (x86)") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts", lpString2="$Recycle.bin") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts", lpString2="System Volume Information") returned -1 [0049.108] lstrcmpiW (lpString1="Shortcuts", lpString2=".") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts", lpString2="..") returned 1 [0049.108] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts") returned 89 [0049.108] StrStrIW (lpFirst="Shortcuts", lpSrch=".lolkek") returned 0x0 [0049.108] lstrcmpW (lpString1="Shortcuts", lpString2="LOLKEK.txt") returned 1 [0049.108] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts") returned 89 [0049.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x3c948d8 [0049.108] lstrcpyW (in: lpString1=0x3c948d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" [0049.108] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.108] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts-journal", lpString2="Windows") returned -1 [0049.108] lstrcmpiW (lpString1="Shortcuts-journal", lpString2="Program Files") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts-journal", lpString2="Program Files (x86)") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts-journal", lpString2="$Recycle.bin") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts-journal", lpString2="System Volume Information") returned -1 [0049.108] lstrcmpiW (lpString1="Shortcuts-journal", lpString2=".") returned 1 [0049.108] lstrcmpiW (lpString1="Shortcuts-journal", lpString2="..") returned 1 [0049.109] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal") returned 97 [0049.109] StrStrIW (lpFirst="Shortcuts-journal", lpSrch=".lolkek") returned 0x0 [0049.109] lstrcmpW (lpString1="Shortcuts-journal", lpString2="LOLKEK.txt") returned 1 [0049.109] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal") returned 97 [0049.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x60c608 [0049.109] lstrcpyW (in: lpString1=0x60c608, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" [0049.109] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.109] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.109] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="Windows") returned -1 [0049.109] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="Program Files") returned 1 [0049.109] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="Program Files (x86)") returned 1 [0049.109] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="$Recycle.bin") returned 1 [0049.109] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="System Volume Information") returned -1 [0049.109] lstrcmpiW (lpString1="Sync Extension Settings", lpString2=".") returned 1 [0049.109] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="..") returned 1 [0049.109] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned 103 [0049.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.109] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0049.109] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*" [0049.109] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.109] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.109] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.109] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.109] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.109] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.109] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.109] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.109] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.109] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.109] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.109] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.109] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.109] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.109] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="Windows") returned -1 [0049.109] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="Program Files") returned -1 [0049.109] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="Program Files (x86)") returned -1 [0049.109] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="$Recycle.bin") returned 1 [0049.109] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="System Volume Information") returned -1 [0049.110] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2=".") returned 1 [0049.110] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="..") returned 1 [0049.110] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 136 [0049.110] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.110] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0049.110] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*" [0049.110] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.113] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.113] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.113] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.113] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.113] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.113] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.113] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.113] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.113] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.113] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.113] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.113] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.113] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.113] lstrcmpiW (lpString1="000003.log", lpString2="Windows") returned -1 [0049.113] lstrcmpiW (lpString1="000003.log", lpString2="Program Files") returned -1 [0049.113] lstrcmpiW (lpString1="000003.log", lpString2="Program Files (x86)") returned -1 [0049.113] lstrcmpiW (lpString1="000003.log", lpString2="$Recycle.bin") returned 1 [0049.113] lstrcmpiW (lpString1="000003.log", lpString2="System Volume Information") returned -1 [0049.113] lstrcmpiW (lpString1="000003.log", lpString2=".") returned 1 [0049.113] lstrcmpiW (lpString1="000003.log", lpString2="..") returned 1 [0049.113] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log") returned 147 [0049.113] StrStrIW (lpFirst="000003.log", lpSrch=".lolkek") returned 0x0 [0049.113] lstrcmpW (lpString1="000003.log", lpString2="LOLKEK.txt") returned -1 [0049.113] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log") returned 147 [0049.113] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x250) returned 0x60c798 [0049.114] lstrcpyW (in: lpString1=0x60c798, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" [0049.114] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.114] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.114] lstrcmpiW (lpString1="CURRENT", lpString2="Windows") returned -1 [0049.114] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files") returned -1 [0049.114] lstrcmpiW (lpString1="CURRENT", lpString2="Program Files (x86)") returned -1 [0049.114] lstrcmpiW (lpString1="CURRENT", lpString2="$Recycle.bin") returned 1 [0049.114] lstrcmpiW (lpString1="CURRENT", lpString2="System Volume Information") returned -1 [0049.114] lstrcmpiW (lpString1="CURRENT", lpString2=".") returned 1 [0049.114] lstrcmpiW (lpString1="CURRENT", lpString2="..") returned 1 [0049.114] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT") returned 144 [0049.114] StrStrIW (lpFirst="CURRENT", lpSrch=".lolkek") returned 0x0 [0049.114] lstrcmpW (lpString1="CURRENT", lpString2="LOLKEK.txt") returned -1 [0049.114] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT") returned 144 [0049.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x244) returned 0x60c9f0 [0049.114] lstrcpyW (in: lpString1=0x60c9f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" [0049.114] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.114] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.114] lstrcmpiW (lpString1="LOCK", lpString2="Windows") returned -1 [0049.114] lstrcmpiW (lpString1="LOCK", lpString2="Program Files") returned -1 [0049.114] lstrcmpiW (lpString1="LOCK", lpString2="Program Files (x86)") returned -1 [0049.114] lstrcmpiW (lpString1="LOCK", lpString2="$Recycle.bin") returned 1 [0049.114] lstrcmpiW (lpString1="LOCK", lpString2="System Volume Information") returned -1 [0049.114] lstrcmpiW (lpString1="LOCK", lpString2=".") returned 1 [0049.114] lstrcmpiW (lpString1="LOCK", lpString2="..") returned 1 [0049.114] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK") returned 141 [0049.114] StrStrIW (lpFirst="LOCK", lpSrch=".lolkek") returned 0x0 [0049.114] lstrcmpW (lpString1="LOCK", lpString2="LOLKEK.txt") returned -1 [0049.114] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK") returned 141 [0049.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x60cc40 [0049.114] lstrcpyW (in: lpString1=0x60cc40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" [0049.114] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.114] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.114] lstrcmpiW (lpString1="LOG", lpString2="Windows") returned -1 [0049.114] lstrcmpiW (lpString1="LOG", lpString2="Program Files") returned -1 [0049.114] lstrcmpiW (lpString1="LOG", lpString2="Program Files (x86)") returned -1 [0049.114] lstrcmpiW (lpString1="LOG", lpString2="$Recycle.bin") returned 1 [0049.114] lstrcmpiW (lpString1="LOG", lpString2="System Volume Information") returned -1 [0049.114] lstrcmpiW (lpString1="LOG", lpString2=".") returned 1 [0049.114] lstrcmpiW (lpString1="LOG", lpString2="..") returned 1 [0049.114] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG") returned 140 [0049.114] StrStrIW (lpFirst="LOG", lpSrch=".lolkek") returned 0x0 [0049.114] lstrcmpW (lpString1="LOG", lpString2="LOLKEK.txt") returned -1 [0049.115] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG") returned 140 [0049.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x234) returned 0x3dde258 [0049.115] lstrcpyW (in: lpString1=0x3dde258, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" [0049.115] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.115] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.115] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Windows") returned -1 [0049.115] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files") returned -1 [0049.115] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="Program Files (x86)") returned -1 [0049.115] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="$Recycle.bin") returned 1 [0049.115] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="System Volume Information") returned -1 [0049.115] lstrcmpiW (lpString1="MANIFEST-000001", lpString2=".") returned 1 [0049.115] lstrcmpiW (lpString1="MANIFEST-000001", lpString2="..") returned 1 [0049.115] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001") returned 152 [0049.115] StrStrIW (lpFirst="MANIFEST-000001", lpSrch=".lolkek") returned 0x0 [0049.115] lstrcmpW (lpString1="MANIFEST-000001", lpString2="LOLKEK.txt") returned 1 [0049.115] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001") returned 152 [0049.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3dde498 [0049.115] lstrcpyW (in: lpString1=0x3dde498, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" [0049.115] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.115] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.115] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.116] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOLKEK.txt") returned 147 [0049.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.117] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.117] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.117] CloseHandle (hObject=0x25c) returned 1 [0049.117] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.117] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 0 [0049.117] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.117] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\LOLKEK.txt") returned 114 [0049.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.118] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.118] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.118] CloseHandle (hObject=0x1b4) returned 1 [0049.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.118] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8195e7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Top Sites", cAlternateFileName="TOPSIT~1")) returned 1 [0049.118] lstrcmpiW (lpString1="Top Sites", lpString2="Windows") returned -1 [0049.118] lstrcmpiW (lpString1="Top Sites", lpString2="Program Files") returned 1 [0049.118] lstrcmpiW (lpString1="Top Sites", lpString2="Program Files (x86)") returned 1 [0049.118] lstrcmpiW (lpString1="Top Sites", lpString2="$Recycle.bin") returned 1 [0049.118] lstrcmpiW (lpString1="Top Sites", lpString2="System Volume Information") returned 1 [0049.118] lstrcmpiW (lpString1="Top Sites", lpString2=".") returned 1 [0049.118] lstrcmpiW (lpString1="Top Sites", lpString2="..") returned 1 [0049.119] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites") returned 89 [0049.119] StrStrIW (lpFirst="Top Sites", lpSrch=".lolkek") returned 0x0 [0049.119] lstrcmpW (lpString1="Top Sites", lpString2="LOLKEK.txt") returned 1 [0049.119] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites") returned 89 [0049.119] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x5fc018 [0049.119] lstrcpyW (in: lpString1=0x5fc018, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" [0049.119] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.119] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.119] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d8c9a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d8c9a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81984910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Top Sites-journal", cAlternateFileName="TOPSIT~2")) returned 1 [0049.119] lstrcmpiW (lpString1="Top Sites-journal", lpString2="Windows") returned -1 [0049.119] lstrcmpiW (lpString1="Top Sites-journal", lpString2="Program Files") returned 1 [0049.119] lstrcmpiW (lpString1="Top Sites-journal", lpString2="Program Files (x86)") returned 1 [0049.119] lstrcmpiW (lpString1="Top Sites-journal", lpString2="$Recycle.bin") returned 1 [0049.119] lstrcmpiW (lpString1="Top Sites-journal", lpString2="System Volume Information") returned 1 [0049.119] lstrcmpiW (lpString1="Top Sites-journal", lpString2=".") returned 1 [0049.119] lstrcmpiW (lpString1="Top Sites-journal", lpString2="..") returned 1 [0049.119] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal") returned 97 [0049.119] StrStrIW (lpFirst="Top Sites-journal", lpSrch=".lolkek") returned 0x0 [0049.119] lstrcmpW (lpString1="Top Sites-journal", lpString2="LOLKEK.txt") returned 1 [0049.119] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal") returned 97 [0049.119] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x3dde708 [0049.119] lstrcpyW (in: lpString1=0x3dde708, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" [0049.119] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.119] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.119] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TransportSecurity", cAlternateFileName="TRANSP~1")) returned 1 [0049.119] lstrcmpiW (lpString1="TransportSecurity", lpString2="Windows") returned -1 [0049.119] lstrcmpiW (lpString1="TransportSecurity", lpString2="Program Files") returned 1 [0049.119] lstrcmpiW (lpString1="TransportSecurity", lpString2="Program Files (x86)") returned 1 [0049.119] lstrcmpiW (lpString1="TransportSecurity", lpString2="$Recycle.bin") returned 1 [0049.119] lstrcmpiW (lpString1="TransportSecurity", lpString2="System Volume Information") returned 1 [0049.119] lstrcmpiW (lpString1="TransportSecurity", lpString2=".") returned 1 [0049.119] lstrcmpiW (lpString1="TransportSecurity", lpString2="..") returned 1 [0049.119] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity") returned 97 [0049.119] StrStrIW (lpFirst="TransportSecurity", lpSrch=".lolkek") returned 0x0 [0049.119] lstrcmpW (lpString1="TransportSecurity", lpString2="LOLKEK.txt") returned 1 [0049.119] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity") returned 97 [0049.119] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x3dde898 [0049.119] lstrcpyW (in: lpString1=0x3dde898, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" [0049.119] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.119] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.119] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80ee3600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80ee3600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6cde50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Visited Links", cAlternateFileName="VISITE~1")) returned 1 [0049.119] lstrcmpiW (lpString1="Visited Links", lpString2="Windows") returned -1 [0049.119] lstrcmpiW (lpString1="Visited Links", lpString2="Program Files") returned 1 [0049.119] lstrcmpiW (lpString1="Visited Links", lpString2="Program Files (x86)") returned 1 [0049.120] lstrcmpiW (lpString1="Visited Links", lpString2="$Recycle.bin") returned 1 [0049.120] lstrcmpiW (lpString1="Visited Links", lpString2="System Volume Information") returned 1 [0049.120] lstrcmpiW (lpString1="Visited Links", lpString2=".") returned 1 [0049.120] lstrcmpiW (lpString1="Visited Links", lpString2="..") returned 1 [0049.120] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links") returned 93 [0049.120] StrStrIW (lpFirst="Visited Links", lpSrch=".lolkek") returned 0x0 [0049.120] lstrcmpW (lpString1="Visited Links", lpString2="LOLKEK.txt") returned 1 [0049.120] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links") returned 93 [0049.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x61a2f0 [0049.120] lstrcpyW (in: lpString1=0x61a2f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" [0049.120] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.120] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.120] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Applications", cAlternateFileName="WEBAPP~1")) returned 1 [0049.120] lstrcmpiW (lpString1="Web Applications", lpString2="Windows") returned -1 [0049.120] lstrcmpiW (lpString1="Web Applications", lpString2="Program Files") returned 1 [0049.120] lstrcmpiW (lpString1="Web Applications", lpString2="Program Files (x86)") returned 1 [0049.120] lstrcmpiW (lpString1="Web Applications", lpString2="$Recycle.bin") returned 1 [0049.120] lstrcmpiW (lpString1="Web Applications", lpString2="System Volume Information") returned 1 [0049.120] lstrcmpiW (lpString1="Web Applications", lpString2=".") returned 1 [0049.120] lstrcmpiW (lpString1="Web Applications", lpString2="..") returned 1 [0049.120] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned 96 [0049.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.120] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" [0049.120] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*" [0049.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.120] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.120] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.120] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.120] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.120] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.120] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.120] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.120] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.120] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.120] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.120] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.120] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.120] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.121] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.121] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_crx_aohghmighlieiainnegkcijnfilokake", cAlternateFileName="_CRX_A~1")) returned 1 [0049.121] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2="Windows") returned -1 [0049.121] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2="Program Files") returned -1 [0049.121] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2="Program Files (x86)") returned -1 [0049.121] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2="$Recycle.bin") returned 1 [0049.121] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2="System Volume Information") returned -1 [0049.121] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2=".") returned 1 [0049.121] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2="..") returned 1 [0049.121] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned 134 [0049.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.121] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0049.121] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*" [0049.121] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.121] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.121] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.121] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.121] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.121] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.121] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.121] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.121] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.121] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.121] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.121] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.121] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.121] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.121] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.121] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28df6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Docs.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0049.121] lstrcmpiW (lpString1="Google Docs.ico", lpString2="Windows") returned -1 [0049.121] lstrcmpiW (lpString1="Google Docs.ico", lpString2="Program Files") returned -1 [0049.121] lstrcmpiW (lpString1="Google Docs.ico", lpString2="Program Files (x86)") returned -1 [0049.121] lstrcmpiW (lpString1="Google Docs.ico", lpString2="$Recycle.bin") returned 1 [0049.121] lstrcmpiW (lpString1="Google Docs.ico", lpString2="System Volume Information") returned -1 [0049.121] lstrcmpiW (lpString1="Google Docs.ico", lpString2=".") returned 1 [0049.121] lstrcmpiW (lpString1="Google Docs.ico", lpString2="..") returned 1 [0049.121] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico") returned 150 [0049.121] StrStrIW (lpFirst="Google Docs.ico", lpSrch=".lolkek") returned 0x0 [0049.121] lstrcmpW (lpString1="Google Docs.ico", lpString2="LOLKEK.txt") returned -1 [0049.121] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico") returned 150 [0049.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x25c) returned 0x3ddea28 [0049.121] lstrcpyW (in: lpString1=0x3ddea28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" [0049.121] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.122] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.122] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Docs.ico.md5", cAlternateFileName="GOOGLE~1.MD5")) returned 1 [0049.122] lstrcmpiW (lpString1="Google Docs.ico.md5", lpString2="Windows") returned -1 [0049.122] lstrcmpiW (lpString1="Google Docs.ico.md5", lpString2="Program Files") returned -1 [0049.122] lstrcmpiW (lpString1="Google Docs.ico.md5", lpString2="Program Files (x86)") returned -1 [0049.122] lstrcmpiW (lpString1="Google Docs.ico.md5", lpString2="$Recycle.bin") returned 1 [0049.122] lstrcmpiW (lpString1="Google Docs.ico.md5", lpString2="System Volume Information") returned -1 [0049.122] lstrcmpiW (lpString1="Google Docs.ico.md5", lpString2=".") returned 1 [0049.122] lstrcmpiW (lpString1="Google Docs.ico.md5", lpString2="..") returned 1 [0049.122] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5") returned 154 [0049.122] StrStrIW (lpFirst="Google Docs.ico.md5", lpSrch=".lolkek") returned 0x0 [0049.122] lstrcmpW (lpString1="Google Docs.ico.md5", lpString2="LOLKEK.txt") returned -1 [0049.122] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5") returned 154 [0049.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x26c) returned 0x3ebb738 [0049.122] lstrcpyW (in: lpString1=0x3ebb738, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" [0049.122] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.122] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.122] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Docs.ico.md5", cAlternateFileName="GOOGLE~1.MD5")) returned 0 [0049.122] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.122] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\LOLKEK.txt") returned 145 [0049.122] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.124] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.124] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.125] CloseHandle (hObject=0x270) returned 1 [0049.125] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.125] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_crx_aohghmighlieiainnegkcijnfilokake", cAlternateFileName="_CRX_A~1")) returned 0 [0049.125] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.125] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\LOLKEK.txt") returned 107 [0049.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.125] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.125] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.126] CloseHandle (hObject=0x1b4) returned 1 [0049.126] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.126] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d370c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Data", cAlternateFileName="WEBDAT~1")) returned 1 [0049.126] lstrcmpiW (lpString1="Web Data", lpString2="Windows") returned -1 [0049.126] lstrcmpiW (lpString1="Web Data", lpString2="Program Files") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data", lpString2="Program Files (x86)") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data", lpString2="$Recycle.bin") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data", lpString2="System Volume Information") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data", lpString2=".") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data", lpString2="..") returned 1 [0049.126] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 88 [0049.126] StrStrIW (lpFirst="Web Data", lpSrch=".lolkek") returned 0x0 [0049.126] lstrcmpW (lpString1="Web Data", lpString2="LOLKEK.txt") returned 1 [0049.126] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned 88 [0049.126] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x62ca80 [0049.126] lstrcpyW (in: lpString1=0x62ca80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" [0049.126] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.126] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.126] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 1 [0049.126] lstrcmpiW (lpString1="Web Data-journal", lpString2="Windows") returned -1 [0049.126] lstrcmpiW (lpString1="Web Data-journal", lpString2="Program Files") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data-journal", lpString2="Program Files (x86)") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data-journal", lpString2="$Recycle.bin") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data-journal", lpString2="System Volume Information") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data-journal", lpString2=".") returned 1 [0049.126] lstrcmpiW (lpString1="Web Data-journal", lpString2="..") returned 1 [0049.126] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned 96 [0049.126] StrStrIW (lpFirst="Web Data-journal", lpSrch=".lolkek") returned 0x0 [0049.126] lstrcmpW (lpString1="Web Data-journal", lpString2="LOLKEK.txt") returned 1 [0049.127] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned 96 [0049.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x184) returned 0x62cbf0 [0049.127] lstrcpyW (in: lpString1=0x62cbf0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" [0049.127] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.127] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.127] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 0 [0049.127] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.127] wsprintfW (in: param_1=0x67d400, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\LOLKEK.txt") returned 90 [0049.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.127] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.127] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.128] CloseHandle (hObject=0x280) returned 1 [0049.128] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x67d400 | out: hHeap=0x5a0000) returned 1 [0049.128] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="EVWhitelist", cAlternateFileName="EVWHIT~1")) returned 1 [0049.128] lstrcmpiW (lpString1="EVWhitelist", lpString2="Windows") returned -1 [0049.128] lstrcmpiW (lpString1="EVWhitelist", lpString2="Program Files") returned -1 [0049.128] lstrcmpiW (lpString1="EVWhitelist", lpString2="Program Files (x86)") returned -1 [0049.128] lstrcmpiW (lpString1="EVWhitelist", lpString2="$Recycle.bin") returned 1 [0049.128] lstrcmpiW (lpString1="EVWhitelist", lpString2="System Volume Information") returned -1 [0049.128] lstrcmpiW (lpString1="EVWhitelist", lpString2=".") returned 1 [0049.128] lstrcmpiW (lpString1="EVWhitelist", lpString2="..") returned 1 [0049.128] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 83 [0049.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.128] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0049.128] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*" [0049.128] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.129] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.129] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.129] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.129] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.129] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.129] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.129] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.129] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.129] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.129] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.129] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.129] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.129] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.129] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.129] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.129] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.129] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\LOLKEK.txt") returned 94 [0049.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.129] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.129] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.130] CloseHandle (hObject=0x280) returned 1 [0049.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.130] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FileTypePolicies", cAlternateFileName="FILETY~1")) returned 1 [0049.130] lstrcmpiW (lpString1="FileTypePolicies", lpString2="Windows") returned -1 [0049.130] lstrcmpiW (lpString1="FileTypePolicies", lpString2="Program Files") returned -1 [0049.130] lstrcmpiW (lpString1="FileTypePolicies", lpString2="Program Files (x86)") returned -1 [0049.130] lstrcmpiW (lpString1="FileTypePolicies", lpString2="$Recycle.bin") returned 1 [0049.130] lstrcmpiW (lpString1="FileTypePolicies", lpString2="System Volume Information") returned -1 [0049.130] lstrcmpiW (lpString1="FileTypePolicies", lpString2=".") returned 1 [0049.130] lstrcmpiW (lpString1="FileTypePolicies", lpString2="..") returned 1 [0049.130] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 88 [0049.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.130] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0049.130] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*" [0049.130] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.131] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.131] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.131] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.131] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.131] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.131] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.131] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.131] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.131] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.131] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.131] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.131] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.131] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.131] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.131] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.131] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.131] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\LOLKEK.txt") returned 99 [0049.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.131] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.131] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.132] CloseHandle (hObject=0x280) returned 1 [0049.132] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.132] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8b8920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8b8920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f8b8920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="First Run", cAlternateFileName="FIRSTR~1")) returned 1 [0049.132] lstrcmpiW (lpString1="First Run", lpString2="Windows") returned -1 [0049.132] lstrcmpiW (lpString1="First Run", lpString2="Program Files") returned -1 [0049.132] lstrcmpiW (lpString1="First Run", lpString2="Program Files (x86)") returned -1 [0049.132] lstrcmpiW (lpString1="First Run", lpString2="$Recycle.bin") returned 1 [0049.132] lstrcmpiW (lpString1="First Run", lpString2="System Volume Information") returned -1 [0049.132] lstrcmpiW (lpString1="First Run", lpString2=".") returned 1 [0049.132] lstrcmpiW (lpString1="First Run", lpString2="..") returned 1 [0049.132] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run") returned 81 [0049.132] StrStrIW (lpFirst="First Run", lpSrch=".lolkek") returned 0x0 [0049.132] lstrcmpW (lpString1="First Run", lpString2="LOLKEK.txt") returned -1 [0049.132] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run") returned 81 [0049.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae280 [0049.132] lstrcpyW (in: lpString1=0x3cae280, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" [0049.132] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.132] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.132] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0bf3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1082a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Local State", cAlternateFileName="LOCALS~1")) returned 1 [0049.132] lstrcmpiW (lpString1="Local State", lpString2="Windows") returned -1 [0049.133] lstrcmpiW (lpString1="Local State", lpString2="Program Files") returned -1 [0049.133] lstrcmpiW (lpString1="Local State", lpString2="Program Files (x86)") returned -1 [0049.133] lstrcmpiW (lpString1="Local State", lpString2="$Recycle.bin") returned 1 [0049.133] lstrcmpiW (lpString1="Local State", lpString2="System Volume Information") returned -1 [0049.133] lstrcmpiW (lpString1="Local State", lpString2=".") returned 1 [0049.133] lstrcmpiW (lpString1="Local State", lpString2="..") returned 1 [0049.133] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned 83 [0049.133] StrStrIW (lpFirst="Local State", lpSrch=".lolkek") returned 0x0 [0049.133] lstrcmpW (lpString1="Local State", lpString2="LOLKEK.txt") returned -1 [0049.133] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned 83 [0049.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cade78 [0049.133] lstrcpyW (in: lpString1=0x3cade78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" [0049.133] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.133] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.133] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0049.133] lstrcmpiW (lpString1="OriginTrials", lpString2="Windows") returned -1 [0049.133] lstrcmpiW (lpString1="OriginTrials", lpString2="Program Files") returned -1 [0049.133] lstrcmpiW (lpString1="OriginTrials", lpString2="Program Files (x86)") returned -1 [0049.133] lstrcmpiW (lpString1="OriginTrials", lpString2="$Recycle.bin") returned 1 [0049.133] lstrcmpiW (lpString1="OriginTrials", lpString2="System Volume Information") returned -1 [0049.133] lstrcmpiW (lpString1="OriginTrials", lpString2=".") returned 1 [0049.133] lstrcmpiW (lpString1="OriginTrials", lpString2="..") returned 1 [0049.133] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 84 [0049.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.133] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0049.133] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*" [0049.133] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.133] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.133] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.133] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.133] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.133] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.133] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.133] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.133] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.133] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.133] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.133] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.133] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.133] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.133] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.134] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.134] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.134] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\LOLKEK.txt") returned 95 [0049.134] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\origintrials\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.134] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.134] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.135] CloseHandle (hObject=0x280) returned 1 [0049.135] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.135] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0049.135] lstrcmpiW (lpString1="PepperFlash", lpString2="Windows") returned -1 [0049.135] lstrcmpiW (lpString1="PepperFlash", lpString2="Program Files") returned -1 [0049.135] lstrcmpiW (lpString1="PepperFlash", lpString2="Program Files (x86)") returned -1 [0049.135] lstrcmpiW (lpString1="PepperFlash", lpString2="$Recycle.bin") returned 1 [0049.135] lstrcmpiW (lpString1="PepperFlash", lpString2="System Volume Information") returned -1 [0049.135] lstrcmpiW (lpString1="PepperFlash", lpString2=".") returned 1 [0049.135] lstrcmpiW (lpString1="PepperFlash", lpString2="..") returned 1 [0049.135] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 83 [0049.135] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.135] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0049.135] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*" [0049.135] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.135] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.135] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.135] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.135] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.135] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.135] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.135] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.135] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.135] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.135] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.135] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.135] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.135] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.135] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.135] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.135] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.135] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\LOLKEK.txt") returned 94 [0049.135] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pepperflash\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.136] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.136] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.136] CloseHandle (hObject=0x280) returned 1 [0049.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.137] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pnacl", cAlternateFileName="")) returned 1 [0049.137] lstrcmpiW (lpString1="pnacl", lpString2="Windows") returned -1 [0049.137] lstrcmpiW (lpString1="pnacl", lpString2="Program Files") returned -1 [0049.137] lstrcmpiW (lpString1="pnacl", lpString2="Program Files (x86)") returned -1 [0049.137] lstrcmpiW (lpString1="pnacl", lpString2="$Recycle.bin") returned 1 [0049.137] lstrcmpiW (lpString1="pnacl", lpString2="System Volume Information") returned -1 [0049.137] lstrcmpiW (lpString1="pnacl", lpString2=".") returned 1 [0049.137] lstrcmpiW (lpString1="pnacl", lpString2="..") returned 1 [0049.137] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 77 [0049.137] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.137] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0049.137] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*" [0049.137] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.137] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.137] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.137] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.137] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.137] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.137] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.137] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.137] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.137] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.137] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.137] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.137] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.137] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.137] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.137] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.137] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.137] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\LOLKEK.txt") returned 88 [0049.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pnacl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.138] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.138] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.138] CloseHandle (hObject=0x280) returned 1 [0049.138] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.138] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Safe Browsing Channel IDs", cAlternateFileName="SAFEBR~3")) returned 1 [0049.138] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="Windows") returned -1 [0049.138] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="Program Files") returned 1 [0049.138] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="Program Files (x86)") returned 1 [0049.138] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="$Recycle.bin") returned 1 [0049.138] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="System Volume Information") returned -1 [0049.138] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2=".") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs", lpString2="..") returned 1 [0049.139] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs") returned 97 [0049.139] StrStrIW (lpFirst="Safe Browsing Channel IDs", lpSrch=".lolkek") returned 0x0 [0049.139] lstrcmpW (lpString1="Safe Browsing Channel IDs", lpString2="LOLKEK.txt") returned 1 [0049.139] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs") returned 97 [0049.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x62cd80 [0049.139] lstrcpyW (in: lpString1=0x62cd80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" [0049.139] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.139] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.139] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f94a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Safe Browsing Channel IDs-journal", cAlternateFileName="SAFEBR~4")) returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs-journal", lpString2="Windows") returned -1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs-journal", lpString2="Program Files") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs-journal", lpString2="Program Files (x86)") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs-journal", lpString2="$Recycle.bin") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs-journal", lpString2="System Volume Information") returned -1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs-journal", lpString2=".") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Channel IDs-journal", lpString2="..") returned 1 [0049.139] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal") returned 105 [0049.139] StrStrIW (lpFirst="Safe Browsing Channel IDs-journal", lpSrch=".lolkek") returned 0x0 [0049.139] lstrcmpW (lpString1="Safe Browsing Channel IDs-journal", lpString2="LOLKEK.txt") returned 1 [0049.139] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal") returned 105 [0049.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x62cf10 [0049.139] lstrcpyW (in: lpString1=0x62cf10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" [0049.139] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.139] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.139] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Safe Browsing Cookies", cAlternateFileName="SAFEBR~1")) returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="Windows") returned -1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="Program Files") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="Program Files (x86)") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="$Recycle.bin") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="System Volume Information") returned -1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2=".") returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies", lpString2="..") returned 1 [0049.139] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies") returned 93 [0049.139] StrStrIW (lpFirst="Safe Browsing Cookies", lpSrch=".lolkek") returned 0x0 [0049.139] lstrcmpW (lpString1="Safe Browsing Cookies", lpString2="LOLKEK.txt") returned 1 [0049.139] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies") returned 93 [0049.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x62d0c0 [0049.139] lstrcpyW (in: lpString1=0x62d0c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" [0049.139] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.139] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.139] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Safe Browsing Cookies-journal", cAlternateFileName="SAFEBR~2")) returned 1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies-journal", lpString2="Windows") returned -1 [0049.139] lstrcmpiW (lpString1="Safe Browsing Cookies-journal", lpString2="Program Files") returned 1 [0049.140] lstrcmpiW (lpString1="Safe Browsing Cookies-journal", lpString2="Program Files (x86)") returned 1 [0049.140] lstrcmpiW (lpString1="Safe Browsing Cookies-journal", lpString2="$Recycle.bin") returned 1 [0049.140] lstrcmpiW (lpString1="Safe Browsing Cookies-journal", lpString2="System Volume Information") returned -1 [0049.140] lstrcmpiW (lpString1="Safe Browsing Cookies-journal", lpString2=".") returned 1 [0049.140] lstrcmpiW (lpString1="Safe Browsing Cookies-journal", lpString2="..") returned 1 [0049.140] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal") returned 101 [0049.140] StrStrIW (lpFirst="Safe Browsing Cookies-journal", lpSrch=".lolkek") returned 0x0 [0049.140] lstrcmpW (lpString1="Safe Browsing Cookies-journal", lpString2="LOLKEK.txt") returned 1 [0049.140] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal") returned 101 [0049.140] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x198) returned 0x62d240 [0049.140] lstrcpyW (in: lpString1=0x62d240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" [0049.140] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.140] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.140] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0049.140] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="Windows") returned -1 [0049.140] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="Program Files") returned 1 [0049.140] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="Program Files (x86)") returned 1 [0049.140] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="$Recycle.bin") returned 1 [0049.140] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="System Volume Information") returned -1 [0049.140] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2=".") returned 1 [0049.140] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="..") returned 1 [0049.140] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 89 [0049.140] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.140] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0049.140] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*" [0049.140] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.141] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.141] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.141] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.141] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.141] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.141] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.141] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.141] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.141] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.141] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.141] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.141] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.141] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.141] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.141] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.141] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.142] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\LOLKEK.txt") returned 100 [0049.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.142] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.142] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.143] CloseHandle (hObject=0x280) returned 1 [0049.143] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.143] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0049.143] lstrcmpiW (lpString1="SwReporter", lpString2="Windows") returned -1 [0049.143] lstrcmpiW (lpString1="SwReporter", lpString2="Program Files") returned 1 [0049.143] lstrcmpiW (lpString1="SwReporter", lpString2="Program Files (x86)") returned 1 [0049.143] lstrcmpiW (lpString1="SwReporter", lpString2="$Recycle.bin") returned 1 [0049.143] lstrcmpiW (lpString1="SwReporter", lpString2="System Volume Information") returned -1 [0049.143] lstrcmpiW (lpString1="SwReporter", lpString2=".") returned 1 [0049.143] lstrcmpiW (lpString1="SwReporter", lpString2="..") returned 1 [0049.143] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 82 [0049.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.143] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0049.143] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*" [0049.143] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.143] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.143] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.143] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.143] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.143] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.143] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.143] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.143] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.143] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.143] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.143] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.143] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.143] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.143] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.143] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.143] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.144] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\LOLKEK.txt") returned 93 [0049.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\swreporter\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.144] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.144] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.145] CloseHandle (hObject=0x280) returned 1 [0049.145] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.145] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0049.145] lstrcmpiW (lpString1="WidevineCdm", lpString2="Windows") returned -1 [0049.145] lstrcmpiW (lpString1="WidevineCdm", lpString2="Program Files") returned 1 [0049.145] lstrcmpiW (lpString1="WidevineCdm", lpString2="Program Files (x86)") returned 1 [0049.145] lstrcmpiW (lpString1="WidevineCdm", lpString2="$Recycle.bin") returned 1 [0049.145] lstrcmpiW (lpString1="WidevineCdm", lpString2="System Volume Information") returned 1 [0049.145] lstrcmpiW (lpString1="WidevineCdm", lpString2=".") returned 1 [0049.145] lstrcmpiW (lpString1="WidevineCdm", lpString2="..") returned 1 [0049.145] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 83 [0049.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.145] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0049.145] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*" [0049.145] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.145] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.145] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.145] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.145] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.145] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.145] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.145] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.145] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.145] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.145] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.145] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.145] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.145] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.145] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.145] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.145] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.145] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\LOLKEK.txt") returned 94 [0049.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.146] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.146] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.146] CloseHandle (hObject=0x280) returned 1 [0049.146] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.146] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 0 [0049.147] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.147] wsprintfW (in: param_1=0x658b20, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\LOLKEK.txt") returned 82 [0049.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.147] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.147] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.148] CloseHandle (hObject=0x27c) returned 1 [0049.148] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b20 | out: hHeap=0x5a0000) returned 1 [0049.149] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 0 [0049.149] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.149] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\LOLKEK.txt") returned 72 [0049.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.149] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.149] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.150] CloseHandle (hObject=0x268) returned 1 [0049.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.150] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 1 [0049.150] lstrcmpiW (lpString1="CrashReports", lpString2="Windows") returned -1 [0049.150] lstrcmpiW (lpString1="CrashReports", lpString2="Program Files") returned -1 [0049.150] lstrcmpiW (lpString1="CrashReports", lpString2="Program Files (x86)") returned -1 [0049.150] lstrcmpiW (lpString1="CrashReports", lpString2="$Recycle.bin") returned 1 [0049.150] lstrcmpiW (lpString1="CrashReports", lpString2="System Volume Information") returned -1 [0049.150] lstrcmpiW (lpString1="CrashReports", lpString2=".") returned 1 [0049.150] lstrcmpiW (lpString1="CrashReports", lpString2="..") returned 1 [0049.150] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports") returned 67 [0049.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.150] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports" [0049.150] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*" [0049.151] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.151] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.151] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.151] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.151] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.151] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.151] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.151] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.151] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.151] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.151] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.151] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.151] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.151] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.151] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.151] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.151] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.151] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\LOLKEK.txt") returned 78 [0049.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\crashreports\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.151] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.151] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.152] CloseHandle (hObject=0x268) returned 1 [0049.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.152] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 0 [0049.152] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0049.152] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\LOLKEK.txt") returned 65 [0049.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0049.152] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.152] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0049.153] CloseHandle (hObject=0x24c) returned 1 [0049.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.153] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="History", cAlternateFileName="")) returned 1 [0049.153] lstrcmpiW (lpString1="History", lpString2="Windows") returned -1 [0049.153] lstrcmpiW (lpString1="History", lpString2="Program Files") returned -1 [0049.153] lstrcmpiW (lpString1="History", lpString2="Program Files (x86)") returned -1 [0049.153] lstrcmpiW (lpString1="History", lpString2="$Recycle.bin") returned 1 [0049.153] lstrcmpiW (lpString1="History", lpString2="System Volume Information") returned -1 [0049.153] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0049.153] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0049.153] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History") returned 55 [0049.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.153] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" [0049.153] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*" [0049.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CrashReports", cAlternateFileName="ꐴ瘵뾣䛦ͣ疨༸ξ纈0ͣͣ⒭䚗༸ξͣ热/༸ξ였_徰c헍皮")) returned 0xffffffff [0049.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.153] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0049.154] lstrcmpiW (lpString1="IconCache.db", lpString2="Windows") returned -1 [0049.154] lstrcmpiW (lpString1="IconCache.db", lpString2="Program Files") returned -1 [0049.154] lstrcmpiW (lpString1="IconCache.db", lpString2="Program Files (x86)") returned -1 [0049.154] lstrcmpiW (lpString1="IconCache.db", lpString2="$Recycle.bin") returned 1 [0049.154] lstrcmpiW (lpString1="IconCache.db", lpString2="System Volume Information") returned -1 [0049.154] lstrcmpiW (lpString1="IconCache.db", lpString2=".") returned 1 [0049.154] lstrcmpiW (lpString1="IconCache.db", lpString2="..") returned 1 [0049.154] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db") returned 60 [0049.154] StrStrIW (lpFirst="IconCache.db", lpSrch=".lolkek") returned 0x0 [0049.154] lstrcmpW (lpString1="IconCache.db", lpString2="LOLKEK.txt") returned -1 [0049.154] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db") returned 60 [0049.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0060 [0049.154] lstrcpyW (in: lpString1=0x3da0060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" [0049.154] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.154] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.154] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0049.154] lstrcmpiW (lpString1="Microsoft", lpString2="Windows") returned -1 [0049.154] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files") returned -1 [0049.154] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files (x86)") returned -1 [0049.154] lstrcmpiW (lpString1="Microsoft", lpString2="$Recycle.bin") returned 1 [0049.154] lstrcmpiW (lpString1="Microsoft", lpString2="System Volume Information") returned -1 [0049.154] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0049.154] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0049.154] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft") returned 57 [0049.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.154] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft" [0049.154] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*" [0049.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0049.154] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.154] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.154] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.154] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.154] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.154] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.154] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.154] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials") returned 69 [0049.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.155] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials" [0049.155] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*" [0049.155] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.155] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\LOLKEK.txt") returned 80 [0049.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\credentials\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.156] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.156] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.157] CloseHandle (hObject=0x268) returned 1 [0049.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.157] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0049.157] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer") returned 70 [0049.157] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.157] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer" [0049.157] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*" [0049.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.157] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\LOLKEK.txt") returned 81 [0049.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\event viewer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.158] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.158] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.159] CloseHandle (hObject=0x268) returned 1 [0049.159] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.159] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Feeds", cAlternateFileName="")) returned 1 [0049.159] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds") returned 63 [0049.159] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.159] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds" [0049.159] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*" [0049.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.161] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms") returned 85 [0049.161] StrStrIW (lpFirst="FeedsStore.feedsdb-ms", lpSrch=".lolkek") returned 0x0 [0049.161] lstrcmpW (lpString1="FeedsStore.feedsdb-ms", lpString2="LOLKEK.txt") returned -1 [0049.161] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms") returned 85 [0049.161] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x3eb5fa0 [0049.161] lstrcpyW (in: lpString1=0x3eb5fa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" [0049.161] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.161] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.161] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0049.161] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="Windows") returned -1 [0049.161] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="Program Files") returned -1 [0049.161] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="Program Files (x86)") returned -1 [0049.161] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="$Recycle.bin") returned 1 [0049.161] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="System Volume Information") returned -1 [0049.161] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2=".") returned 1 [0049.161] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="..") returned 1 [0049.161] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 80 [0049.161] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.161] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" [0049.161] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*" [0049.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.163] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.163] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.163] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.163] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.163] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.163] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.163] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.163] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.163] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.163] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.163] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.163] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.163] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.163] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.163] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0049.163] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="Windows") returned -1 [0049.163] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="Program Files") returned -1 [0049.163] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="Program Files (x86)") returned -1 [0049.163] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="$Recycle.bin") returned 1 [0049.163] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="System Volume Information") returned -1 [0049.163] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".") returned 1 [0049.163] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="..") returned 1 [0049.163] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms") returned 107 [0049.163] StrStrIW (lpFirst="Microsoft at Home~.feed-ms", lpSrch=".lolkek") returned 0x0 [0049.163] lstrcmpW (lpString1="Microsoft at Home~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0049.163] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms") returned 107 [0049.163] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x62d3e0 [0049.163] lstrcpyW (in: lpString1=0x62d3e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" [0049.163] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.163] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.163] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft at Work~.feed-ms", cAlternateFileName="MICROS~1.FEE")) returned 1 [0049.163] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="Windows") returned -1 [0049.163] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="Program Files") returned -1 [0049.163] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="Program Files (x86)") returned -1 [0049.163] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="$Recycle.bin") returned 1 [0049.164] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="System Volume Information") returned -1 [0049.164] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".") returned 1 [0049.164] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="..") returned 1 [0049.164] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms") returned 107 [0049.164] StrStrIW (lpFirst="Microsoft at Work~.feed-ms", lpSrch=".lolkek") returned 0x0 [0049.164] lstrcmpW (lpString1="Microsoft at Work~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0049.164] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms") returned 107 [0049.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x66aa10 [0049.164] lstrcpyW (in: lpString1=0x66aa10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" [0049.164] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.164] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.164] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 1 [0049.164] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="Windows") returned -1 [0049.164] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="Program Files") returned -1 [0049.164] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="Program Files (x86)") returned -1 [0049.164] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="$Recycle.bin") returned 1 [0049.164] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="System Volume Information") returned -1 [0049.164] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".") returned 1 [0049.164] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="..") returned 1 [0049.164] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms") returned 100 [0049.164] StrStrIW (lpFirst="MSNBC News~.feed-ms", lpSrch=".lolkek") returned 0x0 [0049.164] lstrcmpW (lpString1="MSNBC News~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0049.164] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms") returned 100 [0049.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3dd7dc0 [0049.164] lstrcpyW (in: lpString1=0x3dd7dc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" [0049.164] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.164] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.164] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 0 [0049.164] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.165] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\LOLKEK.txt") returned 91 [0049.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.166] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.166] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.167] CloseHandle (hObject=0x290) returned 1 [0049.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.167] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0049.167] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="Windows") returned -1 [0049.167] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="Program Files") returned -1 [0049.167] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="Program Files (x86)") returned -1 [0049.167] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="$Recycle.bin") returned 1 [0049.167] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="System Volume Information") returned -1 [0049.167] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2=".") returned 1 [0049.167] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="..") returned 1 [0049.167] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 103 [0049.167] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.167] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0049.167] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*" [0049.167] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.167] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.167] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.167] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.167] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.167] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.167] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.167] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.167] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.167] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.167] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.167] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.167] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.167] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.167] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.167] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0049.167] lstrcmpiW (lpString1="WebSlices~", lpString2="Windows") returned -1 [0049.167] lstrcmpiW (lpString1="WebSlices~", lpString2="Program Files") returned 1 [0049.168] lstrcmpiW (lpString1="WebSlices~", lpString2="Program Files (x86)") returned 1 [0049.168] lstrcmpiW (lpString1="WebSlices~", lpString2="$Recycle.bin") returned 1 [0049.168] lstrcmpiW (lpString1="WebSlices~", lpString2="System Volume Information") returned 1 [0049.168] lstrcmpiW (lpString1="WebSlices~", lpString2=".") returned 1 [0049.168] lstrcmpiW (lpString1="WebSlices~", lpString2="..") returned 1 [0049.168] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 114 [0049.168] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.168] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0049.168] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*" [0049.168] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.168] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.168] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.168] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.168] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.168] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.168] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.168] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.168] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.168] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.168] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.168] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.168] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.168] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.168] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.168] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52d69eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6e0227e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Suggested Sites~.feed-ms", cAlternateFileName="SUGGES~1.FEE")) returned 1 [0049.168] lstrcmpiW (lpString1="Suggested Sites~.feed-ms", lpString2="Windows") returned -1 [0049.168] lstrcmpiW (lpString1="Suggested Sites~.feed-ms", lpString2="Program Files") returned 1 [0049.168] lstrcmpiW (lpString1="Suggested Sites~.feed-ms", lpString2="Program Files (x86)") returned 1 [0049.168] lstrcmpiW (lpString1="Suggested Sites~.feed-ms", lpString2="$Recycle.bin") returned 1 [0049.168] lstrcmpiW (lpString1="Suggested Sites~.feed-ms", lpString2="System Volume Information") returned -1 [0049.168] lstrcmpiW (lpString1="Suggested Sites~.feed-ms", lpString2=".") returned 1 [0049.168] lstrcmpiW (lpString1="Suggested Sites~.feed-ms", lpString2="..") returned 1 [0049.168] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms") returned 139 [0049.168] StrStrIW (lpFirst="Suggested Sites~.feed-ms", lpSrch=".lolkek") returned 0x0 [0049.168] lstrcmpW (lpString1="Suggested Sites~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0049.168] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms") returned 139 [0049.168] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x3dd7f60 [0049.168] lstrcpyW (in: lpString1=0x3dd7f60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" [0049.168] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.168] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.169] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0049.169] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="Windows") returned -1 [0049.169] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="Program Files") returned 1 [0049.169] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="Program Files (x86)") returned 1 [0049.169] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="$Recycle.bin") returned 1 [0049.169] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="System Volume Information") returned 1 [0049.169] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".") returned 1 [0049.169] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="..") returned 1 [0049.169] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms") returned 141 [0049.169] StrStrIW (lpFirst="Web Slice Gallery~.feed-ms", lpSrch=".lolkek") returned 0x0 [0049.169] lstrcmpW (lpString1="Web Slice Gallery~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0049.169] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms") returned 141 [0049.169] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x3dd8198 [0049.169] lstrcpyW (in: lpString1=0x3dd8198, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" [0049.169] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.169] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.169] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 0 [0049.169] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.169] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\LOLKEK.txt") returned 125 [0049.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.170] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.170] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.171] CloseHandle (hObject=0x27c) returned 1 [0049.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.171] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0049.171] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.171] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\LOLKEK.txt") returned 114 [0049.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.171] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.171] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.172] CloseHandle (hObject=0x290) returned 1 [0049.172] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.172] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0049.172] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.172] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\LOLKEK.txt") returned 74 [0049.172] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.173] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.173] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.173] CloseHandle (hObject=0x268) returned 1 [0049.173] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.173] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0049.173] lstrcmpiW (lpString1="Feeds Cache", lpString2="Windows") returned -1 [0049.173] lstrcmpiW (lpString1="Feeds Cache", lpString2="Program Files") returned -1 [0049.173] lstrcmpiW (lpString1="Feeds Cache", lpString2="Program Files (x86)") returned -1 [0049.173] lstrcmpiW (lpString1="Feeds Cache", lpString2="$Recycle.bin") returned 1 [0049.173] lstrcmpiW (lpString1="Feeds Cache", lpString2="System Volume Information") returned -1 [0049.174] lstrcmpiW (lpString1="Feeds Cache", lpString2=".") returned 1 [0049.174] lstrcmpiW (lpString1="Feeds Cache", lpString2="..") returned 1 [0049.174] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache") returned 69 [0049.174] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.174] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache" [0049.174] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*" [0049.174] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.175] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.175] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.175] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.175] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.175] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.175] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.175] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.176] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.176] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.176] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.176] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0049.176] lstrcmpiW (lpString1="1NBUR4HR", lpString2="Windows") returned -1 [0049.176] lstrcmpiW (lpString1="1NBUR4HR", lpString2="Program Files") returned -1 [0049.176] lstrcmpiW (lpString1="1NBUR4HR", lpString2="Program Files (x86)") returned -1 [0049.176] lstrcmpiW (lpString1="1NBUR4HR", lpString2="$Recycle.bin") returned 1 [0049.176] lstrcmpiW (lpString1="1NBUR4HR", lpString2="System Volume Information") returned -1 [0049.176] lstrcmpiW (lpString1="1NBUR4HR", lpString2=".") returned 1 [0049.176] lstrcmpiW (lpString1="1NBUR4HR", lpString2="..") returned 1 [0049.176] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 78 [0049.176] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.176] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" [0049.176] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*" [0049.176] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.176] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.176] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.176] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.176] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.176] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.176] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.176] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.176] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.176] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.176] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.176] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.176] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.176] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.176] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.176] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.176] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.176] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.176] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.177] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.177] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini") returned 90 [0049.177] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.177] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.177] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini") returned 90 [0049.177] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16c) returned 0x3dd83d8 [0049.177] lstrcpyW (in: lpString1=0x3dd83d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" [0049.177] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.177] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.177] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0049.177] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0049.177] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0049.177] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0049.177] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0049.177] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0049.177] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0049.177] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0049.177] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]") returned 88 [0049.177] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0049.177] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0049.177] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]") returned 88 [0049.177] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3dd8550 [0049.177] lstrcpyW (in: lpString1=0x3dd8550, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" [0049.177] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.177] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.177] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0049.177] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.177] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\LOLKEK.txt") returned 89 [0049.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.178] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.178] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.178] CloseHandle (hObject=0x290) returned 1 [0049.178] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.178] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0049.178] lstrcmpiW (lpString1="6ASVN7J7", lpString2="Windows") returned -1 [0049.178] lstrcmpiW (lpString1="6ASVN7J7", lpString2="Program Files") returned -1 [0049.178] lstrcmpiW (lpString1="6ASVN7J7", lpString2="Program Files (x86)") returned -1 [0049.178] lstrcmpiW (lpString1="6ASVN7J7", lpString2="$Recycle.bin") returned 1 [0049.178] lstrcmpiW (lpString1="6ASVN7J7", lpString2="System Volume Information") returned -1 [0049.178] lstrcmpiW (lpString1="6ASVN7J7", lpString2=".") returned 1 [0049.178] lstrcmpiW (lpString1="6ASVN7J7", lpString2="..") returned 1 [0049.179] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 78 [0049.179] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.179] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" [0049.179] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*" [0049.179] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.180] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.180] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.180] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.180] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.180] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.180] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.180] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.180] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.180] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.180] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.180] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.180] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.180] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.180] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.180] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.180] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.180] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.180] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.180] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.180] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.180] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.180] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.180] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini") returned 90 [0049.180] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.180] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.180] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini") returned 90 [0049.180] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16c) returned 0x3dd86c0 [0049.180] lstrcpyW (in: lpString1=0x3dd86c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" [0049.180] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.180] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.180] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0049.180] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0049.180] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0049.180] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0049.180] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0049.180] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0049.180] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0049.180] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0049.180] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]") returned 88 [0049.180] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0049.180] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0049.180] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]") returned 88 [0049.181] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3dd8838 [0049.181] lstrcpyW (in: lpString1=0x3dd8838, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" [0049.181] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.181] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.181] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0049.181] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.181] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\LOLKEK.txt") returned 89 [0049.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.181] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.181] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.182] CloseHandle (hObject=0x290) returned 1 [0049.182] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.182] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0049.182] lstrcmpiW (lpString1="D68G7BIJ", lpString2="Windows") returned -1 [0049.182] lstrcmpiW (lpString1="D68G7BIJ", lpString2="Program Files") returned -1 [0049.182] lstrcmpiW (lpString1="D68G7BIJ", lpString2="Program Files (x86)") returned -1 [0049.182] lstrcmpiW (lpString1="D68G7BIJ", lpString2="$Recycle.bin") returned 1 [0049.182] lstrcmpiW (lpString1="D68G7BIJ", lpString2="System Volume Information") returned -1 [0049.182] lstrcmpiW (lpString1="D68G7BIJ", lpString2=".") returned 1 [0049.182] lstrcmpiW (lpString1="D68G7BIJ", lpString2="..") returned 1 [0049.182] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 78 [0049.182] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.182] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" [0049.182] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*" [0049.182] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.182] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.182] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.182] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.182] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.182] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.182] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.182] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.182] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.182] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.182] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.182] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.182] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.182] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.183] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.183] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.183] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.183] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.183] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.183] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.183] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.183] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.183] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.183] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini") returned 90 [0049.183] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.183] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.183] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini") returned 90 [0049.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16c) returned 0x3dded50 [0049.183] lstrcpyW (in: lpString1=0x3dded50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" [0049.183] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.183] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.183] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0049.183] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0049.183] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0049.183] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0049.183] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0049.183] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0049.183] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0049.183] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0049.183] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]") returned 88 [0049.183] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0049.183] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0049.183] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]") returned 88 [0049.183] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3ddeec8 [0049.183] lstrcpyW (in: lpString1=0x3ddeec8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" [0049.183] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.183] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.183] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0049.183] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.183] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\LOLKEK.txt") returned 89 [0049.183] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.184] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.184] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.184] CloseHandle (hObject=0x290) returned 1 [0049.185] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.185] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.185] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.185] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.185] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.185] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.185] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.185] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.185] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.185] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini") returned 81 [0049.185] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.185] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.185] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini") returned 81 [0049.185] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae530 [0049.185] lstrcpyW (in: lpString1=0x3cae530, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" [0049.185] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.185] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.185] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0049.185] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0049.185] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0049.185] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0049.185] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0049.185] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0049.185] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0049.185] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0049.185] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat") returned 79 [0049.185] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0049.185] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0049.185] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat") returned 79 [0049.185] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6178f8 [0049.185] lstrcpyW (in: lpString1=0x6178f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" [0049.185] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.185] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.185] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0049.185] lstrcmpiW (lpString1="KQMHSVKD", lpString2="Windows") returned -1 [0049.185] lstrcmpiW (lpString1="KQMHSVKD", lpString2="Program Files") returned -1 [0049.185] lstrcmpiW (lpString1="KQMHSVKD", lpString2="Program Files (x86)") returned -1 [0049.185] lstrcmpiW (lpString1="KQMHSVKD", lpString2="$Recycle.bin") returned 1 [0049.185] lstrcmpiW (lpString1="KQMHSVKD", lpString2="System Volume Information") returned -1 [0049.185] lstrcmpiW (lpString1="KQMHSVKD", lpString2=".") returned 1 [0049.185] lstrcmpiW (lpString1="KQMHSVKD", lpString2="..") returned 1 [0049.185] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 78 [0049.185] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.185] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" [0049.185] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*" [0049.186] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.186] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.186] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.186] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.186] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.186] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.186] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.186] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.186] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.186] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.186] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.186] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.186] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.186] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.186] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.186] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.186] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.186] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.186] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.186] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.186] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.186] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.186] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.186] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini") returned 90 [0049.186] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.186] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.186] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini") returned 90 [0049.186] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16c) returned 0x3ddf038 [0049.186] lstrcpyW (in: lpString1=0x3ddf038, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" [0049.186] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.186] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.186] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0049.186] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0049.186] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0049.186] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0049.186] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0049.186] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0049.186] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0049.186] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0049.187] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]") returned 88 [0049.187] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0049.187] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0049.187] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]") returned 88 [0049.187] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3ddf1b0 [0049.187] lstrcpyW (in: lpString1=0x3ddf1b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" [0049.187] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.187] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.187] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ieonline.microsoft[1]", cAlternateFileName="IEONLI~1.MIC")) returned 1 [0049.187] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="Windows") returned -1 [0049.187] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="Program Files") returned -1 [0049.187] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="Program Files (x86)") returned -1 [0049.187] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="$Recycle.bin") returned 1 [0049.187] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="System Volume Information") returned -1 [0049.187] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2=".") returned 1 [0049.187] lstrcmpiW (lpString1="ieonline.microsoft[1]", lpString2="..") returned 1 [0049.187] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]") returned 100 [0049.187] StrStrIW (lpFirst="ieonline.microsoft[1]", lpSrch=".lolkek") returned 0x0 [0049.187] lstrcmpW (lpString1="ieonline.microsoft[1]", lpString2="LOLKEK.txt") returned -1 [0049.187] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]") returned 100 [0049.187] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3ddf320 [0049.187] lstrcpyW (in: lpString1=0x3ddf320, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" [0049.187] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.187] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.187] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ieonline.microsoft[1]", cAlternateFileName="IEONLI~1.MIC")) returned 0 [0049.187] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.187] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\LOLKEK.txt") returned 89 [0049.187] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.188] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.188] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.188] CloseHandle (hObject=0x290) returned 1 [0049.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.188] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0049.188] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.188] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\LOLKEK.txt") returned 80 [0049.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.189] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.189] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.189] CloseHandle (hObject=0x268) returned 1 [0049.189] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.189] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FORMS", cAlternateFileName="")) returned 1 [0049.190] lstrcmpiW (lpString1="FORMS", lpString2="Windows") returned -1 [0049.190] lstrcmpiW (lpString1="FORMS", lpString2="Program Files") returned -1 [0049.190] lstrcmpiW (lpString1="FORMS", lpString2="Program Files (x86)") returned -1 [0049.190] lstrcmpiW (lpString1="FORMS", lpString2="$Recycle.bin") returned 1 [0049.190] lstrcmpiW (lpString1="FORMS", lpString2="System Volume Information") returned -1 [0049.190] lstrcmpiW (lpString1="FORMS", lpString2=".") returned 1 [0049.190] lstrcmpiW (lpString1="FORMS", lpString2="..") returned 1 [0049.190] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS") returned 63 [0049.190] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.190] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS" [0049.190] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*" [0049.190] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.190] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.190] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.190] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.190] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.190] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.190] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.190] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.190] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.190] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.190] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.190] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.190] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.190] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.190] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.190] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d757c20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 1 [0049.190] lstrcmpiW (lpString1="FRMCACHE.DAT", lpString2="Windows") returned -1 [0049.190] lstrcmpiW (lpString1="FRMCACHE.DAT", lpString2="Program Files") returned -1 [0049.190] lstrcmpiW (lpString1="FRMCACHE.DAT", lpString2="Program Files (x86)") returned -1 [0049.190] lstrcmpiW (lpString1="FRMCACHE.DAT", lpString2="$Recycle.bin") returned 1 [0049.191] lstrcmpiW (lpString1="FRMCACHE.DAT", lpString2="System Volume Information") returned -1 [0049.191] lstrcmpiW (lpString1="FRMCACHE.DAT", lpString2=".") returned 1 [0049.191] lstrcmpiW (lpString1="FRMCACHE.DAT", lpString2="..") returned 1 [0049.191] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT") returned 76 [0049.191] StrStrIW (lpFirst="FRMCACHE.DAT", lpSrch=".lolkek") returned 0x0 [0049.191] lstrcmpW (lpString1="FRMCACHE.DAT", lpString2="LOLKEK.txt") returned -1 [0049.191] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT") returned 76 [0049.191] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616478 [0049.191] lstrcpyW (in: lpString1=0x616478, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" [0049.191] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.191] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.191] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d757c20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 0 [0049.191] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.191] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\LOLKEK.txt") returned 74 [0049.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.191] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.191] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.192] CloseHandle (hObject=0x268) returned 1 [0049.192] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.192] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IME12", cAlternateFileName="")) returned 1 [0049.192] lstrcmpiW (lpString1="IME12", lpString2="Windows") returned -1 [0049.192] lstrcmpiW (lpString1="IME12", lpString2="Program Files") returned -1 [0049.192] lstrcmpiW (lpString1="IME12", lpString2="Program Files (x86)") returned -1 [0049.192] lstrcmpiW (lpString1="IME12", lpString2="$Recycle.bin") returned 1 [0049.192] lstrcmpiW (lpString1="IME12", lpString2="System Volume Information") returned -1 [0049.192] lstrcmpiW (lpString1="IME12", lpString2=".") returned 1 [0049.192] lstrcmpiW (lpString1="IME12", lpString2="..") returned 1 [0049.192] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12") returned 63 [0049.192] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.192] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12" [0049.192] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*" [0049.192] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.193] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.193] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.193] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.193] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.193] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.193] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.193] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.193] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.193] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.193] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.193] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.193] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.193] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.193] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.193] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.193] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.193] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\LOLKEK.txt") returned 74 [0049.193] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\ime12\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.194] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.194] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.194] CloseHandle (hObject=0x268) returned 1 [0049.194] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.194] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0049.194] lstrcmpiW (lpString1="IMJP12", lpString2="Windows") returned -1 [0049.194] lstrcmpiW (lpString1="IMJP12", lpString2="Program Files") returned -1 [0049.194] lstrcmpiW (lpString1="IMJP12", lpString2="Program Files (x86)") returned -1 [0049.194] lstrcmpiW (lpString1="IMJP12", lpString2="$Recycle.bin") returned 1 [0049.194] lstrcmpiW (lpString1="IMJP12", lpString2="System Volume Information") returned -1 [0049.194] lstrcmpiW (lpString1="IMJP12", lpString2=".") returned 1 [0049.194] lstrcmpiW (lpString1="IMJP12", lpString2="..") returned 1 [0049.194] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12") returned 64 [0049.194] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.194] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12" [0049.194] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*" [0049.195] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.196] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.196] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.196] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.196] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.196] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.196] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.196] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.196] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.196] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.196] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.196] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.196] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.196] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.196] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.196] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.196] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.196] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\LOLKEK.txt") returned 75 [0049.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp12\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.196] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.196] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.197] CloseHandle (hObject=0x25c) returned 1 [0049.197] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.197] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0049.197] lstrcmpiW (lpString1="IMJP8_1", lpString2="Windows") returned -1 [0049.197] lstrcmpiW (lpString1="IMJP8_1", lpString2="Program Files") returned -1 [0049.197] lstrcmpiW (lpString1="IMJP8_1", lpString2="Program Files (x86)") returned -1 [0049.197] lstrcmpiW (lpString1="IMJP8_1", lpString2="$Recycle.bin") returned 1 [0049.197] lstrcmpiW (lpString1="IMJP8_1", lpString2="System Volume Information") returned -1 [0049.197] lstrcmpiW (lpString1="IMJP8_1", lpString2=".") returned 1 [0049.197] lstrcmpiW (lpString1="IMJP8_1", lpString2="..") returned 1 [0049.197] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1") returned 65 [0049.197] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.197] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1" [0049.197] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*" [0049.197] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.198] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.198] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.198] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.198] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.198] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.198] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.198] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.198] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.198] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.198] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.198] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.198] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.198] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.198] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.198] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.199] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.199] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\LOLKEK.txt") returned 76 [0049.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp8_1\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.199] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.199] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.200] CloseHandle (hObject=0x25c) returned 1 [0049.200] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.200] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0049.200] lstrcmpiW (lpString1="IMJP9_0", lpString2="Windows") returned -1 [0049.200] lstrcmpiW (lpString1="IMJP9_0", lpString2="Program Files") returned -1 [0049.200] lstrcmpiW (lpString1="IMJP9_0", lpString2="Program Files (x86)") returned -1 [0049.200] lstrcmpiW (lpString1="IMJP9_0", lpString2="$Recycle.bin") returned 1 [0049.200] lstrcmpiW (lpString1="IMJP9_0", lpString2="System Volume Information") returned -1 [0049.200] lstrcmpiW (lpString1="IMJP9_0", lpString2=".") returned 1 [0049.200] lstrcmpiW (lpString1="IMJP9_0", lpString2="..") returned 1 [0049.200] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0") returned 65 [0049.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.200] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0" [0049.200] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*" [0049.200] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.200] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.200] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.200] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.200] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.200] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.201] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.201] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.201] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.201] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.201] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.201] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.201] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.201] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.201] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.201] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.201] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.201] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\LOLKEK.txt") returned 76 [0049.201] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp9_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.201] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.201] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.202] CloseHandle (hObject=0x25c) returned 1 [0049.202] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.202] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0049.202] lstrcmpiW (lpString1="Internet Explorer", lpString2="Windows") returned -1 [0049.202] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files") returned -1 [0049.202] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files (x86)") returned -1 [0049.202] lstrcmpiW (lpString1="Internet Explorer", lpString2="$Recycle.bin") returned 1 [0049.202] lstrcmpiW (lpString1="Internet Explorer", lpString2="System Volume Information") returned -1 [0049.202] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0049.202] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0049.202] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer") returned 75 [0049.202] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.202] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer" [0049.202] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*" [0049.202] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.208] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.208] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.208] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.208] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.208] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.208] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.208] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.208] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.208] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.208] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.208] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.208] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.208] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.208] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.208] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0049.208] lstrcmpiW (lpString1="brndlog.bak", lpString2="Windows") returned -1 [0049.208] lstrcmpiW (lpString1="brndlog.bak", lpString2="Program Files") returned -1 [0049.208] lstrcmpiW (lpString1="brndlog.bak", lpString2="Program Files (x86)") returned -1 [0049.208] lstrcmpiW (lpString1="brndlog.bak", lpString2="$Recycle.bin") returned 1 [0049.208] lstrcmpiW (lpString1="brndlog.bak", lpString2="System Volume Information") returned -1 [0049.209] lstrcmpiW (lpString1="brndlog.bak", lpString2=".") returned 1 [0049.209] lstrcmpiW (lpString1="brndlog.bak", lpString2="..") returned 1 [0049.209] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak") returned 87 [0049.209] StrStrIW (lpFirst="brndlog.bak", lpSrch=".lolkek") returned 0x0 [0049.209] lstrcmpW (lpString1="brndlog.bak", lpString2="LOLKEK.txt") returned -1 [0049.209] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak") returned 87 [0049.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb6270 [0049.209] lstrcpyW (in: lpString1=0x3eb6270, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" [0049.209] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.209] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.209] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d977900, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0049.209] lstrcmpiW (lpString1="brndlog.txt", lpString2="Windows") returned -1 [0049.209] lstrcmpiW (lpString1="brndlog.txt", lpString2="Program Files") returned -1 [0049.209] lstrcmpiW (lpString1="brndlog.txt", lpString2="Program Files (x86)") returned -1 [0049.209] lstrcmpiW (lpString1="brndlog.txt", lpString2="$Recycle.bin") returned 1 [0049.209] lstrcmpiW (lpString1="brndlog.txt", lpString2="System Volume Information") returned -1 [0049.209] lstrcmpiW (lpString1="brndlog.txt", lpString2=".") returned 1 [0049.209] lstrcmpiW (lpString1="brndlog.txt", lpString2="..") returned 1 [0049.209] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt") returned 87 [0049.209] StrStrIW (lpFirst="brndlog.txt", lpSrch=".lolkek") returned 0x0 [0049.209] lstrcmpW (lpString1="brndlog.txt", lpString2="LOLKEK.txt") returned -1 [0049.209] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt") returned 87 [0049.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb63d8 [0049.209] lstrcpyW (in: lpString1=0x3eb63d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" [0049.209] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.209] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.209] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DOMStore", cAlternateFileName="")) returned 1 [0049.209] lstrcmpiW (lpString1="DOMStore", lpString2="Windows") returned -1 [0049.209] lstrcmpiW (lpString1="DOMStore", lpString2="Program Files") returned -1 [0049.209] lstrcmpiW (lpString1="DOMStore", lpString2="Program Files (x86)") returned -1 [0049.209] lstrcmpiW (lpString1="DOMStore", lpString2="$Recycle.bin") returned 1 [0049.209] lstrcmpiW (lpString1="DOMStore", lpString2="System Volume Information") returned -1 [0049.209] lstrcmpiW (lpString1="DOMStore", lpString2=".") returned 1 [0049.209] lstrcmpiW (lpString1="DOMStore", lpString2="..") returned 1 [0049.209] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore") returned 84 [0049.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.209] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore" [0049.209] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*" [0049.209] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.210] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.210] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.210] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.210] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.210] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.210] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.210] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.210] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.210] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.210] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.210] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.210] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.210] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.210] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.210] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3LKBQZJ3", cAlternateFileName="")) returned 1 [0049.210] lstrcmpiW (lpString1="3LKBQZJ3", lpString2="Windows") returned -1 [0049.210] lstrcmpiW (lpString1="3LKBQZJ3", lpString2="Program Files") returned -1 [0049.210] lstrcmpiW (lpString1="3LKBQZJ3", lpString2="Program Files (x86)") returned -1 [0049.210] lstrcmpiW (lpString1="3LKBQZJ3", lpString2="$Recycle.bin") returned 1 [0049.210] lstrcmpiW (lpString1="3LKBQZJ3", lpString2="System Volume Information") returned -1 [0049.210] lstrcmpiW (lpString1="3LKBQZJ3", lpString2=".") returned 1 [0049.210] lstrcmpiW (lpString1="3LKBQZJ3", lpString2="..") returned 1 [0049.210] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned 93 [0049.210] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.210] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" [0049.211] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*" [0049.211] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.211] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.211] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.211] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.211] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.211] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.211] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.211] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.211] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.211] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.211] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.211] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.211] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.211] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.211] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.211] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.211] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.211] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\LOLKEK.txt") returned 104 [0049.211] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\3lkbqzj3\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.212] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.212] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.212] CloseHandle (hObject=0x290) returned 1 [0049.212] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.212] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8NES5H33", cAlternateFileName="")) returned 1 [0049.212] lstrcmpiW (lpString1="8NES5H33", lpString2="Windows") returned -1 [0049.212] lstrcmpiW (lpString1="8NES5H33", lpString2="Program Files") returned -1 [0049.212] lstrcmpiW (lpString1="8NES5H33", lpString2="Program Files (x86)") returned -1 [0049.212] lstrcmpiW (lpString1="8NES5H33", lpString2="$Recycle.bin") returned 1 [0049.212] lstrcmpiW (lpString1="8NES5H33", lpString2="System Volume Information") returned -1 [0049.212] lstrcmpiW (lpString1="8NES5H33", lpString2=".") returned 1 [0049.213] lstrcmpiW (lpString1="8NES5H33", lpString2="..") returned 1 [0049.213] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned 93 [0049.213] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.213] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" [0049.213] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*" [0049.213] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.213] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.213] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.213] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.213] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.213] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.213] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.213] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.213] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.213] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.213] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.213] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.213] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.213] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.213] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.213] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d941010, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="get.adobe[1].xml", cAlternateFileName="GETADO~1.XML")) returned 1 [0049.213] lstrcmpiW (lpString1="get.adobe[1].xml", lpString2="Windows") returned -1 [0049.213] lstrcmpiW (lpString1="get.adobe[1].xml", lpString2="Program Files") returned -1 [0049.213] lstrcmpiW (lpString1="get.adobe[1].xml", lpString2="Program Files (x86)") returned -1 [0049.213] lstrcmpiW (lpString1="get.adobe[1].xml", lpString2="$Recycle.bin") returned 1 [0049.213] lstrcmpiW (lpString1="get.adobe[1].xml", lpString2="System Volume Information") returned -1 [0049.213] lstrcmpiW (lpString1="get.adobe[1].xml", lpString2=".") returned 1 [0049.213] lstrcmpiW (lpString1="get.adobe[1].xml", lpString2="..") returned 1 [0049.213] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml") returned 110 [0049.213] StrStrIW (lpFirst="get.adobe[1].xml", lpSrch=".lolkek") returned 0x0 [0049.213] lstrcmpW (lpString1="get.adobe[1].xml", lpString2="LOLKEK.txt") returned -1 [0049.213] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml") returned 110 [0049.213] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x62fa38 [0049.213] lstrcpyW (in: lpString1=0x62fa38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" [0049.213] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.213] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.213] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d941010, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="get.adobe[1].xml", cAlternateFileName="GETADO~1.XML")) returned 0 [0049.213] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.214] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\LOLKEK.txt") returned 104 [0049.214] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.214] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.214] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.214] CloseHandle (hObject=0x290) returned 1 [0049.215] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.215] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FKLUIDU0", cAlternateFileName="")) returned 1 [0049.215] lstrcmpiW (lpString1="FKLUIDU0", lpString2="Windows") returned -1 [0049.215] lstrcmpiW (lpString1="FKLUIDU0", lpString2="Program Files") returned -1 [0049.215] lstrcmpiW (lpString1="FKLUIDU0", lpString2="Program Files (x86)") returned -1 [0049.215] lstrcmpiW (lpString1="FKLUIDU0", lpString2="$Recycle.bin") returned 1 [0049.215] lstrcmpiW (lpString1="FKLUIDU0", lpString2="System Volume Information") returned -1 [0049.215] lstrcmpiW (lpString1="FKLUIDU0", lpString2=".") returned 1 [0049.215] lstrcmpiW (lpString1="FKLUIDU0", lpString2="..") returned 1 [0049.215] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned 93 [0049.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.215] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" [0049.215] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*" [0049.215] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.215] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.215] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.215] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.215] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.215] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.215] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.215] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.215] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.215] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.215] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.215] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.215] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.215] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.215] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.215] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.215] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.215] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\LOLKEK.txt") returned 104 [0049.215] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\fkluidu0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.216] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.216] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.216] CloseHandle (hObject=0x290) returned 1 [0049.216] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.216] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x125db390, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0049.216] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0049.216] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0049.217] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0049.217] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0049.217] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0049.217] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0049.217] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0049.217] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat") returned 94 [0049.217] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0049.217] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0049.217] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat") returned 94 [0049.217] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x62fc00 [0049.217] lstrcpyW (in: lpString1=0x62fc00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" [0049.217] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.217] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.217] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OWLVMZRC", cAlternateFileName="")) returned 1 [0049.217] lstrcmpiW (lpString1="OWLVMZRC", lpString2="Windows") returned -1 [0049.217] lstrcmpiW (lpString1="OWLVMZRC", lpString2="Program Files") returned -1 [0049.217] lstrcmpiW (lpString1="OWLVMZRC", lpString2="Program Files (x86)") returned -1 [0049.217] lstrcmpiW (lpString1="OWLVMZRC", lpString2="$Recycle.bin") returned 1 [0049.217] lstrcmpiW (lpString1="OWLVMZRC", lpString2="System Volume Information") returned -1 [0049.217] lstrcmpiW (lpString1="OWLVMZRC", lpString2=".") returned 1 [0049.217] lstrcmpiW (lpString1="OWLVMZRC", lpString2="..") returned 1 [0049.217] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned 93 [0049.217] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.217] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" [0049.217] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*" [0049.217] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.217] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.217] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.217] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.217] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.217] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.217] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.217] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.217] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.217] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.217] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.217] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.217] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.217] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.217] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.217] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.218] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.218] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\LOLKEK.txt") returned 104 [0049.218] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\owlvmzrc\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.218] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.218] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.219] CloseHandle (hObject=0x290) returned 1 [0049.219] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.219] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OWLVMZRC", cAlternateFileName="")) returned 0 [0049.219] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.219] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\LOLKEK.txt") returned 95 [0049.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.219] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.219] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.220] CloseHandle (hObject=0x268) returned 1 [0049.220] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.220] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x65d58120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65d58120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65d58120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="frameiconcache.dat", cAlternateFileName="FRAMEI~1.DAT")) returned 1 [0049.220] lstrcmpiW (lpString1="frameiconcache.dat", lpString2="Windows") returned -1 [0049.220] lstrcmpiW (lpString1="frameiconcache.dat", lpString2="Program Files") returned -1 [0049.220] lstrcmpiW (lpString1="frameiconcache.dat", lpString2="Program Files (x86)") returned -1 [0049.220] lstrcmpiW (lpString1="frameiconcache.dat", lpString2="$Recycle.bin") returned 1 [0049.220] lstrcmpiW (lpString1="frameiconcache.dat", lpString2="System Volume Information") returned -1 [0049.220] lstrcmpiW (lpString1="frameiconcache.dat", lpString2=".") returned 1 [0049.220] lstrcmpiW (lpString1="frameiconcache.dat", lpString2="..") returned 1 [0049.220] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat") returned 94 [0049.220] StrStrIW (lpFirst="frameiconcache.dat", lpSrch=".lolkek") returned 0x0 [0049.220] lstrcmpW (lpString1="frameiconcache.dat", lpString2="LOLKEK.txt") returned -1 [0049.220] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat") returned 94 [0049.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x3ddf4c0 [0049.220] lstrcpyW (in: lpString1=0x3ddf4c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" [0049.220] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.220] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.220] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95014270, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x95014270, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x95014270, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0049.220] lstrcmpiW (lpString1="MSIMGSIZ.DAT", lpString2="Windows") returned -1 [0049.220] lstrcmpiW (lpString1="MSIMGSIZ.DAT", lpString2="Program Files") returned -1 [0049.220] lstrcmpiW (lpString1="MSIMGSIZ.DAT", lpString2="Program Files (x86)") returned -1 [0049.220] lstrcmpiW (lpString1="MSIMGSIZ.DAT", lpString2="$Recycle.bin") returned 1 [0049.220] lstrcmpiW (lpString1="MSIMGSIZ.DAT", lpString2="System Volume Information") returned -1 [0049.220] lstrcmpiW (lpString1="MSIMGSIZ.DAT", lpString2=".") returned 1 [0049.220] lstrcmpiW (lpString1="MSIMGSIZ.DAT", lpString2="..") returned 1 [0049.220] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT") returned 88 [0049.220] StrStrIW (lpFirst="MSIMGSIZ.DAT", lpSrch=".lolkek") returned 0x0 [0049.220] lstrcmpW (lpString1="MSIMGSIZ.DAT", lpString2="LOLKEK.txt") returned 1 [0049.220] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT") returned 88 [0049.220] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x617b68 [0049.220] lstrcpyW (in: lpString1=0x617b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" [0049.220] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.220] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.220] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Recovery", cAlternateFileName="")) returned 1 [0049.221] lstrcmpiW (lpString1="Recovery", lpString2="Windows") returned -1 [0049.221] lstrcmpiW (lpString1="Recovery", lpString2="Program Files") returned 1 [0049.221] lstrcmpiW (lpString1="Recovery", lpString2="Program Files (x86)") returned 1 [0049.221] lstrcmpiW (lpString1="Recovery", lpString2="$Recycle.bin") returned 1 [0049.221] lstrcmpiW (lpString1="Recovery", lpString2="System Volume Information") returned -1 [0049.221] lstrcmpiW (lpString1="Recovery", lpString2=".") returned 1 [0049.221] lstrcmpiW (lpString1="Recovery", lpString2="..") returned 1 [0049.221] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery") returned 84 [0049.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.221] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery" [0049.221] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*" [0049.221] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.221] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.221] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.221] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.221] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.221] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.221] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.221] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.221] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.221] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.221] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.221] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.221] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.221] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.221] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.221] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Active", cAlternateFileName="")) returned 1 [0049.221] lstrcmpiW (lpString1="Active", lpString2="Windows") returned -1 [0049.221] lstrcmpiW (lpString1="Active", lpString2="Program Files") returned -1 [0049.221] lstrcmpiW (lpString1="Active", lpString2="Program Files (x86)") returned -1 [0049.221] lstrcmpiW (lpString1="Active", lpString2="$Recycle.bin") returned 1 [0049.221] lstrcmpiW (lpString1="Active", lpString2="System Volume Information") returned -1 [0049.221] lstrcmpiW (lpString1="Active", lpString2=".") returned 1 [0049.221] lstrcmpiW (lpString1="Active", lpString2="..") returned 1 [0049.221] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active") returned 91 [0049.221] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.221] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active" [0049.221] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*" [0049.221] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.222] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.222] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.222] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.222] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.222] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.222] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.222] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.222] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.222] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.222] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.222] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.222] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.222] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.222] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.222] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.222] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.222] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\LOLKEK.txt") returned 102 [0049.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\active\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.222] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.222] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.223] CloseHandle (hObject=0x290) returned 1 [0049.223] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.223] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Last Active", cAlternateFileName="LASTAC~1")) returned 1 [0049.223] lstrcmpiW (lpString1="Last Active", lpString2="Windows") returned -1 [0049.223] lstrcmpiW (lpString1="Last Active", lpString2="Program Files") returned -1 [0049.223] lstrcmpiW (lpString1="Last Active", lpString2="Program Files (x86)") returned -1 [0049.223] lstrcmpiW (lpString1="Last Active", lpString2="$Recycle.bin") returned 1 [0049.223] lstrcmpiW (lpString1="Last Active", lpString2="System Volume Information") returned -1 [0049.223] lstrcmpiW (lpString1="Last Active", lpString2=".") returned 1 [0049.223] lstrcmpiW (lpString1="Last Active", lpString2="..") returned 1 [0049.223] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned 96 [0049.223] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.223] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active" [0049.223] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*" [0049.223] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.225] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.225] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.225] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.225] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.225] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.225] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.225] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.225] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.225] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.225] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.225] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.225] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.226] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.226] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.226] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="RECOVE~2.DAT")) returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Windows") returned -1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Program Files") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Program Files (x86)") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="$Recycle.bin") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="System Volume Information") returned -1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2=".") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="..") returned 1 [0049.226] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned 153 [0049.226] StrStrIW (lpFirst="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpSrch=".lolkek") returned 0x0 [0049.226] lstrcmpW (lpString1="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="LOLKEK.txt") returned 1 [0049.226] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned 153 [0049.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x268) returned 0x3ddf648 [0049.226] lstrcpyW (in: lpString1=0x3ddf648, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" [0049.226] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.226] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.226] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6dd28c60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd28c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", cAlternateFileName="RECOVE~1.DAT")) returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2="Windows") returned -1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2="Program Files") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2="Program Files (x86)") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2="$Recycle.bin") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2="System Volume Information") returned -1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2=".") returned 1 [0049.226] lstrcmpiW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2="..") returned 1 [0049.226] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat") returned 153 [0049.226] StrStrIW (lpFirst="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpSrch=".lolkek") returned 0x0 [0049.226] lstrcmpW (lpString1="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", lpString2="LOLKEK.txt") returned 1 [0049.226] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat") returned 153 [0049.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x268) returned 0x3ca5768 [0049.226] lstrcpyW (in: lpString1=0x3ca5768, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" [0049.226] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.226] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.226] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{4BD65~1.DAT")) returned 1 [0049.226] lstrcmpiW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Windows") returned -1 [0049.226] lstrcmpiW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Program Files") returned -1 [0049.226] lstrcmpiW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Program Files (x86)") returned -1 [0049.226] lstrcmpiW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="$Recycle.bin") returned 1 [0049.226] lstrcmpiW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="System Volume Information") returned -1 [0049.226] lstrcmpiW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2=".") returned 1 [0049.226] lstrcmpiW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="..") returned 1 [0049.226] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned 139 [0049.226] StrStrIW (lpFirst="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpSrch=".lolkek") returned 0x0 [0049.227] lstrcmpW (lpString1="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="LOLKEK.txt") returned -1 [0049.227] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned 139 [0049.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x3ca59d8 [0049.227] lstrcpyW (in: lpString1=0x3ca59d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" [0049.227] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.227] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.227] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30603250, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{69512~1.DAT")) returned 1 [0049.227] lstrcmpiW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Windows") returned -1 [0049.227] lstrcmpiW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Program Files") returned -1 [0049.227] lstrcmpiW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="Program Files (x86)") returned -1 [0049.227] lstrcmpiW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="$Recycle.bin") returned 1 [0049.227] lstrcmpiW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="System Volume Information") returned -1 [0049.227] lstrcmpiW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2=".") returned 1 [0049.227] lstrcmpiW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="..") returned 1 [0049.227] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned 139 [0049.227] StrStrIW (lpFirst="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpSrch=".lolkek") returned 0x0 [0049.227] lstrcmpW (lpString1="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", lpString2="LOLKEK.txt") returned -1 [0049.227] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned 139 [0049.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x3ca5c10 [0049.227] lstrcpyW (in: lpString1=0x3ca5c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" [0049.227] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.227] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.227] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30603250, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{69512~1.DAT")) returned 0 [0049.227] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.228] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\LOLKEK.txt") returned 107 [0049.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.228] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.228] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.230] CloseHandle (hObject=0x290) returned 1 [0049.230] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.230] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Last Active", cAlternateFileName="LASTAC~1")) returned 0 [0049.230] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.230] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\LOLKEK.txt") returned 95 [0049.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.230] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.230] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.231] CloseHandle (hObject=0x268) returned 1 [0049.231] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.231] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Recovery", cAlternateFileName="")) returned 0 [0049.231] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.231] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\LOLKEK.txt") returned 86 [0049.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.231] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.231] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.232] CloseHandle (hObject=0x25c) returned 1 [0049.232] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.233] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0049.233] lstrcmpiW (lpString1="Media Player", lpString2="Windows") returned -1 [0049.233] lstrcmpiW (lpString1="Media Player", lpString2="Program Files") returned -1 [0049.233] lstrcmpiW (lpString1="Media Player", lpString2="Program Files (x86)") returned -1 [0049.233] lstrcmpiW (lpString1="Media Player", lpString2="$Recycle.bin") returned 1 [0049.233] lstrcmpiW (lpString1="Media Player", lpString2="System Volume Information") returned -1 [0049.233] lstrcmpiW (lpString1="Media Player", lpString2=".") returned 1 [0049.233] lstrcmpiW (lpString1="Media Player", lpString2="..") returned 1 [0049.233] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player") returned 70 [0049.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.233] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player" [0049.233] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*" [0049.233] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.237] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.237] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.237] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.237] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.237] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.237] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.237] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.237] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.237] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.237] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.237] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.237] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.237] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.237] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.237] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf59b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0049.237] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="Windows") returned -1 [0049.237] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="Program Files") returned -1 [0049.237] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="Program Files (x86)") returned -1 [0049.237] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="$Recycle.bin") returned 1 [0049.237] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="System Volume Information") returned -1 [0049.238] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2=".") returned 1 [0049.238] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="..") returned 1 [0049.238] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb") returned 95 [0049.238] StrStrIW (lpFirst="CurrentDatabase_372.wmdb", lpSrch=".lolkek") returned 0x0 [0049.238] lstrcmpW (lpString1="CurrentDatabase_372.wmdb", lpString2="LOLKEK.txt") returned -1 [0049.238] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb") returned 95 [0049.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x3ca5fc8 [0049.238] lstrcpyW (in: lpString1=0x3ca5fc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" [0049.238] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.238] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.238] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2cf33a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf33a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1106c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0049.238] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="Windows") returned -1 [0049.238] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="Program Files") returned -1 [0049.238] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="Program Files (x86)") returned -1 [0049.238] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="$Recycle.bin") returned 1 [0049.238] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="System Volume Information") returned -1 [0049.238] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2=".") returned 1 [0049.238] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="..") returned 1 [0049.238] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb") returned 86 [0049.238] StrStrIW (lpFirst="LocalMLS_3.wmdb", lpSrch=".lolkek") returned 0x0 [0049.238] lstrcmpW (lpString1="LocalMLS_3.wmdb", lpString2="LOLKEK.txt") returned -1 [0049.238] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb") returned 86 [0049.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6540 [0049.238] lstrcpyW (in: lpString1=0x3eb6540, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" [0049.238] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.238] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.238] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0049.238] lstrcmpiW (lpString1="Sync Playlists", lpString2="Windows") returned -1 [0049.238] lstrcmpiW (lpString1="Sync Playlists", lpString2="Program Files") returned 1 [0049.238] lstrcmpiW (lpString1="Sync Playlists", lpString2="Program Files (x86)") returned 1 [0049.238] lstrcmpiW (lpString1="Sync Playlists", lpString2="$Recycle.bin") returned 1 [0049.238] lstrcmpiW (lpString1="Sync Playlists", lpString2="System Volume Information") returned -1 [0049.238] lstrcmpiW (lpString1="Sync Playlists", lpString2=".") returned 1 [0049.238] lstrcmpiW (lpString1="Sync Playlists", lpString2="..") returned 1 [0049.238] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists") returned 85 [0049.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.239] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" [0049.239] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*" [0049.239] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.239] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.239] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.239] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.239] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.239] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.239] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.239] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.239] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.239] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.239] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.239] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.239] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.239] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.239] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.239] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0049.239] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0049.239] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0049.239] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0049.239] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0049.239] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0049.239] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0049.239] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0049.239] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 91 [0049.239] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.239] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0049.239] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*" [0049.239] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.240] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.240] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.240] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.240] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.240] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.240] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.240] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.240] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.240] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.240] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.240] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.240] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.240] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.240] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.240] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0000E713", cAlternateFileName="")) returned 1 [0049.240] lstrcmpiW (lpString1="0000E713", lpString2="Windows") returned -1 [0049.240] lstrcmpiW (lpString1="0000E713", lpString2="Program Files") returned -1 [0049.240] lstrcmpiW (lpString1="0000E713", lpString2="Program Files (x86)") returned -1 [0049.240] lstrcmpiW (lpString1="0000E713", lpString2="$Recycle.bin") returned 1 [0049.240] lstrcmpiW (lpString1="0000E713", lpString2="System Volume Information") returned -1 [0049.240] lstrcmpiW (lpString1="0000E713", lpString2=".") returned 1 [0049.240] lstrcmpiW (lpString1="0000E713", lpString2="..") returned 1 [0049.240] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned 100 [0049.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.240] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" [0049.240] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*" [0049.240] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.242] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.242] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.242] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.242] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.242] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.242] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.242] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.242] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.242] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.242] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.242] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.242] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.242] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.242] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.242] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0049.242] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Windows") returned -1 [0049.242] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Program Files") returned -1 [0049.242] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.242] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.242] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.243] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".") returned 1 [0049.243] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="..") returned 1 [0049.243] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl") returned 135 [0049.243] StrStrIW (lpFirst="01_Music_auto_rated_at_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.243] lstrcmpW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.243] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl") returned 135 [0049.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c6740 [0049.243] lstrcpyW (in: lpString1=0x5c6740, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" [0049.243] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.243] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.243] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0049.243] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Windows") returned -1 [0049.243] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0049.243] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0049.243] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0049.243] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0049.243] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".") returned 1 [0049.243] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="..") returned 1 [0049.243] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl") returned 137 [0049.243] StrStrIW (lpFirst="02_Music_added_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0049.243] lstrcmpW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0049.243] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl") returned 137 [0049.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eaddb0 [0049.243] lstrcpyW (in: lpString1=0x3eaddb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" [0049.243] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.243] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.243] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0049.243] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0049.243] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0049.243] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.243] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.243] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.243] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0049.243] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0049.243] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl") returned 135 [0049.243] StrStrIW (lpFirst="03_Music_rated_at_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.243] lstrcmpW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.243] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl") returned 135 [0049.243] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c6968 [0049.243] lstrcpyW (in: lpString1=0x5c6968, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" [0049.243] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.243] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.243] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0049.244] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Windows") returned -1 [0049.244] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0049.244] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0049.244] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0049.244] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0049.244] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".") returned 1 [0049.244] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="..") returned 1 [0049.244] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl") returned 138 [0049.244] StrStrIW (lpFirst="04_Music_played_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0049.244] lstrcmpW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0049.244] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl") returned 138 [0049.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22c) returned 0x3ca6150 [0049.244] lstrcpyW (in: lpString1=0x3ca6150, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" [0049.244] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.244] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.244] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0049.244] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Windows") returned -1 [0049.244] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0049.244] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0049.244] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0049.244] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0049.244] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".") returned 1 [0049.244] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="..") returned 1 [0049.244] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl") returned 140 [0049.244] StrStrIW (lpFirst="05_Pictures_taken_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0049.244] lstrcmpW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0049.244] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl") returned 140 [0049.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x234) returned 0x3dd4c80 [0049.244] lstrcpyW (in: lpString1=0x3dd4c80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" [0049.244] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.244] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.244] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0049.244] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0049.244] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0049.244] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.244] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.244] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.244] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".") returned 1 [0049.244] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="..") returned 1 [0049.244] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl") returned 135 [0049.244] StrStrIW (lpFirst="06_Pictures_rated_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.244] lstrcmpW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.244] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl") returned 135 [0049.244] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c6b90 [0049.244] lstrcpyW (in: lpString1=0x5c6b90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" [0049.244] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.245] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.245] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0049.245] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Windows") returned -1 [0049.245] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Program Files") returned -1 [0049.245] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Program Files (x86)") returned -1 [0049.245] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="$Recycle.bin") returned 1 [0049.245] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="System Volume Information") returned -1 [0049.245] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".") returned 1 [0049.245] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="..") returned 1 [0049.245] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl") returned 136 [0049.245] StrStrIW (lpFirst="07_TV_recorded_in_the_last_week.wpl", lpSrch=".lolkek") returned 0x0 [0049.245] lstrcmpW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="LOLKEK.txt") returned -1 [0049.245] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl") returned 136 [0049.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x224) returned 0x3eadb68 [0049.245] lstrcpyW (in: lpString1=0x3eadb68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" [0049.245] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.245] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.245] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0049.245] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0049.245] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0049.245] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.245] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.245] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.245] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0049.245] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0049.245] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl") returned 135 [0049.245] StrStrIW (lpFirst="08_Video_rated_at_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.245] lstrcmpW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.245] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl") returned 135 [0049.245] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c6db8 [0049.245] lstrcpyW (in: lpString1=0x5c6db8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" [0049.245] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.245] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.245] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0049.245] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Windows") returned -1 [0049.245] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Program Files") returned -1 [0049.245] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Program Files (x86)") returned -1 [0049.245] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="$Recycle.bin") returned 1 [0049.245] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="System Volume Information") returned -1 [0049.245] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".") returned 1 [0049.245] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="..") returned 1 [0049.245] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl") returned 129 [0049.245] StrStrIW (lpFirst="09_Music_played_the_most.wpl", lpSrch=".lolkek") returned 0x0 [0049.245] lstrcmpW (lpString1="09_Music_played_the_most.wpl", lpString2="LOLKEK.txt") returned -1 [0049.246] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl") returned 129 [0049.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x208) returned 0x5c6fe0 [0049.246] lstrcpyW (in: lpString1=0x5c6fe0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" [0049.246] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.246] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.246] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0049.246] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Windows") returned -1 [0049.246] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Program Files") returned -1 [0049.246] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Program Files (x86)") returned -1 [0049.246] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="$Recycle.bin") returned 1 [0049.246] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="System Volume Information") returned -1 [0049.246] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".") returned 1 [0049.246] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="..") returned 1 [0049.246] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl") returned 117 [0049.246] StrStrIW (lpFirst="10_All_Music.wpl", lpSrch=".lolkek") returned 0x0 [0049.246] lstrcmpW (lpString1="10_All_Music.wpl", lpString2="LOLKEK.txt") returned -1 [0049.246] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl") returned 117 [0049.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d8) returned 0x3ca6388 [0049.246] lstrcpyW (in: lpString1=0x3ca6388, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" [0049.246] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.246] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.246] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0049.246] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Windows") returned -1 [0049.246] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Program Files") returned -1 [0049.246] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Program Files (x86)") returned -1 [0049.246] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="$Recycle.bin") returned 1 [0049.246] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="System Volume Information") returned -1 [0049.246] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".") returned 1 [0049.246] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="..") returned 1 [0049.246] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl") returned 120 [0049.246] StrStrIW (lpFirst="11_All_Pictures.wpl", lpSrch=".lolkek") returned 0x0 [0049.246] lstrcmpW (lpString1="11_All_Pictures.wpl", lpString2="LOLKEK.txt") returned -1 [0049.246] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl") returned 120 [0049.246] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e4) returned 0x3dd4ec0 [0049.246] lstrcpyW (in: lpString1=0x3dd4ec0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" [0049.246] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.246] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.246] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0049.246] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Windows") returned -1 [0049.246] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Program Files") returned -1 [0049.246] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Program Files (x86)") returned -1 [0049.246] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="$Recycle.bin") returned 1 [0049.246] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="System Volume Information") returned -1 [0049.246] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".") returned 1 [0049.246] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="..") returned 1 [0049.247] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl") returned 117 [0049.247] StrStrIW (lpFirst="12_All_Video.wpl", lpSrch=".lolkek") returned 0x0 [0049.247] lstrcmpW (lpString1="12_All_Video.wpl", lpString2="LOLKEK.txt") returned -1 [0049.247] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl") returned 117 [0049.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d8) returned 0x3dd50b0 [0049.247] lstrcpyW (in: lpString1=0x3dd50b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" [0049.247] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.247] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.247] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 0 [0049.247] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.247] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\LOLKEK.txt") returned 111 [0049.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.248] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.248] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.249] CloseHandle (hObject=0x280) returned 1 [0049.250] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.250] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0049.250] lstrcmpiW (lpString1="00010C6E", lpString2="Windows") returned -1 [0049.250] lstrcmpiW (lpString1="00010C6E", lpString2="Program Files") returned -1 [0049.250] lstrcmpiW (lpString1="00010C6E", lpString2="Program Files (x86)") returned -1 [0049.250] lstrcmpiW (lpString1="00010C6E", lpString2="$Recycle.bin") returned 1 [0049.250] lstrcmpiW (lpString1="00010C6E", lpString2="System Volume Information") returned -1 [0049.251] lstrcmpiW (lpString1="00010C6E", lpString2=".") returned 1 [0049.251] lstrcmpiW (lpString1="00010C6E", lpString2="..") returned 1 [0049.251] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 100 [0049.251] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.251] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0049.251] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*" [0049.251] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.254] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.254] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.254] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.254] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.254] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.254] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.254] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.254] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.254] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.254] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.254] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.254] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.254] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.254] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.254] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0049.254] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Windows") returned -1 [0049.254] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Program Files") returned -1 [0049.254] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.254] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.254] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.254] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".") returned 1 [0049.254] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="..") returned 1 [0049.254] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned 135 [0049.254] StrStrIW (lpFirst="01_Music_auto_rated_at_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.254] lstrcmpW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.254] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned 135 [0049.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c7208 [0049.254] lstrcpyW (in: lpString1=0x5c7208, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" [0049.254] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.254] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.254] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0049.254] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Windows") returned -1 [0049.254] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0049.254] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0049.254] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0049.254] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0049.254] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".") returned 1 [0049.254] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="..") returned 1 [0049.254] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl") returned 137 [0049.254] StrStrIW (lpFirst="02_Music_added_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0049.254] lstrcmpW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0049.254] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl") returned 137 [0049.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eae240 [0049.254] lstrcpyW (in: lpString1=0x3eae240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" [0049.254] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.255] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.255] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0049.255] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0049.255] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0049.255] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.255] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.255] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.255] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0049.255] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0049.255] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl") returned 135 [0049.255] StrStrIW (lpFirst="03_Music_rated_at_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.255] lstrcmpW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.255] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl") returned 135 [0049.255] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c7430 [0049.255] lstrcpyW (in: lpString1=0x5c7430, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" [0049.255] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.255] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.255] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0049.255] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Windows") returned -1 [0049.255] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0049.255] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0049.255] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0049.255] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0049.255] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".") returned 1 [0049.255] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="..") returned 1 [0049.255] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl") returned 138 [0049.255] StrStrIW (lpFirst="04_Music_played_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0049.255] lstrcmpW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0049.255] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl") returned 138 [0049.255] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22c) returned 0x3dd5290 [0049.255] lstrcpyW (in: lpString1=0x3dd5290, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" [0049.255] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.255] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.255] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0049.255] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Windows") returned -1 [0049.255] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0049.255] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0049.255] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0049.255] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0049.255] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".") returned 1 [0049.255] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="..") returned 1 [0049.255] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl") returned 140 [0049.255] StrStrIW (lpFirst="05_Pictures_taken_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0049.255] lstrcmpW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0049.256] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl") returned 140 [0049.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x234) returned 0x3dd54c8 [0049.256] lstrcpyW (in: lpString1=0x3dd54c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" [0049.256] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.256] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.256] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0049.256] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0049.256] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0049.256] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.256] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.256] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.256] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".") returned 1 [0049.256] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="..") returned 1 [0049.256] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl") returned 135 [0049.256] StrStrIW (lpFirst="06_Pictures_rated_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.256] lstrcmpW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.256] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl") returned 135 [0049.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c7658 [0049.256] lstrcpyW (in: lpString1=0x5c7658, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" [0049.256] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.256] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.256] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0049.256] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Windows") returned -1 [0049.256] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Program Files") returned -1 [0049.256] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Program Files (x86)") returned -1 [0049.256] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="$Recycle.bin") returned 1 [0049.256] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="System Volume Information") returned -1 [0049.256] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".") returned 1 [0049.256] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="..") returned 1 [0049.256] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl") returned 136 [0049.256] StrStrIW (lpFirst="07_TV_recorded_in_the_last_week.wpl", lpSrch=".lolkek") returned 0x0 [0049.256] lstrcmpW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="LOLKEK.txt") returned -1 [0049.256] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl") returned 136 [0049.256] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x224) returned 0x3eae488 [0049.256] lstrcpyW (in: lpString1=0x3eae488, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" [0049.256] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.256] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.256] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0049.256] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0049.257] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0049.257] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0049.257] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0049.257] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0049.257] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0049.257] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0049.257] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl") returned 135 [0049.257] StrStrIW (lpFirst="08_Video_rated_at_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0049.257] lstrcmpW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0049.257] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl") returned 135 [0049.257] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c7880 [0049.257] lstrcpyW (in: lpString1=0x5c7880, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" [0049.257] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.257] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.257] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0049.257] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Windows") returned -1 [0049.257] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Program Files") returned -1 [0049.257] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Program Files (x86)") returned -1 [0049.257] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="$Recycle.bin") returned 1 [0049.257] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="System Volume Information") returned -1 [0049.257] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".") returned 1 [0049.257] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="..") returned 1 [0049.257] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl") returned 129 [0049.257] StrStrIW (lpFirst="09_Music_played_the_most.wpl", lpSrch=".lolkek") returned 0x0 [0049.257] lstrcmpW (lpString1="09_Music_played_the_most.wpl", lpString2="LOLKEK.txt") returned -1 [0049.257] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl") returned 129 [0049.257] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x208) returned 0x5c7aa8 [0049.257] lstrcpyW (in: lpString1=0x5c7aa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" [0049.257] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.257] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.257] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0049.257] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Windows") returned -1 [0049.257] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Program Files") returned -1 [0049.257] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Program Files (x86)") returned -1 [0049.257] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="$Recycle.bin") returned 1 [0049.257] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="System Volume Information") returned -1 [0049.257] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".") returned 1 [0049.257] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="..") returned 1 [0049.257] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl") returned 117 [0049.257] StrStrIW (lpFirst="10_All_Music.wpl", lpSrch=".lolkek") returned 0x0 [0049.257] lstrcmpW (lpString1="10_All_Music.wpl", lpString2="LOLKEK.txt") returned -1 [0049.257] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl") returned 117 [0049.257] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d8) returned 0x3dd5708 [0049.257] lstrcpyW (in: lpString1=0x3dd5708, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" [0049.257] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.258] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.258] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0049.258] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Windows") returned -1 [0049.258] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Program Files") returned -1 [0049.258] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Program Files (x86)") returned -1 [0049.258] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="$Recycle.bin") returned 1 [0049.258] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="System Volume Information") returned -1 [0049.258] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".") returned 1 [0049.258] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="..") returned 1 [0049.258] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl") returned 120 [0049.258] StrStrIW (lpFirst="11_All_Pictures.wpl", lpSrch=".lolkek") returned 0x0 [0049.258] lstrcmpW (lpString1="11_All_Pictures.wpl", lpString2="LOLKEK.txt") returned -1 [0049.258] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl") returned 120 [0049.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e4) returned 0x3ddaa68 [0049.258] lstrcpyW (in: lpString1=0x3ddaa68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" [0049.258] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.258] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.258] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0049.258] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Windows") returned -1 [0049.258] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Program Files") returned -1 [0049.258] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Program Files (x86)") returned -1 [0049.258] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="$Recycle.bin") returned 1 [0049.258] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="System Volume Information") returned -1 [0049.258] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".") returned 1 [0049.258] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="..") returned 1 [0049.258] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl") returned 117 [0049.258] StrStrIW (lpFirst="12_All_Video.wpl", lpSrch=".lolkek") returned 0x0 [0049.258] lstrcmpW (lpString1="12_All_Video.wpl", lpString2="LOLKEK.txt") returned -1 [0049.258] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl") returned 117 [0049.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d8) returned 0x3ddac58 [0049.258] lstrcpyW (in: lpString1=0x3ddac58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" [0049.258] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.258] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.258] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 0 [0049.258] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.259] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\LOLKEK.txt") returned 111 [0049.259] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.260] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.260] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.260] CloseHandle (hObject=0x280) returned 1 [0049.260] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.260] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="00010C6E", cAlternateFileName="")) returned 0 [0049.260] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.260] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\LOLKEK.txt") returned 102 [0049.260] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.261] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.261] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.261] CloseHandle (hObject=0x27c) returned 1 [0049.261] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.261] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 0 [0049.262] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.262] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\LOLKEK.txt") returned 96 [0049.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.262] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.262] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.263] CloseHandle (hObject=0x290) returned 1 [0049.263] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.263] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 1 [0049.263] lstrcmpiW (lpString1="Transcoded Files Cache", lpString2="Windows") returned -1 [0049.263] lstrcmpiW (lpString1="Transcoded Files Cache", lpString2="Program Files") returned 1 [0049.263] lstrcmpiW (lpString1="Transcoded Files Cache", lpString2="Program Files (x86)") returned 1 [0049.263] lstrcmpiW (lpString1="Transcoded Files Cache", lpString2="$Recycle.bin") returned 1 [0049.263] lstrcmpiW (lpString1="Transcoded Files Cache", lpString2="System Volume Information") returned 1 [0049.263] lstrcmpiW (lpString1="Transcoded Files Cache", lpString2=".") returned 1 [0049.263] lstrcmpiW (lpString1="Transcoded Files Cache", lpString2="..") returned 1 [0049.263] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache") returned 93 [0049.263] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.263] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache" [0049.263] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*" [0049.263] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.263] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.263] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.264] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.264] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.264] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.264] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.264] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.264] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.264] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.264] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.264] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.264] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.264] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.264] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.264] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.264] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.264] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\LOLKEK.txt") returned 104 [0049.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\transcoded files cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.264] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.264] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.265] CloseHandle (hObject=0x290) returned 1 [0049.265] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.265] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 0 [0049.265] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.265] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LOLKEK.txt") returned 81 [0049.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.265] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.265] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.266] CloseHandle (hObject=0x25c) returned 1 [0049.266] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.267] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Office", cAlternateFileName="")) returned 1 [0049.267] lstrcmpiW (lpString1="Office", lpString2="Windows") returned -1 [0049.267] lstrcmpiW (lpString1="Office", lpString2="Program Files") returned -1 [0049.267] lstrcmpiW (lpString1="Office", lpString2="Program Files (x86)") returned -1 [0049.267] lstrcmpiW (lpString1="Office", lpString2="$Recycle.bin") returned 1 [0049.267] lstrcmpiW (lpString1="Office", lpString2="System Volume Information") returned -1 [0049.267] lstrcmpiW (lpString1="Office", lpString2=".") returned 1 [0049.267] lstrcmpiW (lpString1="Office", lpString2="..") returned 1 [0049.267] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office") returned 64 [0049.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.268] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office" [0049.268] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*" [0049.268] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.268] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.268] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.268] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.268] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.268] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.268] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.268] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.268] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.268] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.268] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.268] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.268] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.268] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.268] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.268] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="14.0", cAlternateFileName="")) returned 1 [0049.268] lstrcmpiW (lpString1="14.0", lpString2="Windows") returned -1 [0049.268] lstrcmpiW (lpString1="14.0", lpString2="Program Files") returned -1 [0049.268] lstrcmpiW (lpString1="14.0", lpString2="Program Files (x86)") returned -1 [0049.268] lstrcmpiW (lpString1="14.0", lpString2="$Recycle.bin") returned 1 [0049.268] lstrcmpiW (lpString1="14.0", lpString2="System Volume Information") returned -1 [0049.269] lstrcmpiW (lpString1="14.0", lpString2=".") returned 1 [0049.269] lstrcmpiW (lpString1="14.0", lpString2="..") returned 1 [0049.269] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0") returned 69 [0049.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.269] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0" [0049.269] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*" [0049.269] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.271] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.271] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.271] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.271] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.271] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.271] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.271] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.271] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.272] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.272] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.272] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.272] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.272] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.272] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.272] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeFileCache", cAlternateFileName="OFFICE~1")) returned 1 [0049.272] lstrcmpiW (lpString1="OfficeFileCache", lpString2="Windows") returned -1 [0049.272] lstrcmpiW (lpString1="OfficeFileCache", lpString2="Program Files") returned -1 [0049.272] lstrcmpiW (lpString1="OfficeFileCache", lpString2="Program Files (x86)") returned -1 [0049.272] lstrcmpiW (lpString1="OfficeFileCache", lpString2="$Recycle.bin") returned 1 [0049.272] lstrcmpiW (lpString1="OfficeFileCache", lpString2="System Volume Information") returned -1 [0049.272] lstrcmpiW (lpString1="OfficeFileCache", lpString2=".") returned 1 [0049.272] lstrcmpiW (lpString1="OfficeFileCache", lpString2="..") returned 1 [0049.272] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache") returned 85 [0049.272] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.272] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache" [0049.272] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*" [0049.272] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.272] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.272] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.272] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.272] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.272] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.272] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.272] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.273] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.273] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.273] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.273] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.273] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.273] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.273] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.273] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7aab700, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7aab700, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FSD-CNRY.FSD", cAlternateFileName="")) returned 1 [0049.273] lstrcmpiW (lpString1="FSD-CNRY.FSD", lpString2="Windows") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-CNRY.FSD", lpString2="Program Files") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-CNRY.FSD", lpString2="Program Files (x86)") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-CNRY.FSD", lpString2="$Recycle.bin") returned 1 [0049.273] lstrcmpiW (lpString1="FSD-CNRY.FSD", lpString2="System Volume Information") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-CNRY.FSD", lpString2=".") returned 1 [0049.273] lstrcmpiW (lpString1="FSD-CNRY.FSD", lpString2="..") returned 1 [0049.273] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD") returned 98 [0049.273] StrStrIW (lpFirst="FSD-CNRY.FSD", lpSrch=".lolkek") returned 0x0 [0049.273] lstrcmpW (lpString1="FSD-CNRY.FSD", lpString2="LOLKEK.txt") returned -1 [0049.273] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD") returned 98 [0049.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3ddafb8 [0049.273] lstrcpyW (in: lpString1=0x3ddafb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" [0049.273] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.273] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.273] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", cAlternateFileName="FSD-{4~1.FSD")) returned 1 [0049.273] lstrcmpiW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2="Windows") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2="Program Files") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2="Program Files (x86)") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2="$Recycle.bin") returned 1 [0049.273] lstrcmpiW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2="System Volume Information") returned -1 [0049.273] lstrcmpiW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2=".") returned 1 [0049.273] lstrcmpiW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2="..") returned 1 [0049.273] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD") returned 132 [0049.273] StrStrIW (lpFirst="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpSrch=".lolkek") returned 0x0 [0049.273] lstrcmpW (lpString1="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", lpString2="LOLKEK.txt") returned -1 [0049.273] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD") returned 132 [0049.273] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x214) returned 0x3ddb150 [0049.273] lstrcpyW (in: lpString1=0x3ddb150, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" [0049.273] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.273] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.273] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x72, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FSF-CTBL.FSF", cAlternateFileName="")) returned 1 [0049.273] lstrcmpiW (lpString1="FSF-CTBL.FSF", lpString2="Windows") returned -1 [0049.273] lstrcmpiW (lpString1="FSF-CTBL.FSF", lpString2="Program Files") returned -1 [0049.273] lstrcmpiW (lpString1="FSF-CTBL.FSF", lpString2="Program Files (x86)") returned -1 [0049.273] lstrcmpiW (lpString1="FSF-CTBL.FSF", lpString2="$Recycle.bin") returned 1 [0049.273] lstrcmpiW (lpString1="FSF-CTBL.FSF", lpString2="System Volume Information") returned -1 [0049.273] lstrcmpiW (lpString1="FSF-CTBL.FSF", lpString2=".") returned 1 [0049.274] lstrcmpiW (lpString1="FSF-CTBL.FSF", lpString2="..") returned 1 [0049.274] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF") returned 98 [0049.274] StrStrIW (lpFirst="FSF-CTBL.FSF", lpSrch=".lolkek") returned 0x0 [0049.274] lstrcmpW (lpString1="FSF-CTBL.FSF", lpString2="LOLKEK.txt") returned -1 [0049.274] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF") returned 98 [0049.274] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3ddb370 [0049.274] lstrcpyW (in: lpString1=0x3ddb370, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" [0049.274] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.274] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.274] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x72, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FSF-CTBL.FSF", cAlternateFileName="")) returned 0 [0049.274] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.274] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\LOLKEK.txt") returned 96 [0049.274] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.275] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.275] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.276] CloseHandle (hObject=0x280) returned 1 [0049.276] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.276] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeFileCache", cAlternateFileName="OFFICE~1")) returned 0 [0049.276] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.276] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\LOLKEK.txt") returned 80 [0049.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.277] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.277] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.277] CloseHandle (hObject=0x27c) returned 1 [0049.277] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.277] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Groove", cAlternateFileName="")) returned 1 [0049.277] lstrcmpiW (lpString1="Groove", lpString2="Windows") returned -1 [0049.277] lstrcmpiW (lpString1="Groove", lpString2="Program Files") returned -1 [0049.278] lstrcmpiW (lpString1="Groove", lpString2="Program Files (x86)") returned -1 [0049.278] lstrcmpiW (lpString1="Groove", lpString2="$Recycle.bin") returned 1 [0049.278] lstrcmpiW (lpString1="Groove", lpString2="System Volume Information") returned -1 [0049.278] lstrcmpiW (lpString1="Groove", lpString2=".") returned 1 [0049.278] lstrcmpiW (lpString1="Groove", lpString2="..") returned 1 [0049.278] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove") returned 71 [0049.278] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.278] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove" [0049.278] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*" [0049.278] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.278] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.278] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.278] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.278] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.278] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.278] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.278] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.278] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.278] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.278] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.278] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.278] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.278] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.278] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.278] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="System", cAlternateFileName="")) returned 1 [0049.278] lstrcmpiW (lpString1="System", lpString2="Windows") returned -1 [0049.278] lstrcmpiW (lpString1="System", lpString2="Program Files") returned 1 [0049.278] lstrcmpiW (lpString1="System", lpString2="Program Files (x86)") returned 1 [0049.278] lstrcmpiW (lpString1="System", lpString2="$Recycle.bin") returned 1 [0049.278] lstrcmpiW (lpString1="System", lpString2="System Volume Information") returned -1 [0049.278] lstrcmpiW (lpString1="System", lpString2=".") returned 1 [0049.278] lstrcmpiW (lpString1="System", lpString2="..") returned 1 [0049.278] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System") returned 78 [0049.278] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.278] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System" [0049.278] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*" [0049.278] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.279] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.279] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.279] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.279] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.279] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.279] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.279] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.279] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.279] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.279] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.279] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.279] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.279] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.279] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.279] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.279] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.279] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\LOLKEK.txt") returned 89 [0049.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\system\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.279] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.279] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.280] CloseHandle (hObject=0x280) returned 1 [0049.280] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.280] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User", cAlternateFileName="")) returned 1 [0049.280] lstrcmpiW (lpString1="User", lpString2="Windows") returned -1 [0049.280] lstrcmpiW (lpString1="User", lpString2="Program Files") returned 1 [0049.280] lstrcmpiW (lpString1="User", lpString2="Program Files (x86)") returned 1 [0049.280] lstrcmpiW (lpString1="User", lpString2="$Recycle.bin") returned 1 [0049.280] lstrcmpiW (lpString1="User", lpString2="System Volume Information") returned 1 [0049.280] lstrcmpiW (lpString1="User", lpString2=".") returned 1 [0049.280] lstrcmpiW (lpString1="User", lpString2="..") returned 1 [0049.280] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User") returned 76 [0049.280] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.280] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User" [0049.280] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*" [0049.280] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.280] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.280] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.280] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.280] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.280] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.280] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.280] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.281] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.281] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.281] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.281] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.281] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.281] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.281] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.281] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.281] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.281] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\LOLKEK.txt") returned 87 [0049.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\user\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.281] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.281] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.282] CloseHandle (hObject=0x280) returned 1 [0049.282] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.282] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User", cAlternateFileName="")) returned 0 [0049.282] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.282] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\LOLKEK.txt") returned 82 [0049.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.282] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.282] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.283] CloseHandle (hObject=0x27c) returned 1 [0049.283] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.283] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONetConfig", cAlternateFileName="ONETCO~1")) returned 1 [0049.283] lstrcmpiW (lpString1="ONetConfig", lpString2="Windows") returned -1 [0049.283] lstrcmpiW (lpString1="ONetConfig", lpString2="Program Files") returned -1 [0049.283] lstrcmpiW (lpString1="ONetConfig", lpString2="Program Files (x86)") returned -1 [0049.283] lstrcmpiW (lpString1="ONetConfig", lpString2="$Recycle.bin") returned 1 [0049.283] lstrcmpiW (lpString1="ONetConfig", lpString2="System Volume Information") returned -1 [0049.283] lstrcmpiW (lpString1="ONetConfig", lpString2=".") returned 1 [0049.283] lstrcmpiW (lpString1="ONetConfig", lpString2="..") returned 1 [0049.283] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig") returned 75 [0049.283] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.283] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig" [0049.283] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*" [0049.283] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.284] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.284] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.284] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.284] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.284] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.284] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.284] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.284] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.284] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.284] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.284] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.284] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.284] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.284] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.284] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x80, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="350db95df4cbd94b2a1c300510e12e11.sig", cAlternateFileName="350DB9~1.SIG")) returned 1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2="Windows") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2="Program Files") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2="Program Files (x86)") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2="$Recycle.bin") returned 1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2="System Volume Information") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2=".") returned 1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2="..") returned 1 [0049.284] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig") returned 112 [0049.284] StrStrIW (lpFirst="350db95df4cbd94b2a1c300510e12e11.sig", lpSrch=".lolkek") returned 0x0 [0049.284] lstrcmpW (lpString1="350db95df4cbd94b2a1c300510e12e11.sig", lpString2="LOLKEK.txt") returned -1 [0049.284] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig") returned 112 [0049.284] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c4) returned 0x3e36708 [0049.284] lstrcpyW (in: lpString1=0x3e36708, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" [0049.284] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.284] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.284] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x7ef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="350db95df4cbd94b2a1c300510e12e11.xml", cAlternateFileName="350DB9~1.XML")) returned 1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2="Windows") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2="Program Files") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2="Program Files (x86)") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2="$Recycle.bin") returned 1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2="System Volume Information") returned -1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2=".") returned 1 [0049.284] lstrcmpiW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2="..") returned 1 [0049.284] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml") returned 112 [0049.284] StrStrIW (lpFirst="350db95df4cbd94b2a1c300510e12e11.xml", lpSrch=".lolkek") returned 0x0 [0049.285] lstrcmpW (lpString1="350db95df4cbd94b2a1c300510e12e11.xml", lpString2="LOLKEK.txt") returned -1 [0049.285] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml") returned 112 [0049.285] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c4) returned 0x3e36530 [0049.285] lstrcpyW (in: lpString1=0x3e36530, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" [0049.285] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.285] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.285] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x7ef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="350db95df4cbd94b2a1c300510e12e11.xml", cAlternateFileName="350DB9~1.XML")) returned 0 [0049.285] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.285] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\LOLKEK.txt") returned 86 [0049.285] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.287] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.287] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.288] CloseHandle (hObject=0x268) returned 1 [0049.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.288] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONetConfig", cAlternateFileName="ONETCO~1")) returned 0 [0049.288] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.288] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\LOLKEK.txt") returned 75 [0049.288] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.289] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.289] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.290] CloseHandle (hObject=0x25c) returned 1 [0049.290] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.290] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outlook", cAlternateFileName="")) returned 1 [0049.290] lstrcmpiW (lpString1="Outlook", lpString2="Windows") returned -1 [0049.290] lstrcmpiW (lpString1="Outlook", lpString2="Program Files") returned -1 [0049.290] lstrcmpiW (lpString1="Outlook", lpString2="Program Files (x86)") returned -1 [0049.290] lstrcmpiW (lpString1="Outlook", lpString2="$Recycle.bin") returned 1 [0049.290] lstrcmpiW (lpString1="Outlook", lpString2="System Volume Information") returned -1 [0049.290] lstrcmpiW (lpString1="Outlook", lpString2=".") returned 1 [0049.290] lstrcmpiW (lpString1="Outlook", lpString2="..") returned 1 [0049.290] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook") returned 65 [0049.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.290] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook" [0049.290] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*" [0049.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.293] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.293] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.293] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.293] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.293] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.293] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.293] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.293] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.293] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.293] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.293] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.293] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.293] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.293] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.293] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3dc8cc40, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3dc8cc40, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3dc8cc40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mapisvc.inf", cAlternateFileName="")) returned 1 [0049.293] lstrcmpiW (lpString1="mapisvc.inf", lpString2="Windows") returned -1 [0049.293] lstrcmpiW (lpString1="mapisvc.inf", lpString2="Program Files") returned -1 [0049.293] lstrcmpiW (lpString1="mapisvc.inf", lpString2="Program Files (x86)") returned -1 [0049.293] lstrcmpiW (lpString1="mapisvc.inf", lpString2="$Recycle.bin") returned 1 [0049.293] lstrcmpiW (lpString1="mapisvc.inf", lpString2="System Volume Information") returned -1 [0049.293] lstrcmpiW (lpString1="mapisvc.inf", lpString2=".") returned 1 [0049.293] lstrcmpiW (lpString1="mapisvc.inf", lpString2="..") returned 1 [0049.293] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf") returned 77 [0049.293] StrStrIW (lpFirst="mapisvc.inf", lpSrch=".lolkek") returned 0x0 [0049.293] lstrcmpW (lpString1="mapisvc.inf", lpString2="LOLKEK.txt") returned 1 [0049.293] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf") returned 77 [0049.293] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x616eb8 [0049.293] lstrcpyW (in: lpString1=0x616eb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" [0049.293] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.293] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.293] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5c4d2d00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xb9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outlook.sharing.xml.obi", cAlternateFileName="OUTLOO~1.OBI")) returned 1 [0049.294] lstrcmpiW (lpString1="Outlook.sharing.xml.obi", lpString2="Windows") returned -1 [0049.294] lstrcmpiW (lpString1="Outlook.sharing.xml.obi", lpString2="Program Files") returned -1 [0049.294] lstrcmpiW (lpString1="Outlook.sharing.xml.obi", lpString2="Program Files (x86)") returned -1 [0049.294] lstrcmpiW (lpString1="Outlook.sharing.xml.obi", lpString2="$Recycle.bin") returned 1 [0049.294] lstrcmpiW (lpString1="Outlook.sharing.xml.obi", lpString2="System Volume Information") returned -1 [0049.294] lstrcmpiW (lpString1="Outlook.sharing.xml.obi", lpString2=".") returned 1 [0049.294] lstrcmpiW (lpString1="Outlook.sharing.xml.obi", lpString2="..") returned 1 [0049.294] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi") returned 89 [0049.294] StrStrIW (lpFirst="Outlook.sharing.xml.obi", lpSrch=".lolkek") returned 0x0 [0049.294] lstrcmpW (lpString1="Outlook.sharing.xml.obi", lpString2="LOLKEK.txt") returned 1 [0049.294] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi") returned 89 [0049.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x3ddf8b8 [0049.294] lstrcpyW (in: lpString1=0x3ddf8b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" [0049.294] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.294] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.294] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 1 [0049.294] lstrcmpiW (lpString1="RoamCache", lpString2="Windows") returned -1 [0049.294] lstrcmpiW (lpString1="RoamCache", lpString2="Program Files") returned 1 [0049.294] lstrcmpiW (lpString1="RoamCache", lpString2="Program Files (x86)") returned 1 [0049.294] lstrcmpiW (lpString1="RoamCache", lpString2="$Recycle.bin") returned 1 [0049.294] lstrcmpiW (lpString1="RoamCache", lpString2="System Volume Information") returned -1 [0049.294] lstrcmpiW (lpString1="RoamCache", lpString2=".") returned 1 [0049.294] lstrcmpiW (lpString1="RoamCache", lpString2="..") returned 1 [0049.294] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache") returned 75 [0049.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.294] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" [0049.294] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*" [0049.294] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.294] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.294] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.294] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.294] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.294] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.294] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.295] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.295] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.295] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.295] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.295] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.295] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.295] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.295] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.295] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x60a26dc0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0049.295] lstrcmpiW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2="Windows") returned -1 [0049.295] lstrcmpiW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2="Program Files") returned 1 [0049.295] lstrcmpiW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2="Program Files (x86)") returned 1 [0049.295] lstrcmpiW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2="$Recycle.bin") returned 1 [0049.295] lstrcmpiW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2="System Volume Information") returned -1 [0049.295] lstrcmpiW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2=".") returned 1 [0049.295] lstrcmpiW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2="..") returned 1 [0049.295] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat") returned 134 [0049.295] StrStrIW (lpFirst="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpSrch=".lolkek") returned 0x0 [0049.295] lstrcmpW (lpString1="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", lpString2="LOLKEK.txt") returned 1 [0049.295] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat") returned 134 [0049.295] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x21c) returned 0x5c7cd0 [0049.295] lstrcpyW (in: lpString1=0x5c7cd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" [0049.295] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.295] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.295] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x60a26dc0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0049.295] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.295] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\LOLKEK.txt") returned 86 [0049.295] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.296] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.296] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.297] CloseHandle (hObject=0x268) returned 1 [0049.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.297] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ae80e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x5c4d2d00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xb9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="~last~.sharing.xml.obi", cAlternateFileName="~LAST~~1.OBI")) returned 1 [0049.297] lstrcmpiW (lpString1="~last~.sharing.xml.obi", lpString2="Windows") returned -1 [0049.297] lstrcmpiW (lpString1="~last~.sharing.xml.obi", lpString2="Program Files") returned -1 [0049.297] lstrcmpiW (lpString1="~last~.sharing.xml.obi", lpString2="Program Files (x86)") returned -1 [0049.297] lstrcmpiW (lpString1="~last~.sharing.xml.obi", lpString2="$Recycle.bin") returned 1 [0049.297] lstrcmpiW (lpString1="~last~.sharing.xml.obi", lpString2="System Volume Information") returned -1 [0049.297] lstrcmpiW (lpString1="~last~.sharing.xml.obi", lpString2=".") returned 1 [0049.297] lstrcmpiW (lpString1="~last~.sharing.xml.obi", lpString2="..") returned 1 [0049.297] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi") returned 88 [0049.297] StrStrIW (lpFirst="~last~.sharing.xml.obi", lpSrch=".lolkek") returned 0x0 [0049.297] lstrcmpW (lpString1="~last~.sharing.xml.obi", lpString2="LOLKEK.txt") returned -1 [0049.297] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi") returned 88 [0049.297] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x698860 [0049.297] lstrcpyW (in: lpString1=0x698860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" [0049.297] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.297] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.297] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ae80e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x5c4d2d00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xb9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="~last~.sharing.xml.obi", cAlternateFileName="~LAST~~1.OBI")) returned 0 [0049.297] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.297] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\LOLKEK.txt") returned 76 [0049.297] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.298] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.298] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.299] CloseHandle (hObject=0x25c) returned 1 [0049.299] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.300] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0049.300] lstrcmpiW (lpString1="Publisher", lpString2="Windows") returned -1 [0049.300] lstrcmpiW (lpString1="Publisher", lpString2="Program Files") returned 1 [0049.300] lstrcmpiW (lpString1="Publisher", lpString2="Program Files (x86)") returned 1 [0049.301] lstrcmpiW (lpString1="Publisher", lpString2="$Recycle.bin") returned 1 [0049.301] lstrcmpiW (lpString1="Publisher", lpString2="System Volume Information") returned -1 [0049.301] lstrcmpiW (lpString1="Publisher", lpString2=".") returned 1 [0049.301] lstrcmpiW (lpString1="Publisher", lpString2="..") returned 1 [0049.301] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher") returned 67 [0049.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.301] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher" [0049.301] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*" [0049.301] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.302] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.302] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.302] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.302] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.303] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.303] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.303] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.303] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.303] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.303] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.303] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.303] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.303] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.303] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.303] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.303] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.303] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\LOLKEK.txt") returned 78 [0049.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\publisher\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.304] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.304] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.304] CloseHandle (hObject=0x25c) returned 1 [0049.304] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.304] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TaskSchedulerConfig", cAlternateFileName="TASKSC~1")) returned 1 [0049.304] lstrcmpiW (lpString1="TaskSchedulerConfig", lpString2="Windows") returned -1 [0049.304] lstrcmpiW (lpString1="TaskSchedulerConfig", lpString2="Program Files") returned 1 [0049.304] lstrcmpiW (lpString1="TaskSchedulerConfig", lpString2="Program Files (x86)") returned 1 [0049.304] lstrcmpiW (lpString1="TaskSchedulerConfig", lpString2="$Recycle.bin") returned 1 [0049.305] lstrcmpiW (lpString1="TaskSchedulerConfig", lpString2="System Volume Information") returned 1 [0049.305] lstrcmpiW (lpString1="TaskSchedulerConfig", lpString2=".") returned 1 [0049.305] lstrcmpiW (lpString1="TaskSchedulerConfig", lpString2="..") returned 1 [0049.305] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig") returned 77 [0049.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.305] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig" [0049.305] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*" [0049.305] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.305] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.305] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.305] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.305] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.305] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.305] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.305] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.305] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.305] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.305] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.305] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.305] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.305] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.305] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.305] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.305] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.306] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\LOLKEK.txt") returned 88 [0049.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\taskschedulerconfig\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.306] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.306] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.307] CloseHandle (hObject=0x25c) returned 1 [0049.307] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.307] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Visio", cAlternateFileName="")) returned 1 [0049.307] lstrcmpiW (lpString1="Visio", lpString2="Windows") returned -1 [0049.307] lstrcmpiW (lpString1="Visio", lpString2="Program Files") returned 1 [0049.307] lstrcmpiW (lpString1="Visio", lpString2="Program Files (x86)") returned 1 [0049.307] lstrcmpiW (lpString1="Visio", lpString2="$Recycle.bin") returned 1 [0049.307] lstrcmpiW (lpString1="Visio", lpString2="System Volume Information") returned 1 [0049.307] lstrcmpiW (lpString1="Visio", lpString2=".") returned 1 [0049.307] lstrcmpiW (lpString1="Visio", lpString2="..") returned 1 [0049.307] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio") returned 63 [0049.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.307] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio" [0049.307] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*" [0049.307] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.307] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.307] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.307] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.308] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.308] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.308] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.308] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.308] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.308] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.308] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.308] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.308] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.308] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.308] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.308] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ef99320, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5efe55e0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x18ce0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="content14.dat", cAlternateFileName="CONTEN~1.DAT")) returned 1 [0049.308] lstrcmpiW (lpString1="content14.dat", lpString2="Windows") returned -1 [0049.308] lstrcmpiW (lpString1="content14.dat", lpString2="Program Files") returned -1 [0049.308] lstrcmpiW (lpString1="content14.dat", lpString2="Program Files (x86)") returned -1 [0049.308] lstrcmpiW (lpString1="content14.dat", lpString2="$Recycle.bin") returned 1 [0049.308] lstrcmpiW (lpString1="content14.dat", lpString2="System Volume Information") returned -1 [0049.308] lstrcmpiW (lpString1="content14.dat", lpString2=".") returned 1 [0049.308] lstrcmpiW (lpString1="content14.dat", lpString2="..") returned 1 [0049.308] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat") returned 77 [0049.308] StrStrIW (lpFirst="content14.dat", lpSrch=".lolkek") returned 0x0 [0049.308] lstrcmpW (lpString1="content14.dat", lpString2="LOLKEK.txt") returned -1 [0049.308] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat") returned 77 [0049.308] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x616998 [0049.308] lstrcpyW (in: lpString1=0x616998, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" [0049.308] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.308] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.308] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x976e3d80, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x976e3d80, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x5f055ac0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="thumbs.dat", cAlternateFileName="")) returned 1 [0049.308] lstrcmpiW (lpString1="thumbs.dat", lpString2="Windows") returned -1 [0049.308] lstrcmpiW (lpString1="thumbs.dat", lpString2="Program Files") returned 1 [0049.308] lstrcmpiW (lpString1="thumbs.dat", lpString2="Program Files (x86)") returned 1 [0049.308] lstrcmpiW (lpString1="thumbs.dat", lpString2="$Recycle.bin") returned 1 [0049.308] lstrcmpiW (lpString1="thumbs.dat", lpString2="System Volume Information") returned 1 [0049.308] lstrcmpiW (lpString1="thumbs.dat", lpString2=".") returned 1 [0049.308] lstrcmpiW (lpString1="thumbs.dat", lpString2="..") returned 1 [0049.308] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat") returned 74 [0049.308] StrStrIW (lpFirst="thumbs.dat", lpSrch=".lolkek") returned 0x0 [0049.308] lstrcmpW (lpString1="thumbs.dat", lpString2="LOLKEK.txt") returned 1 [0049.309] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat") returned 74 [0049.309] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3ca6668 [0049.309] lstrcpyW (in: lpString1=0x3ca6668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" [0049.309] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.309] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.309] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x976e3d80, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x976e3d80, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x5f055ac0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="thumbs.dat", cAlternateFileName="")) returned 0 [0049.309] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.309] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\LOLKEK.txt") returned 74 [0049.309] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.309] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.309] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.310] CloseHandle (hObject=0x25c) returned 1 [0049.310] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.310] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0049.310] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0049.310] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0049.310] lstrcmpiW (lpString1="Windows Mail", lpString2="Windows") returned 1 [0049.310] lstrcmpiW (lpString1="Windows Mail", lpString2="Program Files") returned 1 [0049.310] lstrcmpiW (lpString1="Windows Mail", lpString2="Program Files (x86)") returned 1 [0049.310] lstrcmpiW (lpString1="Windows Mail", lpString2="$Recycle.bin") returned 1 [0049.310] lstrcmpiW (lpString1="Windows Mail", lpString2="System Volume Information") returned 1 [0049.310] lstrcmpiW (lpString1="Windows Mail", lpString2=".") returned 1 [0049.310] lstrcmpiW (lpString1="Windows Mail", lpString2="..") returned 1 [0049.310] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail") returned 70 [0049.310] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.310] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail" [0049.310] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\*" [0049.310] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.312] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.312] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.312] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.312] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.312] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.312] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.312] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.312] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.313] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.313] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.313] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.313] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.313] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.313] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.313] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0049.313] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="Windows") returned -1 [0049.313] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="Program Files") returned -1 [0049.313] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="Program Files (x86)") returned -1 [0049.313] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="$Recycle.bin") returned 1 [0049.313] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="System Volume Information") returned -1 [0049.313] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".") returned 1 [0049.313] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="..") returned 1 [0049.313] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 126 [0049.313] StrStrIW (lpFirst="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpSrch=".lolkek") returned 0x0 [0049.313] lstrcmpW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="LOLKEK.txt") returned -1 [0049.313] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 126 [0049.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x3ddb508 [0049.313] lstrcpyW (in: lpString1=0x3ddb508, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" [0049.313] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.313] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.313] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0049.313] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="Windows") returned -1 [0049.313] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="Program Files") returned -1 [0049.313] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="Program Files (x86)") returned -1 [0049.313] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="$Recycle.bin") returned 1 [0049.313] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="System Volume Information") returned -1 [0049.313] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".") returned 1 [0049.313] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="..") returned 1 [0049.313] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 126 [0049.313] StrStrIW (lpFirst="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpSrch=".lolkek") returned 0x0 [0049.313] lstrcmpW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="LOLKEK.txt") returned -1 [0049.313] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 126 [0049.313] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x3be0050 [0049.313] lstrcpyW (in: lpString1=0x3be0050, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" [0049.313] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.314] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.314] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cAlternateFileName="ACCOUN~1.OEA")) returned 1 [0049.314] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="Windows") returned -1 [0049.314] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="Program Files") returned -1 [0049.314] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="Program Files (x86)") returned -1 [0049.314] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="$Recycle.bin") returned 1 [0049.314] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="System Volume Information") returned -1 [0049.314] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".") returned 1 [0049.314] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="..") returned 1 [0049.314] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 126 [0049.314] StrStrIW (lpFirst="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpSrch=".lolkek") returned 0x0 [0049.314] lstrcmpW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="LOLKEK.txt") returned -1 [0049.314] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 126 [0049.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x3be0258 [0049.314] lstrcpyW (in: lpString1=0x3be0258, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" [0049.314] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.314] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.314] lstrcmpiW (lpString1="Backup", lpString2="Windows") returned -1 [0049.314] lstrcmpiW (lpString1="Backup", lpString2="Program Files") returned -1 [0049.314] lstrcmpiW (lpString1="Backup", lpString2="Program Files (x86)") returned -1 [0049.314] lstrcmpiW (lpString1="Backup", lpString2="$Recycle.bin") returned 1 [0049.314] lstrcmpiW (lpString1="Backup", lpString2="System Volume Information") returned -1 [0049.314] lstrcmpiW (lpString1="Backup", lpString2=".") returned 1 [0049.314] lstrcmpiW (lpString1="Backup", lpString2="..") returned 1 [0049.314] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup") returned 77 [0049.314] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.315] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" [0049.315] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*" [0049.315] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.315] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.315] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.315] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.315] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.315] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.315] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.315] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.315] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.315] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.316] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.316] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.316] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.316] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.316] lstrcmpiW (lpString1="old", lpString2="Windows") returned -1 [0049.316] lstrcmpiW (lpString1="old", lpString2="Program Files") returned -1 [0049.316] lstrcmpiW (lpString1="old", lpString2="Program Files (x86)") returned -1 [0049.316] lstrcmpiW (lpString1="old", lpString2="$Recycle.bin") returned 1 [0049.316] lstrcmpiW (lpString1="old", lpString2="System Volume Information") returned -1 [0049.316] lstrcmpiW (lpString1="old", lpString2=".") returned 1 [0049.316] lstrcmpiW (lpString1="old", lpString2="..") returned 1 [0049.316] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old") returned 81 [0049.316] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.316] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old" [0049.316] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*" [0049.316] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.318] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.318] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.318] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.318] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.318] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.318] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.318] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.318] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.318] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.318] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.318] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.318] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.318] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.318] lstrcmpiW (lpString1="edb00001.log", lpString2="Windows") returned -1 [0049.318] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files") returned -1 [0049.318] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files (x86)") returned -1 [0049.318] lstrcmpiW (lpString1="edb00001.log", lpString2="$Recycle.bin") returned 1 [0049.318] lstrcmpiW (lpString1="edb00001.log", lpString2="System Volume Information") returned -1 [0049.318] lstrcmpiW (lpString1="edb00001.log", lpString2=".") returned 1 [0049.318] lstrcmpiW (lpString1="edb00001.log", lpString2="..") returned 1 [0049.318] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log") returned 94 [0049.318] StrStrIW (lpFirst="edb00001.log", lpSrch=".lolkek") returned 0x0 [0049.319] lstrcmpW (lpString1="edb00001.log", lpString2="LOLKEK.txt") returned -1 [0049.319] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log") returned 94 [0049.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x6989d0 [0049.319] lstrcpyW (in: lpString1=0x6989d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" [0049.319] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.319] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Windows") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files (x86)") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="$Recycle.bin") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="System Volume Information") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="..") returned 1 [0049.319] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore") returned 108 [0049.319] StrStrIW (lpFirst="WindowsMail.MSMessageStore", lpSrch=".lolkek") returned 0x0 [0049.319] lstrcmpW (lpString1="WindowsMail.MSMessageStore", lpString2="LOLKEK.txt") returned 1 [0049.319] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore") returned 108 [0049.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x3ddb710 [0049.319] lstrcpyW (in: lpString1=0x3ddb710, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" [0049.319] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.319] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Windows") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files (x86)") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="$Recycle.bin") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="System Volume Information") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".") returned 1 [0049.319] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="..") returned 1 [0049.319] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat") returned 97 [0049.319] StrStrIW (lpFirst="WindowsMail.pat", lpSrch=".lolkek") returned 0x0 [0049.319] lstrcmpW (lpString1="WindowsMail.pat", lpString2="LOLKEK.txt") returned 1 [0049.319] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat") returned 97 [0049.319] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x3be0460 [0049.319] lstrcpyW (in: lpString1=0x3be0460, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" [0049.319] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.320] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.320] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.320] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\LOLKEK.txt") returned 92 [0049.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.321] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.321] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.322] CloseHandle (hObject=0x27c) returned 1 [0049.322] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.322] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="old", cAlternateFileName="")) returned 0 [0049.322] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.322] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\LOLKEK.txt") returned 88 [0049.322] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.322] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.322] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.323] CloseHandle (hObject=0x268) returned 1 [0049.323] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.323] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0049.323] lstrcmpiW (lpString1="edb.chk", lpString2="Windows") returned -1 [0049.323] lstrcmpiW (lpString1="edb.chk", lpString2="Program Files") returned -1 [0049.323] lstrcmpiW (lpString1="edb.chk", lpString2="Program Files (x86)") returned -1 [0049.323] lstrcmpiW (lpString1="edb.chk", lpString2="$Recycle.bin") returned 1 [0049.323] lstrcmpiW (lpString1="edb.chk", lpString2="System Volume Information") returned -1 [0049.323] lstrcmpiW (lpString1="edb.chk", lpString2=".") returned 1 [0049.323] lstrcmpiW (lpString1="edb.chk", lpString2="..") returned 1 [0049.323] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk") returned 78 [0049.323] StrStrIW (lpFirst="edb.chk", lpSrch=".lolkek") returned 0x0 [0049.323] lstrcmpW (lpString1="edb.chk", lpString2="LOLKEK.txt") returned -1 [0049.323] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk") returned 78 [0049.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616850 [0049.323] lstrcpyW (in: lpString1=0x616850, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" [0049.323] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.324] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.324] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edb.log", cAlternateFileName="")) returned 1 [0049.324] lstrcmpiW (lpString1="edb.log", lpString2="Windows") returned -1 [0049.324] lstrcmpiW (lpString1="edb.log", lpString2="Program Files") returned -1 [0049.324] lstrcmpiW (lpString1="edb.log", lpString2="Program Files (x86)") returned -1 [0049.324] lstrcmpiW (lpString1="edb.log", lpString2="$Recycle.bin") returned 1 [0049.324] lstrcmpiW (lpString1="edb.log", lpString2="System Volume Information") returned -1 [0049.324] lstrcmpiW (lpString1="edb.log", lpString2=".") returned 1 [0049.324] lstrcmpiW (lpString1="edb.log", lpString2="..") returned 1 [0049.324] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log") returned 78 [0049.324] StrStrIW (lpFirst="edb.log", lpSrch=".lolkek") returned 0x0 [0049.324] lstrcmpW (lpString1="edb.log", lpString2="LOLKEK.txt") returned -1 [0049.324] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log") returned 78 [0049.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x617148 [0049.324] lstrcpyW (in: lpString1=0x617148, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" [0049.324] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.324] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.324] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0049.324] lstrcmpiW (lpString1="edb00001.log", lpString2="Windows") returned -1 [0049.324] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files") returned -1 [0049.324] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files (x86)") returned -1 [0049.324] lstrcmpiW (lpString1="edb00001.log", lpString2="$Recycle.bin") returned 1 [0049.324] lstrcmpiW (lpString1="edb00001.log", lpString2="System Volume Information") returned -1 [0049.324] lstrcmpiW (lpString1="edb00001.log", lpString2=".") returned 1 [0049.324] lstrcmpiW (lpString1="edb00001.log", lpString2="..") returned 1 [0049.324] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log") returned 83 [0049.324] StrStrIW (lpFirst="edb00001.log", lpSrch=".lolkek") returned 0x0 [0049.324] lstrcmpW (lpString1="edb00001.log", lpString2="LOLKEK.txt") returned -1 [0049.324] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log") returned 83 [0049.324] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cadfd0 [0049.324] lstrcpyW (in: lpString1=0x3cadfd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" [0049.324] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.324] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.324] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edbres00001.jrs", cAlternateFileName="EDBRES~2.JRS")) returned 1 [0049.324] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="Windows") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="Program Files") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="Program Files (x86)") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="$Recycle.bin") returned 1 [0049.325] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="System Volume Information") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".") returned 1 [0049.325] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="..") returned 1 [0049.325] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs") returned 86 [0049.325] StrStrIW (lpFirst="edbres00001.jrs", lpSrch=".lolkek") returned 0x0 [0049.325] lstrcmpW (lpString1="edbres00001.jrs", lpString2="LOLKEK.txt") returned -1 [0049.325] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs") returned 86 [0049.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6108 [0049.325] lstrcpyW (in: lpString1=0x3eb6108, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" [0049.325] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.325] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.325] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edbres00002.jrs", cAlternateFileName="EDBRES~1.JRS")) returned 1 [0049.325] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="Windows") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="Program Files") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="Program Files (x86)") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="$Recycle.bin") returned 1 [0049.325] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="System Volume Information") returned -1 [0049.325] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".") returned 1 [0049.325] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="..") returned 1 [0049.325] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs") returned 86 [0049.325] StrStrIW (lpFirst="edbres00002.jrs", lpSrch=".lolkek") returned 0x0 [0049.325] lstrcmpW (lpString1="edbres00002.jrs", lpString2="LOLKEK.txt") returned -1 [0049.325] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs") returned 86 [0049.325] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb66a8 [0049.325] lstrcpyW (in: lpString1=0x3eb66a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" [0049.325] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.325] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.325] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="oeold.xml", cAlternateFileName="")) returned 1 [0049.325] lstrcmpiW (lpString1="oeold.xml", lpString2="Windows") returned -1 [0049.325] lstrcmpiW (lpString1="oeold.xml", lpString2="Program Files") returned -1 [0049.325] lstrcmpiW (lpString1="oeold.xml", lpString2="Program Files (x86)") returned -1 [0049.325] lstrcmpiW (lpString1="oeold.xml", lpString2="$Recycle.bin") returned 1 [0049.325] lstrcmpiW (lpString1="oeold.xml", lpString2="System Volume Information") returned -1 [0049.325] lstrcmpiW (lpString1="oeold.xml", lpString2=".") returned 1 [0049.325] lstrcmpiW (lpString1="oeold.xml", lpString2="..") returned 1 [0049.325] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml") returned 80 [0049.326] StrStrIW (lpFirst="oeold.xml", lpSrch=".lolkek") returned 0x0 [0049.326] lstrcmpW (lpString1="oeold.xml", lpString2="LOLKEK.txt") returned 1 [0049.326] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml") returned 80 [0049.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3cadd20 [0049.326] lstrcpyW (in: lpString1=0x3cadd20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" [0049.326] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.326] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.326] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0049.326] lstrcmpiW (lpString1="Stationery", lpString2="Windows") returned -1 [0049.326] lstrcmpiW (lpString1="Stationery", lpString2="Program Files") returned 1 [0049.326] lstrcmpiW (lpString1="Stationery", lpString2="Program Files (x86)") returned 1 [0049.326] lstrcmpiW (lpString1="Stationery", lpString2="$Recycle.bin") returned 1 [0049.326] lstrcmpiW (lpString1="Stationery", lpString2="System Volume Information") returned -1 [0049.326] lstrcmpiW (lpString1="Stationery", lpString2=".") returned 1 [0049.326] lstrcmpiW (lpString1="Stationery", lpString2="..") returned 1 [0049.326] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery") returned 81 [0049.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.326] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" [0049.326] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*" [0049.326] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.327] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.327] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.327] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.327] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.328] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.328] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.328] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.328] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.328] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.328] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.328] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.328] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.328] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.328] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.328] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Bears.htm", cAlternateFileName="")) returned 1 [0049.328] lstrcmpiW (lpString1="Bears.htm", lpString2="Windows") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.htm", lpString2="Program Files") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.htm", lpString2="Program Files (x86)") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.htm", lpString2="$Recycle.bin") returned 1 [0049.328] lstrcmpiW (lpString1="Bears.htm", lpString2="System Volume Information") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.htm", lpString2=".") returned 1 [0049.328] lstrcmpiW (lpString1="Bears.htm", lpString2="..") returned 1 [0049.328] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm") returned 91 [0049.328] StrStrIW (lpFirst="Bears.htm", lpSrch=".lolkek") returned 0x0 [0049.328] lstrcmpW (lpString1="Bears.htm", lpString2="LOLKEK.txt") returned -1 [0049.328] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm") returned 91 [0049.328] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x3ddae38 [0049.328] lstrcpyW (in: lpString1=0x3ddae38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" [0049.328] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.328] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.328] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa352261, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Bears.jpg", cAlternateFileName="")) returned 1 [0049.328] lstrcmpiW (lpString1="Bears.jpg", lpString2="Windows") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.jpg", lpString2="Program Files") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.jpg", lpString2="Program Files (x86)") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.jpg", lpString2="$Recycle.bin") returned 1 [0049.328] lstrcmpiW (lpString1="Bears.jpg", lpString2="System Volume Information") returned -1 [0049.328] lstrcmpiW (lpString1="Bears.jpg", lpString2=".") returned 1 [0049.328] lstrcmpiW (lpString1="Bears.jpg", lpString2="..") returned 1 [0049.328] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg") returned 91 [0049.328] StrStrIW (lpFirst="Bears.jpg", lpSrch=".lolkek") returned 0x0 [0049.328] lstrcmpW (lpString1="Bears.jpg", lpString2="LOLKEK.txt") returned -1 [0049.328] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg") returned 91 [0049.328] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x3dd58e8 [0049.329] lstrcpyW (in: lpString1=0x3dd58e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" [0049.329] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.329] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.329] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7bf1d2d9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x285, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0049.329] lstrcmpiW (lpString1="Desktop.ini", lpString2="Windows") returned -1 [0049.329] lstrcmpiW (lpString1="Desktop.ini", lpString2="Program Files") returned -1 [0049.329] lstrcmpiW (lpString1="Desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.329] lstrcmpiW (lpString1="Desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.329] lstrcmpiW (lpString1="Desktop.ini", lpString2="System Volume Information") returned -1 [0049.329] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0049.329] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0049.329] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini") returned 93 [0049.329] StrStrIW (lpFirst="Desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.329] lstrcmpW (lpString1="Desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.329] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini") returned 93 [0049.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x61a030 [0049.329] lstrcpyW (in: lpString1=0x61a030, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" [0049.329] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.329] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.329] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce04b5c8, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Garden.htm", cAlternateFileName="")) returned 1 [0049.329] lstrcmpiW (lpString1="Garden.htm", lpString2="Windows") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.htm", lpString2="Program Files") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.htm", lpString2="Program Files (x86)") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.htm", lpString2="$Recycle.bin") returned 1 [0049.329] lstrcmpiW (lpString1="Garden.htm", lpString2="System Volume Information") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.htm", lpString2=".") returned 1 [0049.329] lstrcmpiW (lpString1="Garden.htm", lpString2="..") returned 1 [0049.329] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm") returned 92 [0049.329] StrStrIW (lpFirst="Garden.htm", lpSrch=".lolkek") returned 0x0 [0049.329] lstrcmpW (lpString1="Garden.htm", lpString2="LOLKEK.txt") returned -1 [0049.329] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm") returned 92 [0049.329] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x3be05f0 [0049.329] lstrcpyW (in: lpString1=0x3be05f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" [0049.329] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.329] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.329] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa410937, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x5d3f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Garden.jpg", cAlternateFileName="")) returned 1 [0049.329] lstrcmpiW (lpString1="Garden.jpg", lpString2="Windows") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.jpg", lpString2="Program Files") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.jpg", lpString2="Program Files (x86)") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.jpg", lpString2="$Recycle.bin") returned 1 [0049.329] lstrcmpiW (lpString1="Garden.jpg", lpString2="System Volume Information") returned -1 [0049.329] lstrcmpiW (lpString1="Garden.jpg", lpString2=".") returned 1 [0049.329] lstrcmpiW (lpString1="Garden.jpg", lpString2="..") returned 1 [0049.329] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg") returned 92 [0049.329] StrStrIW (lpFirst="Garden.jpg", lpSrch=".lolkek") returned 0x0 [0049.330] lstrcmpW (lpString1="Garden.jpg", lpString2="LOLKEK.txt") returned -1 [0049.330] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg") returned 92 [0049.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x3be0770 [0049.330] lstrcpyW (in: lpString1=0x3be0770, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" [0049.330] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.330] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.330] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce071725, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Green Bubbles.htm", cAlternateFileName="GREENB~1.HTM")) returned 1 [0049.330] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="Windows") returned -1 [0049.330] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="Program Files") returned -1 [0049.330] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="Program Files (x86)") returned -1 [0049.330] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="$Recycle.bin") returned 1 [0049.330] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="System Volume Information") returned -1 [0049.330] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".") returned 1 [0049.330] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="..") returned 1 [0049.330] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm") returned 99 [0049.330] StrStrIW (lpFirst="Green Bubbles.htm", lpSrch=".lolkek") returned 0x0 [0049.330] lstrcmpW (lpString1="Green Bubbles.htm", lpString2="LOLKEK.txt") returned -1 [0049.330] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm") returned 99 [0049.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x3be08f0 [0049.330] lstrcpyW (in: lpString1=0x3be08f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" [0049.330] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.330] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.330] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa436a95, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1906, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GreenBubbles.jpg", cAlternateFileName="GREENB~1.JPG")) returned 1 [0049.330] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="Windows") returned -1 [0049.330] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="Program Files") returned -1 [0049.330] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="Program Files (x86)") returned -1 [0049.330] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="$Recycle.bin") returned 1 [0049.330] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="System Volume Information") returned -1 [0049.330] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".") returned 1 [0049.330] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="..") returned 1 [0049.330] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg") returned 98 [0049.330] StrStrIW (lpFirst="GreenBubbles.jpg", lpSrch=".lolkek") returned 0x0 [0049.330] lstrcmpW (lpString1="GreenBubbles.jpg", lpString2="LOLKEK.txt") returned -1 [0049.330] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg") returned 98 [0049.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3be0a88 [0049.330] lstrcpyW (in: lpString1=0x3be0a88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" [0049.330] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.330] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.330] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0bd9df, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Hand Prints.htm", cAlternateFileName="HANDPR~1.HTM")) returned 1 [0049.330] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="Windows") returned -1 [0049.330] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="Program Files") returned -1 [0049.330] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="Program Files (x86)") returned -1 [0049.330] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="$Recycle.bin") returned 1 [0049.330] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="System Volume Information") returned -1 [0049.330] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".") returned 1 [0049.331] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="..") returned 1 [0049.331] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm") returned 97 [0049.331] StrStrIW (lpFirst="Hand Prints.htm", lpSrch=".lolkek") returned 0x0 [0049.331] lstrcmpW (lpString1="Hand Prints.htm", lpString2="LOLKEK.txt") returned -1 [0049.331] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm") returned 97 [0049.331] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x3be0c20 [0049.331] lstrcpyW (in: lpString1=0x3be0c20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" [0049.331] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.342] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.342] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa45cbf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x107e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HandPrints.jpg", cAlternateFileName="HANDPR~1.JPG")) returned 1 [0049.342] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="Windows") returned -1 [0049.342] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="Program Files") returned -1 [0049.342] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="Program Files (x86)") returned -1 [0049.342] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="$Recycle.bin") returned 1 [0049.342] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="System Volume Information") returned -1 [0049.342] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".") returned 1 [0049.342] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="..") returned 1 [0049.342] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg") returned 96 [0049.342] StrStrIW (lpFirst="HandPrints.jpg", lpSrch=".lolkek") returned 0x0 [0049.342] lstrcmpW (lpString1="HandPrints.jpg", lpString2="LOLKEK.txt") returned -1 [0049.342] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg") returned 96 [0049.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x184) returned 0x3bf0f40 [0049.342] lstrcpyW (in: lpString1=0x3bf0f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" [0049.342] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.342] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.342] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0e3b3c, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Orange Circles.htm", cAlternateFileName="ORANGE~1.HTM")) returned 1 [0049.342] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="Windows") returned -1 [0049.342] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="Program Files") returned -1 [0049.342] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="Program Files (x86)") returned -1 [0049.342] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="$Recycle.bin") returned 1 [0049.342] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="System Volume Information") returned -1 [0049.342] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".") returned 1 [0049.342] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="..") returned 1 [0049.342] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm") returned 100 [0049.342] StrStrIW (lpFirst="Orange Circles.htm", lpSrch=".lolkek") returned 0x0 [0049.342] lstrcmpW (lpString1="Orange Circles.htm", lpString2="LOLKEK.txt") returned 1 [0049.342] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm") returned 100 [0049.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3dddd10 [0049.342] lstrcpyW (in: lpString1=0x3dddd10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" [0049.342] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.349] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.350] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa4cf00d, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OrangeCircles.jpg", cAlternateFileName="ORANGE~1.JPG")) returned 1 [0049.350] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="Windows") returned -1 [0049.350] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="Program Files") returned -1 [0049.350] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="Program Files (x86)") returned -1 [0049.350] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="$Recycle.bin") returned 1 [0049.350] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="System Volume Information") returned -1 [0049.350] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".") returned 1 [0049.350] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="..") returned 1 [0049.350] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg") returned 99 [0049.350] StrStrIW (lpFirst="OrangeCircles.jpg", lpSrch=".lolkek") returned 0x0 [0049.350] lstrcmpW (lpString1="OrangeCircles.jpg", lpString2="LOLKEK.txt") returned 1 [0049.350] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg") returned 99 [0049.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x61be60 [0049.350] lstrcpyW (in: lpString1=0x61be60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" [0049.350] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.350] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.350] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce109c99, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Peacock.htm", cAlternateFileName="")) returned 1 [0049.350] lstrcmpiW (lpString1="Peacock.htm", lpString2="Windows") returned -1 [0049.350] lstrcmpiW (lpString1="Peacock.htm", lpString2="Program Files") returned -1 [0049.350] lstrcmpiW (lpString1="Peacock.htm", lpString2="Program Files (x86)") returned -1 [0049.350] lstrcmpiW (lpString1="Peacock.htm", lpString2="$Recycle.bin") returned 1 [0049.350] lstrcmpiW (lpString1="Peacock.htm", lpString2="System Volume Information") returned -1 [0049.350] lstrcmpiW (lpString1="Peacock.htm", lpString2=".") returned 1 [0049.350] lstrcmpiW (lpString1="Peacock.htm", lpString2="..") returned 1 [0049.350] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm") returned 93 [0049.350] StrStrIW (lpFirst="Peacock.htm", lpSrch=".lolkek") returned 0x0 [0049.350] lstrcmpW (lpString1="Peacock.htm", lpString2="LOLKEK.txt") returned 1 [0049.350] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm") returned 93 [0049.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x3ca5e48 [0049.350] lstrcpyW (in: lpString1=0x3ca5e48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" [0049.350] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.357] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.357] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa51b2c9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x13fb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Peacock.jpg", cAlternateFileName="")) returned 1 [0049.357] lstrcmpiW (lpString1="Peacock.jpg", lpString2="Windows") returned -1 [0049.357] lstrcmpiW (lpString1="Peacock.jpg", lpString2="Program Files") returned -1 [0049.357] lstrcmpiW (lpString1="Peacock.jpg", lpString2="Program Files (x86)") returned -1 [0049.357] lstrcmpiW (lpString1="Peacock.jpg", lpString2="$Recycle.bin") returned 1 [0049.357] lstrcmpiW (lpString1="Peacock.jpg", lpString2="System Volume Information") returned -1 [0049.357] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".") returned 1 [0049.357] lstrcmpiW (lpString1="Peacock.jpg", lpString2="..") returned 1 [0049.357] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg") returned 93 [0049.357] StrStrIW (lpFirst="Peacock.jpg", lpSrch=".lolkek") returned 0x0 [0049.357] lstrcmpW (lpString1="Peacock.jpg", lpString2="LOLKEK.txt") returned 1 [0049.357] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg") returned 93 [0049.357] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x3be0db0 [0049.357] lstrcpyW (in: lpString1=0x3be0db0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" [0049.357] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.357] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.357] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce12fdf6, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roses.htm", cAlternateFileName="")) returned 1 [0049.357] lstrcmpiW (lpString1="Roses.htm", lpString2="Windows") returned -1 [0049.357] lstrcmpiW (lpString1="Roses.htm", lpString2="Program Files") returned 1 [0049.357] lstrcmpiW (lpString1="Roses.htm", lpString2="Program Files (x86)") returned 1 [0049.357] lstrcmpiW (lpString1="Roses.htm", lpString2="$Recycle.bin") returned 1 [0049.357] lstrcmpiW (lpString1="Roses.htm", lpString2="System Volume Information") returned -1 [0049.357] lstrcmpiW (lpString1="Roses.htm", lpString2=".") returned 1 [0049.357] lstrcmpiW (lpString1="Roses.htm", lpString2="..") returned 1 [0049.357] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm") returned 91 [0049.358] StrStrIW (lpFirst="Roses.htm", lpSrch=".lolkek") returned 0x0 [0049.358] lstrcmpW (lpString1="Roses.htm", lpString2="LOLKEK.txt") returned 1 [0049.358] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm") returned 91 [0049.358] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x657158 [0049.358] lstrcpyW (in: lpString1=0x657158, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" [0049.358] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.364] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.364] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa567585, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roses.jpg", cAlternateFileName="")) returned 1 [0049.365] lstrcmpiW (lpString1="Roses.jpg", lpString2="Windows") returned -1 [0049.365] lstrcmpiW (lpString1="Roses.jpg", lpString2="Program Files") returned 1 [0049.365] lstrcmpiW (lpString1="Roses.jpg", lpString2="Program Files (x86)") returned 1 [0049.365] lstrcmpiW (lpString1="Roses.jpg", lpString2="$Recycle.bin") returned 1 [0049.365] lstrcmpiW (lpString1="Roses.jpg", lpString2="System Volume Information") returned -1 [0049.365] lstrcmpiW (lpString1="Roses.jpg", lpString2=".") returned 1 [0049.365] lstrcmpiW (lpString1="Roses.jpg", lpString2="..") returned 1 [0049.365] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg") returned 91 [0049.365] StrStrIW (lpFirst="Roses.jpg", lpSrch=".lolkek") returned 0x0 [0049.365] lstrcmpW (lpString1="Roses.jpg", lpString2="LOLKEK.txt") returned 1 [0049.365] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg") returned 91 [0049.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x6572d0 [0049.365] lstrcpyW (in: lpString1=0x6572d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" [0049.365] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.365] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.365] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce17c0b0, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Shades of Blue.htm", cAlternateFileName="SHADES~1.HTM")) returned 1 [0049.365] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="Windows") returned -1 [0049.365] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="Program Files") returned 1 [0049.365] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="Program Files (x86)") returned 1 [0049.365] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="$Recycle.bin") returned 1 [0049.365] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="System Volume Information") returned -1 [0049.365] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".") returned 1 [0049.365] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="..") returned 1 [0049.365] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm") returned 100 [0049.365] StrStrIW (lpFirst="Shades of Blue.htm", lpSrch=".lolkek") returned 0x0 [0049.365] lstrcmpW (lpString1="Shades of Blue.htm", lpString2="LOLKEK.txt") returned 1 [0049.365] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm") returned 100 [0049.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x657448 [0049.365] lstrcpyW (in: lpString1=0x657448, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" [0049.365] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.372] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.372] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa58d6e3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x127e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ShadesOfBlue.jpg", cAlternateFileName="SHADES~1.JPG")) returned 1 [0049.372] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="Windows") returned -1 [0049.372] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="Program Files") returned 1 [0049.372] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="Program Files (x86)") returned 1 [0049.373] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="$Recycle.bin") returned 1 [0049.373] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="System Volume Information") returned -1 [0049.373] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".") returned 1 [0049.373] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="..") returned 1 [0049.373] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg") returned 98 [0049.373] StrStrIW (lpFirst="ShadesOfBlue.jpg", lpSrch=".lolkek") returned 0x0 [0049.373] lstrcmpW (lpString1="ShadesOfBlue.jpg", lpString2="LOLKEK.txt") returned 1 [0049.373] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg") returned 98 [0049.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x6575e8 [0049.373] lstrcpyW (in: lpString1=0x6575e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" [0049.373] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.373] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.373] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1a220d, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Soft Blue.htm", cAlternateFileName="SOFTBL~1.HTM")) returned 1 [0049.373] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="Windows") returned -1 [0049.373] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="Program Files") returned 1 [0049.373] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="Program Files (x86)") returned 1 [0049.373] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="$Recycle.bin") returned 1 [0049.373] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="System Volume Information") returned -1 [0049.373] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".") returned 1 [0049.373] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="..") returned 1 [0049.373] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm") returned 95 [0049.373] StrStrIW (lpFirst="Soft Blue.htm", lpSrch=".lolkek") returned 0x0 [0049.373] lstrcmpW (lpString1="Soft Blue.htm", lpString2="LOLKEK.txt") returned 1 [0049.373] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm") returned 95 [0049.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x657780 [0049.373] lstrcpyW (in: lpString1=0x657780, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" [0049.373] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.380] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.381] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5b3841, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2949, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SoftBlue.jpg", cAlternateFileName="")) returned 1 [0049.381] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="Windows") returned -1 [0049.381] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="Program Files") returned 1 [0049.381] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="Program Files (x86)") returned 1 [0049.381] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="$Recycle.bin") returned 1 [0049.381] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="System Volume Information") returned -1 [0049.381] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".") returned 1 [0049.381] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="..") returned 1 [0049.381] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg") returned 94 [0049.381] StrStrIW (lpFirst="SoftBlue.jpg", lpSrch=".lolkek") returned 0x0 [0049.381] lstrcmpW (lpString1="SoftBlue.jpg", lpString2="LOLKEK.txt") returned 1 [0049.381] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg") returned 94 [0049.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x657908 [0049.381] lstrcpyW (in: lpString1=0x657908, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" [0049.381] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.381] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.381] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1c836a, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stars.htm", cAlternateFileName="")) returned 1 [0049.381] lstrcmpiW (lpString1="Stars.htm", lpString2="Windows") returned -1 [0049.381] lstrcmpiW (lpString1="Stars.htm", lpString2="Program Files") returned 1 [0049.381] lstrcmpiW (lpString1="Stars.htm", lpString2="Program Files (x86)") returned 1 [0049.381] lstrcmpiW (lpString1="Stars.htm", lpString2="$Recycle.bin") returned 1 [0049.381] lstrcmpiW (lpString1="Stars.htm", lpString2="System Volume Information") returned -1 [0049.381] lstrcmpiW (lpString1="Stars.htm", lpString2=".") returned 1 [0049.381] lstrcmpiW (lpString1="Stars.htm", lpString2="..") returned 1 [0049.381] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm") returned 91 [0049.381] StrStrIW (lpFirst="Stars.htm", lpSrch=".lolkek") returned 0x0 [0049.381] lstrcmpW (lpString1="Stars.htm", lpString2="LOLKEK.txt") returned 1 [0049.381] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm") returned 91 [0049.381] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x657a90 [0049.381] lstrcpyW (in: lpString1=0x657a90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" [0049.381] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.388] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.388] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stars.jpg", cAlternateFileName="")) returned 1 [0049.389] lstrcmpiW (lpString1="Stars.jpg", lpString2="Windows") returned -1 [0049.389] lstrcmpiW (lpString1="Stars.jpg", lpString2="Program Files") returned 1 [0049.389] lstrcmpiW (lpString1="Stars.jpg", lpString2="Program Files (x86)") returned 1 [0049.389] lstrcmpiW (lpString1="Stars.jpg", lpString2="$Recycle.bin") returned 1 [0049.389] lstrcmpiW (lpString1="Stars.jpg", lpString2="System Volume Information") returned -1 [0049.389] lstrcmpiW (lpString1="Stars.jpg", lpString2=".") returned 1 [0049.389] lstrcmpiW (lpString1="Stars.jpg", lpString2="..") returned 1 [0049.389] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg") returned 91 [0049.389] StrStrIW (lpFirst="Stars.jpg", lpSrch=".lolkek") returned 0x0 [0049.389] lstrcmpW (lpString1="Stars.jpg", lpString2="LOLKEK.txt") returned 1 [0049.389] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg") returned 91 [0049.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x657c08 [0049.389] lstrcpyW (in: lpString1=0x657c08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" [0049.389] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.389] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.389] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stars.jpg", cAlternateFileName="")) returned 0 [0049.389] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.390] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\LOLKEK.txt") returned 92 [0049.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.390] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.391] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.391] CloseHandle (hObject=0x268) returned 1 [0049.391] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.391] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0049.391] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Windows") returned 1 [0049.391] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files") returned 1 [0049.391] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files (x86)") returned 1 [0049.391] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="$Recycle.bin") returned 1 [0049.391] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="System Volume Information") returned 1 [0049.391] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".") returned 1 [0049.391] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="..") returned 1 [0049.392] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned 97 [0049.392] StrStrIW (lpFirst="WindowsMail.MSMessageStore", lpSrch=".lolkek") returned 0x0 [0049.392] lstrcmpW (lpString1="WindowsMail.MSMessageStore", lpString2="LOLKEK.txt") returned 1 [0049.392] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned 97 [0049.392] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x657d80 [0049.392] lstrcpyW (in: lpString1=0x657d80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" [0049.392] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.401] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.401] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9a12c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0049.401] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Windows") returned 1 [0049.401] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files") returned 1 [0049.401] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files (x86)") returned 1 [0049.401] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="$Recycle.bin") returned 1 [0049.401] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="System Volume Information") returned 1 [0049.401] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".") returned 1 [0049.401] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="..") returned 1 [0049.401] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat") returned 86 [0049.401] StrStrIW (lpFirst="WindowsMail.pat", lpSrch=".lolkek") returned 0x0 [0049.401] lstrcmpW (lpString1="WindowsMail.pat", lpString2="LOLKEK.txt") returned 1 [0049.401] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat") returned 86 [0049.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb5e38 [0049.401] lstrcpyW (in: lpString1=0x3eb5e38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" [0049.402] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.402] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.402] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9a12c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0049.402] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.402] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\LOLKEK.txt") returned 81 [0049.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.402] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.402] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.403] CloseHandle (hObject=0x25c) returned 1 [0049.403] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.404] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0049.404] lstrcmpiW (lpString1="Windows Media", lpString2="Windows") returned 1 [0049.404] lstrcmpiW (lpString1="Windows Media", lpString2="Program Files") returned 1 [0049.404] lstrcmpiW (lpString1="Windows Media", lpString2="Program Files (x86)") returned 1 [0049.404] lstrcmpiW (lpString1="Windows Media", lpString2="$Recycle.bin") returned 1 [0049.404] lstrcmpiW (lpString1="Windows Media", lpString2="System Volume Information") returned 1 [0049.404] lstrcmpiW (lpString1="Windows Media", lpString2=".") returned 1 [0049.404] lstrcmpiW (lpString1="Windows Media", lpString2="..") returned 1 [0049.404] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media") returned 71 [0049.404] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.404] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media" [0049.405] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*" [0049.405] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.405] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.405] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.405] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.405] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.405] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.405] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.405] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.405] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.405] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.405] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.405] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.405] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.405] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.405] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.405] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12.0", cAlternateFileName="")) returned 1 [0049.405] lstrcmpiW (lpString1="12.0", lpString2="Windows") returned -1 [0049.405] lstrcmpiW (lpString1="12.0", lpString2="Program Files") returned -1 [0049.405] lstrcmpiW (lpString1="12.0", lpString2="Program Files (x86)") returned -1 [0049.405] lstrcmpiW (lpString1="12.0", lpString2="$Recycle.bin") returned 1 [0049.405] lstrcmpiW (lpString1="12.0", lpString2="System Volume Information") returned -1 [0049.405] lstrcmpiW (lpString1="12.0", lpString2=".") returned 1 [0049.405] lstrcmpiW (lpString1="12.0", lpString2="..") returned 1 [0049.405] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0") returned 76 [0049.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.406] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0" [0049.406] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*" [0049.406] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.406] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.406] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.406] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.406] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.406] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.406] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.406] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.406] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.406] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.406] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.406] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.406] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.406] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.406] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.406] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1f2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WMSDKNS.DTD", cAlternateFileName="")) returned 1 [0049.406] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="Windows") returned 1 [0049.406] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="Program Files") returned 1 [0049.406] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="Program Files (x86)") returned 1 [0049.406] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="$Recycle.bin") returned 1 [0049.406] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="System Volume Information") returned 1 [0049.406] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".") returned 1 [0049.406] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="..") returned 1 [0049.406] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD") returned 88 [0049.406] StrStrIW (lpFirst="WMSDKNS.DTD", lpSrch=".lolkek") returned 0x0 [0049.406] lstrcmpW (lpString1="WMSDKNS.DTD", lpString2="LOLKEK.txt") returned 1 [0049.406] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD") returned 88 [0049.406] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x657f10 [0049.406] lstrcpyW (in: lpString1=0x657f10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" [0049.406] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.416] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.416] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 1 [0049.416] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="Windows") returned 1 [0049.416] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="Program Files") returned 1 [0049.416] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="Program Files (x86)") returned 1 [0049.416] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="$Recycle.bin") returned 1 [0049.416] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="System Volume Information") returned 1 [0049.416] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2=".") returned 1 [0049.417] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="..") returned 1 [0049.417] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML") returned 88 [0049.417] StrStrIW (lpFirst="WMSDKNS.XML", lpSrch=".lolkek") returned 0x0 [0049.417] lstrcmpW (lpString1="WMSDKNS.XML", lpString2="LOLKEK.txt") returned 1 [0049.417] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML") returned 88 [0049.417] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3c94aa8 [0049.417] lstrcpyW (in: lpString1=0x3c94aa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" [0049.417] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.417] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.417] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 0 [0049.417] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.417] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\LOLKEK.txt") returned 87 [0049.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.417] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.417] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.418] CloseHandle (hObject=0x268) returned 1 [0049.418] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.418] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12.0", cAlternateFileName="")) returned 0 [0049.418] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.418] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\LOLKEK.txt") returned 82 [0049.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.419] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.419] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.419] CloseHandle (hObject=0x25c) returned 1 [0049.419] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.419] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0049.420] lstrcmpiW (lpString1="Windows Sidebar", lpString2="Windows") returned 1 [0049.420] lstrcmpiW (lpString1="Windows Sidebar", lpString2="Program Files") returned 1 [0049.420] lstrcmpiW (lpString1="Windows Sidebar", lpString2="Program Files (x86)") returned 1 [0049.420] lstrcmpiW (lpString1="Windows Sidebar", lpString2="$Recycle.bin") returned 1 [0049.420] lstrcmpiW (lpString1="Windows Sidebar", lpString2="System Volume Information") returned 1 [0049.420] lstrcmpiW (lpString1="Windows Sidebar", lpString2=".") returned 1 [0049.420] lstrcmpiW (lpString1="Windows Sidebar", lpString2="..") returned 1 [0049.420] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar") returned 73 [0049.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.420] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar" [0049.420] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*" [0049.420] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.420] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.420] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.420] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.420] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.420] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.420] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.420] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.420] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.420] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.420] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.420] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.420] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.420] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.420] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.420] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Gadgets", cAlternateFileName="")) returned 1 [0049.420] lstrcmpiW (lpString1="Gadgets", lpString2="Windows") returned -1 [0049.420] lstrcmpiW (lpString1="Gadgets", lpString2="Program Files") returned -1 [0049.420] lstrcmpiW (lpString1="Gadgets", lpString2="Program Files (x86)") returned -1 [0049.420] lstrcmpiW (lpString1="Gadgets", lpString2="$Recycle.bin") returned 1 [0049.420] lstrcmpiW (lpString1="Gadgets", lpString2="System Volume Information") returned -1 [0049.420] lstrcmpiW (lpString1="Gadgets", lpString2=".") returned 1 [0049.421] lstrcmpiW (lpString1="Gadgets", lpString2="..") returned 1 [0049.421] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets") returned 81 [0049.421] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.421] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" [0049.421] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*" [0049.421] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.421] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.421] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.421] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.421] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.421] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.421] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.421] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.421] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.421] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.421] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.421] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.421] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.421] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.421] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.421] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.421] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.421] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\LOLKEK.txt") returned 92 [0049.421] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\gadgets\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.421] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.421] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.422] CloseHandle (hObject=0x268) returned 1 [0049.422] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.422] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0049.422] lstrcmpiW (lpString1="Settings.ini", lpString2="Windows") returned -1 [0049.422] lstrcmpiW (lpString1="Settings.ini", lpString2="Program Files") returned 1 [0049.422] lstrcmpiW (lpString1="Settings.ini", lpString2="Program Files (x86)") returned 1 [0049.422] lstrcmpiW (lpString1="Settings.ini", lpString2="$Recycle.bin") returned 1 [0049.422] lstrcmpiW (lpString1="Settings.ini", lpString2="System Volume Information") returned -1 [0049.422] lstrcmpiW (lpString1="Settings.ini", lpString2=".") returned 1 [0049.422] lstrcmpiW (lpString1="Settings.ini", lpString2="..") returned 1 [0049.422] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini") returned 86 [0049.422] StrStrIW (lpFirst="Settings.ini", lpSrch=".lolkek") returned 0x0 [0049.422] lstrcmpW (lpString1="Settings.ini", lpString2="LOLKEK.txt") returned 1 [0049.422] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini") returned 86 [0049.423] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6810 [0049.423] lstrcpyW (in: lpString1=0x3eb6810, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" [0049.423] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.429] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.429] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Settings.ini", cAlternateFileName="")) returned 0 [0049.429] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.430] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\LOLKEK.txt") returned 84 [0049.430] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.430] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.430] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.431] CloseHandle (hObject=0x25c) returned 1 [0049.431] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.431] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0049.431] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0049.431] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\LOLKEK.txt") returned 68 [0049.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0049.431] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.431] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0049.432] CloseHandle (hObject=0x24c) returned 1 [0049.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.433] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0049.433] lstrcmpiW (lpString1="Microsoft Help", lpString2="Windows") returned -1 [0049.433] lstrcmpiW (lpString1="Microsoft Help", lpString2="Program Files") returned -1 [0049.433] lstrcmpiW (lpString1="Microsoft Help", lpString2="Program Files (x86)") returned -1 [0049.433] lstrcmpiW (lpString1="Microsoft Help", lpString2="$Recycle.bin") returned 1 [0049.433] lstrcmpiW (lpString1="Microsoft Help", lpString2="System Volume Information") returned -1 [0049.433] lstrcmpiW (lpString1="Microsoft Help", lpString2=".") returned 1 [0049.433] lstrcmpiW (lpString1="Microsoft Help", lpString2="..") returned 1 [0049.433] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help") returned 62 [0049.433] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.434] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help" [0049.434] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\*" [0049.434] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0049.434] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.434] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.434] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.434] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.434] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.434] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.434] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.434] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.434] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.434] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.434] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.434] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.434] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.434] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.434] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.434] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0049.434] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\LOLKEK.txt") returned 73 [0049.434] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft help\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0049.435] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.435] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0049.435] CloseHandle (hObject=0x24c) returned 1 [0049.436] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.436] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0049.436] lstrcmpiW (lpString1="Mozilla", lpString2="Windows") returned -1 [0049.436] lstrcmpiW (lpString1="Mozilla", lpString2="Program Files") returned -1 [0049.436] lstrcmpiW (lpString1="Mozilla", lpString2="Program Files (x86)") returned -1 [0049.436] lstrcmpiW (lpString1="Mozilla", lpString2="$Recycle.bin") returned 1 [0049.436] lstrcmpiW (lpString1="Mozilla", lpString2="System Volume Information") returned -1 [0049.436] lstrcmpiW (lpString1="Mozilla", lpString2=".") returned 1 [0049.436] lstrcmpiW (lpString1="Mozilla", lpString2="..") returned 1 [0049.436] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla") returned 55 [0049.436] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.436] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla" [0049.436] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\*" [0049.436] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0049.436] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.436] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.436] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.436] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.436] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.436] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.436] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.436] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.436] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.436] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.436] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.436] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.436] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.436] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.436] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Firefox", cAlternateFileName="")) returned 1 [0049.436] lstrcmpiW (lpString1="Firefox", lpString2="Windows") returned -1 [0049.436] lstrcmpiW (lpString1="Firefox", lpString2="Program Files") returned -1 [0049.437] lstrcmpiW (lpString1="Firefox", lpString2="Program Files (x86)") returned -1 [0049.437] lstrcmpiW (lpString1="Firefox", lpString2="$Recycle.bin") returned 1 [0049.437] lstrcmpiW (lpString1="Firefox", lpString2="System Volume Information") returned -1 [0049.437] lstrcmpiW (lpString1="Firefox", lpString2=".") returned 1 [0049.437] lstrcmpiW (lpString1="Firefox", lpString2="..") returned 1 [0049.437] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox") returned 63 [0049.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.437] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox" [0049.437] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\*" [0049.437] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.445] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.445] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.445] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.445] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.445] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.445] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.445] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.445] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.445] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.445] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.445] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.445] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.445] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.445] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.445] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 1 [0049.445] lstrcmpiW (lpString1="Profiles", lpString2="Windows") returned -1 [0049.445] lstrcmpiW (lpString1="Profiles", lpString2="Program Files") returned -1 [0049.445] lstrcmpiW (lpString1="Profiles", lpString2="Program Files (x86)") returned -1 [0049.445] lstrcmpiW (lpString1="Profiles", lpString2="$Recycle.bin") returned 1 [0049.445] lstrcmpiW (lpString1="Profiles", lpString2="System Volume Information") returned -1 [0049.445] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0049.445] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0049.445] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned 72 [0049.445] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.446] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles" [0049.446] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*" [0049.446] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.446] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.446] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.446] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.446] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.446] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.446] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.446] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.446] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.446] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.446] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.446] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.446] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.446] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.446] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.446] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0049.446] lstrcmpiW (lpString1="silmbjec.default", lpString2="Windows") returned -1 [0049.446] lstrcmpiW (lpString1="silmbjec.default", lpString2="Program Files") returned 1 [0049.446] lstrcmpiW (lpString1="silmbjec.default", lpString2="Program Files (x86)") returned 1 [0049.446] lstrcmpiW (lpString1="silmbjec.default", lpString2="$Recycle.bin") returned 1 [0049.446] lstrcmpiW (lpString1="silmbjec.default", lpString2="System Volume Information") returned -1 [0049.446] lstrcmpiW (lpString1="silmbjec.default", lpString2=".") returned 1 [0049.446] lstrcmpiW (lpString1="silmbjec.default", lpString2="..") returned 1 [0049.446] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 89 [0049.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.447] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0049.447] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*" [0049.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.466] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.466] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.466] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.466] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.466] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.466] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.466] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.466] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.466] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.466] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.466] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.466] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.466] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.466] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.466] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Cache", cAlternateFileName="")) returned 1 [0049.466] lstrcmpiW (lpString1="Cache", lpString2="Windows") returned -1 [0049.466] lstrcmpiW (lpString1="Cache", lpString2="Program Files") returned -1 [0049.466] lstrcmpiW (lpString1="Cache", lpString2="Program Files (x86)") returned -1 [0049.466] lstrcmpiW (lpString1="Cache", lpString2="$Recycle.bin") returned 1 [0049.466] lstrcmpiW (lpString1="Cache", lpString2="System Volume Information") returned -1 [0049.466] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0049.466] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0049.467] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache") returned 95 [0049.467] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.467] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" [0049.467] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*" [0049.467] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.483] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.483] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.483] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.483] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.483] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.483] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.483] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.483] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.483] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.483] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.483] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.483] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.483] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.483] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.483] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0", cAlternateFileName="")) returned 1 [0049.483] lstrcmpiW (lpString1="0", lpString2="Windows") returned -1 [0049.483] lstrcmpiW (lpString1="0", lpString2="Program Files") returned -1 [0049.484] lstrcmpiW (lpString1="0", lpString2="Program Files (x86)") returned -1 [0049.484] lstrcmpiW (lpString1="0", lpString2="$Recycle.bin") returned 1 [0049.484] lstrcmpiW (lpString1="0", lpString2="System Volume Information") returned -1 [0049.484] lstrcmpiW (lpString1="0", lpString2=".") returned 1 [0049.484] lstrcmpiW (lpString1="0", lpString2="..") returned 1 [0049.484] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned 97 [0049.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.484] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" [0049.484] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*" [0049.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.492] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.492] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.492] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.492] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.492] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.492] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.492] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.492] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.492] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.492] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.492] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.492] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.492] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.492] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.492] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="98", cAlternateFileName="")) returned 1 [0049.492] lstrcmpiW (lpString1="98", lpString2="Windows") returned -1 [0049.492] lstrcmpiW (lpString1="98", lpString2="Program Files") returned -1 [0049.492] lstrcmpiW (lpString1="98", lpString2="Program Files (x86)") returned -1 [0049.492] lstrcmpiW (lpString1="98", lpString2="$Recycle.bin") returned 1 [0049.492] lstrcmpiW (lpString1="98", lpString2="System Volume Information") returned -1 [0049.492] lstrcmpiW (lpString1="98", lpString2=".") returned 1 [0049.492] lstrcmpiW (lpString1="98", lpString2="..") returned 1 [0049.492] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned 100 [0049.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.492] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" [0049.492] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*" [0049.492] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.500] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.500] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.500] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.500] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.500] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.500] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.500] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.500] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.501] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.501] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.501] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.501] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.501] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.501] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.501] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8cd19f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xb67e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="B60F3d01", cAlternateFileName="")) returned 1 [0049.501] lstrcmpiW (lpString1="B60F3d01", lpString2="Windows") returned -1 [0049.501] lstrcmpiW (lpString1="B60F3d01", lpString2="Program Files") returned -1 [0049.501] lstrcmpiW (lpString1="B60F3d01", lpString2="Program Files (x86)") returned -1 [0049.501] lstrcmpiW (lpString1="B60F3d01", lpString2="$Recycle.bin") returned 1 [0049.501] lstrcmpiW (lpString1="B60F3d01", lpString2="System Volume Information") returned -1 [0049.501] lstrcmpiW (lpString1="B60F3d01", lpString2=".") returned 1 [0049.501] lstrcmpiW (lpString1="B60F3d01", lpString2="..") returned 1 [0049.501] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01") returned 109 [0049.501] StrStrIW (lpFirst="B60F3d01", lpSrch=".lolkek") returned 0x0 [0049.501] lstrcmpW (lpString1="B60F3d01", lpString2="LOLKEK.txt") returned -1 [0049.501] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01") returned 109 [0049.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5eafc8 [0049.501] lstrcpyW (in: lpString1=0x5eafc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" [0049.501] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.501] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.501] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8cd19f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xb67e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="B60F3d01", cAlternateFileName="")) returned 0 [0049.501] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.501] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\LOLKEK.txt") returned 111 [0049.501] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.502] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.502] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.502] CloseHandle (hObject=0x2bc) returned 1 [0049.502] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.502] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A8", cAlternateFileName="")) returned 1 [0049.502] lstrcmpiW (lpString1="A8", lpString2="Windows") returned -1 [0049.502] lstrcmpiW (lpString1="A8", lpString2="Program Files") returned -1 [0049.502] lstrcmpiW (lpString1="A8", lpString2="Program Files (x86)") returned -1 [0049.502] lstrcmpiW (lpString1="A8", lpString2="$Recycle.bin") returned 1 [0049.502] lstrcmpiW (lpString1="A8", lpString2="System Volume Information") returned -1 [0049.502] lstrcmpiW (lpString1="A8", lpString2=".") returned 1 [0049.502] lstrcmpiW (lpString1="A8", lpString2="..") returned 1 [0049.502] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned 100 [0049.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.502] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" [0049.502] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*" [0049.502] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.510] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.510] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.510] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.510] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.510] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.510] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.510] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.510] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.510] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.510] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.510] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.510] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.510] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.510] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.510] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4898, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C3B7Bd01", cAlternateFileName="")) returned 1 [0049.510] lstrcmpiW (lpString1="C3B7Bd01", lpString2="Windows") returned -1 [0049.510] lstrcmpiW (lpString1="C3B7Bd01", lpString2="Program Files") returned -1 [0049.510] lstrcmpiW (lpString1="C3B7Bd01", lpString2="Program Files (x86)") returned -1 [0049.510] lstrcmpiW (lpString1="C3B7Bd01", lpString2="$Recycle.bin") returned 1 [0049.510] lstrcmpiW (lpString1="C3B7Bd01", lpString2="System Volume Information") returned -1 [0049.510] lstrcmpiW (lpString1="C3B7Bd01", lpString2=".") returned 1 [0049.510] lstrcmpiW (lpString1="C3B7Bd01", lpString2="..") returned 1 [0049.510] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01") returned 109 [0049.510] StrStrIW (lpFirst="C3B7Bd01", lpSrch=".lolkek") returned 0x0 [0049.510] lstrcmpW (lpString1="C3B7Bd01", lpString2="LOLKEK.txt") returned -1 [0049.510] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01") returned 109 [0049.510] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5eb188 [0049.510] lstrcpyW (in: lpString1=0x5eb188, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" [0049.510] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.511] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.511] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4898, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C3B7Bd01", cAlternateFileName="")) returned 0 [0049.511] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.511] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\LOLKEK.txt") returned 111 [0049.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.511] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.511] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.512] CloseHandle (hObject=0x2bc) returned 1 [0049.512] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.512] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A8", cAlternateFileName="")) returned 0 [0049.512] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.512] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\LOLKEK.txt") returned 108 [0049.512] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.512] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.512] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.513] CloseHandle (hObject=0x270) returned 1 [0049.513] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.513] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1", cAlternateFileName="")) returned 1 [0049.513] lstrcmpiW (lpString1="1", lpString2="Windows") returned -1 [0049.513] lstrcmpiW (lpString1="1", lpString2="Program Files") returned -1 [0049.513] lstrcmpiW (lpString1="1", lpString2="Program Files (x86)") returned -1 [0049.513] lstrcmpiW (lpString1="1", lpString2="$Recycle.bin") returned 1 [0049.513] lstrcmpiW (lpString1="1", lpString2="System Volume Information") returned -1 [0049.513] lstrcmpiW (lpString1="1", lpString2=".") returned 1 [0049.513] lstrcmpiW (lpString1="1", lpString2="..") returned 1 [0049.513] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned 97 [0049.513] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.513] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" [0049.513] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*" [0049.513] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.513] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.513] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.513] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.513] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.513] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.513] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.514] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.514] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.514] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.514] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.514] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0B", cAlternateFileName="")) returned 1 [0049.514] lstrcmpiW (lpString1="0B", lpString2="Windows") returned -1 [0049.514] lstrcmpiW (lpString1="0B", lpString2="Program Files") returned -1 [0049.514] lstrcmpiW (lpString1="0B", lpString2="Program Files (x86)") returned -1 [0049.514] lstrcmpiW (lpString1="0B", lpString2="$Recycle.bin") returned 1 [0049.514] lstrcmpiW (lpString1="0B", lpString2="System Volume Information") returned -1 [0049.514] lstrcmpiW (lpString1="0B", lpString2=".") returned 1 [0049.514] lstrcmpiW (lpString1="0B", lpString2="..") returned 1 [0049.514] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned 100 [0049.514] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.514] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" [0049.514] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*" [0049.514] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.514] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.514] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.514] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.514] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.514] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.514] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.514] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.514] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.514] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.514] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.514] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.514] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x204fd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FCBF5d01", cAlternateFileName="")) returned 1 [0049.514] lstrcmpiW (lpString1="FCBF5d01", lpString2="Windows") returned -1 [0049.514] lstrcmpiW (lpString1="FCBF5d01", lpString2="Program Files") returned -1 [0049.514] lstrcmpiW (lpString1="FCBF5d01", lpString2="Program Files (x86)") returned -1 [0049.514] lstrcmpiW (lpString1="FCBF5d01", lpString2="$Recycle.bin") returned 1 [0049.514] lstrcmpiW (lpString1="FCBF5d01", lpString2="System Volume Information") returned -1 [0049.514] lstrcmpiW (lpString1="FCBF5d01", lpString2=".") returned 1 [0049.515] lstrcmpiW (lpString1="FCBF5d01", lpString2="..") returned 1 [0049.515] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01") returned 109 [0049.515] StrStrIW (lpFirst="FCBF5d01", lpSrch=".lolkek") returned 0x0 [0049.515] lstrcmpW (lpString1="FCBF5d01", lpString2="LOLKEK.txt") returned -1 [0049.515] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01") returned 109 [0049.515] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5eb348 [0049.515] lstrcpyW (in: lpString1=0x5eb348, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" [0049.515] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.515] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x204fd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FCBF5d01", cAlternateFileName="")) returned 0 [0049.515] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.515] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\LOLKEK.txt") returned 111 [0049.515] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.515] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.515] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.516] CloseHandle (hObject=0x2bc) returned 1 [0049.516] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.516] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C2", cAlternateFileName="")) returned 1 [0049.516] lstrcmpiW (lpString1="C2", lpString2="Windows") returned -1 [0049.516] lstrcmpiW (lpString1="C2", lpString2="Program Files") returned -1 [0049.517] lstrcmpiW (lpString1="C2", lpString2="Program Files (x86)") returned -1 [0049.517] lstrcmpiW (lpString1="C2", lpString2="$Recycle.bin") returned 1 [0049.517] lstrcmpiW (lpString1="C2", lpString2="System Volume Information") returned -1 [0049.517] lstrcmpiW (lpString1="C2", lpString2=".") returned 1 [0049.517] lstrcmpiW (lpString1="C2", lpString2="..") returned 1 [0049.517] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned 100 [0049.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.517] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" [0049.517] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*" [0049.517] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.524] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.524] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.524] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.524] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.524] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.524] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.524] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.524] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.524] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.524] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.524] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.524] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.524] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.524] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.524] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8272e2f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xaa05, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0B619d01", cAlternateFileName="")) returned 1 [0049.524] lstrcmpiW (lpString1="0B619d01", lpString2="Windows") returned -1 [0049.524] lstrcmpiW (lpString1="0B619d01", lpString2="Program Files") returned -1 [0049.524] lstrcmpiW (lpString1="0B619d01", lpString2="Program Files (x86)") returned -1 [0049.524] lstrcmpiW (lpString1="0B619d01", lpString2="$Recycle.bin") returned 1 [0049.524] lstrcmpiW (lpString1="0B619d01", lpString2="System Volume Information") returned -1 [0049.524] lstrcmpiW (lpString1="0B619d01", lpString2=".") returned 1 [0049.524] lstrcmpiW (lpString1="0B619d01", lpString2="..") returned 1 [0049.524] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01") returned 109 [0049.524] StrStrIW (lpFirst="0B619d01", lpSrch=".lolkek") returned 0x0 [0049.524] lstrcmpW (lpString1="0B619d01", lpString2="LOLKEK.txt") returned -1 [0049.524] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01") returned 109 [0049.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5eb508 [0049.525] lstrcpyW (in: lpString1=0x5eb508, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" [0049.525] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.525] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.525] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8272e2f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xaa05, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0B619d01", cAlternateFileName="")) returned 0 [0049.525] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.525] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\LOLKEK.txt") returned 111 [0049.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.525] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.525] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.526] CloseHandle (hObject=0x2bc) returned 1 [0049.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.526] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F6", cAlternateFileName="")) returned 1 [0049.526] lstrcmpiW (lpString1="F6", lpString2="Windows") returned -1 [0049.526] lstrcmpiW (lpString1="F6", lpString2="Program Files") returned -1 [0049.526] lstrcmpiW (lpString1="F6", lpString2="Program Files (x86)") returned -1 [0049.526] lstrcmpiW (lpString1="F6", lpString2="$Recycle.bin") returned 1 [0049.526] lstrcmpiW (lpString1="F6", lpString2="System Volume Information") returned -1 [0049.526] lstrcmpiW (lpString1="F6", lpString2=".") returned 1 [0049.526] lstrcmpiW (lpString1="F6", lpString2="..") returned 1 [0049.526] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned 100 [0049.526] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.526] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" [0049.526] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*" [0049.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.526] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.526] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.526] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.526] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.526] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.526] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.526] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.526] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.526] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.526] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.527] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.527] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.527] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.527] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.527] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa60b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CBD4Dd01", cAlternateFileName="")) returned 1 [0049.527] lstrcmpiW (lpString1="CBD4Dd01", lpString2="Windows") returned -1 [0049.527] lstrcmpiW (lpString1="CBD4Dd01", lpString2="Program Files") returned -1 [0049.527] lstrcmpiW (lpString1="CBD4Dd01", lpString2="Program Files (x86)") returned -1 [0049.527] lstrcmpiW (lpString1="CBD4Dd01", lpString2="$Recycle.bin") returned 1 [0049.527] lstrcmpiW (lpString1="CBD4Dd01", lpString2="System Volume Information") returned -1 [0049.527] lstrcmpiW (lpString1="CBD4Dd01", lpString2=".") returned 1 [0049.527] lstrcmpiW (lpString1="CBD4Dd01", lpString2="..") returned 1 [0049.527] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01") returned 109 [0049.527] StrStrIW (lpFirst="CBD4Dd01", lpSrch=".lolkek") returned 0x0 [0049.527] lstrcmpW (lpString1="CBD4Dd01", lpString2="LOLKEK.txt") returned -1 [0049.527] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01") returned 109 [0049.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5eb6c8 [0049.527] lstrcpyW (in: lpString1=0x5eb6c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" [0049.527] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.527] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.527] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa60b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CBD4Dd01", cAlternateFileName="")) returned 0 [0049.527] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.527] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\LOLKEK.txt") returned 111 [0049.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.527] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.527] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.528] CloseHandle (hObject=0x2bc) returned 1 [0049.528] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.528] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F6", cAlternateFileName="")) returned 0 [0049.528] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.528] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\LOLKEK.txt") returned 108 [0049.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.529] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.529] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.529] CloseHandle (hObject=0x270) returned 1 [0049.529] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.529] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2", cAlternateFileName="")) returned 1 [0049.529] lstrcmpiW (lpString1="2", lpString2="Windows") returned -1 [0049.529] lstrcmpiW (lpString1="2", lpString2="Program Files") returned -1 [0049.529] lstrcmpiW (lpString1="2", lpString2="Program Files (x86)") returned -1 [0049.529] lstrcmpiW (lpString1="2", lpString2="$Recycle.bin") returned 1 [0049.529] lstrcmpiW (lpString1="2", lpString2="System Volume Information") returned -1 [0049.529] lstrcmpiW (lpString1="2", lpString2=".") returned 1 [0049.529] lstrcmpiW (lpString1="2", lpString2="..") returned 1 [0049.529] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned 97 [0049.529] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.529] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" [0049.529] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*" [0049.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.538] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.538] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.538] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.538] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.538] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.538] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.538] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.538] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.538] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.538] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.538] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.538] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.538] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.538] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.538] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.538] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.538] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\LOLKEK.txt") returned 108 [0049.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\2\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.539] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.539] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.540] CloseHandle (hObject=0x270) returned 1 [0049.540] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.540] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3", cAlternateFileName="")) returned 1 [0049.540] lstrcmpiW (lpString1="3", lpString2="Windows") returned -1 [0049.540] lstrcmpiW (lpString1="3", lpString2="Program Files") returned -1 [0049.540] lstrcmpiW (lpString1="3", lpString2="Program Files (x86)") returned -1 [0049.540] lstrcmpiW (lpString1="3", lpString2="$Recycle.bin") returned 1 [0049.540] lstrcmpiW (lpString1="3", lpString2="System Volume Information") returned -1 [0049.540] lstrcmpiW (lpString1="3", lpString2=".") returned 1 [0049.540] lstrcmpiW (lpString1="3", lpString2="..") returned 1 [0049.540] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned 97 [0049.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.540] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" [0049.540] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*" [0049.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.549] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.549] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.549] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.549] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.549] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.549] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.549] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.549] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.549] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.549] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.549] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.549] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.549] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.549] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.549] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4B", cAlternateFileName="")) returned 1 [0049.549] lstrcmpiW (lpString1="4B", lpString2="Windows") returned -1 [0049.549] lstrcmpiW (lpString1="4B", lpString2="Program Files") returned -1 [0049.549] lstrcmpiW (lpString1="4B", lpString2="Program Files (x86)") returned -1 [0049.550] lstrcmpiW (lpString1="4B", lpString2="$Recycle.bin") returned 1 [0049.550] lstrcmpiW (lpString1="4B", lpString2="System Volume Information") returned -1 [0049.550] lstrcmpiW (lpString1="4B", lpString2=".") returned 1 [0049.550] lstrcmpiW (lpString1="4B", lpString2="..") returned 1 [0049.550] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned 100 [0049.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.550] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" [0049.550] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*" [0049.550] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.554] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.554] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.554] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.554] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.554] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.554] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.554] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.554] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.554] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.554] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.554] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.554] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.554] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.554] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.554] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb72eeab0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x20543, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1D8FDd01", cAlternateFileName="")) returned 1 [0049.554] lstrcmpiW (lpString1="1D8FDd01", lpString2="Windows") returned -1 [0049.554] lstrcmpiW (lpString1="1D8FDd01", lpString2="Program Files") returned -1 [0049.554] lstrcmpiW (lpString1="1D8FDd01", lpString2="Program Files (x86)") returned -1 [0049.554] lstrcmpiW (lpString1="1D8FDd01", lpString2="$Recycle.bin") returned 1 [0049.554] lstrcmpiW (lpString1="1D8FDd01", lpString2="System Volume Information") returned -1 [0049.554] lstrcmpiW (lpString1="1D8FDd01", lpString2=".") returned 1 [0049.554] lstrcmpiW (lpString1="1D8FDd01", lpString2="..") returned 1 [0049.555] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01") returned 109 [0049.555] StrStrIW (lpFirst="1D8FDd01", lpSrch=".lolkek") returned 0x0 [0049.555] lstrcmpW (lpString1="1D8FDd01", lpString2="LOLKEK.txt") returned -1 [0049.555] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01") returned 109 [0049.555] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5eb888 [0049.555] lstrcpyW (in: lpString1=0x5eb888, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" [0049.555] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.555] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.555] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb72eeab0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x20543, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1D8FDd01", cAlternateFileName="")) returned 0 [0049.555] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.555] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\LOLKEK.txt") returned 111 [0049.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.555] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.555] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.556] CloseHandle (hObject=0x2bc) returned 1 [0049.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.556] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4B", cAlternateFileName="")) returned 0 [0049.556] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.556] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\LOLKEK.txt") returned 108 [0049.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.556] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.556] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.557] CloseHandle (hObject=0x270) returned 1 [0049.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.557] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4", cAlternateFileName="")) returned 1 [0049.557] lstrcmpiW (lpString1="4", lpString2="Windows") returned -1 [0049.557] lstrcmpiW (lpString1="4", lpString2="Program Files") returned -1 [0049.557] lstrcmpiW (lpString1="4", lpString2="Program Files (x86)") returned -1 [0049.557] lstrcmpiW (lpString1="4", lpString2="$Recycle.bin") returned 1 [0049.557] lstrcmpiW (lpString1="4", lpString2="System Volume Information") returned -1 [0049.557] lstrcmpiW (lpString1="4", lpString2=".") returned 1 [0049.557] lstrcmpiW (lpString1="4", lpString2="..") returned 1 [0049.557] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned 97 [0049.557] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.557] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" [0049.557] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*" [0049.557] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.558] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.558] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.558] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.558] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.558] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.558] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.558] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.558] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.558] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.558] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.558] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.558] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.558] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.558] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.558] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.558] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\LOLKEK.txt") returned 108 [0049.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\4\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.558] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.558] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.559] CloseHandle (hObject=0x270) returned 1 [0049.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.559] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5", cAlternateFileName="")) returned 1 [0049.559] lstrcmpiW (lpString1="5", lpString2="Windows") returned -1 [0049.559] lstrcmpiW (lpString1="5", lpString2="Program Files") returned -1 [0049.559] lstrcmpiW (lpString1="5", lpString2="Program Files (x86)") returned -1 [0049.559] lstrcmpiW (lpString1="5", lpString2="$Recycle.bin") returned 1 [0049.559] lstrcmpiW (lpString1="5", lpString2="System Volume Information") returned -1 [0049.559] lstrcmpiW (lpString1="5", lpString2=".") returned 1 [0049.559] lstrcmpiW (lpString1="5", lpString2="..") returned 1 [0049.559] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned 97 [0049.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.559] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" [0049.559] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*" [0049.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.564] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.564] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.564] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.564] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.564] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.564] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.564] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.564] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.564] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.564] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.564] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.564] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.564] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.564] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.564] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.564] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\LOLKEK.txt") returned 108 [0049.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\5\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.565] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.565] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.565] CloseHandle (hObject=0x270) returned 1 [0049.565] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.565] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6", cAlternateFileName="")) returned 1 [0049.566] lstrcmpiW (lpString1="6", lpString2="Windows") returned -1 [0049.566] lstrcmpiW (lpString1="6", lpString2="Program Files") returned -1 [0049.566] lstrcmpiW (lpString1="6", lpString2="Program Files (x86)") returned -1 [0049.566] lstrcmpiW (lpString1="6", lpString2="$Recycle.bin") returned 1 [0049.566] lstrcmpiW (lpString1="6", lpString2="System Volume Information") returned -1 [0049.566] lstrcmpiW (lpString1="6", lpString2=".") returned 1 [0049.566] lstrcmpiW (lpString1="6", lpString2="..") returned 1 [0049.566] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned 97 [0049.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.566] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" [0049.566] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*" [0049.566] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.566] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.566] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.566] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.566] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.566] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.566] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.566] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.566] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.566] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.566] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.566] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.566] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.566] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.566] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.566] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.566] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.566] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\LOLKEK.txt") returned 108 [0049.566] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\6\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.567] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.567] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.567] CloseHandle (hObject=0x270) returned 1 [0049.567] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.567] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7", cAlternateFileName="")) returned 1 [0049.567] lstrcmpiW (lpString1="7", lpString2="Windows") returned -1 [0049.567] lstrcmpiW (lpString1="7", lpString2="Program Files") returned -1 [0049.567] lstrcmpiW (lpString1="7", lpString2="Program Files (x86)") returned -1 [0049.567] lstrcmpiW (lpString1="7", lpString2="$Recycle.bin") returned 1 [0049.567] lstrcmpiW (lpString1="7", lpString2="System Volume Information") returned -1 [0049.567] lstrcmpiW (lpString1="7", lpString2=".") returned 1 [0049.567] lstrcmpiW (lpString1="7", lpString2="..") returned 1 [0049.567] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned 97 [0049.568] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.568] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" [0049.568] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*" [0049.568] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.572] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.572] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.572] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.572] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.572] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.572] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.572] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.572] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.572] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.572] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.572] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.572] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.572] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.572] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.572] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.572] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.572] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\LOLKEK.txt") returned 108 [0049.572] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\7\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.573] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.573] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.573] CloseHandle (hObject=0x290) returned 1 [0049.573] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.573] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8", cAlternateFileName="")) returned 1 [0049.573] lstrcmpiW (lpString1="8", lpString2="Windows") returned -1 [0049.573] lstrcmpiW (lpString1="8", lpString2="Program Files") returned -1 [0049.573] lstrcmpiW (lpString1="8", lpString2="Program Files (x86)") returned -1 [0049.573] lstrcmpiW (lpString1="8", lpString2="$Recycle.bin") returned 1 [0049.573] lstrcmpiW (lpString1="8", lpString2="System Volume Information") returned -1 [0049.573] lstrcmpiW (lpString1="8", lpString2=".") returned 1 [0049.573] lstrcmpiW (lpString1="8", lpString2="..") returned 1 [0049.574] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8") returned 97 [0049.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.574] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" [0049.574] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*" [0049.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.574] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.574] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.574] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.574] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.574] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.574] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.574] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.574] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.574] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.574] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.574] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.574] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.574] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.574] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.574] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.574] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.574] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\LOLKEK.txt") returned 108 [0049.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\8\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.574] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.574] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.575] CloseHandle (hObject=0x290) returned 1 [0049.575] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.575] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9", cAlternateFileName="")) returned 1 [0049.575] lstrcmpiW (lpString1="9", lpString2="Windows") returned -1 [0049.575] lstrcmpiW (lpString1="9", lpString2="Program Files") returned -1 [0049.575] lstrcmpiW (lpString1="9", lpString2="Program Files (x86)") returned -1 [0049.575] lstrcmpiW (lpString1="9", lpString2="$Recycle.bin") returned 1 [0049.575] lstrcmpiW (lpString1="9", lpString2="System Volume Information") returned -1 [0049.575] lstrcmpiW (lpString1="9", lpString2=".") returned 1 [0049.575] lstrcmpiW (lpString1="9", lpString2="..") returned 1 [0049.575] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9") returned 97 [0049.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.575] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" [0049.575] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*" [0049.575] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.586] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.586] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.586] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.586] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.586] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.586] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.586] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.586] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.586] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.586] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.586] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.586] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.586] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.586] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.586] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10", cAlternateFileName="")) returned 1 [0049.586] lstrcmpiW (lpString1="10", lpString2="Windows") returned -1 [0049.586] lstrcmpiW (lpString1="10", lpString2="Program Files") returned -1 [0049.587] lstrcmpiW (lpString1="10", lpString2="Program Files (x86)") returned -1 [0049.587] lstrcmpiW (lpString1="10", lpString2="$Recycle.bin") returned 1 [0049.587] lstrcmpiW (lpString1="10", lpString2="System Volume Information") returned -1 [0049.587] lstrcmpiW (lpString1="10", lpString2=".") returned 1 [0049.587] lstrcmpiW (lpString1="10", lpString2="..") returned 1 [0049.587] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10") returned 100 [0049.587] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.587] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" [0049.587] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*" [0049.587] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.587] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.587] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.587] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.587] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.587] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.587] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.587] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.587] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.587] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.587] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.587] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.587] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.587] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.587] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x534f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="16A09d01", cAlternateFileName="")) returned 1 [0049.587] lstrcmpiW (lpString1="16A09d01", lpString2="Windows") returned -1 [0049.587] lstrcmpiW (lpString1="16A09d01", lpString2="Program Files") returned -1 [0049.587] lstrcmpiW (lpString1="16A09d01", lpString2="Program Files (x86)") returned -1 [0049.587] lstrcmpiW (lpString1="16A09d01", lpString2="$Recycle.bin") returned 1 [0049.587] lstrcmpiW (lpString1="16A09d01", lpString2="System Volume Information") returned -1 [0049.587] lstrcmpiW (lpString1="16A09d01", lpString2=".") returned 1 [0049.587] lstrcmpiW (lpString1="16A09d01", lpString2="..") returned 1 [0049.587] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01") returned 109 [0049.587] StrStrIW (lpFirst="16A09d01", lpSrch=".lolkek") returned 0x0 [0049.587] lstrcmpW (lpString1="16A09d01", lpString2="LOLKEK.txt") returned -1 [0049.587] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01") returned 109 [0049.587] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5eba48 [0049.587] lstrcpyW (in: lpString1=0x5eba48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" [0049.587] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.587] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.588] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x534f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="16A09d01", cAlternateFileName="")) returned 0 [0049.588] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.588] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\LOLKEK.txt") returned 111 [0049.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.588] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.588] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.589] CloseHandle (hObject=0x27c) returned 1 [0049.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.589] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2C", cAlternateFileName="")) returned 1 [0049.589] lstrcmpiW (lpString1="2C", lpString2="Windows") returned -1 [0049.589] lstrcmpiW (lpString1="2C", lpString2="Program Files") returned -1 [0049.589] lstrcmpiW (lpString1="2C", lpString2="Program Files (x86)") returned -1 [0049.589] lstrcmpiW (lpString1="2C", lpString2="$Recycle.bin") returned 1 [0049.589] lstrcmpiW (lpString1="2C", lpString2="System Volume Information") returned -1 [0049.589] lstrcmpiW (lpString1="2C", lpString2=".") returned 1 [0049.589] lstrcmpiW (lpString1="2C", lpString2="..") returned 1 [0049.589] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C") returned 100 [0049.589] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.589] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" [0049.589] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*" [0049.589] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.589] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.589] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.589] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.589] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.589] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.589] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.589] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.589] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.590] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.590] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.590] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.590] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.590] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.590] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.590] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7dcaf10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x133d5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="24B53d01", cAlternateFileName="")) returned 1 [0049.590] lstrcmpiW (lpString1="24B53d01", lpString2="Windows") returned -1 [0049.590] lstrcmpiW (lpString1="24B53d01", lpString2="Program Files") returned -1 [0049.590] lstrcmpiW (lpString1="24B53d01", lpString2="Program Files (x86)") returned -1 [0049.590] lstrcmpiW (lpString1="24B53d01", lpString2="$Recycle.bin") returned 1 [0049.590] lstrcmpiW (lpString1="24B53d01", lpString2="System Volume Information") returned -1 [0049.590] lstrcmpiW (lpString1="24B53d01", lpString2=".") returned 1 [0049.590] lstrcmpiW (lpString1="24B53d01", lpString2="..") returned 1 [0049.590] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01") returned 109 [0049.590] StrStrIW (lpFirst="24B53d01", lpSrch=".lolkek") returned 0x0 [0049.590] lstrcmpW (lpString1="24B53d01", lpString2="LOLKEK.txt") returned -1 [0049.590] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01") returned 109 [0049.590] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x5ebc08 [0049.590] lstrcpyW (in: lpString1=0x5ebc08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" [0049.590] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.590] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.590] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7dcaf10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x133d5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="24B53d01", cAlternateFileName="")) returned 0 [0049.590] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.590] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\LOLKEK.txt") returned 111 [0049.590] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.590] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.590] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.591] CloseHandle (hObject=0x27c) returned 1 [0049.591] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.591] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="61", cAlternateFileName="")) returned 1 [0049.591] lstrcmpiW (lpString1="61", lpString2="Windows") returned -1 [0049.591] lstrcmpiW (lpString1="61", lpString2="Program Files") returned -1 [0049.591] lstrcmpiW (lpString1="61", lpString2="Program Files (x86)") returned -1 [0049.591] lstrcmpiW (lpString1="61", lpString2="$Recycle.bin") returned 1 [0049.591] lstrcmpiW (lpString1="61", lpString2="System Volume Information") returned -1 [0049.591] lstrcmpiW (lpString1="61", lpString2=".") returned 1 [0049.591] lstrcmpiW (lpString1="61", lpString2="..") returned 1 [0049.591] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61") returned 100 [0049.591] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.591] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" [0049.591] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*" [0049.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.592] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.592] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.592] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.592] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.592] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.592] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.592] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.592] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.592] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.592] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.592] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.592] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.592] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fba0f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa949, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="28E95d01", cAlternateFileName="")) returned 1 [0049.592] lstrcmpiW (lpString1="28E95d01", lpString2="Windows") returned -1 [0049.592] lstrcmpiW (lpString1="28E95d01", lpString2="Program Files") returned -1 [0049.592] lstrcmpiW (lpString1="28E95d01", lpString2="Program Files (x86)") returned -1 [0049.592] lstrcmpiW (lpString1="28E95d01", lpString2="$Recycle.bin") returned 1 [0049.592] lstrcmpiW (lpString1="28E95d01", lpString2="System Volume Information") returned -1 [0049.592] lstrcmpiW (lpString1="28E95d01", lpString2=".") returned 1 [0049.592] lstrcmpiW (lpString1="28E95d01", lpString2="..") returned 1 [0049.592] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01") returned 109 [0049.592] StrStrIW (lpFirst="28E95d01", lpSrch=".lolkek") returned 0x0 [0049.592] lstrcmpW (lpString1="28E95d01", lpString2="LOLKEK.txt") returned -1 [0049.592] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01") returned 109 [0049.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x61b460 [0049.592] lstrcpyW (in: lpString1=0x61b460, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" [0049.592] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.592] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.592] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fba0f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa949, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="28E95d01", cAlternateFileName="")) returned 0 [0049.592] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.592] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\LOLKEK.txt") returned 111 [0049.592] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.593] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.593] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.593] CloseHandle (hObject=0x27c) returned 1 [0049.593] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.593] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E0", cAlternateFileName="")) returned 1 [0049.593] lstrcmpiW (lpString1="E0", lpString2="Windows") returned -1 [0049.593] lstrcmpiW (lpString1="E0", lpString2="Program Files") returned -1 [0049.593] lstrcmpiW (lpString1="E0", lpString2="Program Files (x86)") returned -1 [0049.593] lstrcmpiW (lpString1="E0", lpString2="$Recycle.bin") returned 1 [0049.593] lstrcmpiW (lpString1="E0", lpString2="System Volume Information") returned -1 [0049.594] lstrcmpiW (lpString1="E0", lpString2=".") returned 1 [0049.594] lstrcmpiW (lpString1="E0", lpString2="..") returned 1 [0049.594] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0") returned 100 [0049.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.594] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" [0049.594] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*" [0049.594] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.609] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.609] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.609] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.609] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.609] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.609] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.609] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.609] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.609] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.609] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.609] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.609] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.609] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.609] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.609] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x404f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F17B2d01", cAlternateFileName="")) returned 1 [0049.609] lstrcmpiW (lpString1="F17B2d01", lpString2="Windows") returned -1 [0049.609] lstrcmpiW (lpString1="F17B2d01", lpString2="Program Files") returned -1 [0049.609] lstrcmpiW (lpString1="F17B2d01", lpString2="Program Files (x86)") returned -1 [0049.609] lstrcmpiW (lpString1="F17B2d01", lpString2="$Recycle.bin") returned 1 [0049.609] lstrcmpiW (lpString1="F17B2d01", lpString2="System Volume Information") returned -1 [0049.609] lstrcmpiW (lpString1="F17B2d01", lpString2=".") returned 1 [0049.609] lstrcmpiW (lpString1="F17B2d01", lpString2="..") returned 1 [0049.609] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01") returned 109 [0049.609] StrStrIW (lpFirst="F17B2d01", lpSrch=".lolkek") returned 0x0 [0049.609] lstrcmpW (lpString1="F17B2d01", lpString2="LOLKEK.txt") returned -1 [0049.609] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01") returned 109 [0049.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x61b620 [0049.610] lstrcpyW (in: lpString1=0x61b620, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" [0049.610] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.610] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.610] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x404f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F17B2d01", cAlternateFileName="")) returned 0 [0049.610] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.610] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\LOLKEK.txt") returned 111 [0049.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.610] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.610] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.611] CloseHandle (hObject=0x27c) returned 1 [0049.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.611] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E0", cAlternateFileName="")) returned 0 [0049.611] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.611] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\LOLKEK.txt") returned 108 [0049.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.611] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.611] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.612] CloseHandle (hObject=0x290) returned 1 [0049.612] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.612] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A", cAlternateFileName="")) returned 1 [0049.612] lstrcmpiW (lpString1="A", lpString2="Windows") returned -1 [0049.612] lstrcmpiW (lpString1="A", lpString2="Program Files") returned -1 [0049.612] lstrcmpiW (lpString1="A", lpString2="Program Files (x86)") returned -1 [0049.612] lstrcmpiW (lpString1="A", lpString2="$Recycle.bin") returned 1 [0049.612] lstrcmpiW (lpString1="A", lpString2="System Volume Information") returned -1 [0049.612] lstrcmpiW (lpString1="A", lpString2=".") returned 1 [0049.612] lstrcmpiW (lpString1="A", lpString2="..") returned 1 [0049.612] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A") returned 97 [0049.612] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.612] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" [0049.612] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*" [0049.612] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.613] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.613] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.613] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.613] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.613] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.613] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.613] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.613] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.613] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.613] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.613] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.613] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.613] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.613] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.613] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.613] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.613] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\LOLKEK.txt") returned 108 [0049.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\a\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.613] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.613] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.614] CloseHandle (hObject=0x290) returned 1 [0049.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.614] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="B", cAlternateFileName="")) returned 1 [0049.614] lstrcmpiW (lpString1="B", lpString2="Windows") returned -1 [0049.614] lstrcmpiW (lpString1="B", lpString2="Program Files") returned -1 [0049.614] lstrcmpiW (lpString1="B", lpString2="Program Files (x86)") returned -1 [0049.614] lstrcmpiW (lpString1="B", lpString2="$Recycle.bin") returned 1 [0049.614] lstrcmpiW (lpString1="B", lpString2="System Volume Information") returned -1 [0049.614] lstrcmpiW (lpString1="B", lpString2=".") returned 1 [0049.614] lstrcmpiW (lpString1="B", lpString2="..") returned 1 [0049.614] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B") returned 97 [0049.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.614] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" [0049.614] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*" [0049.614] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.622] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.622] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.622] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.622] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.622] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.622] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.622] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.622] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.622] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.622] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.622] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.622] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.622] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.622] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.622] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.622] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.623] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\LOLKEK.txt") returned 108 [0049.623] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\b\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.623] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.623] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.624] CloseHandle (hObject=0x290) returned 1 [0049.624] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.624] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C", cAlternateFileName="")) returned 1 [0049.624] lstrcmpiW (lpString1="C", lpString2="Windows") returned -1 [0049.624] lstrcmpiW (lpString1="C", lpString2="Program Files") returned -1 [0049.624] lstrcmpiW (lpString1="C", lpString2="Program Files (x86)") returned -1 [0049.624] lstrcmpiW (lpString1="C", lpString2="$Recycle.bin") returned 1 [0049.624] lstrcmpiW (lpString1="C", lpString2="System Volume Information") returned -1 [0049.624] lstrcmpiW (lpString1="C", lpString2=".") returned 1 [0049.624] lstrcmpiW (lpString1="C", lpString2="..") returned 1 [0049.624] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C") returned 97 [0049.624] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.624] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" [0049.624] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*" [0049.624] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.624] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.624] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.624] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.624] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.624] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.624] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.624] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.624] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.624] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.624] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.624] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.624] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.624] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.624] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.624] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E6", cAlternateFileName="")) returned 1 [0049.624] lstrcmpiW (lpString1="E6", lpString2="Windows") returned -1 [0049.625] lstrcmpiW (lpString1="E6", lpString2="Program Files") returned -1 [0049.625] lstrcmpiW (lpString1="E6", lpString2="Program Files (x86)") returned -1 [0049.625] lstrcmpiW (lpString1="E6", lpString2="$Recycle.bin") returned 1 [0049.625] lstrcmpiW (lpString1="E6", lpString2="System Volume Information") returned -1 [0049.625] lstrcmpiW (lpString1="E6", lpString2=".") returned 1 [0049.625] lstrcmpiW (lpString1="E6", lpString2="..") returned 1 [0049.625] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6") returned 100 [0049.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.625] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" [0049.625] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*" [0049.625] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.625] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.625] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.625] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.625] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.625] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.625] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.625] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.625] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.625] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.625] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.625] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.625] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.625] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.625] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.625] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f21b70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x21839, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9DCB7d01", cAlternateFileName="")) returned 1 [0049.625] lstrcmpiW (lpString1="9DCB7d01", lpString2="Windows") returned -1 [0049.625] lstrcmpiW (lpString1="9DCB7d01", lpString2="Program Files") returned -1 [0049.625] lstrcmpiW (lpString1="9DCB7d01", lpString2="Program Files (x86)") returned -1 [0049.625] lstrcmpiW (lpString1="9DCB7d01", lpString2="$Recycle.bin") returned 1 [0049.625] lstrcmpiW (lpString1="9DCB7d01", lpString2="System Volume Information") returned -1 [0049.625] lstrcmpiW (lpString1="9DCB7d01", lpString2=".") returned 1 [0049.625] lstrcmpiW (lpString1="9DCB7d01", lpString2="..") returned 1 [0049.625] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01") returned 109 [0049.625] StrStrIW (lpFirst="9DCB7d01", lpSrch=".lolkek") returned 0x0 [0049.625] lstrcmpW (lpString1="9DCB7d01", lpString2="LOLKEK.txt") returned -1 [0049.625] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01") returned 109 [0049.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x61b7e0 [0049.625] lstrcpyW (in: lpString1=0x61b7e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" [0049.625] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.626] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.626] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f21b70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x21839, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9DCB7d01", cAlternateFileName="")) returned 0 [0049.626] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.626] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\LOLKEK.txt") returned 111 [0049.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.626] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.626] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.627] CloseHandle (hObject=0x27c) returned 1 [0049.627] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.627] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E6", cAlternateFileName="")) returned 0 [0049.627] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.627] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\LOLKEK.txt") returned 108 [0049.627] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.627] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.627] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.628] CloseHandle (hObject=0x290) returned 1 [0049.628] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.628] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D", cAlternateFileName="")) returned 1 [0049.628] lstrcmpiW (lpString1="D", lpString2="Windows") returned -1 [0049.628] lstrcmpiW (lpString1="D", lpString2="Program Files") returned -1 [0049.628] lstrcmpiW (lpString1="D", lpString2="Program Files (x86)") returned -1 [0049.628] lstrcmpiW (lpString1="D", lpString2="$Recycle.bin") returned 1 [0049.628] lstrcmpiW (lpString1="D", lpString2="System Volume Information") returned -1 [0049.628] lstrcmpiW (lpString1="D", lpString2=".") returned 1 [0049.628] lstrcmpiW (lpString1="D", lpString2="..") returned 1 [0049.628] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D") returned 97 [0049.628] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.628] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" [0049.628] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*" [0049.628] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.672] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.672] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.672] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.672] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.672] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.672] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.672] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.672] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.672] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.672] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.672] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.672] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.672] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.672] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.672] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="08", cAlternateFileName="")) returned 1 [0049.672] lstrcmpiW (lpString1="08", lpString2="Windows") returned -1 [0049.672] lstrcmpiW (lpString1="08", lpString2="Program Files") returned -1 [0049.672] lstrcmpiW (lpString1="08", lpString2="Program Files (x86)") returned -1 [0049.672] lstrcmpiW (lpString1="08", lpString2="$Recycle.bin") returned 1 [0049.672] lstrcmpiW (lpString1="08", lpString2="System Volume Information") returned -1 [0049.672] lstrcmpiW (lpString1="08", lpString2=".") returned 1 [0049.672] lstrcmpiW (lpString1="08", lpString2="..") returned 1 [0049.672] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08") returned 100 [0049.672] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.673] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" [0049.673] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*" [0049.673] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.733] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.733] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.733] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.733] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.733] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.733] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.733] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.733] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.733] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.733] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.733] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.733] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.733] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.733] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.733] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8266, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="71469d01", cAlternateFileName="")) returned 1 [0049.733] lstrcmpiW (lpString1="71469d01", lpString2="Windows") returned -1 [0049.733] lstrcmpiW (lpString1="71469d01", lpString2="Program Files") returned -1 [0049.733] lstrcmpiW (lpString1="71469d01", lpString2="Program Files (x86)") returned -1 [0049.733] lstrcmpiW (lpString1="71469d01", lpString2="$Recycle.bin") returned 1 [0049.733] lstrcmpiW (lpString1="71469d01", lpString2="System Volume Information") returned -1 [0049.733] lstrcmpiW (lpString1="71469d01", lpString2=".") returned 1 [0049.733] lstrcmpiW (lpString1="71469d01", lpString2="..") returned 1 [0049.733] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01") returned 109 [0049.733] StrStrIW (lpFirst="71469d01", lpSrch=".lolkek") returned 0x0 [0049.734] lstrcmpW (lpString1="71469d01", lpString2="LOLKEK.txt") returned -1 [0049.734] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01") returned 109 [0049.734] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x668b08 [0049.734] lstrcpyW (in: lpString1=0x668b08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" [0049.734] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.734] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.734] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8266, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="71469d01", cAlternateFileName="")) returned 0 [0049.734] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.734] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\LOLKEK.txt") returned 111 [0049.734] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.735] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.735] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.735] CloseHandle (hObject=0x270) returned 1 [0049.735] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.736] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="08", cAlternateFileName="")) returned 0 [0049.736] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.736] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\LOLKEK.txt") returned 108 [0049.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.736] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.736] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.737] CloseHandle (hObject=0x290) returned 1 [0049.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.737] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E", cAlternateFileName="")) returned 1 [0049.737] lstrcmpiW (lpString1="E", lpString2="Windows") returned -1 [0049.737] lstrcmpiW (lpString1="E", lpString2="Program Files") returned -1 [0049.737] lstrcmpiW (lpString1="E", lpString2="Program Files (x86)") returned -1 [0049.737] lstrcmpiW (lpString1="E", lpString2="$Recycle.bin") returned 1 [0049.737] lstrcmpiW (lpString1="E", lpString2="System Volume Information") returned -1 [0049.737] lstrcmpiW (lpString1="E", lpString2=".") returned 1 [0049.737] lstrcmpiW (lpString1="E", lpString2="..") returned 1 [0049.737] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E") returned 97 [0049.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.737] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" [0049.737] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*" [0049.737] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.737] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.737] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.737] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.737] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.737] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.737] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.737] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.737] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.737] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.737] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.737] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.737] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.737] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.737] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.737] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="69", cAlternateFileName="")) returned 1 [0049.738] lstrcmpiW (lpString1="69", lpString2="Windows") returned -1 [0049.738] lstrcmpiW (lpString1="69", lpString2="Program Files") returned -1 [0049.738] lstrcmpiW (lpString1="69", lpString2="Program Files (x86)") returned -1 [0049.738] lstrcmpiW (lpString1="69", lpString2="$Recycle.bin") returned 1 [0049.738] lstrcmpiW (lpString1="69", lpString2="System Volume Information") returned -1 [0049.738] lstrcmpiW (lpString1="69", lpString2=".") returned 1 [0049.738] lstrcmpiW (lpString1="69", lpString2="..") returned 1 [0049.738] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69") returned 100 [0049.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.738] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" [0049.738] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*" [0049.738] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.738] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.738] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.738] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.738] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.738] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.738] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.738] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.738] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.738] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.738] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.738] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.738] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.738] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.738] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.738] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb80063b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10d22, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="885EEd01", cAlternateFileName="")) returned 1 [0049.738] lstrcmpiW (lpString1="885EEd01", lpString2="Windows") returned -1 [0049.738] lstrcmpiW (lpString1="885EEd01", lpString2="Program Files") returned -1 [0049.738] lstrcmpiW (lpString1="885EEd01", lpString2="Program Files (x86)") returned -1 [0049.738] lstrcmpiW (lpString1="885EEd01", lpString2="$Recycle.bin") returned 1 [0049.738] lstrcmpiW (lpString1="885EEd01", lpString2="System Volume Information") returned -1 [0049.738] lstrcmpiW (lpString1="885EEd01", lpString2=".") returned 1 [0049.738] lstrcmpiW (lpString1="885EEd01", lpString2="..") returned 1 [0049.738] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01") returned 109 [0049.739] StrStrIW (lpFirst="885EEd01", lpSrch=".lolkek") returned 0x0 [0049.739] lstrcmpW (lpString1="885EEd01", lpString2="LOLKEK.txt") returned -1 [0049.739] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01") returned 109 [0049.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x668cc8 [0049.739] lstrcpyW (in: lpString1=0x668cc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" [0049.739] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.739] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.739] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb80063b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10d22, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="885EEd01", cAlternateFileName="")) returned 0 [0049.739] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.739] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\LOLKEK.txt") returned 111 [0049.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.739] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.739] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.740] CloseHandle (hObject=0x270) returned 1 [0049.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.740] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="69", cAlternateFileName="")) returned 0 [0049.740] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.740] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\LOLKEK.txt") returned 108 [0049.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.740] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.740] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.741] CloseHandle (hObject=0x290) returned 1 [0049.741] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.741] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F", cAlternateFileName="")) returned 1 [0049.741] lstrcmpiW (lpString1="F", lpString2="Windows") returned -1 [0049.741] lstrcmpiW (lpString1="F", lpString2="Program Files") returned -1 [0049.741] lstrcmpiW (lpString1="F", lpString2="Program Files (x86)") returned -1 [0049.741] lstrcmpiW (lpString1="F", lpString2="$Recycle.bin") returned 1 [0049.741] lstrcmpiW (lpString1="F", lpString2="System Volume Information") returned -1 [0049.741] lstrcmpiW (lpString1="F", lpString2=".") returned 1 [0049.741] lstrcmpiW (lpString1="F", lpString2="..") returned 1 [0049.741] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F") returned 97 [0049.741] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.741] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" [0049.741] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*" [0049.741] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0049.747] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.747] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.747] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.747] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.747] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.747] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.747] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.747] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.747] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.747] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.747] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.747] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.747] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.747] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.747] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="23", cAlternateFileName="")) returned 1 [0049.747] lstrcmpiW (lpString1="23", lpString2="Windows") returned -1 [0049.747] lstrcmpiW (lpString1="23", lpString2="Program Files") returned -1 [0049.747] lstrcmpiW (lpString1="23", lpString2="Program Files (x86)") returned -1 [0049.747] lstrcmpiW (lpString1="23", lpString2="$Recycle.bin") returned 1 [0049.747] lstrcmpiW (lpString1="23", lpString2="System Volume Information") returned -1 [0049.747] lstrcmpiW (lpString1="23", lpString2=".") returned 1 [0049.747] lstrcmpiW (lpString1="23", lpString2="..") returned 1 [0049.747] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23") returned 100 [0049.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.747] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" [0049.748] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*" [0049.748] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.748] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.748] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.748] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.748] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.748] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.748] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.748] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.748] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.748] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.748] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.748] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.748] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.748] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.748] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.748] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fe0250, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf888, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7E0FEd01", cAlternateFileName="")) returned 1 [0049.748] lstrcmpiW (lpString1="7E0FEd01", lpString2="Windows") returned -1 [0049.748] lstrcmpiW (lpString1="7E0FEd01", lpString2="Program Files") returned -1 [0049.748] lstrcmpiW (lpString1="7E0FEd01", lpString2="Program Files (x86)") returned -1 [0049.748] lstrcmpiW (lpString1="7E0FEd01", lpString2="$Recycle.bin") returned 1 [0049.748] lstrcmpiW (lpString1="7E0FEd01", lpString2="System Volume Information") returned -1 [0049.748] lstrcmpiW (lpString1="7E0FEd01", lpString2=".") returned 1 [0049.748] lstrcmpiW (lpString1="7E0FEd01", lpString2="..") returned 1 [0049.748] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01") returned 109 [0049.748] StrStrIW (lpFirst="7E0FEd01", lpSrch=".lolkek") returned 0x0 [0049.748] lstrcmpW (lpString1="7E0FEd01", lpString2="LOLKEK.txt") returned -1 [0049.748] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01") returned 109 [0049.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x668e88 [0049.748] lstrcpyW (in: lpString1=0x668e88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" [0049.748] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.748] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.749] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fe0250, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf888, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7E0FEd01", cAlternateFileName="")) returned 0 [0049.749] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.749] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\LOLKEK.txt") returned 111 [0049.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0049.749] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.749] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.750] CloseHandle (hObject=0x2bc) returned 1 [0049.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.750] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F0", cAlternateFileName="")) returned 1 [0049.750] lstrcmpiW (lpString1="F0", lpString2="Windows") returned -1 [0049.750] lstrcmpiW (lpString1="F0", lpString2="Program Files") returned -1 [0049.750] lstrcmpiW (lpString1="F0", lpString2="Program Files (x86)") returned -1 [0049.750] lstrcmpiW (lpString1="F0", lpString2="$Recycle.bin") returned 1 [0049.750] lstrcmpiW (lpString1="F0", lpString2="System Volume Information") returned -1 [0049.750] lstrcmpiW (lpString1="F0", lpString2=".") returned 1 [0049.750] lstrcmpiW (lpString1="F0", lpString2="..") returned 1 [0049.750] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0") returned 100 [0049.750] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658b00 [0049.750] lstrcpyW (in: lpString1=0x658b00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" [0049.750] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*" [0049.750] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0049.754] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.754] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.754] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.754] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.754] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.755] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.755] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.755] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.755] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.755] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.755] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.755] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.755] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.755] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.755] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x823c2350, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa80f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ECB2Dd01", cAlternateFileName="")) returned 1 [0049.755] lstrcmpiW (lpString1="ECB2Dd01", lpString2="Windows") returned -1 [0049.755] lstrcmpiW (lpString1="ECB2Dd01", lpString2="Program Files") returned -1 [0049.755] lstrcmpiW (lpString1="ECB2Dd01", lpString2="Program Files (x86)") returned -1 [0049.755] lstrcmpiW (lpString1="ECB2Dd01", lpString2="$Recycle.bin") returned 1 [0049.755] lstrcmpiW (lpString1="ECB2Dd01", lpString2="System Volume Information") returned -1 [0049.755] lstrcmpiW (lpString1="ECB2Dd01", lpString2=".") returned 1 [0049.755] lstrcmpiW (lpString1="ECB2Dd01", lpString2="..") returned 1 [0049.755] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01") returned 109 [0049.755] StrStrIW (lpFirst="ECB2Dd01", lpSrch=".lolkek") returned 0x0 [0049.755] lstrcmpW (lpString1="ECB2Dd01", lpString2="LOLKEK.txt") returned -1 [0049.755] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01") returned 109 [0049.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x60eef0 [0049.755] lstrcpyW (in: lpString1=0x60eef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" [0049.755] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.755] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.755] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x823c2350, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa80f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ECB2Dd01", cAlternateFileName="")) returned 0 [0049.755] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0049.755] wsprintfW (in: param_1=0x658b00, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\LOLKEK.txt") returned 111 [0049.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0049.756] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.756] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0049.756] CloseHandle (hObject=0x27c) returned 1 [0049.756] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658b00 | out: hHeap=0x5a0000) returned 1 [0049.756] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F0", cAlternateFileName="")) returned 0 [0049.756] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0049.756] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\LOLKEK.txt") returned 108 [0049.756] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.757] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.757] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0049.757] CloseHandle (hObject=0x270) returned 1 [0049.757] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.757] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851226b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_CACHE_001_", cAlternateFileName="_CACHE~2")) returned 1 [0049.757] lstrcmpiW (lpString1="_CACHE_001_", lpString2="Windows") returned -1 [0049.757] lstrcmpiW (lpString1="_CACHE_001_", lpString2="Program Files") returned -1 [0049.757] lstrcmpiW (lpString1="_CACHE_001_", lpString2="Program Files (x86)") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_001_", lpString2="$Recycle.bin") returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_001_", lpString2="System Volume Information") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_001_", lpString2=".") returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_001_", lpString2="..") returned 1 [0049.758] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_") returned 107 [0049.758] StrStrIW (lpFirst="_CACHE_001_", lpSrch=".lolkek") returned 0x0 [0049.758] lstrcmpW (lpString1="_CACHE_001_", lpString2="LOLKEK.txt") returned -1 [0049.758] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_") returned 107 [0049.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x669048 [0049.758] lstrcpyW (in: lpString1=0x669048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" [0049.758] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.758] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.758] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851e0d90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_CACHE_002_", cAlternateFileName="_CACHE~3")) returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_002_", lpString2="Windows") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_002_", lpString2="Program Files") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_002_", lpString2="Program Files (x86)") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_002_", lpString2="$Recycle.bin") returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_002_", lpString2="System Volume Information") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_002_", lpString2=".") returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_002_", lpString2="..") returned 1 [0049.758] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_") returned 107 [0049.758] StrStrIW (lpFirst="_CACHE_002_", lpSrch=".lolkek") returned 0x0 [0049.758] lstrcmpW (lpString1="_CACHE_002_", lpString2="LOLKEK.txt") returned -1 [0049.758] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_") returned 107 [0049.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x669200 [0049.758] lstrcpyW (in: lpString1=0x669200, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" [0049.758] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.758] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.758] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8529f470, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_CACHE_003_", cAlternateFileName="_CACHE~4")) returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_003_", lpString2="Windows") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_003_", lpString2="Program Files") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_003_", lpString2="Program Files (x86)") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_003_", lpString2="$Recycle.bin") returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_003_", lpString2="System Volume Information") returned -1 [0049.758] lstrcmpiW (lpString1="_CACHE_003_", lpString2=".") returned 1 [0049.758] lstrcmpiW (lpString1="_CACHE_003_", lpString2="..") returned 1 [0049.758] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_") returned 107 [0049.758] StrStrIW (lpFirst="_CACHE_003_", lpSrch=".lolkek") returned 0x0 [0049.758] lstrcmpW (lpString1="_CACHE_003_", lpString2="LOLKEK.txt") returned -1 [0049.758] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_") returned 107 [0049.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x6693b8 [0049.758] lstrcpyW (in: lpString1=0x6693b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" [0049.758] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.758] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.758] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8535db50, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2114, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_CACHE_MAP_", cAlternateFileName="_CACHE~1")) returned 1 [0049.759] lstrcmpiW (lpString1="_CACHE_MAP_", lpString2="Windows") returned -1 [0049.759] lstrcmpiW (lpString1="_CACHE_MAP_", lpString2="Program Files") returned -1 [0049.759] lstrcmpiW (lpString1="_CACHE_MAP_", lpString2="Program Files (x86)") returned -1 [0049.759] lstrcmpiW (lpString1="_CACHE_MAP_", lpString2="$Recycle.bin") returned 1 [0049.759] lstrcmpiW (lpString1="_CACHE_MAP_", lpString2="System Volume Information") returned -1 [0049.759] lstrcmpiW (lpString1="_CACHE_MAP_", lpString2=".") returned 1 [0049.759] lstrcmpiW (lpString1="_CACHE_MAP_", lpString2="..") returned 1 [0049.759] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_") returned 107 [0049.759] StrStrIW (lpFirst="_CACHE_MAP_", lpSrch=".lolkek") returned 0x0 [0049.759] lstrcmpW (lpString1="_CACHE_MAP_", lpString2="LOLKEK.txt") returned -1 [0049.759] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_") returned 107 [0049.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x669570 [0049.759] lstrcpyW (in: lpString1=0x669570, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" [0049.759] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.759] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.759] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8535db50, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2114, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_CACHE_MAP_", cAlternateFileName="_CACHE~1")) returned 0 [0049.759] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.759] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\LOLKEK.txt") returned 106 [0049.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.759] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.759] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.760] CloseHandle (hObject=0x1b4) returned 1 [0049.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.762] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfflineCache", cAlternateFileName="OFFLIN~1")) returned 1 [0049.762] lstrcmpiW (lpString1="OfflineCache", lpString2="Windows") returned -1 [0049.762] lstrcmpiW (lpString1="OfflineCache", lpString2="Program Files") returned -1 [0049.762] lstrcmpiW (lpString1="OfflineCache", lpString2="Program Files (x86)") returned -1 [0049.762] lstrcmpiW (lpString1="OfflineCache", lpString2="$Recycle.bin") returned 1 [0049.762] lstrcmpiW (lpString1="OfflineCache", lpString2="System Volume Information") returned -1 [0049.762] lstrcmpiW (lpString1="OfflineCache", lpString2=".") returned 1 [0049.762] lstrcmpiW (lpString1="OfflineCache", lpString2="..") returned 1 [0049.762] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache") returned 102 [0049.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.762] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" [0049.762] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*" [0049.762] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.764] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.764] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.764] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.764] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.764] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.764] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.764] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.764] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.764] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.764] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.765] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.765] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.765] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.765] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.765] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbece4d60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbece4d60, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc399b820, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.sqlite", cAlternateFileName="INDEX~1.SQL")) returned 1 [0049.765] lstrcmpiW (lpString1="index.sqlite", lpString2="Windows") returned -1 [0049.765] lstrcmpiW (lpString1="index.sqlite", lpString2="Program Files") returned -1 [0049.765] lstrcmpiW (lpString1="index.sqlite", lpString2="Program Files (x86)") returned -1 [0049.765] lstrcmpiW (lpString1="index.sqlite", lpString2="$Recycle.bin") returned 1 [0049.765] lstrcmpiW (lpString1="index.sqlite", lpString2="System Volume Information") returned -1 [0049.765] lstrcmpiW (lpString1="index.sqlite", lpString2=".") returned 1 [0049.765] lstrcmpiW (lpString1="index.sqlite", lpString2="..") returned 1 [0049.765] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite") returned 115 [0049.765] StrStrIW (lpFirst="index.sqlite", lpSrch=".lolkek") returned 0x0 [0049.765] lstrcmpW (lpString1="index.sqlite", lpString2="LOLKEK.txt") returned -1 [0049.765] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite") returned 115 [0049.765] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d0) returned 0x669728 [0049.765] lstrcpyW (in: lpString1=0x669728, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" [0049.765] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.765] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.765] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbece4d60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbece4d60, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc399b820, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.sqlite", cAlternateFileName="INDEX~1.SQL")) returned 0 [0049.765] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.765] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\LOLKEK.txt") returned 113 [0049.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.766] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.766] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.766] CloseHandle (hObject=0x1b4) returned 1 [0049.766] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.766] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="safebrowsing", cAlternateFileName="SAFEBR~2")) returned 1 [0049.767] lstrcmpiW (lpString1="safebrowsing", lpString2="Windows") returned -1 [0049.767] lstrcmpiW (lpString1="safebrowsing", lpString2="Program Files") returned 1 [0049.767] lstrcmpiW (lpString1="safebrowsing", lpString2="Program Files (x86)") returned 1 [0049.767] lstrcmpiW (lpString1="safebrowsing", lpString2="$Recycle.bin") returned 1 [0049.767] lstrcmpiW (lpString1="safebrowsing", lpString2="System Volume Information") returned -1 [0049.767] lstrcmpiW (lpString1="safebrowsing", lpString2=".") returned 1 [0049.767] lstrcmpiW (lpString1="safebrowsing", lpString2="..") returned 1 [0049.767] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing") returned 102 [0049.767] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.767] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" [0049.767] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*" [0049.767] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.768] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.768] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.769] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.769] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.769] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.769] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.769] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.769] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.769] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.769] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.769] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.769] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.769] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.769] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.769] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x825fd7f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x825fd7f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x825fd7f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="test-malware-simple.cache", cAlternateFileName="TEST-M~1.CAC")) returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.cache", lpString2="Windows") returned -1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.cache", lpString2="Program Files") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.cache", lpString2="Program Files (x86)") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.cache", lpString2="$Recycle.bin") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.cache", lpString2="System Volume Information") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.cache", lpString2=".") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.cache", lpString2="..") returned 1 [0049.769] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache") returned 128 [0049.769] StrStrIW (lpFirst="test-malware-simple.cache", lpSrch=".lolkek") returned 0x0 [0049.769] lstrcmpW (lpString1="test-malware-simple.cache", lpString2="LOLKEK.txt") returned 1 [0049.769] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache") returned 128 [0049.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x204) returned 0x5c7ef8 [0049.769] lstrcpyW (in: lpString1=0x5c7ef8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" [0049.769] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.769] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.769] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8234ff30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="test-malware-simple.pset", cAlternateFileName="TEST-M~1.PSE")) returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.pset", lpString2="Windows") returned -1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.pset", lpString2="Program Files") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.pset", lpString2="Program Files (x86)") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.pset", lpString2="$Recycle.bin") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.pset", lpString2="System Volume Information") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.pset", lpString2=".") returned 1 [0049.769] lstrcmpiW (lpString1="test-malware-simple.pset", lpString2="..") returned 1 [0049.769] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset") returned 127 [0049.769] StrStrIW (lpFirst="test-malware-simple.pset", lpSrch=".lolkek") returned 0x0 [0049.769] lstrcmpW (lpString1="test-malware-simple.pset", lpString2="LOLKEK.txt") returned 1 [0049.769] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset") returned 127 [0049.769] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x200) returned 0x3ea8c18 [0049.769] lstrcpyW (in: lpString1=0x3ea8c18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" [0049.769] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.769] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.769] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82376090, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="test-malware-simple.sbstore", cAlternateFileName="TEST-M~1.SBS")) returned 1 [0049.770] lstrcmpiW (lpString1="test-malware-simple.sbstore", lpString2="Windows") returned -1 [0049.770] lstrcmpiW (lpString1="test-malware-simple.sbstore", lpString2="Program Files") returned 1 [0049.770] lstrcmpiW (lpString1="test-malware-simple.sbstore", lpString2="Program Files (x86)") returned 1 [0049.770] lstrcmpiW (lpString1="test-malware-simple.sbstore", lpString2="$Recycle.bin") returned 1 [0049.770] lstrcmpiW (lpString1="test-malware-simple.sbstore", lpString2="System Volume Information") returned 1 [0049.770] lstrcmpiW (lpString1="test-malware-simple.sbstore", lpString2=".") returned 1 [0049.770] lstrcmpiW (lpString1="test-malware-simple.sbstore", lpString2="..") returned 1 [0049.770] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore") returned 130 [0049.770] StrStrIW (lpFirst="test-malware-simple.sbstore", lpSrch=".lolkek") returned 0x0 [0049.770] lstrcmpW (lpString1="test-malware-simple.sbstore", lpString2="LOLKEK.txt") returned 1 [0049.770] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore") returned 130 [0049.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x20c) returned 0x3ea8e20 [0049.770] lstrcpyW (in: lpString1=0x3ea8e20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" [0049.770] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.770] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.770] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82695d70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82695d70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82695d70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="test-phish-simple.cache", cAlternateFileName="TEST-P~1.CAC")) returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.cache", lpString2="Windows") returned -1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.cache", lpString2="Program Files") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.cache", lpString2="Program Files (x86)") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.cache", lpString2="$Recycle.bin") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.cache", lpString2="System Volume Information") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.cache", lpString2=".") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.cache", lpString2="..") returned 1 [0049.770] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache") returned 126 [0049.770] StrStrIW (lpFirst="test-phish-simple.cache", lpSrch=".lolkek") returned 0x0 [0049.770] lstrcmpW (lpString1="test-phish-simple.cache", lpString2="LOLKEK.txt") returned 1 [0049.770] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache") returned 126 [0049.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x3ea9038 [0049.770] lstrcpyW (in: lpString1=0x3ea9038, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" [0049.770] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.770] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.770] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="test-phish-simple.pset", cAlternateFileName="TEST-P~1.PSE")) returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.pset", lpString2="Windows") returned -1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.pset", lpString2="Program Files") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.pset", lpString2="Program Files (x86)") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.pset", lpString2="$Recycle.bin") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.pset", lpString2="System Volume Information") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.pset", lpString2=".") returned 1 [0049.770] lstrcmpiW (lpString1="test-phish-simple.pset", lpString2="..") returned 1 [0049.770] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset") returned 125 [0049.770] StrStrIW (lpFirst="test-phish-simple.pset", lpSrch=".lolkek") returned 0x0 [0049.770] lstrcmpW (lpString1="test-phish-simple.pset", lpString2="LOLKEK.txt") returned 1 [0049.770] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset") returned 125 [0049.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f8) returned 0x3ea9240 [0049.770] lstrcpyW (in: lpString1=0x3ea9240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" [0049.770] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.771] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.771] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82649ab0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82649ab0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="test-phish-simple.sbstore", cAlternateFileName="TEST-P~1.SBS")) returned 1 [0049.771] lstrcmpiW (lpString1="test-phish-simple.sbstore", lpString2="Windows") returned -1 [0049.771] lstrcmpiW (lpString1="test-phish-simple.sbstore", lpString2="Program Files") returned 1 [0049.771] lstrcmpiW (lpString1="test-phish-simple.sbstore", lpString2="Program Files (x86)") returned 1 [0049.771] lstrcmpiW (lpString1="test-phish-simple.sbstore", lpString2="$Recycle.bin") returned 1 [0049.771] lstrcmpiW (lpString1="test-phish-simple.sbstore", lpString2="System Volume Information") returned 1 [0049.771] lstrcmpiW (lpString1="test-phish-simple.sbstore", lpString2=".") returned 1 [0049.771] lstrcmpiW (lpString1="test-phish-simple.sbstore", lpString2="..") returned 1 [0049.771] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore") returned 128 [0049.771] StrStrIW (lpFirst="test-phish-simple.sbstore", lpSrch=".lolkek") returned 0x0 [0049.771] lstrcmpW (lpString1="test-phish-simple.sbstore", lpString2="LOLKEK.txt") returned 1 [0049.771] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore") returned 128 [0049.771] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x204) returned 0x5c8120 [0049.771] lstrcpyW (in: lpString1=0x5c8120, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" [0049.771] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.771] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.771] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82649ab0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82649ab0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="test-phish-simple.sbstore", cAlternateFileName="TEST-P~1.SBS")) returned 0 [0049.771] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.771] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\LOLKEK.txt") returned 113 [0049.771] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.772] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.772] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.774] CloseHandle (hObject=0x1b4) returned 1 [0049.774] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.774] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="startupCache", cAlternateFileName="STARTU~1")) returned 1 [0049.774] lstrcmpiW (lpString1="startupCache", lpString2="Windows") returned -1 [0049.774] lstrcmpiW (lpString1="startupCache", lpString2="Program Files") returned 1 [0049.774] lstrcmpiW (lpString1="startupCache", lpString2="Program Files (x86)") returned 1 [0049.774] lstrcmpiW (lpString1="startupCache", lpString2="$Recycle.bin") returned 1 [0049.774] lstrcmpiW (lpString1="startupCache", lpString2="System Volume Information") returned -1 [0049.774] lstrcmpiW (lpString1="startupCache", lpString2=".") returned 1 [0049.774] lstrcmpiW (lpString1="startupCache", lpString2="..") returned 1 [0049.774] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache") returned 102 [0049.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.774] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" [0049.774] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*" [0049.774] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.775] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.775] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.775] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.775] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.775] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.775] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.775] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.775] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.775] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.775] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.775] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.775] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.775] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.775] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.775] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x854b47b0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe59f6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="startupCache.4.little", cAlternateFileName="STARTU~1.LIT")) returned 1 [0049.775] lstrcmpiW (lpString1="startupCache.4.little", lpString2="Windows") returned -1 [0049.775] lstrcmpiW (lpString1="startupCache.4.little", lpString2="Program Files") returned 1 [0049.775] lstrcmpiW (lpString1="startupCache.4.little", lpString2="Program Files (x86)") returned 1 [0049.775] lstrcmpiW (lpString1="startupCache.4.little", lpString2="$Recycle.bin") returned 1 [0049.775] lstrcmpiW (lpString1="startupCache.4.little", lpString2="System Volume Information") returned -1 [0049.775] lstrcmpiW (lpString1="startupCache.4.little", lpString2=".") returned 1 [0049.775] lstrcmpiW (lpString1="startupCache.4.little", lpString2="..") returned 1 [0049.775] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little") returned 124 [0049.775] StrStrIW (lpFirst="startupCache.4.little", lpSrch=".lolkek") returned 0x0 [0049.775] lstrcmpW (lpString1="startupCache.4.little", lpString2="LOLKEK.txt") returned 1 [0049.775] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little") returned 124 [0049.775] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f4) returned 0x3ea9440 [0049.775] lstrcpyW (in: lpString1=0x3ea9440, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" [0049.775] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.775] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.775] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x854b47b0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe59f6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="startupCache.4.little", cAlternateFileName="STARTU~1.LIT")) returned 0 [0049.775] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.775] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\LOLKEK.txt") returned 113 [0049.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.776] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.776] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.777] CloseHandle (hObject=0x270) returned 1 [0049.778] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.778] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="thumbnails", cAlternateFileName="THUMBN~1")) returned 1 [0049.778] lstrcmpiW (lpString1="thumbnails", lpString2="Windows") returned -1 [0049.778] lstrcmpiW (lpString1="thumbnails", lpString2="Program Files") returned 1 [0049.778] lstrcmpiW (lpString1="thumbnails", lpString2="Program Files (x86)") returned 1 [0049.778] lstrcmpiW (lpString1="thumbnails", lpString2="$Recycle.bin") returned 1 [0049.778] lstrcmpiW (lpString1="thumbnails", lpString2="System Volume Information") returned 1 [0049.778] lstrcmpiW (lpString1="thumbnails", lpString2=".") returned 1 [0049.778] lstrcmpiW (lpString1="thumbnails", lpString2="..") returned 1 [0049.778] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails") returned 100 [0049.778] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.778] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" [0049.778] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*" [0049.778] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.780] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.780] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.780] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.780] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.780] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.780] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.780] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.780] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.780] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.780] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.780] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.780] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.780] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.780] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.780] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83cc0a50, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83cc0a50, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4cc87c1409819bf06f42b782d4902b2f.png", cAlternateFileName="4CC87C~1.PNG")) returned 1 [0049.780] lstrcmpiW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2="Windows") returned -1 [0049.780] lstrcmpiW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2="Program Files") returned -1 [0049.780] lstrcmpiW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2="Program Files (x86)") returned -1 [0049.780] lstrcmpiW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2="$Recycle.bin") returned 1 [0049.780] lstrcmpiW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2="System Volume Information") returned -1 [0049.780] lstrcmpiW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2=".") returned 1 [0049.780] lstrcmpiW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2="..") returned 1 [0049.780] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png") returned 137 [0049.780] StrStrIW (lpFirst="4cc87c1409819bf06f42b782d4902b2f.png", lpSrch=".lolkek") returned 0x0 [0049.780] lstrcmpW (lpString1="4cc87c1409819bf06f42b782d4902b2f.png", lpString2="LOLKEK.txt") returned -1 [0049.780] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png") returned 137 [0049.780] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eadff8 [0049.780] lstrcpyW (in: lpString1=0x3eadff8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" [0049.780] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.780] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.780] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83ce6bb0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ba182bcd131f1f3c6b6fbbb1ba078341.png", cAlternateFileName="BA182B~1.PNG")) returned 1 [0049.780] lstrcmpiW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2="Windows") returned -1 [0049.780] lstrcmpiW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2="Program Files") returned -1 [0049.780] lstrcmpiW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2="Program Files (x86)") returned -1 [0049.781] lstrcmpiW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2="$Recycle.bin") returned 1 [0049.781] lstrcmpiW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2="System Volume Information") returned -1 [0049.781] lstrcmpiW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2=".") returned 1 [0049.781] lstrcmpiW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2="..") returned 1 [0049.781] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png") returned 137 [0049.781] StrStrIW (lpFirst="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpSrch=".lolkek") returned 0x0 [0049.781] lstrcmpW (lpString1="ba182bcd131f1f3c6b6fbbb1ba078341.png", lpString2="LOLKEK.txt") returned -1 [0049.781] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png") returned 137 [0049.781] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eae6d0 [0049.781] lstrcpyW (in: lpString1=0x3eae6d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" [0049.781] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.781] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.781] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ce8c0453589216a67cddb50284fbfe8d.png", cAlternateFileName="CE8C04~1.PNG")) returned 1 [0049.781] lstrcmpiW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2="Windows") returned -1 [0049.781] lstrcmpiW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2="Program Files") returned -1 [0049.781] lstrcmpiW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2="Program Files (x86)") returned -1 [0049.781] lstrcmpiW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2="$Recycle.bin") returned 1 [0049.781] lstrcmpiW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2="System Volume Information") returned -1 [0049.781] lstrcmpiW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2=".") returned 1 [0049.781] lstrcmpiW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2="..") returned 1 [0049.781] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png") returned 137 [0049.781] StrStrIW (lpFirst="ce8c0453589216a67cddb50284fbfe8d.png", lpSrch=".lolkek") returned 0x0 [0049.781] lstrcmpW (lpString1="ce8c0453589216a67cddb50284fbfe8d.png", lpString2="LOLKEK.txt") returned -1 [0049.781] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png") returned 137 [0049.781] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eae918 [0049.781] lstrcpyW (in: lpString1=0x3eae918, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" [0049.781] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.781] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.781] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ce8c0453589216a67cddb50284fbfe8d.png", cAlternateFileName="CE8C04~1.PNG")) returned 0 [0049.781] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.782] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\LOLKEK.txt") returned 111 [0049.782] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.783] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.783] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.783] CloseHandle (hObject=0x270) returned 1 [0049.783] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.783] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_CACHE_CLEAN_", cAlternateFileName="_CACHE~1")) returned 1 [0049.783] lstrcmpiW (lpString1="_CACHE_CLEAN_", lpString2="Windows") returned -1 [0049.783] lstrcmpiW (lpString1="_CACHE_CLEAN_", lpString2="Program Files") returned -1 [0049.783] lstrcmpiW (lpString1="_CACHE_CLEAN_", lpString2="Program Files (x86)") returned -1 [0049.783] lstrcmpiW (lpString1="_CACHE_CLEAN_", lpString2="$Recycle.bin") returned 1 [0049.784] lstrcmpiW (lpString1="_CACHE_CLEAN_", lpString2="System Volume Information") returned -1 [0049.784] lstrcmpiW (lpString1="_CACHE_CLEAN_", lpString2=".") returned 1 [0049.784] lstrcmpiW (lpString1="_CACHE_CLEAN_", lpString2="..") returned 1 [0049.784] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_") returned 103 [0049.784] StrStrIW (lpFirst="_CACHE_CLEAN_", lpSrch=".lolkek") returned 0x0 [0049.784] lstrcmpW (lpString1="_CACHE_CLEAN_", lpString2="LOLKEK.txt") returned -1 [0049.784] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_") returned 103 [0049.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x3ea9640 [0049.784] lstrcpyW (in: lpString1=0x3ea9640, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" [0049.784] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.784] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.784] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_CACHE_CLEAN_", cAlternateFileName="_CACHE~1")) returned 0 [0049.784] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.784] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\LOLKEK.txt") returned 100 [0049.784] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.784] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.784] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.785] CloseHandle (hObject=0x280) returned 1 [0049.785] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.785] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0049.785] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.785] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\LOLKEK.txt") returned 83 [0049.785] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.785] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.785] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.786] CloseHandle (hObject=0x268) returned 1 [0049.786] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.786] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 0 [0049.786] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.786] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\LOLKEK.txt") returned 74 [0049.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.786] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.786] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.787] CloseHandle (hObject=0x25c) returned 1 [0049.787] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.788] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="updates", cAlternateFileName="")) returned 1 [0049.788] lstrcmpiW (lpString1="updates", lpString2="Windows") returned -1 [0049.788] lstrcmpiW (lpString1="updates", lpString2="Program Files") returned 1 [0049.788] lstrcmpiW (lpString1="updates", lpString2="Program Files (x86)") returned 1 [0049.788] lstrcmpiW (lpString1="updates", lpString2="$Recycle.bin") returned 1 [0049.788] lstrcmpiW (lpString1="updates", lpString2="System Volume Information") returned 1 [0049.788] lstrcmpiW (lpString1="updates", lpString2=".") returned 1 [0049.788] lstrcmpiW (lpString1="updates", lpString2="..") returned 1 [0049.788] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates") returned 63 [0049.788] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.789] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates" [0049.789] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\*" [0049.789] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.789] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.789] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.789] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.789] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.789] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.789] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.789] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.789] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.789] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.789] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.789] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.789] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.789] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.790] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.790] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E7CF176E110C211B", cAlternateFileName="E7CF17~1")) returned 1 [0049.790] lstrcmpiW (lpString1="E7CF176E110C211B", lpString2="Windows") returned -1 [0049.790] lstrcmpiW (lpString1="E7CF176E110C211B", lpString2="Program Files") returned -1 [0049.790] lstrcmpiW (lpString1="E7CF176E110C211B", lpString2="Program Files (x86)") returned -1 [0049.790] lstrcmpiW (lpString1="E7CF176E110C211B", lpString2="$Recycle.bin") returned 1 [0049.790] lstrcmpiW (lpString1="E7CF176E110C211B", lpString2="System Volume Information") returned -1 [0049.790] lstrcmpiW (lpString1="E7CF176E110C211B", lpString2=".") returned 1 [0049.790] lstrcmpiW (lpString1="E7CF176E110C211B", lpString2="..") returned 1 [0049.790] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B") returned 80 [0049.790] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.790] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B" [0049.790] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\*" [0049.790] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.793] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.793] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.793] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.793] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.793] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.793] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.793] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.793] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.793] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.793] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.793] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.793] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.793] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.793] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.793] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a2b6d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x464, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="active-update.xml", cAlternateFileName="ACTIVE~1.XML")) returned 1 [0049.793] lstrcmpiW (lpString1="active-update.xml", lpString2="Windows") returned -1 [0049.794] lstrcmpiW (lpString1="active-update.xml", lpString2="Program Files") returned -1 [0049.794] lstrcmpiW (lpString1="active-update.xml", lpString2="Program Files (x86)") returned -1 [0049.794] lstrcmpiW (lpString1="active-update.xml", lpString2="$Recycle.bin") returned 1 [0049.794] lstrcmpiW (lpString1="active-update.xml", lpString2="System Volume Information") returned -1 [0049.794] lstrcmpiW (lpString1="active-update.xml", lpString2=".") returned 1 [0049.794] lstrcmpiW (lpString1="active-update.xml", lpString2="..") returned 1 [0049.794] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml") returned 98 [0049.794] StrStrIW (lpFirst="active-update.xml", lpSrch=".lolkek") returned 0x0 [0049.794] lstrcmpW (lpString1="active-update.xml", lpString2="LOLKEK.txt") returned -1 [0049.794] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml") returned 98 [0049.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3ea97e8 [0049.794] lstrcpyW (in: lpString1=0x3ea97e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" [0049.794] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.794] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.794] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="updates", cAlternateFileName="")) returned 1 [0049.794] lstrcmpiW (lpString1="updates", lpString2="Windows") returned -1 [0049.794] lstrcmpiW (lpString1="updates", lpString2="Program Files") returned 1 [0049.794] lstrcmpiW (lpString1="updates", lpString2="Program Files (x86)") returned 1 [0049.794] lstrcmpiW (lpString1="updates", lpString2="$Recycle.bin") returned 1 [0049.794] lstrcmpiW (lpString1="updates", lpString2="System Volume Information") returned 1 [0049.794] lstrcmpiW (lpString1="updates", lpString2=".") returned 1 [0049.794] lstrcmpiW (lpString1="updates", lpString2="..") returned 1 [0049.794] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates") returned 88 [0049.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0049.794] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates" [0049.794] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*" [0049.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.795] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.795] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.795] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.795] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.795] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.795] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.795] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.795] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.795] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.795] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.795] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.795] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.795] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.795] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.795] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0", cAlternateFileName="")) returned 1 [0049.795] lstrcmpiW (lpString1="0", lpString2="Windows") returned -1 [0049.795] lstrcmpiW (lpString1="0", lpString2="Program Files") returned -1 [0049.795] lstrcmpiW (lpString1="0", lpString2="Program Files (x86)") returned -1 [0049.795] lstrcmpiW (lpString1="0", lpString2="$Recycle.bin") returned 1 [0049.795] lstrcmpiW (lpString1="0", lpString2="System Volume Information") returned -1 [0049.795] lstrcmpiW (lpString1="0", lpString2=".") returned 1 [0049.795] lstrcmpiW (lpString1="0", lpString2="..") returned 1 [0049.795] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0") returned 90 [0049.795] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.796] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" [0049.796] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*" [0049.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.796] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.796] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.796] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.796] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.796] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.796] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.796] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.796] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.796] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.796] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.796] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.796] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.796] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.796] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.796] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x818016b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x927c0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="update.mar", cAlternateFileName="")) returned 1 [0049.796] lstrcmpiW (lpString1="update.mar", lpString2="Windows") returned -1 [0049.796] lstrcmpiW (lpString1="update.mar", lpString2="Program Files") returned 1 [0049.796] lstrcmpiW (lpString1="update.mar", lpString2="Program Files (x86)") returned 1 [0049.796] lstrcmpiW (lpString1="update.mar", lpString2="$Recycle.bin") returned 1 [0049.796] lstrcmpiW (lpString1="update.mar", lpString2="System Volume Information") returned 1 [0049.796] lstrcmpiW (lpString1="update.mar", lpString2=".") returned 1 [0049.796] lstrcmpiW (lpString1="update.mar", lpString2="..") returned 1 [0049.796] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar") returned 101 [0049.797] StrStrIW (lpFirst="update.mar", lpSrch=".lolkek") returned 0x0 [0049.797] lstrcmpW (lpString1="update.mar", lpString2="LOLKEK.txt") returned 1 [0049.797] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar") returned 101 [0049.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x198) returned 0x3ea9980 [0049.797] lstrcpyW (in: lpString1=0x3ea9980, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" [0049.797] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.797] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.797] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="update.status", cAlternateFileName="UPDATE~1.STA")) returned 1 [0049.797] lstrcmpiW (lpString1="update.status", lpString2="Windows") returned -1 [0049.797] lstrcmpiW (lpString1="update.status", lpString2="Program Files") returned 1 [0049.797] lstrcmpiW (lpString1="update.status", lpString2="Program Files (x86)") returned 1 [0049.797] lstrcmpiW (lpString1="update.status", lpString2="$Recycle.bin") returned 1 [0049.797] lstrcmpiW (lpString1="update.status", lpString2="System Volume Information") returned 1 [0049.797] lstrcmpiW (lpString1="update.status", lpString2=".") returned 1 [0049.797] lstrcmpiW (lpString1="update.status", lpString2="..") returned 1 [0049.797] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status") returned 104 [0049.797] StrStrIW (lpFirst="update.status", lpSrch=".lolkek") returned 0x0 [0049.797] lstrcmpW (lpString1="update.status", lpString2="LOLKEK.txt") returned 1 [0049.797] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status") returned 104 [0049.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3e3dc70 [0049.797] lstrcpyW (in: lpString1=0x3e3dc70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" [0049.797] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.797] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.797] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="update.status", cAlternateFileName="UPDATE~1.STA")) returned 0 [0049.797] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.797] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\LOLKEK.txt") returned 101 [0049.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.798] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.798] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.798] CloseHandle (hObject=0x280) returned 1 [0049.798] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.798] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0", cAlternateFileName="")) returned 0 [0049.798] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.798] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\LOLKEK.txt") returned 99 [0049.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.799] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.799] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.800] CloseHandle (hObject=0x290) returned 1 [0049.800] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0049.800] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="updates.xml", cAlternateFileName="")) returned 1 [0049.800] lstrcmpiW (lpString1="updates.xml", lpString2="Windows") returned -1 [0049.800] lstrcmpiW (lpString1="updates.xml", lpString2="Program Files") returned 1 [0049.800] lstrcmpiW (lpString1="updates.xml", lpString2="Program Files (x86)") returned 1 [0049.800] lstrcmpiW (lpString1="updates.xml", lpString2="$Recycle.bin") returned 1 [0049.800] lstrcmpiW (lpString1="updates.xml", lpString2="System Volume Information") returned 1 [0049.800] lstrcmpiW (lpString1="updates.xml", lpString2=".") returned 1 [0049.800] lstrcmpiW (lpString1="updates.xml", lpString2="..") returned 1 [0049.800] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml") returned 92 [0049.800] StrStrIW (lpFirst="updates.xml", lpSrch=".lolkek") returned 0x0 [0049.800] lstrcmpW (lpString1="updates.xml", lpString2="LOLKEK.txt") returned 1 [0049.800] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml") returned 92 [0049.800] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x3e3de20 [0049.800] lstrcpyW (in: lpString1=0x3e3de20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" [0049.800] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.800] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.800] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="updates.xml", cAlternateFileName="")) returned 0 [0049.800] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.800] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\LOLKEK.txt") returned 91 [0049.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.801] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.801] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.801] CloseHandle (hObject=0x268) returned 1 [0049.801] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.801] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E7CF176E110C211B", cAlternateFileName="E7CF17~1")) returned 0 [0049.801] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.801] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\LOLKEK.txt") returned 74 [0049.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.802] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.802] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.802] CloseHandle (hObject=0x25c) returned 1 [0049.802] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.803] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="updates", cAlternateFileName="")) returned 0 [0049.803] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0049.803] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\LOLKEK.txt") returned 66 [0049.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0049.804] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.804] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0049.804] CloseHandle (hObject=0x24c) returned 1 [0049.804] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.804] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b564200, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x2b564200, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 1 [0049.804] lstrcmpiW (lpString1="Temp", lpString2="Windows") returned -1 [0049.804] lstrcmpiW (lpString1="Temp", lpString2="Program Files") returned 1 [0049.804] lstrcmpiW (lpString1="Temp", lpString2="Program Files (x86)") returned 1 [0049.804] lstrcmpiW (lpString1="Temp", lpString2="$Recycle.bin") returned 1 [0049.804] lstrcmpiW (lpString1="Temp", lpString2="System Volume Information") returned 1 [0049.804] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0049.804] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0049.804] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned 52 [0049.804] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.805] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp" [0049.805] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\*" [0049.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b564200, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x2b564200, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0049.805] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.805] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.805] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.805] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.805] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.805] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.805] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b564200, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x2b564200, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.805] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.805] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.805] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.805] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.805] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.805] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.805] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.805] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9adbd650, ftCreationTime.dwHighDateTime=0x1d629bb, ftLastAccessTime.dwLowDateTime=0x1317f2c0, ftLastAccessTime.dwHighDateTime=0x1d62999, ftLastWriteTime.dwLowDateTime=0x1317f2c0, ftLastWriteTime.dwHighDateTime=0x1d62999, nFileSizeHigh=0x0, nFileSizeLow=0x156e7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2hkL1gLVMdflH43TPZn.png", cAlternateFileName="2HKL1G~1.PNG")) returned 1 [0049.805] lstrcmpiW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2="Windows") returned -1 [0049.805] lstrcmpiW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2="Program Files") returned -1 [0049.805] lstrcmpiW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2="Program Files (x86)") returned -1 [0049.805] lstrcmpiW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2="$Recycle.bin") returned 1 [0049.805] lstrcmpiW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2="System Volume Information") returned -1 [0049.805] lstrcmpiW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2=".") returned 1 [0049.805] lstrcmpiW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2="..") returned 1 [0049.805] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png") returned 76 [0049.805] StrStrIW (lpFirst="2hkL1gLVMdflH43TPZn.png", lpSrch=".lolkek") returned 0x0 [0049.805] lstrcmpW (lpString1="2hkL1gLVMdflH43TPZn.png", lpString2="LOLKEK.txt") returned -1 [0049.805] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png") returned 76 [0049.805] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616ae0 [0049.805] lstrcpyW (in: lpString1=0x616ae0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2hkL1gLVMdflH43TPZn.png" [0049.805] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.805] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.805] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83cb5f40, ftCreationTime.dwHighDateTime=0x1d62d52, ftLastAccessTime.dwLowDateTime=0x2a232710, ftLastAccessTime.dwHighDateTime=0x1d6298e, ftLastWriteTime.dwLowDateTime=0x2a232710, ftLastWriteTime.dwHighDateTime=0x1d6298e, nFileSizeHigh=0x0, nFileSizeLow=0x16098, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2UfF.avi", cAlternateFileName="")) returned 1 [0049.805] lstrcmpiW (lpString1="2UfF.avi", lpString2="Windows") returned -1 [0049.805] lstrcmpiW (lpString1="2UfF.avi", lpString2="Program Files") returned -1 [0049.805] lstrcmpiW (lpString1="2UfF.avi", lpString2="Program Files (x86)") returned -1 [0049.805] lstrcmpiW (lpString1="2UfF.avi", lpString2="$Recycle.bin") returned 1 [0049.805] lstrcmpiW (lpString1="2UfF.avi", lpString2="System Volume Information") returned -1 [0049.805] lstrcmpiW (lpString1="2UfF.avi", lpString2=".") returned 1 [0049.805] lstrcmpiW (lpString1="2UfF.avi", lpString2="..") returned 1 [0049.805] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi") returned 61 [0049.805] StrStrIW (lpFirst="2UfF.avi", lpSrch=".lolkek") returned 0x0 [0049.805] lstrcmpW (lpString1="2UfF.avi", lpString2="LOLKEK.txt") returned -1 [0049.806] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi") returned 61 [0049.806] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0160 [0049.806] lstrcpyW (in: lpString1=0x3da0160, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2UfF.avi" [0049.806] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.806] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.806] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x236d7da0, ftCreationTime.dwHighDateTime=0x1d62f22, ftLastAccessTime.dwLowDateTime=0xbcf3e850, ftLastAccessTime.dwHighDateTime=0x1d62e24, ftLastWriteTime.dwLowDateTime=0xbcf3e850, ftLastWriteTime.dwHighDateTime=0x1d62e24, nFileSizeHigh=0x0, nFileSizeLow=0x4e40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3SZS7B3frx.pdf", cAlternateFileName="3SZS7B~1.PDF")) returned 1 [0049.806] lstrcmpiW (lpString1="3SZS7B3frx.pdf", lpString2="Windows") returned -1 [0049.806] lstrcmpiW (lpString1="3SZS7B3frx.pdf", lpString2="Program Files") returned -1 [0049.806] lstrcmpiW (lpString1="3SZS7B3frx.pdf", lpString2="Program Files (x86)") returned -1 [0049.806] lstrcmpiW (lpString1="3SZS7B3frx.pdf", lpString2="$Recycle.bin") returned 1 [0049.806] lstrcmpiW (lpString1="3SZS7B3frx.pdf", lpString2="System Volume Information") returned -1 [0049.806] lstrcmpiW (lpString1="3SZS7B3frx.pdf", lpString2=".") returned 1 [0049.806] lstrcmpiW (lpString1="3SZS7B3frx.pdf", lpString2="..") returned 1 [0049.806] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf") returned 67 [0049.806] StrStrIW (lpFirst="3SZS7B3frx.pdf", lpSrch=".lolkek") returned 0x0 [0049.806] lstrcmpW (lpString1="3SZS7B3frx.pdf", lpString2="LOLKEK.txt") returned -1 [0049.806] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf") returned 67 [0049.806] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x62e8c0 [0049.806] lstrcpyW (in: lpString1=0x62e8c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3SZS7B3frx.pdf" [0049.806] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.806] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.806] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf26fcbf0, ftCreationTime.dwHighDateTime=0x1d6324a, ftLastAccessTime.dwLowDateTime=0x106a4cb0, ftLastAccessTime.dwHighDateTime=0x1d63251, ftLastWriteTime.dwLowDateTime=0x106a4cb0, ftLastWriteTime.dwHighDateTime=0x1d63251, nFileSizeHigh=0x0, nFileSizeLow=0x20c3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4Bezmj0.m4a", cAlternateFileName="")) returned 1 [0049.806] lstrcmpiW (lpString1="4Bezmj0.m4a", lpString2="Windows") returned -1 [0049.806] lstrcmpiW (lpString1="4Bezmj0.m4a", lpString2="Program Files") returned -1 [0049.806] lstrcmpiW (lpString1="4Bezmj0.m4a", lpString2="Program Files (x86)") returned -1 [0049.806] lstrcmpiW (lpString1="4Bezmj0.m4a", lpString2="$Recycle.bin") returned 1 [0049.806] lstrcmpiW (lpString1="4Bezmj0.m4a", lpString2="System Volume Information") returned -1 [0049.806] lstrcmpiW (lpString1="4Bezmj0.m4a", lpString2=".") returned 1 [0049.806] lstrcmpiW (lpString1="4Bezmj0.m4a", lpString2="..") returned 1 [0049.806] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a") returned 64 [0049.806] StrStrIW (lpFirst="4Bezmj0.m4a", lpSrch=".lolkek") returned 0x0 [0049.806] lstrcmpW (lpString1="4Bezmj0.m4a", lpString2="LOLKEK.txt") returned -1 [0049.806] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a") returned 64 [0049.806] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x6111b0 [0049.806] lstrcpyW (in: lpString1=0x6111b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\4Bezmj0.m4a" [0049.806] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.806] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.806] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef446750, ftCreationTime.dwHighDateTime=0x1d63223, ftLastAccessTime.dwLowDateTime=0x983ed760, ftLastAccessTime.dwHighDateTime=0x1d62986, ftLastWriteTime.dwLowDateTime=0x983ed760, ftLastWriteTime.dwHighDateTime=0x1d62986, nFileSizeHigh=0x0, nFileSizeLow=0x14b47, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="74HO21z5ys6PqTASUbS.gif", cAlternateFileName="74HO21~1.GIF")) returned 1 [0049.806] lstrcmpiW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2="Windows") returned -1 [0049.806] lstrcmpiW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2="Program Files") returned -1 [0049.806] lstrcmpiW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2="Program Files (x86)") returned -1 [0049.806] lstrcmpiW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2="$Recycle.bin") returned 1 [0049.806] lstrcmpiW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2="System Volume Information") returned -1 [0049.806] lstrcmpiW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2=".") returned 1 [0049.806] lstrcmpiW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2="..") returned 1 [0049.807] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif") returned 76 [0049.807] StrStrIW (lpFirst="74HO21z5ys6PqTASUbS.gif", lpSrch=".lolkek") returned 0x0 [0049.807] lstrcmpW (lpString1="74HO21z5ys6PqTASUbS.gif", lpString2="LOLKEK.txt") returned -1 [0049.807] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif") returned 76 [0049.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616708 [0049.807] lstrcpyW (in: lpString1=0x616708, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\74HO21z5ys6PqTASUbS.gif" [0049.807] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.807] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.807] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a0318e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x6a0318e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x55dbb940, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x5fe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdobeARM.log", cAlternateFileName="")) returned 1 [0049.807] lstrcmpiW (lpString1="AdobeARM.log", lpString2="Windows") returned -1 [0049.807] lstrcmpiW (lpString1="AdobeARM.log", lpString2="Program Files") returned -1 [0049.807] lstrcmpiW (lpString1="AdobeARM.log", lpString2="Program Files (x86)") returned -1 [0049.807] lstrcmpiW (lpString1="AdobeARM.log", lpString2="$Recycle.bin") returned 1 [0049.807] lstrcmpiW (lpString1="AdobeARM.log", lpString2="System Volume Information") returned -1 [0049.807] lstrcmpiW (lpString1="AdobeARM.log", lpString2=".") returned 1 [0049.807] lstrcmpiW (lpString1="AdobeARM.log", lpString2="..") returned 1 [0049.807] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log") returned 65 [0049.807] StrStrIW (lpFirst="AdobeARM.log", lpSrch=".lolkek") returned 0x0 [0049.807] lstrcmpW (lpString1="AdobeARM.log", lpString2="LOLKEK.txt") returned -1 [0049.807] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log") returned 65 [0049.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x6112c8 [0049.807] lstrcpyW (in: lpString1=0x6112c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" [0049.807] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.807] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.807] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac745a70, ftCreationTime.dwHighDateTime=0x1d6246d, ftLastAccessTime.dwLowDateTime=0x8a8a0370, ftLastAccessTime.dwHighDateTime=0x1d62e8f, ftLastWriteTime.dwLowDateTime=0x8a8a0370, ftLastWriteTime.dwHighDateTime=0x1d62e8f, nFileSizeHigh=0x0, nFileSizeLow=0xa94a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="akmmAmCw3hfnAeyn9.wav", cAlternateFileName="AKMMAM~1.WAV")) returned 1 [0049.807] lstrcmpiW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2="Windows") returned -1 [0049.807] lstrcmpiW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2="Program Files") returned -1 [0049.807] lstrcmpiW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2="Program Files (x86)") returned -1 [0049.807] lstrcmpiW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2="$Recycle.bin") returned 1 [0049.807] lstrcmpiW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2="System Volume Information") returned -1 [0049.807] lstrcmpiW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2=".") returned 1 [0049.807] lstrcmpiW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2="..") returned 1 [0049.807] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav") returned 74 [0049.807] StrStrIW (lpFirst="akmmAmCw3hfnAeyn9.wav", lpSrch=".lolkek") returned 0x0 [0049.807] lstrcmpW (lpString1="akmmAmCw3hfnAeyn9.wav", lpString2="LOLKEK.txt") returned -1 [0049.807] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav") returned 74 [0049.807] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3ca67a0 [0049.807] lstrcpyW (in: lpString1=0x3ca67a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\akmmAmCw3hfnAeyn9.wav" [0049.807] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.807] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.807] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6be9bb00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x6be9bb00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x6be9bb00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bst449D.tmp", cAlternateFileName="")) returned 1 [0049.807] lstrcmpiW (lpString1="bst449D.tmp", lpString2="Windows") returned -1 [0049.807] lstrcmpiW (lpString1="bst449D.tmp", lpString2="Program Files") returned -1 [0049.807] lstrcmpiW (lpString1="bst449D.tmp", lpString2="Program Files (x86)") returned -1 [0049.807] lstrcmpiW (lpString1="bst449D.tmp", lpString2="$Recycle.bin") returned 1 [0049.807] lstrcmpiW (lpString1="bst449D.tmp", lpString2="System Volume Information") returned -1 [0049.808] lstrcmpiW (lpString1="bst449D.tmp", lpString2=".") returned 1 [0049.808] lstrcmpiW (lpString1="bst449D.tmp", lpString2="..") returned 1 [0049.808] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp") returned 64 [0049.808] StrStrIW (lpFirst="bst449D.tmp", lpSrch=".lolkek") returned 0x0 [0049.808] lstrcmpW (lpString1="bst449D.tmp", lpString2="LOLKEK.txt") returned -1 [0049.808] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp") returned 64 [0049.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x6113e0 [0049.808] lstrcpyW (in: lpString1=0x6113e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" [0049.808] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.808] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.808] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2658e4a0, ftCreationTime.dwHighDateTime=0x1d62428, ftLastAccessTime.dwLowDateTime=0xfe20a70, ftLastAccessTime.dwHighDateTime=0x1d6304f, ftLastWriteTime.dwLowDateTime=0xfe20a70, ftLastWriteTime.dwHighDateTime=0x1d6304f, nFileSizeHigh=0x0, nFileSizeLow=0x8156, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="c-4hWjuvmkP3tA9_9DNT.mkv", cAlternateFileName="C-4HWJ~1.MKV")) returned 1 [0049.808] lstrcmpiW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2="Windows") returned -1 [0049.808] lstrcmpiW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2="Program Files") returned -1 [0049.808] lstrcmpiW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2="Program Files (x86)") returned -1 [0049.808] lstrcmpiW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2="$Recycle.bin") returned 1 [0049.808] lstrcmpiW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2="System Volume Information") returned -1 [0049.808] lstrcmpiW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2=".") returned 1 [0049.808] lstrcmpiW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2="..") returned 1 [0049.808] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv") returned 77 [0049.808] StrStrIW (lpFirst="c-4hWjuvmkP3tA9_9DNT.mkv", lpSrch=".lolkek") returned 0x0 [0049.808] lstrcmpW (lpString1="c-4hWjuvmkP3tA9_9DNT.mkv", lpString2="LOLKEK.txt") returned -1 [0049.808] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv") returned 77 [0049.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x6165c0 [0049.808] lstrcpyW (in: lpString1=0x6165c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\c-4hWjuvmkP3tA9_9DNT.mkv" [0049.808] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.808] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.808] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x482f14d0, ftCreationTime.dwHighDateTime=0x1d63217, ftLastAccessTime.dwLowDateTime=0x27c284e0, ftLastAccessTime.dwHighDateTime=0x1d62a09, ftLastWriteTime.dwLowDateTime=0x27c284e0, ftLastWriteTime.dwHighDateTime=0x1d62a09, nFileSizeHigh=0x0, nFileSizeLow=0x12034, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cGPtr0R.wav", cAlternateFileName="")) returned 1 [0049.808] lstrcmpiW (lpString1="cGPtr0R.wav", lpString2="Windows") returned -1 [0049.808] lstrcmpiW (lpString1="cGPtr0R.wav", lpString2="Program Files") returned -1 [0049.808] lstrcmpiW (lpString1="cGPtr0R.wav", lpString2="Program Files (x86)") returned -1 [0049.808] lstrcmpiW (lpString1="cGPtr0R.wav", lpString2="$Recycle.bin") returned 1 [0049.808] lstrcmpiW (lpString1="cGPtr0R.wav", lpString2="System Volume Information") returned -1 [0049.808] lstrcmpiW (lpString1="cGPtr0R.wav", lpString2=".") returned 1 [0049.808] lstrcmpiW (lpString1="cGPtr0R.wav", lpString2="..") returned 1 [0049.808] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav") returned 64 [0049.808] StrStrIW (lpFirst="cGPtr0R.wav", lpSrch=".lolkek") returned 0x0 [0049.808] lstrcmpW (lpString1="cGPtr0R.wav", lpString2="LOLKEK.txt") returned -1 [0049.808] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav") returned 64 [0049.808] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x6114f8 [0049.808] lstrcpyW (in: lpString1=0x6114f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\cGPtr0R.wav" [0049.808] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.808] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.808] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0049.808] lstrcmpiW (lpString1="Cookies", lpString2="Windows") returned -1 [0049.809] lstrcmpiW (lpString1="Cookies", lpString2="Program Files") returned -1 [0049.809] lstrcmpiW (lpString1="Cookies", lpString2="Program Files (x86)") returned -1 [0049.809] lstrcmpiW (lpString1="Cookies", lpString2="$Recycle.bin") returned 1 [0049.809] lstrcmpiW (lpString1="Cookies", lpString2="System Volume Information") returned -1 [0049.809] lstrcmpiW (lpString1="Cookies", lpString2=".") returned 1 [0049.809] lstrcmpiW (lpString1="Cookies", lpString2="..") returned 1 [0049.809] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies") returned 60 [0049.809] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.809] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies" [0049.809] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\*" [0049.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.810] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.810] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.810] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.810] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.810] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.810] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.810] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.810] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.810] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.810] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.810] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.810] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.810] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.810] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.810] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0049.810] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0049.810] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0049.810] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0049.810] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0049.810] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0049.810] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0049.810] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0049.810] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat") returned 70 [0049.810] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0049.810] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0049.810] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat") returned 70 [0049.810] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3e3ee78 [0049.810] lstrcpyW (in: lpString1=0x3e3ee78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" [0049.810] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.811] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.811] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 0 [0049.811] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.811] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\LOLKEK.txt") returned 71 [0049.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.811] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.811] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.812] CloseHandle (hObject=0x25c) returned 1 [0049.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.812] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44316ef0, ftCreationTime.dwHighDateTime=0x1d62e75, ftLastAccessTime.dwLowDateTime=0xad9f43a0, ftLastAccessTime.dwHighDateTime=0x1d62a04, ftLastWriteTime.dwLowDateTime=0xad9f43a0, ftLastWriteTime.dwHighDateTime=0x1d62a04, nFileSizeHigh=0x0, nFileSizeLow=0xb023, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="d8eeK3LHS.mp3", cAlternateFileName="D8EEK3~1.MP3")) returned 1 [0049.812] lstrcmpiW (lpString1="d8eeK3LHS.mp3", lpString2="Windows") returned -1 [0049.812] lstrcmpiW (lpString1="d8eeK3LHS.mp3", lpString2="Program Files") returned -1 [0049.812] lstrcmpiW (lpString1="d8eeK3LHS.mp3", lpString2="Program Files (x86)") returned -1 [0049.812] lstrcmpiW (lpString1="d8eeK3LHS.mp3", lpString2="$Recycle.bin") returned 1 [0049.812] lstrcmpiW (lpString1="d8eeK3LHS.mp3", lpString2="System Volume Information") returned -1 [0049.812] lstrcmpiW (lpString1="d8eeK3LHS.mp3", lpString2=".") returned 1 [0049.812] lstrcmpiW (lpString1="d8eeK3LHS.mp3", lpString2="..") returned 1 [0049.812] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3") returned 66 [0049.812] StrStrIW (lpFirst="d8eeK3LHS.mp3", lpSrch=".lolkek") returned 0x0 [0049.813] lstrcmpW (lpString1="d8eeK3LHS.mp3", lpString2="LOLKEK.txt") returned -1 [0049.813] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3") returned 66 [0049.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x3c94c18 [0049.813] lstrcpyW (in: lpString1=0x3c94c18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\d8eeK3LHS.mp3" [0049.813] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.813] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.813] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c48d260, ftCreationTime.dwHighDateTime=0x1d6305b, ftLastAccessTime.dwLowDateTime=0x122873a0, ftLastAccessTime.dwHighDateTime=0x1d632a2, ftLastWriteTime.dwLowDateTime=0x122873a0, ftLastWriteTime.dwHighDateTime=0x1d632a2, nFileSizeHigh=0x0, nFileSizeLow=0x14106, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="e2TAN4as0xN0qXRJt.bmp", cAlternateFileName="E2TAN4~1.BMP")) returned 1 [0049.813] lstrcmpiW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2="Windows") returned -1 [0049.813] lstrcmpiW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2="Program Files") returned -1 [0049.813] lstrcmpiW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2="Program Files (x86)") returned -1 [0049.813] lstrcmpiW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2="$Recycle.bin") returned 1 [0049.813] lstrcmpiW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2="System Volume Information") returned -1 [0049.813] lstrcmpiW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2=".") returned 1 [0049.813] lstrcmpiW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2="..") returned 1 [0049.813] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp") returned 74 [0049.813] StrStrIW (lpFirst="e2TAN4as0xN0qXRJt.bmp", lpSrch=".lolkek") returned 0x0 [0049.813] lstrcmpW (lpString1="e2TAN4as0xN0qXRJt.bmp", lpString2="LOLKEK.txt") returned -1 [0049.813] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp") returned 74 [0049.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3ca68d8 [0049.813] lstrcpyW (in: lpString1=0x3ca68d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\e2TAN4as0xN0qXRJt.bmp" [0049.813] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.813] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.813] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9932210, ftCreationTime.dwHighDateTime=0x1d62888, ftLastAccessTime.dwLowDateTime=0x67497670, ftLastAccessTime.dwHighDateTime=0x1d62e99, ftLastWriteTime.dwLowDateTime=0x67497670, ftLastWriteTime.dwHighDateTime=0x1d62e99, nFileSizeHigh=0x0, nFileSizeLow=0xecea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F 2ng-qz.ots", cAlternateFileName="F2NG-Q~1.OTS")) returned 1 [0049.813] lstrcmpiW (lpString1="F 2ng-qz.ots", lpString2="Windows") returned -1 [0049.813] lstrcmpiW (lpString1="F 2ng-qz.ots", lpString2="Program Files") returned -1 [0049.813] lstrcmpiW (lpString1="F 2ng-qz.ots", lpString2="Program Files (x86)") returned -1 [0049.813] lstrcmpiW (lpString1="F 2ng-qz.ots", lpString2="$Recycle.bin") returned 1 [0049.813] lstrcmpiW (lpString1="F 2ng-qz.ots", lpString2="System Volume Information") returned -1 [0049.813] lstrcmpiW (lpString1="F 2ng-qz.ots", lpString2=".") returned 1 [0049.813] lstrcmpiW (lpString1="F 2ng-qz.ots", lpString2="..") returned 1 [0049.813] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots") returned 65 [0049.813] StrStrIW (lpFirst="F 2ng-qz.ots", lpSrch=".lolkek") returned 0x0 [0049.813] lstrcmpW (lpString1="F 2ng-qz.ots", lpString2="LOLKEK.txt") returned -1 [0049.813] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots") returned 65 [0049.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611610 [0049.813] lstrcpyW (in: lpString1=0x611610, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\F 2ng-qz.ots" [0049.813] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.813] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.813] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ad2c0f0, ftCreationTime.dwHighDateTime=0x1d62632, ftLastAccessTime.dwLowDateTime=0x3169d3d0, ftLastAccessTime.dwHighDateTime=0x1d62de8, ftLastWriteTime.dwLowDateTime=0x3169d3d0, ftLastWriteTime.dwHighDateTime=0x1d62de8, nFileSizeHigh=0x0, nFileSizeLow=0xa495, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="f-OmSbuiUZ0ZmU.avi", cAlternateFileName="F-OMSB~1.AVI")) returned 1 [0049.813] lstrcmpiW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2="Windows") returned -1 [0049.813] lstrcmpiW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2="Program Files") returned -1 [0049.813] lstrcmpiW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2="Program Files (x86)") returned -1 [0049.813] lstrcmpiW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2="$Recycle.bin") returned 1 [0049.813] lstrcmpiW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2="System Volume Information") returned -1 [0049.813] lstrcmpiW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2=".") returned 1 [0049.814] lstrcmpiW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2="..") returned 1 [0049.814] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi") returned 71 [0049.814] StrStrIW (lpFirst="f-OmSbuiUZ0ZmU.avi", lpSrch=".lolkek") returned 0x0 [0049.814] lstrcmpW (lpString1="f-OmSbuiUZ0ZmU.avi", lpString2="LOLKEK.txt") returned -1 [0049.814] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi") returned 71 [0049.814] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3efa0 [0049.814] lstrcpyW (in: lpString1=0x3e3efa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\f-OmSbuiUZ0ZmU.avi" [0049.814] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.814] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.814] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e03fae0, ftCreationTime.dwHighDateTime=0x1d630a5, ftLastAccessTime.dwLowDateTime=0xf9d8c900, ftLastAccessTime.dwHighDateTime=0x1d6315a, ftLastWriteTime.dwLowDateTime=0xf9d8c900, ftLastWriteTime.dwHighDateTime=0x1d6315a, nFileSizeHigh=0x0, nFileSizeLow=0xaeb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FUEe5zqioyL4W5cptX0G.ots", cAlternateFileName="FUEE5Z~1.OTS")) returned 1 [0049.814] lstrcmpiW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2="Windows") returned -1 [0049.814] lstrcmpiW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2="Program Files") returned -1 [0049.814] lstrcmpiW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2="Program Files (x86)") returned -1 [0049.814] lstrcmpiW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2="$Recycle.bin") returned 1 [0049.814] lstrcmpiW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2="System Volume Information") returned -1 [0049.814] lstrcmpiW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2=".") returned 1 [0049.814] lstrcmpiW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2="..") returned 1 [0049.814] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots") returned 77 [0049.814] StrStrIW (lpFirst="FUEe5zqioyL4W5cptX0G.ots", lpSrch=".lolkek") returned 0x0 [0049.814] lstrcmpW (lpString1="FUEe5zqioyL4W5cptX0G.ots", lpString2="LOLKEK.txt") returned -1 [0049.814] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots") returned 77 [0049.814] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x617000 [0049.814] lstrcpyW (in: lpString1=0x617000, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FUEe5zqioyL4W5cptX0G.ots" [0049.814] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.814] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.814] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33d9ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x33d9ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0049.814] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="Windows") returned -1 [0049.814] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="Program Files") returned -1 [0049.814] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="Program Files (x86)") returned -1 [0049.814] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="$Recycle.bin") returned 1 [0049.814] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="System Volume Information") returned -1 [0049.814] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2=".") returned 1 [0049.814] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="..") returned 1 [0049.814] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned 75 [0049.814] StrStrIW (lpFirst="FXSAPIDebugLogFile.txt", lpSrch=".lolkek") returned 0x0 [0049.814] lstrcmpW (lpString1="FXSAPIDebugLogFile.txt", lpString2="LOLKEK.txt") returned -1 [0049.814] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned 75 [0049.814] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3ca6a10 [0049.814] lstrcpyW (in: lpString1=0x3ca6a10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" [0049.814] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.814] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.814] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9237120, ftCreationTime.dwHighDateTime=0x1d6234f, ftLastAccessTime.dwLowDateTime=0x7a94d0d0, ftLastAccessTime.dwHighDateTime=0x1d6234f, ftLastWriteTime.dwLowDateTime=0x7a94d0d0, ftLastWriteTime.dwHighDateTime=0x1d6234f, nFileSizeHigh=0x0, nFileSizeLow=0x18c5a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gW3UtFT22-p.avi", cAlternateFileName="GW3UTF~1.AVI")) returned 1 [0049.814] lstrcmpiW (lpString1="gW3UtFT22-p.avi", lpString2="Windows") returned -1 [0049.814] lstrcmpiW (lpString1="gW3UtFT22-p.avi", lpString2="Program Files") returned -1 [0049.814] lstrcmpiW (lpString1="gW3UtFT22-p.avi", lpString2="Program Files (x86)") returned -1 [0049.815] lstrcmpiW (lpString1="gW3UtFT22-p.avi", lpString2="$Recycle.bin") returned 1 [0049.815] lstrcmpiW (lpString1="gW3UtFT22-p.avi", lpString2="System Volume Information") returned -1 [0049.815] lstrcmpiW (lpString1="gW3UtFT22-p.avi", lpString2=".") returned 1 [0049.815] lstrcmpiW (lpString1="gW3UtFT22-p.avi", lpString2="..") returned 1 [0049.815] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi") returned 68 [0049.815] StrStrIW (lpFirst="gW3UtFT22-p.avi", lpSrch=".lolkek") returned 0x0 [0049.815] lstrcmpW (lpString1="gW3UtFT22-p.avi", lpString2="LOLKEK.txt") returned -1 [0049.815] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi") returned 68 [0049.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x5fc230 [0049.815] lstrcpyW (in: lpString1=0x5fc230, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\gW3UtFT22-p.avi" [0049.815] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.815] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.815] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History", cAlternateFileName="")) returned 1 [0049.815] lstrcmpiW (lpString1="History", lpString2="Windows") returned -1 [0049.815] lstrcmpiW (lpString1="History", lpString2="Program Files") returned -1 [0049.815] lstrcmpiW (lpString1="History", lpString2="Program Files (x86)") returned -1 [0049.815] lstrcmpiW (lpString1="History", lpString2="$Recycle.bin") returned 1 [0049.815] lstrcmpiW (lpString1="History", lpString2="System Volume Information") returned -1 [0049.815] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0049.815] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0049.815] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History") returned 60 [0049.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.815] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History" [0049.815] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\*" [0049.815] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.816] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.816] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.816] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.816] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.816] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.816] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.816] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.816] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.816] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.817] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.817] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.817] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.817] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.817] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.817] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0049.817] lstrcmpiW (lpString1="History.IE5", lpString2="Windows") returned -1 [0049.817] lstrcmpiW (lpString1="History.IE5", lpString2="Program Files") returned -1 [0049.817] lstrcmpiW (lpString1="History.IE5", lpString2="Program Files (x86)") returned -1 [0049.817] lstrcmpiW (lpString1="History.IE5", lpString2="$Recycle.bin") returned 1 [0049.817] lstrcmpiW (lpString1="History.IE5", lpString2="System Volume Information") returned -1 [0049.817] lstrcmpiW (lpString1="History.IE5", lpString2=".") returned 1 [0049.817] lstrcmpiW (lpString1="History.IE5", lpString2="..") returned 1 [0049.817] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5") returned 72 [0049.817] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.817] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5" [0049.817] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\*" [0049.817] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.817] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.817] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.817] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.817] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.817] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.817] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.817] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.817] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.817] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.817] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.817] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.817] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.817] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.817] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.817] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9824200, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.817] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.817] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.817] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.817] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.817] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.817] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.817] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.817] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini") returned 84 [0049.817] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.818] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.818] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini") returned 84 [0049.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb6978 [0049.818] lstrcpyW (in: lpString1=0x3eb6978, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" [0049.818] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.818] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.818] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0049.818] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0049.818] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0049.818] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0049.818] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0049.818] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0049.818] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0049.818] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0049.818] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat") returned 82 [0049.818] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0049.818] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0049.818] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat") returned 82 [0049.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3caed40 [0049.818] lstrcpyW (in: lpString1=0x3caed40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" [0049.818] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.818] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.818] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.819] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\LOLKEK.txt") returned 83 [0049.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.819] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.819] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.820] CloseHandle (hObject=0x268) returned 1 [0049.820] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.820] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.820] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\LOLKEK.txt") returned 71 [0049.820] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0049.820] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.820] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.821] CloseHandle (hObject=0x25c) returned 1 [0049.821] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.821] lstrcmpiW (lpString1="isvtwf Ifekw6W2.mp3", lpString2="Windows") returned -1 [0049.821] lstrcmpiW (lpString1="isvtwf Ifekw6W2.mp3", lpString2="Program Files") returned -1 [0049.821] lstrcmpiW (lpString1="isvtwf Ifekw6W2.mp3", lpString2="Program Files (x86)") returned -1 [0049.821] lstrcmpiW (lpString1="isvtwf Ifekw6W2.mp3", lpString2="$Recycle.bin") returned 1 [0049.821] lstrcmpiW (lpString1="isvtwf Ifekw6W2.mp3", lpString2="System Volume Information") returned -1 [0049.821] lstrcmpiW (lpString1="isvtwf Ifekw6W2.mp3", lpString2=".") returned 1 [0049.821] lstrcmpiW (lpString1="isvtwf Ifekw6W2.mp3", lpString2="..") returned 1 [0049.821] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3") returned 72 [0049.821] StrStrIW (lpFirst="isvtwf Ifekw6W2.mp3", lpSrch=".lolkek") returned 0x0 [0049.821] lstrcmpW (lpString1="isvtwf Ifekw6W2.mp3", lpString2="LOLKEK.txt") returned -1 [0049.821] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3") returned 72 [0049.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca6b48 [0049.821] lstrcpyW (in: lpString1=0x3ca6b48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\isvtwf Ifekw6W2.mp3" [0049.821] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.821] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.821] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe216160, ftCreationTime.dwHighDateTime=0x1d62548, ftLastAccessTime.dwLowDateTime=0xf893490, ftLastAccessTime.dwHighDateTime=0x1d631da, ftLastWriteTime.dwLowDateTime=0xf893490, ftLastWriteTime.dwHighDateTime=0x1d631da, nFileSizeHigh=0x0, nFileSizeLow=0xcbbe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jcXuiwR8Al.mp4", cAlternateFileName="JCXUIW~1.MP4")) returned 1 [0049.821] lstrcmpiW (lpString1="jcXuiwR8Al.mp4", lpString2="Windows") returned -1 [0049.821] lstrcmpiW (lpString1="jcXuiwR8Al.mp4", lpString2="Program Files") returned -1 [0049.821] lstrcmpiW (lpString1="jcXuiwR8Al.mp4", lpString2="Program Files (x86)") returned -1 [0049.821] lstrcmpiW (lpString1="jcXuiwR8Al.mp4", lpString2="$Recycle.bin") returned 1 [0049.821] lstrcmpiW (lpString1="jcXuiwR8Al.mp4", lpString2="System Volume Information") returned -1 [0049.821] lstrcmpiW (lpString1="jcXuiwR8Al.mp4", lpString2=".") returned 1 [0049.821] lstrcmpiW (lpString1="jcXuiwR8Al.mp4", lpString2="..") returned 1 [0049.821] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4") returned 67 [0049.821] StrStrIW (lpFirst="jcXuiwR8Al.mp4", lpSrch=".lolkek") returned 0x0 [0049.821] lstrcmpW (lpString1="jcXuiwR8Al.mp4", lpString2="LOLKEK.txt") returned -1 [0049.821] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4") returned 67 [0049.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x3dddeb0 [0049.821] lstrcpyW (in: lpString1=0x3dddeb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jcXuiwR8Al.mp4" [0049.821] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.821] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.821] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9ebeb400, ftCreationTime.dwHighDateTime=0x1d63149, ftLastAccessTime.dwLowDateTime=0x64eceb60, ftLastAccessTime.dwHighDateTime=0x1d62c81, ftLastWriteTime.dwLowDateTime=0x64eceb60, ftLastWriteTime.dwHighDateTime=0x1d62c81, nFileSizeHigh=0x0, nFileSizeLow=0x2803, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jyhja9HOgZrzjj.pptx", cAlternateFileName="JYHJA9~1.PPT")) returned 1 [0049.821] lstrcmpiW (lpString1="jyhja9HOgZrzjj.pptx", lpString2="Windows") returned -1 [0049.821] lstrcmpiW (lpString1="jyhja9HOgZrzjj.pptx", lpString2="Program Files") returned -1 [0049.821] lstrcmpiW (lpString1="jyhja9HOgZrzjj.pptx", lpString2="Program Files (x86)") returned -1 [0049.821] lstrcmpiW (lpString1="jyhja9HOgZrzjj.pptx", lpString2="$Recycle.bin") returned 1 [0049.822] lstrcmpiW (lpString1="jyhja9HOgZrzjj.pptx", lpString2="System Volume Information") returned -1 [0049.822] lstrcmpiW (lpString1="jyhja9HOgZrzjj.pptx", lpString2=".") returned 1 [0049.822] lstrcmpiW (lpString1="jyhja9HOgZrzjj.pptx", lpString2="..") returned 1 [0049.822] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx") returned 72 [0049.822] StrStrIW (lpFirst="jyhja9HOgZrzjj.pptx", lpSrch=".lolkek") returned 0x0 [0049.822] lstrcmpW (lpString1="jyhja9HOgZrzjj.pptx", lpString2="LOLKEK.txt") returned -1 [0049.822] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx") returned 72 [0049.822] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca6c80 [0049.822] lstrcpyW (in: lpString1=0x3ca6c80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\jyhja9HOgZrzjj.pptx" [0049.822] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.822] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.822] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb2686540, ftCreationTime.dwHighDateTime=0x1d62763, ftLastAccessTime.dwLowDateTime=0x8caea650, ftLastAccessTime.dwHighDateTime=0x1d6267a, ftLastWriteTime.dwLowDateTime=0x8caea650, ftLastWriteTime.dwHighDateTime=0x1d6267a, nFileSizeHigh=0x0, nFileSizeLow=0x10777, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kftkRis4ny07n5hS.pps", cAlternateFileName="KFTKRI~1.PPS")) returned 1 [0049.822] lstrcmpiW (lpString1="kftkRis4ny07n5hS.pps", lpString2="Windows") returned -1 [0049.822] lstrcmpiW (lpString1="kftkRis4ny07n5hS.pps", lpString2="Program Files") returned -1 [0049.822] lstrcmpiW (lpString1="kftkRis4ny07n5hS.pps", lpString2="Program Files (x86)") returned -1 [0049.822] lstrcmpiW (lpString1="kftkRis4ny07n5hS.pps", lpString2="$Recycle.bin") returned 1 [0049.822] lstrcmpiW (lpString1="kftkRis4ny07n5hS.pps", lpString2="System Volume Information") returned -1 [0049.822] lstrcmpiW (lpString1="kftkRis4ny07n5hS.pps", lpString2=".") returned 1 [0049.822] lstrcmpiW (lpString1="kftkRis4ny07n5hS.pps", lpString2="..") returned 1 [0049.822] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps") returned 73 [0049.822] StrStrIW (lpFirst="kftkRis4ny07n5hS.pps", lpSrch=".lolkek") returned 0x0 [0049.822] lstrcmpW (lpString1="kftkRis4ny07n5hS.pps", lpString2="LOLKEK.txt") returned -1 [0049.822] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps") returned 73 [0049.822] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca6db8 [0049.822] lstrcpyW (in: lpString1=0x3ca6db8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\kftkRis4ny07n5hS.pps" [0049.822] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.822] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.822] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3392f330, ftCreationTime.dwHighDateTime=0x1d628f7, ftLastAccessTime.dwLowDateTime=0xca4eb040, ftLastAccessTime.dwHighDateTime=0x1d6322d, ftLastWriteTime.dwLowDateTime=0xca4eb040, ftLastWriteTime.dwHighDateTime=0x1d6322d, nFileSizeHigh=0x0, nFileSizeLow=0xcb72, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Kr97l-4Ix CdaNI8EI.pdf", cAlternateFileName="KR97L-~1.PDF")) returned 1 [0049.822] lstrcmpiW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2="Windows") returned -1 [0049.822] lstrcmpiW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2="Program Files") returned -1 [0049.822] lstrcmpiW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2="Program Files (x86)") returned -1 [0049.822] lstrcmpiW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2="$Recycle.bin") returned 1 [0049.822] lstrcmpiW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2="System Volume Information") returned -1 [0049.822] lstrcmpiW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2=".") returned 1 [0049.822] lstrcmpiW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2="..") returned 1 [0049.822] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf") returned 75 [0049.822] StrStrIW (lpFirst="Kr97l-4Ix CdaNI8EI.pdf", lpSrch=".lolkek") returned 0x0 [0049.822] lstrcmpW (lpString1="Kr97l-4Ix CdaNI8EI.pdf", lpString2="LOLKEK.txt") returned -1 [0049.822] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf") returned 75 [0049.822] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3ca6ef0 [0049.822] lstrcpyW (in: lpString1=0x3ca6ef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Kr97l-4Ix CdaNI8EI.pdf" [0049.822] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.822] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.822] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf9e914e0, ftCreationTime.dwHighDateTime=0x1d62cf5, ftLastAccessTime.dwLowDateTime=0x242ea100, ftLastAccessTime.dwHighDateTime=0x1d622bc, ftLastWriteTime.dwLowDateTime=0x242ea100, ftLastWriteTime.dwHighDateTime=0x1d622bc, nFileSizeHigh=0x0, nFileSizeLow=0x9cf9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mjo76CFj_.gif", cAlternateFileName="MJO76C~1.GIF")) returned 1 [0049.823] lstrcmpiW (lpString1="mjo76CFj_.gif", lpString2="Windows") returned -1 [0049.823] lstrcmpiW (lpString1="mjo76CFj_.gif", lpString2="Program Files") returned -1 [0049.823] lstrcmpiW (lpString1="mjo76CFj_.gif", lpString2="Program Files (x86)") returned -1 [0049.823] lstrcmpiW (lpString1="mjo76CFj_.gif", lpString2="$Recycle.bin") returned 1 [0049.823] lstrcmpiW (lpString1="mjo76CFj_.gif", lpString2="System Volume Information") returned -1 [0049.823] lstrcmpiW (lpString1="mjo76CFj_.gif", lpString2=".") returned 1 [0049.823] lstrcmpiW (lpString1="mjo76CFj_.gif", lpString2="..") returned 1 [0049.823] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif") returned 66 [0049.823] StrStrIW (lpFirst="mjo76CFj_.gif", lpSrch=".lolkek") returned 0x0 [0049.823] lstrcmpW (lpString1="mjo76CFj_.gif", lpString2="LOLKEK.txt") returned 1 [0049.823] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif") returned 66 [0049.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x3bf10d0 [0049.823] lstrcpyW (in: lpString1=0x3bf10d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\mjo76CFj_.gif" [0049.823] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.823] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.823] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82332410, ftCreationTime.dwHighDateTime=0x1d62b86, ftLastAccessTime.dwLowDateTime=0x5a931580, ftLastAccessTime.dwHighDateTime=0x1d628c7, ftLastWriteTime.dwLowDateTime=0x5a931580, ftLastWriteTime.dwHighDateTime=0x1d628c7, nFileSizeHigh=0x0, nFileSizeLow=0x9e37, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MRyxi xZwSl-CoVfp4f.rtf", cAlternateFileName="MRYXIX~1.RTF")) returned 1 [0049.823] lstrcmpiW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2="Windows") returned -1 [0049.823] lstrcmpiW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2="Program Files") returned -1 [0049.823] lstrcmpiW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2="Program Files (x86)") returned -1 [0049.823] lstrcmpiW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2="$Recycle.bin") returned 1 [0049.823] lstrcmpiW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2="System Volume Information") returned -1 [0049.823] lstrcmpiW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2=".") returned 1 [0049.823] lstrcmpiW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2="..") returned 1 [0049.823] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf") returned 76 [0049.823] StrStrIW (lpFirst="MRyxi xZwSl-CoVfp4f.rtf", lpSrch=".lolkek") returned 0x0 [0049.823] lstrcmpW (lpString1="MRyxi xZwSl-CoVfp4f.rtf", lpString2="LOLKEK.txt") returned 1 [0049.823] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf") returned 76 [0049.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x617290 [0049.823] lstrcpyW (in: lpString1=0x617290, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MRyxi xZwSl-CoVfp4f.rtf" [0049.823] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.823] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.823] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5bee6ba0, ftCreationTime.dwHighDateTime=0x1d624e9, ftLastAccessTime.dwLowDateTime=0xc7c67e30, ftLastAccessTime.dwHighDateTime=0x1d62318, ftLastWriteTime.dwLowDateTime=0xc7c67e30, ftLastWriteTime.dwHighDateTime=0x1d62318, nFileSizeHigh=0x0, nFileSizeLow=0xa300, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="o-Ami7jpEXyueET.mp3", cAlternateFileName="O-AMI7~1.MP3")) returned 1 [0049.823] lstrcmpiW (lpString1="o-Ami7jpEXyueET.mp3", lpString2="Windows") returned -1 [0049.823] lstrcmpiW (lpString1="o-Ami7jpEXyueET.mp3", lpString2="Program Files") returned -1 [0049.823] lstrcmpiW (lpString1="o-Ami7jpEXyueET.mp3", lpString2="Program Files (x86)") returned -1 [0049.823] lstrcmpiW (lpString1="o-Ami7jpEXyueET.mp3", lpString2="$Recycle.bin") returned 1 [0049.823] lstrcmpiW (lpString1="o-Ami7jpEXyueET.mp3", lpString2="System Volume Information") returned -1 [0049.823] lstrcmpiW (lpString1="o-Ami7jpEXyueET.mp3", lpString2=".") returned 1 [0049.823] lstrcmpiW (lpString1="o-Ami7jpEXyueET.mp3", lpString2="..") returned 1 [0049.823] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3") returned 72 [0049.823] StrStrIW (lpFirst="o-Ami7jpEXyueET.mp3", lpSrch=".lolkek") returned 0x0 [0049.823] lstrcmpW (lpString1="o-Ami7jpEXyueET.mp3", lpString2="LOLKEK.txt") returned 1 [0049.823] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3") returned 72 [0049.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca7028 [0049.823] lstrcpyW (in: lpString1=0x3ca7028, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\o-Ami7jpEXyueET.mp3" [0049.823] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.824] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.824] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x815a40e0, ftCreationTime.dwHighDateTime=0x1d62e52, ftLastAccessTime.dwLowDateTime=0xc6ce7310, ftLastAccessTime.dwHighDateTime=0x1d6287d, ftLastWriteTime.dwLowDateTime=0xc6ce7310, ftLastWriteTime.dwHighDateTime=0x1d6287d, nFileSizeHigh=0x0, nFileSizeLow=0x6a23, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OmIHyWnn.mp3", cAlternateFileName="")) returned 1 [0049.824] lstrcmpiW (lpString1="OmIHyWnn.mp3", lpString2="Windows") returned -1 [0049.824] lstrcmpiW (lpString1="OmIHyWnn.mp3", lpString2="Program Files") returned -1 [0049.824] lstrcmpiW (lpString1="OmIHyWnn.mp3", lpString2="Program Files (x86)") returned -1 [0049.824] lstrcmpiW (lpString1="OmIHyWnn.mp3", lpString2="$Recycle.bin") returned 1 [0049.824] lstrcmpiW (lpString1="OmIHyWnn.mp3", lpString2="System Volume Information") returned -1 [0049.824] lstrcmpiW (lpString1="OmIHyWnn.mp3", lpString2=".") returned 1 [0049.824] lstrcmpiW (lpString1="OmIHyWnn.mp3", lpString2="..") returned 1 [0049.824] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3") returned 65 [0049.824] StrStrIW (lpFirst="OmIHyWnn.mp3", lpSrch=".lolkek") returned 0x0 [0049.824] lstrcmpW (lpString1="OmIHyWnn.mp3", lpString2="LOLKEK.txt") returned 1 [0049.824] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3") returned 65 [0049.824] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611728 [0049.824] lstrcpyW (in: lpString1=0x611728, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OmIHyWnn.mp3" [0049.824] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.824] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.824] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd44324c0, ftCreationTime.dwHighDateTime=0x1d62b4b, ftLastAccessTime.dwLowDateTime=0x129ca390, ftLastAccessTime.dwHighDateTime=0x1d62ade, ftLastWriteTime.dwLowDateTime=0x129ca390, ftLastWriteTime.dwHighDateTime=0x1d62ade, nFileSizeHigh=0x0, nFileSizeLow=0x8199, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="P2leKI.ppt", cAlternateFileName="")) returned 1 [0049.824] lstrcmpiW (lpString1="P2leKI.ppt", lpString2="Windows") returned -1 [0049.824] lstrcmpiW (lpString1="P2leKI.ppt", lpString2="Program Files") returned -1 [0049.824] lstrcmpiW (lpString1="P2leKI.ppt", lpString2="Program Files (x86)") returned -1 [0049.824] lstrcmpiW (lpString1="P2leKI.ppt", lpString2="$Recycle.bin") returned 1 [0049.824] lstrcmpiW (lpString1="P2leKI.ppt", lpString2="System Volume Information") returned -1 [0049.824] lstrcmpiW (lpString1="P2leKI.ppt", lpString2=".") returned 1 [0049.824] lstrcmpiW (lpString1="P2leKI.ppt", lpString2="..") returned 1 [0049.824] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt") returned 63 [0049.824] StrStrIW (lpFirst="P2leKI.ppt", lpSrch=".lolkek") returned 0x0 [0049.824] lstrcmpW (lpString1="P2leKI.ppt", lpString2="LOLKEK.txt") returned 1 [0049.824] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt") returned 63 [0049.824] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x669900 [0049.824] lstrcpyW (in: lpString1=0x669900, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\P2leKI.ppt" [0049.824] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.824] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.824] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb30f9010, ftCreationTime.dwHighDateTime=0x1d62937, ftLastAccessTime.dwLowDateTime=0x35552730, ftLastAccessTime.dwHighDateTime=0x1d62cc9, ftLastWriteTime.dwLowDateTime=0x35552730, ftLastWriteTime.dwHighDateTime=0x1d62cc9, nFileSizeHigh=0x0, nFileSizeLow=0x1043e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Q9Zd.rtf", cAlternateFileName="")) returned 1 [0049.824] lstrcmpiW (lpString1="Q9Zd.rtf", lpString2="Windows") returned -1 [0049.824] lstrcmpiW (lpString1="Q9Zd.rtf", lpString2="Program Files") returned 1 [0049.824] lstrcmpiW (lpString1="Q9Zd.rtf", lpString2="Program Files (x86)") returned 1 [0049.824] lstrcmpiW (lpString1="Q9Zd.rtf", lpString2="$Recycle.bin") returned 1 [0049.824] lstrcmpiW (lpString1="Q9Zd.rtf", lpString2="System Volume Information") returned -1 [0049.824] lstrcmpiW (lpString1="Q9Zd.rtf", lpString2=".") returned 1 [0049.824] lstrcmpiW (lpString1="Q9Zd.rtf", lpString2="..") returned 1 [0049.824] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf") returned 61 [0049.824] StrStrIW (lpFirst="Q9Zd.rtf", lpSrch=".lolkek") returned 0x0 [0049.824] lstrcmpW (lpString1="Q9Zd.rtf", lpString2="LOLKEK.txt") returned 1 [0049.824] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf") returned 61 [0049.824] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0260 [0049.825] lstrcpyW (in: lpString1=0x3da0260, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Q9Zd.rtf" [0049.825] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.825] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.825] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb16a81c0, ftCreationTime.dwHighDateTime=0x1d625f9, ftLastAccessTime.dwLowDateTime=0x636a2f80, ftLastAccessTime.dwHighDateTime=0x1d624cc, ftLastWriteTime.dwLowDateTime=0x636a2f80, ftLastWriteTime.dwHighDateTime=0x1d624cc, nFileSizeHigh=0x0, nFileSizeLow=0x15854, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="QIBmryCi-jRjoAJn.png", cAlternateFileName="QIBMRY~1.PNG")) returned 1 [0049.825] lstrcmpiW (lpString1="QIBmryCi-jRjoAJn.png", lpString2="Windows") returned -1 [0049.825] lstrcmpiW (lpString1="QIBmryCi-jRjoAJn.png", lpString2="Program Files") returned 1 [0049.825] lstrcmpiW (lpString1="QIBmryCi-jRjoAJn.png", lpString2="Program Files (x86)") returned 1 [0049.825] lstrcmpiW (lpString1="QIBmryCi-jRjoAJn.png", lpString2="$Recycle.bin") returned 1 [0049.825] lstrcmpiW (lpString1="QIBmryCi-jRjoAJn.png", lpString2="System Volume Information") returned -1 [0049.825] lstrcmpiW (lpString1="QIBmryCi-jRjoAJn.png", lpString2=".") returned 1 [0049.825] lstrcmpiW (lpString1="QIBmryCi-jRjoAJn.png", lpString2="..") returned 1 [0049.825] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png") returned 73 [0049.825] StrStrIW (lpFirst="QIBmryCi-jRjoAJn.png", lpSrch=".lolkek") returned 0x0 [0049.825] lstrcmpW (lpString1="QIBmryCi-jRjoAJn.png", lpString2="LOLKEK.txt") returned 1 [0049.825] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png") returned 73 [0049.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca7160 [0049.825] lstrcpyW (in: lpString1=0x3ca7160, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QIBmryCi-jRjoAJn.png" [0049.825] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.825] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.825] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2347d150, ftCreationTime.dwHighDateTime=0x1d6288c, ftLastAccessTime.dwLowDateTime=0x204bdad0, ftLastAccessTime.dwHighDateTime=0x1d62eec, ftLastWriteTime.dwLowDateTime=0x204bdad0, ftLastWriteTime.dwHighDateTime=0x1d62eec, nFileSizeHigh=0x0, nFileSizeLow=0x17750, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qupgYTsrGlPq1.mp3", cAlternateFileName="QUPGYT~1.MP3")) returned 1 [0049.825] lstrcmpiW (lpString1="qupgYTsrGlPq1.mp3", lpString2="Windows") returned -1 [0049.825] lstrcmpiW (lpString1="qupgYTsrGlPq1.mp3", lpString2="Program Files") returned 1 [0049.825] lstrcmpiW (lpString1="qupgYTsrGlPq1.mp3", lpString2="Program Files (x86)") returned 1 [0049.825] lstrcmpiW (lpString1="qupgYTsrGlPq1.mp3", lpString2="$Recycle.bin") returned 1 [0049.825] lstrcmpiW (lpString1="qupgYTsrGlPq1.mp3", lpString2="System Volume Information") returned -1 [0049.825] lstrcmpiW (lpString1="qupgYTsrGlPq1.mp3", lpString2=".") returned 1 [0049.825] lstrcmpiW (lpString1="qupgYTsrGlPq1.mp3", lpString2="..") returned 1 [0049.825] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3") returned 70 [0049.825] StrStrIW (lpFirst="qupgYTsrGlPq1.mp3", lpSrch=".lolkek") returned 0x0 [0049.825] lstrcmpW (lpString1="qupgYTsrGlPq1.mp3", lpString2="LOLKEK.txt") returned 1 [0049.825] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3") returned 70 [0049.825] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3e3f0c8 [0049.825] lstrcpyW (in: lpString1=0x3e3f0c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\qupgYTsrGlPq1.mp3" [0049.825] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.841] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.841] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcca77220, ftCreationTime.dwHighDateTime=0x1d631d1, ftLastAccessTime.dwLowDateTime=0x501e5850, ftLastAccessTime.dwHighDateTime=0x1d62bd6, ftLastWriteTime.dwLowDateTime=0x501e5850, ftLastWriteTime.dwHighDateTime=0x1d62bd6, nFileSizeHigh=0x0, nFileSizeLow=0xef7f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Rlr0UVcJ5NBZ.mkv", cAlternateFileName="RLR0UV~1.MKV")) returned 1 [0049.841] lstrcmpiW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2="Windows") returned -1 [0049.841] lstrcmpiW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2="Program Files") returned 1 [0049.841] lstrcmpiW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2="Program Files (x86)") returned 1 [0049.841] lstrcmpiW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2="$Recycle.bin") returned 1 [0049.841] lstrcmpiW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2="System Volume Information") returned -1 [0049.841] lstrcmpiW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2=".") returned 1 [0049.841] lstrcmpiW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2="..") returned 1 [0049.841] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv") returned 69 [0049.841] StrStrIW (lpFirst="Rlr0UVcJ5NBZ.mkv", lpSrch=".lolkek") returned 0x0 [0049.841] lstrcmpW (lpString1="Rlr0UVcJ5NBZ.mkv", lpString2="LOLKEK.txt") returned 1 [0049.841] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv") returned 69 [0049.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x61a1b0 [0049.841] lstrcpyW (in: lpString1=0x61a1b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Rlr0UVcJ5NBZ.mkv" [0049.841] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.841] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.841] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb676e40, ftCreationTime.dwHighDateTime=0x1d62397, ftLastAccessTime.dwLowDateTime=0x4e468b60, ftLastAccessTime.dwHighDateTime=0x1d62591, ftLastWriteTime.dwLowDateTime=0x4e468b60, ftLastWriteTime.dwHighDateTime=0x1d62591, nFileSizeHigh=0x0, nFileSizeLow=0x1596d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="roxyeKvjyN1SeLacYRp.avi", cAlternateFileName="ROXYEK~1.AVI")) returned 1 [0049.841] lstrcmpiW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2="Windows") returned -1 [0049.841] lstrcmpiW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2="Program Files") returned 1 [0049.841] lstrcmpiW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2="Program Files (x86)") returned 1 [0049.841] lstrcmpiW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2="$Recycle.bin") returned 1 [0049.841] lstrcmpiW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2="System Volume Information") returned -1 [0049.841] lstrcmpiW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2=".") returned 1 [0049.841] lstrcmpiW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2="..") returned 1 [0049.841] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi") returned 76 [0049.841] StrStrIW (lpFirst="roxyeKvjyN1SeLacYRp.avi", lpSrch=".lolkek") returned 0x0 [0049.842] lstrcmpW (lpString1="roxyeKvjyN1SeLacYRp.avi", lpString2="LOLKEK.txt") returned 1 [0049.842] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi") returned 76 [0049.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616c28 [0049.842] lstrcpyW (in: lpString1=0x616c28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\roxyeKvjyN1SeLacYRp.avi" [0049.842] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.856] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.857] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a0dd960, ftCreationTime.dwHighDateTime=0x1d623b8, ftLastAccessTime.dwLowDateTime=0x4a209cc0, ftLastAccessTime.dwHighDateTime=0x1d62770, ftLastWriteTime.dwLowDateTime=0x4a209cc0, ftLastWriteTime.dwHighDateTime=0x1d62770, nFileSizeHigh=0x0, nFileSizeLow=0x14bf7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="s0lZj3W2AD0P7NC.csv", cAlternateFileName="S0LZJ3~1.CSV")) returned 1 [0049.857] lstrcmpiW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2="Windows") returned -1 [0049.857] lstrcmpiW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2="Program Files") returned 1 [0049.857] lstrcmpiW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2="Program Files (x86)") returned 1 [0049.857] lstrcmpiW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2="$Recycle.bin") returned 1 [0049.857] lstrcmpiW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2="System Volume Information") returned -1 [0049.857] lstrcmpiW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2=".") returned 1 [0049.857] lstrcmpiW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2="..") returned 1 [0049.857] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv") returned 72 [0049.857] StrStrIW (lpFirst="s0lZj3W2AD0P7NC.csv", lpSrch=".lolkek") returned 0x0 [0049.857] lstrcmpW (lpString1="s0lZj3W2AD0P7NC.csv", lpString2="LOLKEK.txt") returned 1 [0049.857] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv") returned 72 [0049.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca7298 [0049.857] lstrcpyW (in: lpString1=0x3ca7298, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\s0lZj3W2AD0P7NC.csv" [0049.857] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.857] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.857] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbbd6e830, ftCreationTime.dwHighDateTime=0x1d63259, ftLastAccessTime.dwLowDateTime=0x56524010, ftLastAccessTime.dwHighDateTime=0x1d6266d, ftLastWriteTime.dwLowDateTime=0x56524010, ftLastWriteTime.dwHighDateTime=0x1d6266d, nFileSizeHigh=0x0, nFileSizeLow=0x15f7b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sKXRyrTP79zgEy9.mp3", cAlternateFileName="SKXRYR~1.MP3")) returned 1 [0049.857] lstrcmpiW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2="Windows") returned -1 [0049.857] lstrcmpiW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2="Program Files") returned 1 [0049.857] lstrcmpiW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2="Program Files (x86)") returned 1 [0049.857] lstrcmpiW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2="$Recycle.bin") returned 1 [0049.857] lstrcmpiW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2="System Volume Information") returned -1 [0049.857] lstrcmpiW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2=".") returned 1 [0049.857] lstrcmpiW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2="..") returned 1 [0049.857] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3") returned 72 [0049.857] StrStrIW (lpFirst="sKXRyrTP79zgEy9.mp3", lpSrch=".lolkek") returned 0x0 [0049.857] lstrcmpW (lpString1="sKXRyrTP79zgEy9.mp3", lpString2="LOLKEK.txt") returned 1 [0049.857] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3") returned 72 [0049.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca73d0 [0049.857] lstrcpyW (in: lpString1=0x3ca73d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\sKXRyrTP79zgEy9.mp3" [0049.858] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.866] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.866] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0049.867] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Windows") returned -1 [0049.867] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Program Files") returned 1 [0049.867] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Program Files (x86)") returned 1 [0049.867] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="$Recycle.bin") returned 1 [0049.867] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="System Volume Information") returned 1 [0049.867] lstrcmpiW (lpString1="Temporary Internet Files", lpString2=".") returned 1 [0049.867] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="..") returned 1 [0049.867] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files") returned 77 [0049.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.867] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files" [0049.867] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\*" [0049.867] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.873] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.873] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.873] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.873] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.873] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.873] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.873] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.873] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.873] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.873] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.873] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.873] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.873] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.873] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.873] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0049.873] lstrcmpiW (lpString1="Content.IE5", lpString2="Windows") returned -1 [0049.873] lstrcmpiW (lpString1="Content.IE5", lpString2="Program Files") returned -1 [0049.873] lstrcmpiW (lpString1="Content.IE5", lpString2="Program Files (x86)") returned -1 [0049.873] lstrcmpiW (lpString1="Content.IE5", lpString2="$Recycle.bin") returned 1 [0049.873] lstrcmpiW (lpString1="Content.IE5", lpString2="System Volume Information") returned -1 [0049.873] lstrcmpiW (lpString1="Content.IE5", lpString2=".") returned 1 [0049.873] lstrcmpiW (lpString1="Content.IE5", lpString2="..") returned 1 [0049.873] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5") returned 89 [0049.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.873] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5" [0049.873] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\*" [0049.873] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.874] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.874] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.874] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.874] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.874] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.874] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.874] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.874] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.874] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.874] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.874] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.874] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.874] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.874] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.874] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="03J4UQW0", cAlternateFileName="")) returned 1 [0049.874] lstrcmpiW (lpString1="03J4UQW0", lpString2="Windows") returned -1 [0049.874] lstrcmpiW (lpString1="03J4UQW0", lpString2="Program Files") returned -1 [0049.874] lstrcmpiW (lpString1="03J4UQW0", lpString2="Program Files (x86)") returned -1 [0049.874] lstrcmpiW (lpString1="03J4UQW0", lpString2="$Recycle.bin") returned 1 [0049.874] lstrcmpiW (lpString1="03J4UQW0", lpString2="System Volume Information") returned -1 [0049.874] lstrcmpiW (lpString1="03J4UQW0", lpString2=".") returned 1 [0049.874] lstrcmpiW (lpString1="03J4UQW0", lpString2="..") returned 1 [0049.874] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0") returned 98 [0049.874] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.874] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0" [0049.874] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\*" [0049.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.882] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.882] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.882] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.882] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.882] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.882] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.882] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.882] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.882] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.882] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.883] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.883] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.883] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.883] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.883] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.883] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.883] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.883] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.883] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.883] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.883] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.883] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.883] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini") returned 110 [0049.883] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.883] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.883] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini") returned 110 [0049.883] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x698d80 [0049.883] lstrcpyW (in: lpString1=0x698d80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" [0049.883] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.883] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.883] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0049.883] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.883] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\LOLKEK.txt") returned 109 [0049.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.884] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.884] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.884] CloseHandle (hObject=0x270) returned 1 [0049.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.884] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.884] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.884] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.884] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.884] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.884] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.885] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.885] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.885] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini") returned 101 [0049.885] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.885] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.885] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini") returned 101 [0049.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x198) returned 0x66b510 [0049.885] lstrcpyW (in: lpString1=0x66b510, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" [0049.885] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.885] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.885] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0049.885] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0049.885] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0049.885] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0049.885] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0049.885] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0049.885] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0049.885] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0049.885] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat") returned 99 [0049.885] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0049.885] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0049.885] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat") returned 99 [0049.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x62f598 [0049.885] lstrcpyW (in: lpString1=0x62f598, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" [0049.885] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.885] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.885] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="KETAJP6D", cAlternateFileName="")) returned 1 [0049.885] lstrcmpiW (lpString1="KETAJP6D", lpString2="Windows") returned -1 [0049.885] lstrcmpiW (lpString1="KETAJP6D", lpString2="Program Files") returned -1 [0049.885] lstrcmpiW (lpString1="KETAJP6D", lpString2="Program Files (x86)") returned -1 [0049.885] lstrcmpiW (lpString1="KETAJP6D", lpString2="$Recycle.bin") returned 1 [0049.885] lstrcmpiW (lpString1="KETAJP6D", lpString2="System Volume Information") returned -1 [0049.885] lstrcmpiW (lpString1="KETAJP6D", lpString2=".") returned 1 [0049.885] lstrcmpiW (lpString1="KETAJP6D", lpString2="..") returned 1 [0049.885] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D") returned 98 [0049.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.885] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D" [0049.885] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\*" [0049.886] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.886] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.886] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.886] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.886] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.886] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.886] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.886] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.886] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.886] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.886] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.886] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.886] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.886] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.886] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.886] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.886] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.886] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.886] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.886] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.886] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.886] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.886] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.886] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini") returned 110 [0049.886] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.886] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.886] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini") returned 110 [0049.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x3de02e8 [0049.886] lstrcpyW (in: lpString1=0x3de02e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" [0049.886] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.886] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.886] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0049.886] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.887] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\LOLKEK.txt") returned 109 [0049.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.887] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.887] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.888] CloseHandle (hObject=0x270) returned 1 [0049.888] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.888] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VB18B0KB", cAlternateFileName="")) returned 1 [0049.888] lstrcmpiW (lpString1="VB18B0KB", lpString2="Windows") returned -1 [0049.888] lstrcmpiW (lpString1="VB18B0KB", lpString2="Program Files") returned 1 [0049.888] lstrcmpiW (lpString1="VB18B0KB", lpString2="Program Files (x86)") returned 1 [0049.888] lstrcmpiW (lpString1="VB18B0KB", lpString2="$Recycle.bin") returned 1 [0049.888] lstrcmpiW (lpString1="VB18B0KB", lpString2="System Volume Information") returned 1 [0049.888] lstrcmpiW (lpString1="VB18B0KB", lpString2=".") returned 1 [0049.888] lstrcmpiW (lpString1="VB18B0KB", lpString2="..") returned 1 [0049.888] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB") returned 98 [0049.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.888] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB" [0049.888] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\*" [0049.888] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.888] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.888] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.888] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.888] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.888] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.888] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.888] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.888] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.888] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.888] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.888] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.888] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.888] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.888] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.888] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.888] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.888] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.888] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.888] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.889] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.889] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.889] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.889] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini") returned 110 [0049.889] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.889] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.889] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini") returned 110 [0049.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x3de1b60 [0049.889] lstrcpyW (in: lpString1=0x3de1b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" [0049.889] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.900] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.900] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0049.900] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.900] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\LOLKEK.txt") returned 109 [0049.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0049.901] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.901] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.901] CloseHandle (hObject=0x270) returned 1 [0049.901] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.901] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XT1RPYG9", cAlternateFileName="")) returned 1 [0049.901] lstrcmpiW (lpString1="XT1RPYG9", lpString2="Windows") returned 1 [0049.901] lstrcmpiW (lpString1="XT1RPYG9", lpString2="Program Files") returned 1 [0049.901] lstrcmpiW (lpString1="XT1RPYG9", lpString2="Program Files (x86)") returned 1 [0049.901] lstrcmpiW (lpString1="XT1RPYG9", lpString2="$Recycle.bin") returned 1 [0049.901] lstrcmpiW (lpString1="XT1RPYG9", lpString2="System Volume Information") returned 1 [0049.902] lstrcmpiW (lpString1="XT1RPYG9", lpString2=".") returned 1 [0049.902] lstrcmpiW (lpString1="XT1RPYG9", lpString2="..") returned 1 [0049.902] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9") returned 98 [0049.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.902] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9" [0049.902] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\*" [0049.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.905] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.905] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.905] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.905] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.905] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.905] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.905] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.905] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.905] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.905] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.905] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.905] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.905] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.905] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.905] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0049.905] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0049.905] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0049.905] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0049.905] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0049.905] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0049.905] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0049.905] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0049.905] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini") returned 110 [0049.905] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0049.905] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0049.905] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini") returned 110 [0049.906] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x698400 [0049.906] lstrcpyW (in: lpString1=0x698400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" [0049.906] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.906] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.906] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0049.906] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.906] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\LOLKEK.txt") returned 109 [0049.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.906] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.906] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.907] CloseHandle (hObject=0x268) returned 1 [0049.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.907] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XT1RPYG9", cAlternateFileName="")) returned 0 [0049.907] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.907] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\LOLKEK.txt") returned 100 [0049.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0049.913] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.913] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.914] CloseHandle (hObject=0x280) returned 1 [0049.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.914] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Content.IE5", cAlternateFileName="")) returned 0 [0049.914] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.914] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\LOLKEK.txt") returned 88 [0049.914] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.914] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.914] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.915] CloseHandle (hObject=0x290) returned 1 [0049.915] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.916] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85929130, ftCreationTime.dwHighDateTime=0x1d630b4, ftLastAccessTime.dwLowDateTime=0x3cae3b60, ftLastAccessTime.dwHighDateTime=0x1d6298c, ftLastWriteTime.dwLowDateTime=0x3cae3b60, ftLastWriteTime.dwHighDateTime=0x1d6298c, nFileSizeHigh=0x0, nFileSizeLow=0x66fb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="v6aQft-.bmp", cAlternateFileName="")) returned 1 [0049.916] lstrcmpiW (lpString1="v6aQft-.bmp", lpString2="Windows") returned -1 [0049.916] lstrcmpiW (lpString1="v6aQft-.bmp", lpString2="Program Files") returned 1 [0049.916] lstrcmpiW (lpString1="v6aQft-.bmp", lpString2="Program Files (x86)") returned 1 [0049.916] lstrcmpiW (lpString1="v6aQft-.bmp", lpString2="$Recycle.bin") returned 1 [0049.916] lstrcmpiW (lpString1="v6aQft-.bmp", lpString2="System Volume Information") returned 1 [0049.916] lstrcmpiW (lpString1="v6aQft-.bmp", lpString2=".") returned 1 [0049.916] lstrcmpiW (lpString1="v6aQft-.bmp", lpString2="..") returned 1 [0049.916] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp") returned 64 [0049.916] StrStrIW (lpFirst="v6aQft-.bmp", lpSrch=".lolkek") returned 0x0 [0049.916] lstrcmpW (lpString1="v6aQft-.bmp", lpString2="LOLKEK.txt") returned 1 [0049.916] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp") returned 64 [0049.916] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x611840 [0049.916] lstrcpyW (in: lpString1=0x611840, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v6aQft-.bmp" [0049.916] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.916] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.916] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb95c9f40, ftCreationTime.dwHighDateTime=0x1d629db, ftLastAccessTime.dwLowDateTime=0x79a0f560, ftLastAccessTime.dwHighDateTime=0x1d62f4c, ftLastWriteTime.dwLowDateTime=0x79a0f560, ftLastWriteTime.dwHighDateTime=0x1d62f4c, nFileSizeHigh=0x0, nFileSizeLow=0xd2ca, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="v8bP-SyYw8t_K76d9Gd6.odt", cAlternateFileName="V8BP-S~1.ODT")) returned 1 [0049.916] lstrcmpiW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2="Windows") returned -1 [0049.916] lstrcmpiW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2="Program Files") returned 1 [0049.916] lstrcmpiW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2="Program Files (x86)") returned 1 [0049.917] lstrcmpiW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2="$Recycle.bin") returned 1 [0049.917] lstrcmpiW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2="System Volume Information") returned 1 [0049.917] lstrcmpiW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2=".") returned 1 [0049.917] lstrcmpiW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2="..") returned 1 [0049.917] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt") returned 77 [0049.917] StrStrIW (lpFirst="v8bP-SyYw8t_K76d9Gd6.odt", lpSrch=".lolkek") returned 0x0 [0049.917] lstrcmpW (lpString1="v8bP-SyYw8t_K76d9Gd6.odt", lpString2="LOLKEK.txt") returned 1 [0049.917] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt") returned 77 [0049.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x617668 [0049.917] lstrcpyW (in: lpString1=0x617668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\v8bP-SyYw8t_K76d9Gd6.odt" [0049.917] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.917] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.917] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x58fc13e0, ftCreationTime.dwHighDateTime=0x1d632de, ftLastAccessTime.dwLowDateTime=0x58fc13e0, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x58fc13e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WPDNSE", cAlternateFileName="")) returned 1 [0049.917] lstrcmpiW (lpString1="WPDNSE", lpString2="Windows") returned 1 [0049.917] lstrcmpiW (lpString1="WPDNSE", lpString2="Program Files") returned 1 [0049.917] lstrcmpiW (lpString1="WPDNSE", lpString2="Program Files (x86)") returned 1 [0049.917] lstrcmpiW (lpString1="WPDNSE", lpString2="$Recycle.bin") returned 1 [0049.917] lstrcmpiW (lpString1="WPDNSE", lpString2="System Volume Information") returned 1 [0049.917] lstrcmpiW (lpString1="WPDNSE", lpString2=".") returned 1 [0049.917] lstrcmpiW (lpString1="WPDNSE", lpString2="..") returned 1 [0049.917] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE") returned 59 [0049.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.917] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE" [0049.917] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE\\*" [0049.917] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x58fc13e0, ftCreationTime.dwHighDateTime=0x1d632de, ftLastAccessTime.dwLowDateTime=0x58fc13e0, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x58fc13e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.918] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.918] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.918] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.918] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.918] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.918] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.918] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x58fc13e0, ftCreationTime.dwHighDateTime=0x1d632de, ftLastAccessTime.dwLowDateTime=0x58fc13e0, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x58fc13e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.918] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.918] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.918] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.918] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.918] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.918] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x58fc13e0, ftCreationTime.dwHighDateTime=0x1d632de, ftLastAccessTime.dwLowDateTime=0x58fc13e0, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x58fc13e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.918] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.918] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE\\LOLKEK.txt") returned 70 [0049.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wpdnse\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.919] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.919] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.919] CloseHandle (hObject=0x290) returned 1 [0049.920] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.920] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd48f4600, ftCreationTime.dwHighDateTime=0x1d62d19, ftLastAccessTime.dwLowDateTime=0x213563a0, ftLastAccessTime.dwHighDateTime=0x1d626ed, ftLastWriteTime.dwLowDateTime=0x213563a0, ftLastWriteTime.dwHighDateTime=0x1d626ed, nFileSizeHigh=0x0, nFileSizeLow=0x17bf5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wvzQ5m-fA_Vyq0DdoAG.m4a", cAlternateFileName="WVZQ5M~1.M4A")) returned 1 [0049.920] lstrcmpiW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2="Windows") returned 1 [0049.920] lstrcmpiW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2="Program Files") returned 1 [0049.920] lstrcmpiW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2="Program Files (x86)") returned 1 [0049.920] lstrcmpiW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2="$Recycle.bin") returned 1 [0049.920] lstrcmpiW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2="System Volume Information") returned 1 [0049.920] lstrcmpiW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2=".") returned 1 [0049.920] lstrcmpiW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2="..") returned 1 [0049.920] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a") returned 76 [0049.920] StrStrIW (lpFirst="wvzQ5m-fA_Vyq0DdoAG.m4a", lpSrch=".lolkek") returned 0x0 [0049.920] lstrcmpW (lpString1="wvzQ5m-fA_Vyq0DdoAG.m4a", lpString2="LOLKEK.txt") returned 1 [0049.920] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a") returned 76 [0049.920] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6161e8 [0049.920] lstrcpyW (in: lpString1=0x6161e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\wvzQ5m-fA_Vyq0DdoAG.m4a" [0049.920] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.920] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.920] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14d83270, ftCreationTime.dwHighDateTime=0x1d6248d, ftLastAccessTime.dwLowDateTime=0x9899420, ftLastAccessTime.dwHighDateTime=0x1d625e8, ftLastWriteTime.dwLowDateTime=0x9899420, ftLastWriteTime.dwHighDateTime=0x1d625e8, nFileSizeHigh=0x0, nFileSizeLow=0x1fd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_2Iu.mkv", cAlternateFileName="")) returned 1 [0049.920] lstrcmpiW (lpString1="_2Iu.mkv", lpString2="Windows") returned -1 [0049.920] lstrcmpiW (lpString1="_2Iu.mkv", lpString2="Program Files") returned -1 [0049.920] lstrcmpiW (lpString1="_2Iu.mkv", lpString2="Program Files (x86)") returned -1 [0049.920] lstrcmpiW (lpString1="_2Iu.mkv", lpString2="$Recycle.bin") returned 1 [0049.920] lstrcmpiW (lpString1="_2Iu.mkv", lpString2="System Volume Information") returned -1 [0049.920] lstrcmpiW (lpString1="_2Iu.mkv", lpString2=".") returned 1 [0049.920] lstrcmpiW (lpString1="_2Iu.mkv", lpString2="..") returned 1 [0049.920] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv") returned 61 [0049.920] StrStrIW (lpFirst="_2Iu.mkv", lpSrch=".lolkek") returned 0x0 [0049.920] lstrcmpW (lpString1="_2Iu.mkv", lpString2="LOLKEK.txt") returned -1 [0049.921] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv") returned 61 [0049.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0360 [0049.921] lstrcpyW (in: lpString1=0x3da0360, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\_2Iu.mkv" [0049.921] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.930] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.930] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14d83270, ftCreationTime.dwHighDateTime=0x1d6248d, ftLastAccessTime.dwLowDateTime=0x9899420, ftLastAccessTime.dwHighDateTime=0x1d625e8, ftLastWriteTime.dwLowDateTime=0x9899420, ftLastWriteTime.dwHighDateTime=0x1d625e8, nFileSizeHigh=0x0, nFileSizeLow=0x1fd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_2Iu.mkv", cAlternateFileName="")) returned 0 [0049.930] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0049.930] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\LOLKEK.txt") returned 63 [0049.930] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0049.931] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.931] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0049.932] CloseHandle (hObject=0x24c) returned 1 [0049.932] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.933] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0049.933] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Windows") returned -1 [0049.933] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Program Files") returned 1 [0049.933] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Program Files (x86)") returned 1 [0049.933] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="$Recycle.bin") returned 1 [0049.933] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="System Volume Information") returned 1 [0049.933] lstrcmpiW (lpString1="Temporary Internet Files", lpString2=".") returned 1 [0049.933] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="..") returned 1 [0049.933] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files") returned 72 [0049.933] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.934] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" [0049.934] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*" [0049.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x14d83270, ftCreationTime.dwHighDateTime=0x1d6248d, ftLastAccessTime.dwLowDateTime=0x9899420, ftLastAccessTime.dwHighDateTime=0x1d625e8, ftLastWriteTime.dwLowDateTime=0x9899420, ftLastWriteTime.dwHighDateTime=0x1d625e8, nFileSizeHigh=0x0, nFileSizeLow=0x1fd2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_2Iu.mkv", cAlternateFileName="ꐴ瘵뾣䛦ͣ疨༸ξ纈0ͣͣ⒭䚗༸ξͣ热/༸ξ였_徰c헍皮")) returned 0xffffffff [0049.934] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.934] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0049.934] lstrcmpiW (lpString1="VirtualStore", lpString2="Windows") returned -1 [0049.934] lstrcmpiW (lpString1="VirtualStore", lpString2="Program Files") returned 1 [0049.934] lstrcmpiW (lpString1="VirtualStore", lpString2="Program Files (x86)") returned 1 [0049.934] lstrcmpiW (lpString1="VirtualStore", lpString2="$Recycle.bin") returned 1 [0049.934] lstrcmpiW (lpString1="VirtualStore", lpString2="System Volume Information") returned 1 [0049.934] lstrcmpiW (lpString1="VirtualStore", lpString2=".") returned 1 [0049.934] lstrcmpiW (lpString1="VirtualStore", lpString2="..") returned 1 [0049.934] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore") returned 60 [0049.934] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.934] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore" [0049.934] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\*" [0049.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0049.935] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.935] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.935] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.935] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.935] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.935] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.935] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.935] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.935] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.935] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.935] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.935] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.935] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.935] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.935] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.935] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0049.935] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\LOLKEK.txt") returned 71 [0049.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\virtualstore\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0049.936] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.936] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0049.941] CloseHandle (hObject=0x24c) returned 1 [0049.942] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0049.942] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 0 [0049.942] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0049.942] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\LOLKEK.txt") returned 58 [0049.942] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0049.942] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.942] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0049.943] CloseHandle (hObject=0x2a0) returned 1 [0049.943] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0049.943] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0049.943] lstrcmpiW (lpString1="LocalLow", lpString2="Windows") returned -1 [0049.943] lstrcmpiW (lpString1="LocalLow", lpString2="Program Files") returned -1 [0049.943] lstrcmpiW (lpString1="LocalLow", lpString2="Program Files (x86)") returned -1 [0049.943] lstrcmpiW (lpString1="LocalLow", lpString2="$Recycle.bin") returned 1 [0049.943] lstrcmpiW (lpString1="LocalLow", lpString2="System Volume Information") returned -1 [0049.943] lstrcmpiW (lpString1="LocalLow", lpString2=".") returned 1 [0049.943] lstrcmpiW (lpString1="LocalLow", lpString2="..") returned 1 [0049.943] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow") returned 50 [0049.943] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0049.943] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow" [0049.943] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\*" [0049.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0049.944] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.944] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.944] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.944] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.944] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.944] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.944] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.944] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.944] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.944] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.944] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.944] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.944] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.944] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.944] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Adobe", cAlternateFileName="")) returned 1 [0049.944] lstrcmpiW (lpString1="Adobe", lpString2="Windows") returned -1 [0049.944] lstrcmpiW (lpString1="Adobe", lpString2="Program Files") returned -1 [0049.944] lstrcmpiW (lpString1="Adobe", lpString2="Program Files (x86)") returned -1 [0049.944] lstrcmpiW (lpString1="Adobe", lpString2="$Recycle.bin") returned 1 [0049.944] lstrcmpiW (lpString1="Adobe", lpString2="System Volume Information") returned -1 [0049.944] lstrcmpiW (lpString1="Adobe", lpString2=".") returned 1 [0049.944] lstrcmpiW (lpString1="Adobe", lpString2="..") returned 1 [0049.944] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe") returned 56 [0049.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0049.944] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe" [0049.944] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\*" [0049.944] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0049.948] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.948] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.948] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.948] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.948] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.948] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.948] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.948] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.948] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.948] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.948] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.948] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.948] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.948] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.948] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0049.949] lstrcmpiW (lpString1="Acrobat", lpString2="Windows") returned -1 [0049.949] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files") returned -1 [0049.949] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files (x86)") returned -1 [0049.949] lstrcmpiW (lpString1="Acrobat", lpString2="$Recycle.bin") returned 1 [0049.949] lstrcmpiW (lpString1="Acrobat", lpString2="System Volume Information") returned -1 [0049.949] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0049.949] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0049.949] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat") returned 64 [0049.949] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.949] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat" [0049.949] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\*" [0049.949] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.949] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.949] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.949] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.949] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.949] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.949] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.949] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.949] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.949] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.949] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.949] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.949] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.949] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.949] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.949] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 1 [0049.949] lstrcmpiW (lpString1="10.0", lpString2="Windows") returned -1 [0049.949] lstrcmpiW (lpString1="10.0", lpString2="Program Files") returned -1 [0049.949] lstrcmpiW (lpString1="10.0", lpString2="Program Files (x86)") returned -1 [0049.949] lstrcmpiW (lpString1="10.0", lpString2="$Recycle.bin") returned 1 [0049.949] lstrcmpiW (lpString1="10.0", lpString2="System Volume Information") returned -1 [0049.949] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0049.949] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0049.949] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0") returned 69 [0049.949] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.950] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0" [0049.950] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*" [0049.950] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.956] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.956] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.956] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.956] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.956] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.956] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.956] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.957] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.957] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.957] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.957] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.957] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.957] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.957] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.957] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9b6a040, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9b6a040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xde963ca0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0xa5ff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rdrmessage.zip", cAlternateFileName="RDRMES~1.ZIP")) returned 1 [0049.957] lstrcmpiW (lpString1="rdrmessage.zip", lpString2="Windows") returned -1 [0049.957] lstrcmpiW (lpString1="rdrmessage.zip", lpString2="Program Files") returned 1 [0049.957] lstrcmpiW (lpString1="rdrmessage.zip", lpString2="Program Files (x86)") returned 1 [0049.957] lstrcmpiW (lpString1="rdrmessage.zip", lpString2="$Recycle.bin") returned 1 [0049.957] lstrcmpiW (lpString1="rdrmessage.zip", lpString2="System Volume Information") returned -1 [0049.957] lstrcmpiW (lpString1="rdrmessage.zip", lpString2=".") returned 1 [0049.957] lstrcmpiW (lpString1="rdrmessage.zip", lpString2="..") returned 1 [0049.957] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip") returned 84 [0049.957] StrStrIW (lpFirst="rdrmessage.zip", lpSrch=".lolkek") returned 0x0 [0049.957] lstrcmpW (lpString1="rdrmessage.zip", lpString2="LOLKEK.txt") returned 1 [0049.957] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip") returned 84 [0049.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb6c48 [0049.957] lstrcpyW (in: lpString1=0x3eb6c48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" [0049.957] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.957] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.957] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce824760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce824760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe5ab8070, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ReaderMessages", cAlternateFileName="READER~1")) returned 1 [0049.957] lstrcmpiW (lpString1="ReaderMessages", lpString2="Windows") returned -1 [0049.957] lstrcmpiW (lpString1="ReaderMessages", lpString2="Program Files") returned 1 [0049.957] lstrcmpiW (lpString1="ReaderMessages", lpString2="Program Files (x86)") returned 1 [0049.957] lstrcmpiW (lpString1="ReaderMessages", lpString2="$Recycle.bin") returned 1 [0049.957] lstrcmpiW (lpString1="ReaderMessages", lpString2="System Volume Information") returned -1 [0049.957] lstrcmpiW (lpString1="ReaderMessages", lpString2=".") returned 1 [0049.957] lstrcmpiW (lpString1="ReaderMessages", lpString2="..") returned 1 [0049.957] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages") returned 84 [0049.957] StrStrIW (lpFirst="ReaderMessages", lpSrch=".lolkek") returned 0x0 [0049.957] lstrcmpW (lpString1="ReaderMessages", lpString2="LOLKEK.txt") returned 1 [0049.957] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages") returned 84 [0049.957] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb6ae0 [0049.957] lstrcpyW (in: lpString1=0x3eb6ae0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" [0049.957] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0049.957] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0049.957] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Search", cAlternateFileName="")) returned 1 [0049.957] lstrcmpiW (lpString1="Search", lpString2="Windows") returned -1 [0049.958] lstrcmpiW (lpString1="Search", lpString2="Program Files") returned 1 [0049.958] lstrcmpiW (lpString1="Search", lpString2="Program Files (x86)") returned 1 [0049.958] lstrcmpiW (lpString1="Search", lpString2="$Recycle.bin") returned 1 [0049.958] lstrcmpiW (lpString1="Search", lpString2="System Volume Information") returned -1 [0049.958] lstrcmpiW (lpString1="Search", lpString2=".") returned 1 [0049.958] lstrcmpiW (lpString1="Search", lpString2="..") returned 1 [0049.958] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search") returned 76 [0049.958] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.958] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search" [0049.958] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*" [0049.958] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.964] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.964] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.964] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.964] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.964] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.964] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.964] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.964] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.964] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.964] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.964] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.964] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.964] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.964] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.964] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.964] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0049.964] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\LOLKEK.txt") returned 87 [0049.964] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\search\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0049.965] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.965] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0049.965] CloseHandle (hObject=0x268) returned 1 [0049.965] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0049.965] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Search", cAlternateFileName="")) returned 0 [0049.966] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0049.966] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\LOLKEK.txt") returned 80 [0049.966] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0049.966] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.966] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0049.967] CloseHandle (hObject=0x290) returned 1 [0049.967] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0049.967] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 0 [0049.967] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0049.967] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\LOLKEK.txt") returned 75 [0049.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0049.967] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.967] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0049.968] CloseHandle (hObject=0x24c) returned 1 [0049.968] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0049.969] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0049.969] lstrcmpiW (lpString1="Linguistics", lpString2="Windows") returned -1 [0049.969] lstrcmpiW (lpString1="Linguistics", lpString2="Program Files") returned -1 [0049.969] lstrcmpiW (lpString1="Linguistics", lpString2="Program Files (x86)") returned -1 [0049.969] lstrcmpiW (lpString1="Linguistics", lpString2="$Recycle.bin") returned 1 [0049.969] lstrcmpiW (lpString1="Linguistics", lpString2="System Volume Information") returned -1 [0049.969] lstrcmpiW (lpString1="Linguistics", lpString2=".") returned 1 [0049.969] lstrcmpiW (lpString1="Linguistics", lpString2="..") returned 1 [0049.969] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics") returned 68 [0049.969] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0049.969] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics" [0049.969] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\*" [0049.969] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0049.970] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.970] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.970] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.970] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.970] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.970] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.970] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.970] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.970] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.970] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.970] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.970] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.970] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.970] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.970] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0049.970] lstrcmpiW (lpString1="Dictionaries", lpString2="Windows") returned -1 [0049.970] lstrcmpiW (lpString1="Dictionaries", lpString2="Program Files") returned -1 [0049.970] lstrcmpiW (lpString1="Dictionaries", lpString2="Program Files (x86)") returned -1 [0049.970] lstrcmpiW (lpString1="Dictionaries", lpString2="$Recycle.bin") returned 1 [0049.970] lstrcmpiW (lpString1="Dictionaries", lpString2="System Volume Information") returned -1 [0049.970] lstrcmpiW (lpString1="Dictionaries", lpString2=".") returned 1 [0049.970] lstrcmpiW (lpString1="Dictionaries", lpString2="..") returned 1 [0049.970] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries") returned 81 [0049.970] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0049.970] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries" [0049.970] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*" [0049.970] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0049.975] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.975] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.976] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.976] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.976] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.976] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.976] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.976] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.976] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.976] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.976] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.976] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.976] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.976] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.976] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Adobe Custom Dictionary", cAlternateFileName="ADOBEC~1")) returned 1 [0049.976] lstrcmpiW (lpString1="Adobe Custom Dictionary", lpString2="Windows") returned -1 [0049.976] lstrcmpiW (lpString1="Adobe Custom Dictionary", lpString2="Program Files") returned -1 [0049.976] lstrcmpiW (lpString1="Adobe Custom Dictionary", lpString2="Program Files (x86)") returned -1 [0049.976] lstrcmpiW (lpString1="Adobe Custom Dictionary", lpString2="$Recycle.bin") returned 1 [0049.976] lstrcmpiW (lpString1="Adobe Custom Dictionary", lpString2="System Volume Information") returned -1 [0049.976] lstrcmpiW (lpString1="Adobe Custom Dictionary", lpString2=".") returned 1 [0049.976] lstrcmpiW (lpString1="Adobe Custom Dictionary", lpString2="..") returned 1 [0049.976] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary") returned 105 [0049.976] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0049.976] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary" [0049.976] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*" [0049.976] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0049.982] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.982] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.982] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.982] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.982] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.982] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.982] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.982] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.982] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.982] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.982] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.982] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.982] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.982] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.982] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="all", cAlternateFileName="")) returned 1 [0049.982] lstrcmpiW (lpString1="all", lpString2="Windows") returned -1 [0049.982] lstrcmpiW (lpString1="all", lpString2="Program Files") returned -1 [0049.982] lstrcmpiW (lpString1="all", lpString2="Program Files (x86)") returned -1 [0049.982] lstrcmpiW (lpString1="all", lpString2="$Recycle.bin") returned 1 [0049.982] lstrcmpiW (lpString1="all", lpString2="System Volume Information") returned -1 [0049.982] lstrcmpiW (lpString1="all", lpString2=".") returned 1 [0049.982] lstrcmpiW (lpString1="all", lpString2="..") returned 1 [0049.982] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all") returned 109 [0049.982] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.982] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all" [0049.982] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*" [0049.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.982] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.982] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.982] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.982] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.982] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.983] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.983] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.983] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.983] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.983] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.983] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.983] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.983] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.983] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.983] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.983] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.983] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\LOLKEK.txt") returned 120 [0049.983] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\all\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.983] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.983] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.984] CloseHandle (hObject=0x1b4) returned 1 [0049.984] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.984] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brt", cAlternateFileName="")) returned 1 [0049.984] lstrcmpiW (lpString1="brt", lpString2="Windows") returned -1 [0049.985] lstrcmpiW (lpString1="brt", lpString2="Program Files") returned -1 [0049.985] lstrcmpiW (lpString1="brt", lpString2="Program Files (x86)") returned -1 [0049.985] lstrcmpiW (lpString1="brt", lpString2="$Recycle.bin") returned 1 [0049.985] lstrcmpiW (lpString1="brt", lpString2="System Volume Information") returned -1 [0049.985] lstrcmpiW (lpString1="brt", lpString2=".") returned 1 [0049.985] lstrcmpiW (lpString1="brt", lpString2="..") returned 1 [0049.985] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt") returned 109 [0049.985] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.985] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt" [0049.985] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*" [0049.985] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.991] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.991] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0049.991] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0049.991] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0049.991] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0049.991] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0049.991] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.991] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0049.991] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0049.991] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0049.991] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0049.991] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0049.991] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0049.991] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0049.991] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0049.991] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0049.991] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\LOLKEK.txt") returned 120 [0049.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.992] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.992] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0049.992] CloseHandle (hObject=0x1b4) returned 1 [0049.992] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0049.992] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brz", cAlternateFileName="")) returned 1 [0049.992] lstrcmpiW (lpString1="brz", lpString2="Windows") returned -1 [0049.992] lstrcmpiW (lpString1="brz", lpString2="Program Files") returned -1 [0049.992] lstrcmpiW (lpString1="brz", lpString2="Program Files (x86)") returned -1 [0049.992] lstrcmpiW (lpString1="brz", lpString2="$Recycle.bin") returned 1 [0049.993] lstrcmpiW (lpString1="brz", lpString2="System Volume Information") returned -1 [0049.993] lstrcmpiW (lpString1="brz", lpString2=".") returned 1 [0049.993] lstrcmpiW (lpString1="brz", lpString2="..") returned 1 [0049.993] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz") returned 109 [0049.993] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0049.993] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz" [0049.993] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*" [0049.993] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0049.998] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0049.998] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0049.999] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\LOLKEK.txt") returned 120 [0049.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brz\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0049.999] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0049.999] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.000] CloseHandle (hObject=0x1b4) returned 1 [0050.000] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.000] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dan", cAlternateFileName="")) returned 1 [0050.000] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan") returned 109 [0050.000] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.000] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan" [0050.000] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*" [0050.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.000] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\LOLKEK.txt") returned 120 [0050.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dan\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.001] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.001] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.001] CloseHandle (hObject=0x1b4) returned 1 [0050.001] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.001] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dut", cAlternateFileName="")) returned 1 [0050.002] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut") returned 109 [0050.002] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.002] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut" [0050.002] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*" [0050.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.002] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\LOLKEK.txt") returned 120 [0050.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dut\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.002] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.002] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.003] CloseHandle (hObject=0x1b4) returned 1 [0050.003] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.003] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eng", cAlternateFileName="")) returned 1 [0050.003] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng") returned 109 [0050.003] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.003] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng" [0050.003] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*" [0050.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.003] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\LOLKEK.txt") returned 120 [0050.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\eng\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.004] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.004] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.004] CloseHandle (hObject=0x1b4) returned 1 [0050.004] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.005] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="frn", cAlternateFileName="")) returned 1 [0050.005] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn") returned 109 [0050.005] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.005] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn" [0050.005] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*" [0050.005] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.005] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\LOLKEK.txt") returned 120 [0050.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\frn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.005] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.005] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.006] CloseHandle (hObject=0x1b4) returned 1 [0050.006] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.006] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="grm", cAlternateFileName="")) returned 1 [0050.006] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm") returned 109 [0050.006] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.006] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm" [0050.006] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*" [0050.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.006] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\LOLKEK.txt") returned 120 [0050.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\grm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.007] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.007] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.007] CloseHandle (hObject=0x1b4) returned 1 [0050.007] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.007] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="itl", cAlternateFileName="")) returned 1 [0050.007] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl") returned 109 [0050.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.007] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl" [0050.008] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*" [0050.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.008] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\LOLKEK.txt") returned 120 [0050.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\itl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.008] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.008] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.009] CloseHandle (hObject=0x1b4) returned 1 [0050.009] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.009] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nrw", cAlternateFileName="")) returned 1 [0050.009] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw") returned 109 [0050.009] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.009] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw" [0050.009] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*" [0050.009] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.009] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\LOLKEK.txt") returned 120 [0050.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\nrw\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.010] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.010] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.010] CloseHandle (hObject=0x1b4) returned 1 [0050.010] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.010] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="prt", cAlternateFileName="")) returned 1 [0050.010] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt") returned 109 [0050.010] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.010] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt" [0050.010] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*" [0050.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.011] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\LOLKEK.txt") returned 120 [0050.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\prt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.011] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.011] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.012] CloseHandle (hObject=0x1b4) returned 1 [0050.012] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.012] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="spn", cAlternateFileName="")) returned 1 [0050.012] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn") returned 109 [0050.012] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.012] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn" [0050.012] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*" [0050.012] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.012] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\LOLKEK.txt") returned 120 [0050.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\spn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.012] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.012] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.013] CloseHandle (hObject=0x1b4) returned 1 [0050.013] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.013] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="swd", cAlternateFileName="")) returned 1 [0050.013] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd") returned 109 [0050.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.013] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd" [0050.013] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*" [0050.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.013] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\LOLKEK.txt") returned 120 [0050.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\swd\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.014] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.014] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.014] CloseHandle (hObject=0x1b4) returned 1 [0050.015] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.015] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="swd", cAlternateFileName="")) returned 0 [0050.015] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.015] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\LOLKEK.txt") returned 116 [0050.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.015] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.015] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.016] CloseHandle (hObject=0x268) returned 1 [0050.016] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.016] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Adobe Custom Dictionary", cAlternateFileName="ADOBEC~1")) returned 0 [0050.016] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.016] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\LOLKEK.txt") returned 92 [0050.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0050.016] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.016] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.017] CloseHandle (hObject=0x290) returned 1 [0050.017] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.018] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 0 [0050.018] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.019] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\LOLKEK.txt") returned 79 [0050.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.019] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.019] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.019] CloseHandle (hObject=0x24c) returned 1 [0050.020] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.020] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 0 [0050.020] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0050.020] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\LOLKEK.txt") returned 67 [0050.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.020] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.020] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0050.021] CloseHandle (hObject=0x270) returned 1 [0050.021] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.021] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0050.021] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft") returned 60 [0050.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.021] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft" [0050.021] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\*" [0050.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0050.021] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache") returned 77 [0050.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.021] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache" [0050.021] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*" [0050.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.021] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content") returned 85 [0050.021] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.021] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content" [0050.021] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*" [0050.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.022] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B") returned 151 [0050.022] StrStrIW (lpFirst="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpSrch=".lolkek") returned 0x0 [0050.022] lstrcmpW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="LOLKEK.txt") returned -1 [0050.022] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B") returned 151 [0050.022] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x618490 [0050.022] lstrcpyW (in: lpString1=0x618490, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" [0050.022] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.022] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.022] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x561, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0050.022] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="Windows") returned -1 [0050.022] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="Program Files") returned -1 [0050.022] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="Program Files (x86)") returned -1 [0050.022] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="$Recycle.bin") returned 1 [0050.022] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="System Volume Information") returned -1 [0050.022] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2=".") returned 1 [0050.022] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="..") returned 1 [0050.022] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875") returned 151 [0050.022] StrStrIW (lpFirst="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpSrch=".lolkek") returned 0x0 [0050.022] lstrcmpW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="LOLKEK.txt") returned -1 [0050.022] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875") returned 151 [0050.022] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x6186f8 [0050.022] lstrcpyW (in: lpString1=0x6186f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" [0050.023] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.023] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.023] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0050.023] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="Windows") returned -1 [0050.023] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="Program Files") returned -1 [0050.023] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="Program Files (x86)") returned -1 [0050.023] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="$Recycle.bin") returned 1 [0050.023] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="System Volume Information") returned -1 [0050.023] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2=".") returned 1 [0050.023] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="..") returned 1 [0050.023] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973") returned 151 [0050.023] StrStrIW (lpFirst="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpSrch=".lolkek") returned 0x0 [0050.023] lstrcmpW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="LOLKEK.txt") returned -1 [0050.023] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973") returned 151 [0050.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec70d0 [0050.023] lstrcpyW (in: lpString1=0x3ec70d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" [0050.023] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.023] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.023] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf1d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0050.023] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="Windows") returned -1 [0050.023] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="Program Files") returned -1 [0050.023] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="Program Files (x86)") returned -1 [0050.023] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="$Recycle.bin") returned 1 [0050.023] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="System Volume Information") returned -1 [0050.023] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2=".") returned 1 [0050.023] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="..") returned 1 [0050.023] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406") returned 118 [0050.023] StrStrIW (lpFirst="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpSrch=".lolkek") returned 0x0 [0050.023] lstrcmpW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="LOLKEK.txt") returned -1 [0050.023] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406") returned 118 [0050.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3ec7338 [0050.023] lstrcpyW (in: lpString1=0x3ec7338, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" [0050.024] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.024] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.024] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0050.024] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="Windows") returned -1 [0050.024] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="Program Files") returned -1 [0050.024] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="Program Files (x86)") returned -1 [0050.024] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="$Recycle.bin") returned 1 [0050.024] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="System Volume Information") returned -1 [0050.024] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2=".") returned 1 [0050.024] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="..") returned 1 [0050.024] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D") returned 118 [0050.024] StrStrIW (lpFirst="23B523C9E7746F715D33C6527C18EB9D", lpSrch=".lolkek") returned 0x0 [0050.024] lstrcmpW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="LOLKEK.txt") returned -1 [0050.024] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D") returned 118 [0050.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3e3b6a0 [0050.024] lstrcpyW (in: lpString1=0x3e3b6a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" [0050.024] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.024] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.024] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0050.024] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="Windows") returned -1 [0050.024] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="Program Files") returned -1 [0050.024] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="Program Files (x86)") returned -1 [0050.024] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="$Recycle.bin") returned 1 [0050.024] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="System Volume Information") returned -1 [0050.024] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2=".") returned 1 [0050.024] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="..") returned 1 [0050.024] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D") returned 118 [0050.024] StrStrIW (lpFirst="3130B1871A126520A8C47861EFE3ED4D", lpSrch=".lolkek") returned 0x0 [0050.024] lstrcmpW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="LOLKEK.txt") returned -1 [0050.024] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D") returned 118 [0050.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3e3b888 [0050.025] lstrcpyW (in: lpString1=0x3e3b888, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" [0050.025] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.025] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.025] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0050.025] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="Windows") returned -1 [0050.025] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="Program Files") returned -1 [0050.025] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="Program Files (x86)") returned -1 [0050.025] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="$Recycle.bin") returned 1 [0050.025] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="System Volume Information") returned -1 [0050.025] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2=".") returned 1 [0050.025] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="..") returned 1 [0050.025] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D") returned 151 [0050.025] StrStrIW (lpFirst="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpSrch=".lolkek") returned 0x0 [0050.025] lstrcmpW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="LOLKEK.txt") returned -1 [0050.025] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D") returned 151 [0050.025] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3cbb000 [0050.025] lstrcpyW (in: lpString1=0x3cbb000, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" [0050.025] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.034] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.034] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb68, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0050.035] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="Windows") returned -1 [0050.035] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="Program Files") returned -1 [0050.035] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="Program Files (x86)") returned -1 [0050.035] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="$Recycle.bin") returned 1 [0050.035] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="System Volume Information") returned -1 [0050.035] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2=".") returned 1 [0050.035] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="..") returned 1 [0050.035] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1") returned 151 [0050.035] StrStrIW (lpFirst="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpSrch=".lolkek") returned 0x0 [0050.035] lstrcmpW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="LOLKEK.txt") returned -1 [0050.035] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1") returned 151 [0050.035] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3cc1658 [0050.035] lstrcpyW (in: lpString1=0x3cc1658, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" [0050.035] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.035] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.035] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0050.035] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="Windows") returned -1 [0050.035] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="Program Files") returned -1 [0050.035] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="Program Files (x86)") returned -1 [0050.035] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="$Recycle.bin") returned 1 [0050.035] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="System Volume Information") returned -1 [0050.035] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2=".") returned 1 [0050.035] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="..") returned 1 [0050.035] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398") returned 151 [0050.035] StrStrIW (lpFirst="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpSrch=".lolkek") returned 0x0 [0050.035] lstrcmpW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="LOLKEK.txt") returned -1 [0050.035] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398") returned 151 [0050.035] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3cbb268 [0050.035] lstrcpyW (in: lpString1=0x3cbb268, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" [0050.035] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.043] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.044] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x680, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0050.044] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="Windows") returned -1 [0050.044] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="Program Files") returned -1 [0050.044] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="Program Files (x86)") returned -1 [0050.044] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="$Recycle.bin") returned 1 [0050.044] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="System Volume Information") returned -1 [0050.044] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2=".") returned 1 [0050.044] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="..") returned 1 [0050.044] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9") returned 151 [0050.044] StrStrIW (lpFirst="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpSrch=".lolkek") returned 0x0 [0050.044] lstrcmpW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="LOLKEK.txt") returned -1 [0050.044] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9") returned 151 [0050.044] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x6357c8 [0050.044] lstrcpyW (in: lpString1=0x6357c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" [0050.044] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.044] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.044] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0050.044] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="Windows") returned -1 [0050.044] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="Program Files") returned -1 [0050.045] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="Program Files (x86)") returned -1 [0050.045] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="$Recycle.bin") returned 1 [0050.045] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="System Volume Information") returned -1 [0050.045] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2=".") returned 1 [0050.045] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="..") returned 1 [0050.045] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77") returned 151 [0050.045] StrStrIW (lpFirst="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpSrch=".lolkek") returned 0x0 [0050.045] lstrcmpW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="LOLKEK.txt") returned -1 [0050.045] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77") returned 151 [0050.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3cc18c0 [0050.045] lstrcpyW (in: lpString1=0x3cc18c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" [0050.045] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.056] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.056] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0050.056] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="Windows") returned -1 [0050.056] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="Program Files") returned -1 [0050.056] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="Program Files (x86)") returned -1 [0050.056] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="$Recycle.bin") returned 1 [0050.056] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="System Volume Information") returned -1 [0050.056] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2=".") returned 1 [0050.056] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="..") returned 1 [0050.056] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220") returned 151 [0050.056] StrStrIW (lpFirst="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpSrch=".lolkek") returned 0x0 [0050.056] lstrcmpW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="LOLKEK.txt") returned -1 [0050.056] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220") returned 151 [0050.056] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ddd270 [0050.056] lstrcpyW (in: lpString1=0x3ddd270, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" [0050.056] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.057] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.057] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0050.057] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="Windows") returned -1 [0050.057] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="Program Files") returned -1 [0050.057] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="Program Files (x86)") returned -1 [0050.057] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="$Recycle.bin") returned 1 [0050.057] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="System Volume Information") returned -1 [0050.057] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2=".") returned 1 [0050.057] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="..") returned 1 [0050.057] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4") returned 151 [0050.057] StrStrIW (lpFirst="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpSrch=".lolkek") returned 0x0 [0050.057] lstrcmpW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="LOLKEK.txt") returned -1 [0050.057] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4") returned 151 [0050.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x635a30 [0050.057] lstrcpyW (in: lpString1=0x635a30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" [0050.057] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.068] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.068] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x32d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0050.068] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="Windows") returned -1 [0050.068] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="Program Files") returned -1 [0050.068] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="Program Files (x86)") returned -1 [0050.068] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="$Recycle.bin") returned 1 [0050.068] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="System Volume Information") returned -1 [0050.068] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2=".") returned 1 [0050.069] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="..") returned 1 [0050.069] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD") returned 118 [0050.069] StrStrIW (lpFirst="696F3DE637E6DE85B458996D49D759AD", lpSrch=".lolkek") returned 0x0 [0050.069] lstrcmpW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="LOLKEK.txt") returned -1 [0050.069] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD") returned 118 [0050.069] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3e3ba70 [0050.069] lstrcpyW (in: lpString1=0x3e3ba70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" [0050.069] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.069] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.069] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0050.069] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="Windows") returned -1 [0050.069] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="Program Files") returned -1 [0050.069] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="Program Files (x86)") returned -1 [0050.069] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="$Recycle.bin") returned 1 [0050.069] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="System Volume Information") returned -1 [0050.069] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2=".") returned 1 [0050.069] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="..") returned 1 [0050.069] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21") returned 151 [0050.069] StrStrIW (lpFirst="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpSrch=".lolkek") returned 0x0 [0050.069] lstrcmpW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="LOLKEK.txt") returned -1 [0050.069] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21") returned 151 [0050.069] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x619008 [0050.069] lstrcpyW (in: lpString1=0x619008, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" [0050.069] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.080] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.080] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x22a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0050.081] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="Windows") returned -1 [0050.081] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="Program Files") returned -1 [0050.081] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="Program Files (x86)") returned -1 [0050.081] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="$Recycle.bin") returned 1 [0050.081] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="System Volume Information") returned -1 [0050.081] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2=".") returned 1 [0050.081] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="..") returned 1 [0050.081] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21") returned 118 [0050.081] StrStrIW (lpFirst="7396C420A8E1BC1DA97F1AF0D10BAD21", lpSrch=".lolkek") returned 0x0 [0050.081] lstrcmpW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="LOLKEK.txt") returned -1 [0050.081] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21") returned 118 [0050.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3ddd4d8 [0050.081] lstrcpyW (in: lpString1=0x3ddd4d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" [0050.081] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.081] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.081] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0050.081] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="Windows") returned -1 [0050.081] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="Program Files") returned -1 [0050.081] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="Program Files (x86)") returned -1 [0050.081] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="$Recycle.bin") returned 1 [0050.081] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="System Volume Information") returned -1 [0050.081] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2=".") returned 1 [0050.081] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="..") returned 1 [0050.081] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6") returned 151 [0050.081] StrStrIW (lpFirst="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpSrch=".lolkek") returned 0x0 [0050.081] lstrcmpW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="LOLKEK.txt") returned -1 [0050.081] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6") returned 151 [0050.081] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x619270 [0050.081] lstrcpyW (in: lpString1=0x619270, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" [0050.081] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.104] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.104] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd0e4c510, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0050.104] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Windows") returned -1 [0050.104] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files") returned -1 [0050.104] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files (x86)") returned -1 [0050.104] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="$Recycle.bin") returned 1 [0050.104] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="System Volume Information") returned -1 [0050.104] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2=".") returned 1 [0050.104] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="..") returned 1 [0050.104] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 118 [0050.104] StrStrIW (lpFirst="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpSrch=".lolkek") returned 0x0 [0050.104] lstrcmpW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="LOLKEK.txt") returned -1 [0050.104] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 118 [0050.104] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x6194d8 [0050.104] lstrcpyW (in: lpString1=0x6194d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" [0050.104] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.104] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.104] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x67c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0050.104] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="Windows") returned -1 [0050.104] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="Program Files") returned -1 [0050.104] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="Program Files (x86)") returned -1 [0050.104] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="$Recycle.bin") returned 1 [0050.104] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="System Volume Information") returned -1 [0050.104] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2=".") returned 1 [0050.104] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="..") returned 1 [0050.104] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D") returned 151 [0050.104] StrStrIW (lpFirst="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpSrch=".lolkek") returned 0x0 [0050.104] lstrcmpW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="LOLKEK.txt") returned -1 [0050.104] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D") returned 151 [0050.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3de1298 [0050.105] lstrcpyW (in: lpString1=0x3de1298, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" [0050.105] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.114] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.114] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="Windows") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="Program Files") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="Program Files (x86)") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="$Recycle.bin") returned 1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="System Volume Information") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2=".") returned 1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="..") returned 1 [0050.114] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6") returned 151 [0050.114] StrStrIW (lpFirst="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpSrch=".lolkek") returned 0x0 [0050.114] lstrcmpW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="LOLKEK.txt") returned -1 [0050.114] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6") returned 151 [0050.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x613198 [0050.114] lstrcpyW (in: lpString1=0x613198, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" [0050.114] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.114] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.114] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="Windows") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="Program Files") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="Program Files (x86)") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="$Recycle.bin") returned 1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="System Volume Information") returned -1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2=".") returned 1 [0050.114] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="..") returned 1 [0050.114] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD") returned 151 [0050.115] StrStrIW (lpFirst="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpSrch=".lolkek") returned 0x0 [0050.115] lstrcmpW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="LOLKEK.txt") returned -1 [0050.115] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD") returned 151 [0050.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3de1500 [0050.115] lstrcpyW (in: lpString1=0x3de1500, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" [0050.115] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.126] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.126] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0050.126] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="Windows") returned -1 [0050.126] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="Program Files") returned -1 [0050.126] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="Program Files (x86)") returned -1 [0050.126] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="$Recycle.bin") returned 1 [0050.126] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="System Volume Information") returned -1 [0050.126] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2=".") returned 1 [0050.126] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="..") returned 1 [0050.126] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0") returned 151 [0050.126] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpSrch=".lolkek") returned 0x0 [0050.126] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="LOLKEK.txt") returned -1 [0050.126] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0") returned 151 [0050.126] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3de1768 [0050.126] lstrcpyW (in: lpString1=0x3de1768, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" [0050.126] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.127] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.127] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61210960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61210960, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0050.127] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="Windows") returned -1 [0050.127] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="Program Files") returned -1 [0050.127] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="Program Files (x86)") returned -1 [0050.127] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="$Recycle.bin") returned 1 [0050.127] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="System Volume Information") returned -1 [0050.127] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2=".") returned 1 [0050.127] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="..") returned 1 [0050.127] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E") returned 151 [0050.127] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpSrch=".lolkek") returned 0x0 [0050.127] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="LOLKEK.txt") returned -1 [0050.127] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E") returned 151 [0050.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x613400 [0050.127] lstrcpyW (in: lpString1=0x613400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" [0050.127] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.135] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.135] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="Windows") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="Program Files") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="Program Files (x86)") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="$Recycle.bin") returned 1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="System Volume Information") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2=".") returned 1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="..") returned 1 [0050.135] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1") returned 151 [0050.135] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpSrch=".lolkek") returned 0x0 [0050.135] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="LOLKEK.txt") returned -1 [0050.135] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1") returned 151 [0050.135] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da8068 [0050.135] lstrcpyW (in: lpString1=0x3da8068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" [0050.135] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.135] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.135] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="Windows") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="Program Files") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="Program Files (x86)") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="$Recycle.bin") returned 1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="System Volume Information") returned -1 [0050.135] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2=".") returned 1 [0050.136] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="..") returned 1 [0050.136] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E") returned 151 [0050.136] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpSrch=".lolkek") returned 0x0 [0050.136] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="LOLKEK.txt") returned -1 [0050.136] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E") returned 151 [0050.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da82d0 [0050.136] lstrcpyW (in: lpString1=0x3da82d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" [0050.136] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.144] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.144] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58394060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58394060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="Windows") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="Program Files") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="Program Files (x86)") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="$Recycle.bin") returned 1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="System Volume Information") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2=".") returned 1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="..") returned 1 [0050.144] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4") returned 151 [0050.144] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpSrch=".lolkek") returned 0x0 [0050.144] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="LOLKEK.txt") returned -1 [0050.144] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4") returned 151 [0050.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da8538 [0050.144] lstrcpyW (in: lpString1=0x3da8538, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" [0050.144] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.144] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.144] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="Windows") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="Program Files") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="Program Files (x86)") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="$Recycle.bin") returned 1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="System Volume Information") returned -1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2=".") returned 1 [0050.144] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="..") returned 1 [0050.144] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778") returned 151 [0050.144] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpSrch=".lolkek") returned 0x0 [0050.144] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="LOLKEK.txt") returned -1 [0050.144] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778") returned 151 [0050.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da87a0 [0050.144] lstrcpyW (in: lpString1=0x3da87a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" [0050.145] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.153] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.153] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="Windows") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="Program Files") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="Program Files (x86)") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="$Recycle.bin") returned 1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="System Volume Information") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2=".") returned 1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="..") returned 1 [0050.153] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED") returned 151 [0050.153] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpSrch=".lolkek") returned 0x0 [0050.153] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="LOLKEK.txt") returned -1 [0050.153] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED") returned 151 [0050.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da8a08 [0050.153] lstrcpyW (in: lpString1=0x3da8a08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" [0050.153] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.153] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.153] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="Windows") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="Program Files") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="Program Files (x86)") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="$Recycle.bin") returned 1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="System Volume Information") returned -1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2=".") returned 1 [0050.153] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="..") returned 1 [0050.153] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E") returned 151 [0050.153] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpSrch=".lolkek") returned 0x0 [0050.153] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="LOLKEK.txt") returned -1 [0050.153] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E") returned 151 [0050.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da8c70 [0050.153] lstrcpyW (in: lpString1=0x3da8c70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" [0050.153] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.161] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.161] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="Windows") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="Program Files") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="Program Files (x86)") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="$Recycle.bin") returned 1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="System Volume Information") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2=".") returned 1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="..") returned 1 [0050.162] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30") returned 151 [0050.162] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpSrch=".lolkek") returned 0x0 [0050.162] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="LOLKEK.txt") returned -1 [0050.162] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30") returned 151 [0050.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da8ed8 [0050.162] lstrcpyW (in: lpString1=0x3da8ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" [0050.162] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.162] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.162] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="Windows") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="Program Files") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="Program Files (x86)") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="$Recycle.bin") returned 1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="System Volume Information") returned -1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2=".") returned 1 [0050.162] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="..") returned 1 [0050.162] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB") returned 151 [0050.162] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpSrch=".lolkek") returned 0x0 [0050.162] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="LOLKEK.txt") returned -1 [0050.162] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB") returned 151 [0050.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da9140 [0050.162] lstrcpyW (in: lpString1=0x3da9140, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" [0050.162] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.170] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.171] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x56e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0050.171] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="Windows") returned -1 [0050.171] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="Program Files") returned -1 [0050.171] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="Program Files (x86)") returned -1 [0050.171] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="$Recycle.bin") returned 1 [0050.171] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="System Volume Information") returned -1 [0050.171] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2=".") returned 1 [0050.171] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="..") returned 1 [0050.171] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56") returned 151 [0050.171] StrStrIW (lpFirst="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpSrch=".lolkek") returned 0x0 [0050.171] lstrcmpW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="LOLKEK.txt") returned -1 [0050.171] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56") returned 151 [0050.171] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da93a8 [0050.171] lstrcpyW (in: lpString1=0x3da93a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" [0050.171] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.171] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.171] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0050.171] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="Windows") returned -1 [0050.171] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="Program Files") returned -1 [0050.171] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="Program Files (x86)") returned -1 [0050.171] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="$Recycle.bin") returned 1 [0050.171] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="System Volume Information") returned -1 [0050.171] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2=".") returned 1 [0050.171] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="..") returned 1 [0050.171] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F") returned 151 [0050.171] StrStrIW (lpFirst="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpSrch=".lolkek") returned 0x0 [0050.171] lstrcmpW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="LOLKEK.txt") returned -1 [0050.171] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F") returned 151 [0050.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da9610 [0050.172] lstrcpyW (in: lpString1=0x3da9610, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" [0050.172] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.181] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.182] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0050.182] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="Windows") returned -1 [0050.182] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="Program Files") returned -1 [0050.182] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="Program Files (x86)") returned -1 [0050.182] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="$Recycle.bin") returned 1 [0050.182] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="System Volume Information") returned -1 [0050.182] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2=".") returned 1 [0050.182] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="..") returned 1 [0050.182] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416") returned 151 [0050.182] StrStrIW (lpFirst="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpSrch=".lolkek") returned 0x0 [0050.182] lstrcmpW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="LOLKEK.txt") returned -1 [0050.182] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416") returned 151 [0050.182] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da9878 [0050.182] lstrcpyW (in: lpString1=0x3da9878, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" [0050.182] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.182] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.182] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x59d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0050.182] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="Windows") returned -1 [0050.182] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="Program Files") returned -1 [0050.182] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="Program Files (x86)") returned -1 [0050.182] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="$Recycle.bin") returned 1 [0050.182] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="System Volume Information") returned -1 [0050.182] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2=".") returned 1 [0050.182] lstrcmpiW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="..") returned 1 [0050.182] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned 151 [0050.182] StrStrIW (lpFirst="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpSrch=".lolkek") returned 0x0 [0050.182] lstrcmpW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="LOLKEK.txt") returned -1 [0050.182] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned 151 [0050.182] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da9ae0 [0050.182] lstrcpyW (in: lpString1=0x3da9ae0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" [0050.182] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.190] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.191] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbddd270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd2da, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0050.191] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Windows") returned -1 [0050.191] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Program Files") returned -1 [0050.191] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Program Files (x86)") returned -1 [0050.191] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="$Recycle.bin") returned 1 [0050.191] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="System Volume Information") returned -1 [0050.191] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2=".") returned 1 [0050.191] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="..") returned 1 [0050.191] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015") returned 118 [0050.191] StrStrIW (lpFirst="94308059B57B3142E455B38A6EB92015", lpSrch=".lolkek") returned 0x0 [0050.191] lstrcmpW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="LOLKEK.txt") returned -1 [0050.191] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015") returned 118 [0050.191] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x613668 [0050.191] lstrcpyW (in: lpString1=0x613668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" [0050.191] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.191] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.191] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5e0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0050.191] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2="Windows") returned -1 [0050.191] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2="Program Files") returned -1 [0050.191] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2="Program Files (x86)") returned -1 [0050.191] lstrcmpiW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2="$Recycle.bin") returned 1 [0050.191] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned 151 [0050.191] StrStrIW (lpFirst="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpSrch=".lolkek") returned 0x0 [0050.191] lstrcmpW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2="LOLKEK.txt") returned -1 [0050.191] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned 151 [0050.191] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da9d48 [0050.191] lstrcpyW (in: lpString1=0x3da9d48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" [0050.191] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.199] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.199] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ab, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0050.200] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned 151 [0050.200] StrStrIW (lpFirst="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpSrch=".lolkek") returned 0x0 [0050.200] lstrcmpW (lpString1="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpString2="LOLKEK.txt") returned -1 [0050.200] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned 151 [0050.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3da9fb0 [0050.200] lstrcpyW (in: lpString1=0x3da9fb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" [0050.200] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.200] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.200] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0050.200] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned 151 [0050.200] StrStrIW (lpFirst="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpSrch=".lolkek") returned 0x0 [0050.200] lstrcmpW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpString2="LOLKEK.txt") returned -1 [0050.200] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned 151 [0050.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3daa218 [0050.200] lstrcpyW (in: lpString1=0x3daa218, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" [0050.200] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.208] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.208] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0050.208] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned 151 [0050.208] StrStrIW (lpFirst="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpSrch=".lolkek") returned 0x0 [0050.208] lstrcmpW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpString2="LOLKEK.txt") returned -1 [0050.208] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned 151 [0050.208] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3daa480 [0050.208] lstrcpyW (in: lpString1=0x3daa480, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" [0050.208] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.208] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.208] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0050.208] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned 151 [0050.208] StrStrIW (lpFirst="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpSrch=".lolkek") returned 0x0 [0050.208] lstrcmpW (lpString1="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpString2="LOLKEK.txt") returned -1 [0050.209] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned 151 [0050.209] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3daa6e8 [0050.209] lstrcpyW (in: lpString1=0x3daa6e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" [0050.209] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.217] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.217] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ee, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0050.217] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned 151 [0050.217] StrStrIW (lpFirst="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpSrch=".lolkek") returned 0x0 [0050.217] lstrcmpW (lpString1="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpString2="LOLKEK.txt") returned -1 [0050.217] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned 151 [0050.217] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3daa950 [0050.217] lstrcpyW (in: lpString1=0x3daa950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" [0050.217] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.217] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.217] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0050.217] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned 151 [0050.217] StrStrIW (lpFirst="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpSrch=".lolkek") returned 0x0 [0050.217] lstrcmpW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpString2="LOLKEK.txt") returned -1 [0050.217] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned 151 [0050.217] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3daabb8 [0050.217] lstrcpyW (in: lpString1=0x3daabb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" [0050.217] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.226] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.226] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0050.227] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned 151 [0050.227] StrStrIW (lpFirst="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpSrch=".lolkek") returned 0x0 [0050.227] lstrcmpW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpString2="LOLKEK.txt") returned -1 [0050.227] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned 151 [0050.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3daae20 [0050.227] lstrcpyW (in: lpString1=0x3daae20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" [0050.227] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.227] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.227] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0050.227] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned 151 [0050.227] StrStrIW (lpFirst="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpSrch=".lolkek") returned 0x0 [0050.227] lstrcmpW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpString2="LOLKEK.txt") returned -1 [0050.227] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned 151 [0050.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3dab088 [0050.227] lstrcpyW (in: lpString1=0x3dab088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" [0050.227] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.236] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.236] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0050.236] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned 151 [0050.236] StrStrIW (lpFirst="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpSrch=".lolkek") returned 0x0 [0050.236] lstrcmpW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpString2="LOLKEK.txt") returned -1 [0050.236] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned 151 [0050.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3dab2f0 [0050.236] lstrcpyW (in: lpString1=0x3dab2f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" [0050.236] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.236] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.236] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0050.236] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned 151 [0050.236] StrStrIW (lpFirst="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpSrch=".lolkek") returned 0x0 [0050.236] lstrcmpW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpString2="LOLKEK.txt") returned -1 [0050.236] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned 151 [0050.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3dab558 [0050.236] lstrcpyW (in: lpString1=0x3dab558, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" [0050.236] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.246] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.246] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0050.247] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned 151 [0050.247] StrStrIW (lpFirst="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpSrch=".lolkek") returned 0x0 [0050.247] lstrcmpW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpString2="LOLKEK.txt") returned -1 [0050.247] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned 151 [0050.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3dab7c0 [0050.247] lstrcpyW (in: lpString1=0x3dab7c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" [0050.247] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.247] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.247] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0050.247] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned 151 [0050.247] StrStrIW (lpFirst="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpSrch=".lolkek") returned 0x0 [0050.247] lstrcmpW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpString2="LOLKEK.txt") returned -1 [0050.247] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned 151 [0050.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3daba28 [0050.247] lstrcpyW (in: lpString1=0x3daba28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" [0050.247] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.257] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.257] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0050.257] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned 151 [0050.257] StrStrIW (lpFirst="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpSrch=".lolkek") returned 0x0 [0050.257] lstrcmpW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpString2="LOLKEK.txt") returned -1 [0050.257] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned 151 [0050.257] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3dabc90 [0050.257] lstrcpyW (in: lpString1=0x3dabc90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" [0050.257] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.258] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.258] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0050.258] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned 151 [0050.258] StrStrIW (lpFirst="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpSrch=".lolkek") returned 0x0 [0050.258] lstrcmpW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpString2="LOLKEK.txt") returned -1 [0050.258] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned 151 [0050.258] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ebfd08 [0050.258] lstrcpyW (in: lpString1=0x3ebfd08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" [0050.258] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.266] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.266] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x663, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0050.267] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned 151 [0050.267] StrStrIW (lpFirst="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpSrch=".lolkek") returned 0x0 [0050.267] lstrcmpW (lpString1="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpString2="LOLKEK.txt") returned -1 [0050.267] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned 151 [0050.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ebff70 [0050.267] lstrcpyW (in: lpString1=0x3ebff70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" [0050.267] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.267] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.267] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x64b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0050.267] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned 151 [0050.267] StrStrIW (lpFirst="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpSrch=".lolkek") returned 0x0 [0050.267] lstrcmpW (lpString1="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpString2="LOLKEK.txt") returned -1 [0050.267] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned 151 [0050.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec01d8 [0050.267] lstrcpyW (in: lpString1=0x3ec01d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" [0050.267] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.275] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.275] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x64c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0050.275] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned 151 [0050.275] StrStrIW (lpFirst="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpSrch=".lolkek") returned 0x0 [0050.275] lstrcmpW (lpString1="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpString2="LOLKEK.txt") returned -1 [0050.275] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned 151 [0050.275] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec0440 [0050.275] lstrcpyW (in: lpString1=0x3ec0440, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" [0050.275] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.275] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.275] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0050.275] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76") returned 118 [0050.275] StrStrIW (lpFirst="F90F18257CBB4D84216AC1E1F3BB2C76", lpSrch=".lolkek") returned 0x0 [0050.275] lstrcmpW (lpString1="F90F18257CBB4D84216AC1E1F3BB2C76", lpString2="LOLKEK.txt") returned -1 [0050.275] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76") returned 118 [0050.275] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x610ed8 [0050.275] lstrcpyW (in: lpString1=0x610ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" [0050.275] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.284] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.284] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 0 [0050.284] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.284] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\LOLKEK.txt") returned 96 [0050.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0050.284] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.284] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.285] CloseHandle (hObject=0x290) returned 1 [0050.285] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.285] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MetaData", cAlternateFileName="")) returned 1 [0050.285] lstrcmpiW (lpString1="MetaData", lpString2="Windows") returned -1 [0050.285] lstrcmpiW (lpString1="MetaData", lpString2="Program Files") returned -1 [0050.285] lstrcmpiW (lpString1="MetaData", lpString2="Program Files (x86)") returned -1 [0050.285] lstrcmpiW (lpString1="MetaData", lpString2="$Recycle.bin") returned 1 [0050.285] lstrcmpiW (lpString1="MetaData", lpString2="System Volume Information") returned -1 [0050.285] lstrcmpiW (lpString1="MetaData", lpString2=".") returned 1 [0050.285] lstrcmpiW (lpString1="MetaData", lpString2="..") returned 1 [0050.285] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData") returned 86 [0050.285] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.285] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData" [0050.285] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*" [0050.285] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.285] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.285] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.285] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.285] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.285] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.285] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.285] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.286] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.286] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.286] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.286] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.286] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.286] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.286] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.286] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cAlternateFileName="024823~1")) returned 1 [0050.286] lstrcmpiW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="Windows") returned -1 [0050.286] lstrcmpiW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="Program Files") returned -1 [0050.286] lstrcmpiW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="Program Files (x86)") returned -1 [0050.286] lstrcmpiW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="$Recycle.bin") returned 1 [0050.286] lstrcmpiW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="System Volume Information") returned -1 [0050.286] lstrcmpiW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2=".") returned 1 [0050.286] lstrcmpiW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="..") returned 1 [0050.286] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B") returned 152 [0050.286] StrStrIW (lpFirst="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpSrch=".lolkek") returned 0x0 [0050.286] lstrcmpW (lpString1="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", lpString2="LOLKEK.txt") returned -1 [0050.286] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B") returned 152 [0050.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x60eb70 [0050.286] lstrcpyW (in: lpString1=0x60eb70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" [0050.286] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.286] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.286] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x166, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0050.286] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="Windows") returned -1 [0050.286] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="Program Files") returned -1 [0050.286] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="Program Files (x86)") returned -1 [0050.286] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="$Recycle.bin") returned 1 [0050.286] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="System Volume Information") returned -1 [0050.286] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2=".") returned 1 [0050.286] lstrcmpiW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="..") returned 1 [0050.286] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875") returned 152 [0050.286] StrStrIW (lpFirst="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpSrch=".lolkek") returned 0x0 [0050.286] lstrcmpW (lpString1="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", lpString2="LOLKEK.txt") returned -1 [0050.286] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875") returned 152 [0050.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x61ac70 [0050.286] lstrcpyW (in: lpString1=0x61ac70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" [0050.286] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.294] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.294] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0050.294] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="Windows") returned -1 [0050.294] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="Program Files") returned -1 [0050.294] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="Program Files (x86)") returned -1 [0050.294] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="$Recycle.bin") returned 1 [0050.294] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="System Volume Information") returned -1 [0050.294] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2=".") returned 1 [0050.294] lstrcmpiW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="..") returned 1 [0050.294] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973") returned 152 [0050.294] StrStrIW (lpFirst="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpSrch=".lolkek") returned 0x0 [0050.294] lstrcmpW (lpString1="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", lpString2="LOLKEK.txt") returned -1 [0050.294] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973") returned 152 [0050.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x61aee0 [0050.295] lstrcpyW (in: lpString1=0x61aee0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" [0050.295] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.295] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.295] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0050.295] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="Windows") returned -1 [0050.295] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="Program Files") returned -1 [0050.295] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="Program Files (x86)") returned -1 [0050.295] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="$Recycle.bin") returned 1 [0050.295] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="System Volume Information") returned -1 [0050.295] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2=".") returned 1 [0050.295] lstrcmpiW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="..") returned 1 [0050.295] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406") returned 119 [0050.295] StrStrIW (lpFirst="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpSrch=".lolkek") returned 0x0 [0050.295] lstrcmpW (lpString1="1DAF2884EC4DFA96BA4A58D4DBC9C406", lpString2="LOLKEK.txt") returned -1 [0050.295] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406") returned 119 [0050.295] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x61bff8 [0050.295] lstrcpyW (in: lpString1=0x61bff8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" [0050.295] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.306] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.306] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0050.306] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="Windows") returned -1 [0050.306] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="Program Files") returned -1 [0050.306] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="Program Files (x86)") returned -1 [0050.306] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="$Recycle.bin") returned 1 [0050.306] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="System Volume Information") returned -1 [0050.306] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2=".") returned 1 [0050.306] lstrcmpiW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="..") returned 1 [0050.306] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D") returned 119 [0050.306] StrStrIW (lpFirst="23B523C9E7746F715D33C6527C18EB9D", lpSrch=".lolkek") returned 0x0 [0050.306] lstrcmpW (lpString1="23B523C9E7746F715D33C6527C18EB9D", lpString2="LOLKEK.txt") returned -1 [0050.306] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D") returned 119 [0050.306] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x645fb8 [0050.306] lstrcpyW (in: lpString1=0x645fb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" [0050.306] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.306] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.306] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0050.306] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="Windows") returned -1 [0050.306] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="Program Files") returned -1 [0050.307] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="Program Files (x86)") returned -1 [0050.307] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="$Recycle.bin") returned 1 [0050.307] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="System Volume Information") returned -1 [0050.307] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2=".") returned 1 [0050.307] lstrcmpiW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="..") returned 1 [0050.307] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D") returned 119 [0050.307] StrStrIW (lpFirst="3130B1871A126520A8C47861EFE3ED4D", lpSrch=".lolkek") returned 0x0 [0050.307] lstrcmpW (lpString1="3130B1871A126520A8C47861EFE3ED4D", lpString2="LOLKEK.txt") returned -1 [0050.307] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D") returned 119 [0050.307] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x61c1e0 [0050.307] lstrcpyW (in: lpString1=0x61c1e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" [0050.307] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.321] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.321] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0050.322] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="Windows") returned -1 [0050.322] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="Program Files") returned -1 [0050.322] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="Program Files (x86)") returned -1 [0050.322] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="$Recycle.bin") returned 1 [0050.322] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="System Volume Information") returned -1 [0050.322] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2=".") returned 1 [0050.322] lstrcmpiW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="..") returned 1 [0050.322] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D") returned 152 [0050.322] StrStrIW (lpFirst="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpSrch=".lolkek") returned 0x0 [0050.322] lstrcmpW (lpString1="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", lpString2="LOLKEK.txt") returned -1 [0050.322] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D") returned 152 [0050.322] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x67ca98 [0050.322] lstrcpyW (in: lpString1=0x67ca98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" [0050.322] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.322] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.322] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0050.322] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="Windows") returned -1 [0050.322] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="Program Files") returned -1 [0050.322] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="Program Files (x86)") returned -1 [0050.322] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="$Recycle.bin") returned 1 [0050.322] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="System Volume Information") returned -1 [0050.322] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2=".") returned 1 [0050.322] lstrcmpiW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="..") returned 1 [0050.322] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1") returned 152 [0050.322] StrStrIW (lpFirst="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpSrch=".lolkek") returned 0x0 [0050.322] lstrcmpW (lpString1="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", lpString2="LOLKEK.txt") returned -1 [0050.322] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1") returned 152 [0050.322] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x61c3c8 [0050.322] lstrcpyW (in: lpString1=0x61c3c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" [0050.322] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.323] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.323] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0050.323] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="Windows") returned -1 [0050.323] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="Program Files") returned -1 [0050.323] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="Program Files (x86)") returned -1 [0050.323] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="$Recycle.bin") returned 1 [0050.323] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="System Volume Information") returned -1 [0050.323] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2=".") returned 1 [0050.323] lstrcmpiW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="..") returned 1 [0050.323] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398") returned 152 [0050.323] StrStrIW (lpFirst="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpSrch=".lolkek") returned 0x0 [0050.323] lstrcmpW (lpString1="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", lpString2="LOLKEK.txt") returned -1 [0050.323] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398") returned 152 [0050.323] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x61b150 [0050.323] lstrcpyW (in: lpString1=0x61b150, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" [0050.323] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.331] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.331] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0050.331] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="Windows") returned -1 [0050.331] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="Program Files") returned -1 [0050.331] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="Program Files (x86)") returned -1 [0050.331] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="$Recycle.bin") returned 1 [0050.331] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="System Volume Information") returned -1 [0050.331] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2=".") returned 1 [0050.331] lstrcmpiW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="..") returned 1 [0050.331] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9") returned 152 [0050.331] StrStrIW (lpFirst="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpSrch=".lolkek") returned 0x0 [0050.331] lstrcmpW (lpString1="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", lpString2="LOLKEK.txt") returned -1 [0050.331] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9") returned 152 [0050.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3e3dfa0 [0050.332] lstrcpyW (in: lpString1=0x3e3dfa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" [0050.332] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.332] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.332] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0050.332] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="Windows") returned -1 [0050.332] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="Program Files") returned -1 [0050.332] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="Program Files (x86)") returned -1 [0050.332] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="$Recycle.bin") returned 1 [0050.332] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="System Volume Information") returned -1 [0050.332] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2=".") returned 1 [0050.332] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="..") returned 1 [0050.332] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77") returned 152 [0050.332] StrStrIW (lpFirst="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpSrch=".lolkek") returned 0x0 [0050.332] lstrcmpW (lpString1="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", lpString2="LOLKEK.txt") returned -1 [0050.332] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77") returned 152 [0050.332] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3e3e210 [0050.332] lstrcpyW (in: lpString1=0x3e3e210, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" [0050.332] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.345] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.345] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0050.345] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="Windows") returned -1 [0050.345] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="Program Files") returned -1 [0050.345] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="Program Files (x86)") returned -1 [0050.345] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="$Recycle.bin") returned 1 [0050.345] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="System Volume Information") returned -1 [0050.345] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2=".") returned 1 [0050.345] lstrcmpiW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="..") returned 1 [0050.345] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220") returned 152 [0050.345] StrStrIW (lpFirst="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpSrch=".lolkek") returned 0x0 [0050.345] lstrcmpW (lpString1="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", lpString2="LOLKEK.txt") returned -1 [0050.345] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220") returned 152 [0050.345] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3de04b0 [0050.345] lstrcpyW (in: lpString1=0x3de04b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" [0050.345] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.345] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.345] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0050.345] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="Windows") returned -1 [0050.345] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="Program Files") returned -1 [0050.345] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="Program Files (x86)") returned -1 [0050.345] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="$Recycle.bin") returned 1 [0050.345] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="System Volume Information") returned -1 [0050.345] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2=".") returned 1 [0050.345] lstrcmpiW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="..") returned 1 [0050.345] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4") returned 152 [0050.345] StrStrIW (lpFirst="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpSrch=".lolkek") returned 0x0 [0050.345] lstrcmpW (lpString1="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", lpString2="LOLKEK.txt") returned -1 [0050.345] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4") returned 152 [0050.345] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x66b6b0 [0050.345] lstrcpyW (in: lpString1=0x66b6b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" [0050.345] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.345] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.345] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0050.345] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="Windows") returned -1 [0050.345] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="Program Files") returned -1 [0050.345] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="Program Files (x86)") returned -1 [0050.345] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="$Recycle.bin") returned 1 [0050.345] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="System Volume Information") returned -1 [0050.345] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2=".") returned 1 [0050.345] lstrcmpiW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="..") returned 1 [0050.345] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD") returned 119 [0050.345] StrStrIW (lpFirst="696F3DE637E6DE85B458996D49D759AD", lpSrch=".lolkek") returned 0x0 [0050.346] lstrcmpW (lpString1="696F3DE637E6DE85B458996D49D759AD", lpString2="LOLKEK.txt") returned -1 [0050.346] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD") returned 119 [0050.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x3cc1b28 [0050.346] lstrcpyW (in: lpString1=0x3cc1b28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" [0050.346] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.346] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.346] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0050.346] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="Windows") returned -1 [0050.346] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="Program Files") returned -1 [0050.346] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="Program Files (x86)") returned -1 [0050.346] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="$Recycle.bin") returned 1 [0050.346] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="System Volume Information") returned -1 [0050.346] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2=".") returned 1 [0050.346] lstrcmpiW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="..") returned 1 [0050.346] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21") returned 152 [0050.346] StrStrIW (lpFirst="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpSrch=".lolkek") returned 0x0 [0050.346] lstrcmpW (lpString1="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", lpString2="LOLKEK.txt") returned -1 [0050.346] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21") returned 152 [0050.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3e3e480 [0050.346] lstrcpyW (in: lpString1=0x3e3e480, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" [0050.346] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.346] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.346] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0050.346] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="Windows") returned -1 [0050.346] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="Program Files") returned -1 [0050.346] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="Program Files (x86)") returned -1 [0050.346] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="$Recycle.bin") returned 1 [0050.346] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="System Volume Information") returned -1 [0050.346] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2=".") returned 1 [0050.346] lstrcmpiW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="..") returned 1 [0050.346] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21") returned 119 [0050.346] StrStrIW (lpFirst="7396C420A8E1BC1DA97F1AF0D10BAD21", lpSrch=".lolkek") returned 0x0 [0050.346] lstrcmpW (lpString1="7396C420A8E1BC1DA97F1AF0D10BAD21", lpString2="LOLKEK.txt") returned -1 [0050.346] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21") returned 119 [0050.346] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x635c98 [0050.346] lstrcpyW (in: lpString1=0x635c98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" [0050.346] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.377] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.377] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0050.377] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="Windows") returned -1 [0050.377] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="Program Files") returned -1 [0050.377] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="Program Files (x86)") returned -1 [0050.377] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="$Recycle.bin") returned 1 [0050.377] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="System Volume Information") returned -1 [0050.377] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2=".") returned 1 [0050.377] lstrcmpiW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="..") returned 1 [0050.377] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6") returned 152 [0050.377] StrStrIW (lpFirst="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpSrch=".lolkek") returned 0x0 [0050.377] lstrcmpW (lpString1="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", lpString2="LOLKEK.txt") returned -1 [0050.377] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6") returned 152 [0050.377] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x697d88 [0050.377] lstrcpyW (in: lpString1=0x697d88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" [0050.377] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.377] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.377] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd48e2bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0050.377] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Windows") returned -1 [0050.377] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files") returned -1 [0050.377] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files (x86)") returned -1 [0050.378] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="$Recycle.bin") returned 1 [0050.378] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="System Volume Information") returned -1 [0050.378] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2=".") returned 1 [0050.378] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="..") returned 1 [0050.378] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 119 [0050.378] StrStrIW (lpFirst="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpSrch=".lolkek") returned 0x0 [0050.378] lstrcmpW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="LOLKEK.txt") returned -1 [0050.378] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 119 [0050.378] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x3cc9da0 [0050.378] lstrcpyW (in: lpString1=0x3cc9da0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" [0050.378] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.378] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.378] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0050.378] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="Windows") returned -1 [0050.378] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="Program Files") returned -1 [0050.378] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="Program Files (x86)") returned -1 [0050.378] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="$Recycle.bin") returned 1 [0050.378] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="System Volume Information") returned -1 [0050.378] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2=".") returned 1 [0050.378] lstrcmpiW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="..") returned 1 [0050.378] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D") returned 152 [0050.378] StrStrIW (lpFirst="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpSrch=".lolkek") returned 0x0 [0050.378] lstrcmpW (lpString1="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", lpString2="LOLKEK.txt") returned -1 [0050.378] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D") returned 152 [0050.378] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x618c88 [0050.378] lstrcpyW (in: lpString1=0x618c88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" [0050.378] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.378] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.378] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0050.378] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="Windows") returned -1 [0050.378] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="Program Files") returned -1 [0050.378] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="Program Files (x86)") returned -1 [0050.378] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="$Recycle.bin") returned 1 [0050.378] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="System Volume Information") returned -1 [0050.378] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2=".") returned 1 [0050.378] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="..") returned 1 [0050.378] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6") returned 152 [0050.378] StrStrIW (lpFirst="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpSrch=".lolkek") returned 0x0 [0050.378] lstrcmpW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", lpString2="LOLKEK.txt") returned -1 [0050.378] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6") returned 152 [0050.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ebb228 [0050.379] lstrcpyW (in: lpString1=0x3ebb228, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" [0050.379] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.379] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.379] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0050.379] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="Windows") returned -1 [0050.379] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="Program Files") returned -1 [0050.379] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="Program Files (x86)") returned -1 [0050.379] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="$Recycle.bin") returned 1 [0050.379] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="System Volume Information") returned -1 [0050.379] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2=".") returned 1 [0050.379] lstrcmpiW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="..") returned 1 [0050.379] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD") returned 152 [0050.379] StrStrIW (lpFirst="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpSrch=".lolkek") returned 0x0 [0050.379] lstrcmpW (lpString1="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", lpString2="LOLKEK.txt") returned -1 [0050.379] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD") returned 152 [0050.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ebb4b0 [0050.379] lstrcpyW (in: lpString1=0x3ebb4b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" [0050.379] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.379] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.379] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0050.379] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="Windows") returned -1 [0050.379] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="Program Files") returned -1 [0050.379] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="Program Files (x86)") returned -1 [0050.379] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="$Recycle.bin") returned 1 [0050.379] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="System Volume Information") returned -1 [0050.379] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2=".") returned 1 [0050.379] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="..") returned 1 [0050.379] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0") returned 152 [0050.379] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpSrch=".lolkek") returned 0x0 [0050.379] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", lpString2="LOLKEK.txt") returned -1 [0050.379] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0") returned 152 [0050.379] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb8eb8 [0050.379] lstrcpyW (in: lpString1=0x3eb8eb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" [0050.379] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.384] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.384] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x611ea800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x611ea800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0050.384] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="Windows") returned -1 [0050.384] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="Program Files") returned -1 [0050.384] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="Program Files (x86)") returned -1 [0050.384] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="$Recycle.bin") returned 1 [0050.384] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="System Volume Information") returned -1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2=".") returned 1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="..") returned 1 [0050.385] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E") returned 152 [0050.385] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpSrch=".lolkek") returned 0x0 [0050.385] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", lpString2="LOLKEK.txt") returned -1 [0050.385] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E") returned 152 [0050.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb93c8 [0050.385] lstrcpyW (in: lpString1=0x3eb93c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" [0050.385] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.385] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.385] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="Windows") returned -1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="Program Files") returned -1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="Program Files (x86)") returned -1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="$Recycle.bin") returned 1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="System Volume Information") returned -1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2=".") returned 1 [0050.385] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="..") returned 1 [0050.385] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1") returned 152 [0050.385] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpSrch=".lolkek") returned 0x0 [0050.385] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", lpString2="LOLKEK.txt") returned -1 [0050.385] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1") returned 152 [0050.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eba070 [0050.385] lstrcpyW (in: lpString1=0x3eba070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" [0050.385] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.393] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.393] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="Windows") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="Program Files") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="Program Files (x86)") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="$Recycle.bin") returned 1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="System Volume Information") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2=".") returned 1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="..") returned 1 [0050.394] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E") returned 152 [0050.394] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpSrch=".lolkek") returned 0x0 [0050.394] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", lpString2="LOLKEK.txt") returned -1 [0050.394] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E") returned 152 [0050.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb7f88 [0050.394] lstrcpyW (in: lpString1=0x3eb7f88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" [0050.394] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.394] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.394] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5836df00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5836df00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="Windows") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="Program Files") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="Program Files (x86)") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="$Recycle.bin") returned 1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="System Volume Information") returned -1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2=".") returned 1 [0050.394] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="..") returned 1 [0050.394] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4") returned 152 [0050.394] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpSrch=".lolkek") returned 0x0 [0050.394] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", lpString2="LOLKEK.txt") returned -1 [0050.394] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4") returned 152 [0050.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb9de8 [0050.394] lstrcpyW (in: lpString1=0x3eb9de8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" [0050.394] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.411] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.411] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0050.411] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="Windows") returned -1 [0050.411] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="Program Files") returned -1 [0050.411] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="Program Files (x86)") returned -1 [0050.411] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="$Recycle.bin") returned 1 [0050.411] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="System Volume Information") returned -1 [0050.411] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2=".") returned 1 [0050.411] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="..") returned 1 [0050.411] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778") returned 152 [0050.411] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpSrch=".lolkek") returned 0x0 [0050.412] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", lpString2="LOLKEK.txt") returned -1 [0050.412] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778") returned 152 [0050.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb98d8 [0050.412] lstrcpyW (in: lpString1=0x3eb98d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" [0050.412] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.412] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.412] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="Windows") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="Program Files") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="Program Files (x86)") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="$Recycle.bin") returned 1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="System Volume Information") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2=".") returned 1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="..") returned 1 [0050.412] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED") returned 152 [0050.412] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpSrch=".lolkek") returned 0x0 [0050.412] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", lpString2="LOLKEK.txt") returned -1 [0050.412] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED") returned 152 [0050.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb9b60 [0050.412] lstrcpyW (in: lpString1=0x3eb9b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" [0050.412] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.412] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.412] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="Windows") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="Program Files") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="Program Files (x86)") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="$Recycle.bin") returned 1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="System Volume Information") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2=".") returned 1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="..") returned 1 [0050.412] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E") returned 152 [0050.412] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpSrch=".lolkek") returned 0x0 [0050.412] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", lpString2="LOLKEK.txt") returned -1 [0050.412] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E") returned 152 [0050.412] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb9650 [0050.412] lstrcpyW (in: lpString1=0x3eb9650, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" [0050.412] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.412] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.412] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="Windows") returned -1 [0050.412] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="Program Files") returned -1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="Program Files (x86)") returned -1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="$Recycle.bin") returned 1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="System Volume Information") returned -1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2=".") returned 1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="..") returned 1 [0050.413] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30") returned 152 [0050.413] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpSrch=".lolkek") returned 0x0 [0050.413] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", lpString2="LOLKEK.txt") returned -1 [0050.413] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30") returned 152 [0050.413] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb9140 [0050.413] lstrcpyW (in: lpString1=0x3eb9140, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" [0050.413] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.413] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.413] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="Windows") returned -1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="Program Files") returned -1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="Program Files (x86)") returned -1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="$Recycle.bin") returned 1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="System Volume Information") returned -1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2=".") returned 1 [0050.413] lstrcmpiW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="..") returned 1 [0050.413] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB") returned 152 [0050.413] StrStrIW (lpFirst="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpSrch=".lolkek") returned 0x0 [0050.413] lstrcmpW (lpString1="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", lpString2="LOLKEK.txt") returned -1 [0050.413] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB") returned 152 [0050.413] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb7d00 [0050.413] lstrcpyW (in: lpString1=0x3eb7d00, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" [0050.413] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.423] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.423] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x180, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0050.423] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="Windows") returned -1 [0050.423] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="Program Files") returned -1 [0050.423] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="Program Files (x86)") returned -1 [0050.424] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="$Recycle.bin") returned 1 [0050.424] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="System Volume Information") returned -1 [0050.424] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2=".") returned 1 [0050.424] lstrcmpiW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="..") returned 1 [0050.424] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56") returned 152 [0050.424] StrStrIW (lpFirst="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpSrch=".lolkek") returned 0x0 [0050.424] lstrcmpW (lpString1="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", lpString2="LOLKEK.txt") returned -1 [0050.424] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56") returned 152 [0050.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb8c30 [0050.424] lstrcpyW (in: lpString1=0x3eb8c30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" [0050.424] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.424] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.424] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0050.424] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="Windows") returned -1 [0050.424] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="Program Files") returned -1 [0050.424] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="Program Files (x86)") returned -1 [0050.424] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="$Recycle.bin") returned 1 [0050.424] lstrcmpiW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="System Volume Information") returned -1 [0050.424] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F") returned 152 [0050.424] StrStrIW (lpFirst="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpSrch=".lolkek") returned 0x0 [0050.424] lstrcmpW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", lpString2="LOLKEK.txt") returned -1 [0050.424] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F") returned 152 [0050.424] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb89a8 [0050.424] lstrcpyW (in: lpString1=0x3eb89a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" [0050.424] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.424] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.424] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0050.424] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416") returned 152 [0050.424] StrStrIW (lpFirst="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpSrch=".lolkek") returned 0x0 [0050.425] lstrcmpW (lpString1="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", lpString2="LOLKEK.txt") returned -1 [0050.425] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416") returned 152 [0050.425] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb8720 [0050.425] lstrcpyW (in: lpString1=0x3eb8720, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" [0050.425] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.455] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.455] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x196, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0050.455] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned 152 [0050.455] StrStrIW (lpFirst="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpSrch=".lolkek") returned 0x0 [0050.455] lstrcmpW (lpString1="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", lpString2="LOLKEK.txt") returned -1 [0050.455] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned 152 [0050.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb8210 [0050.455] lstrcpyW (in: lpString1=0x3eb8210, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" [0050.455] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.455] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.455] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbf0dd70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0050.455] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015") returned 119 [0050.455] StrStrIW (lpFirst="94308059B57B3142E455B38A6EB92015", lpSrch=".lolkek") returned 0x0 [0050.455] lstrcmpW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="LOLKEK.txt") returned -1 [0050.455] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015") returned 119 [0050.455] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x3e34ee0 [0050.456] lstrcpyW (in: lpString1=0x3e34ee0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" [0050.456] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.456] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0050.456] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned 152 [0050.456] StrStrIW (lpFirst="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpSrch=".lolkek") returned 0x0 [0050.456] lstrcmpW (lpString1="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", lpString2="LOLKEK.txt") returned -1 [0050.456] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned 152 [0050.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eb8498 [0050.456] lstrcpyW (in: lpString1=0x3eb8498, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" [0050.456] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.456] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0050.456] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned 152 [0050.456] StrStrIW (lpFirst="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpSrch=".lolkek") returned 0x0 [0050.456] lstrcmpW (lpString1="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", lpString2="LOLKEK.txt") returned -1 [0050.456] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned 152 [0050.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ebb9c0 [0050.456] lstrcpyW (in: lpString1=0x3ebb9c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" [0050.456] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.456] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0050.456] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned 152 [0050.456] StrStrIW (lpFirst="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpSrch=".lolkek") returned 0x0 [0050.456] lstrcmpW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", lpString2="LOLKEK.txt") returned -1 [0050.456] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned 152 [0050.456] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ebafa0 [0050.456] lstrcpyW (in: lpString1=0x3ebafa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" [0050.456] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.456] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.456] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0050.456] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned 152 [0050.456] StrStrIW (lpFirst="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpSrch=".lolkek") returned 0x0 [0050.456] lstrcmpW (lpString1="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", lpString2="LOLKEK.txt") returned -1 [0050.456] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned 152 [0050.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ebad18 [0050.457] lstrcpyW (in: lpString1=0x3ebad18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" [0050.457] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.457] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.457] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0050.457] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned 152 [0050.457] StrStrIW (lpFirst="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpSrch=".lolkek") returned 0x0 [0050.457] lstrcmpW (lpString1="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", lpString2="LOLKEK.txt") returned -1 [0050.457] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned 152 [0050.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ebaa90 [0050.457] lstrcpyW (in: lpString1=0x3ebaa90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" [0050.457] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.457] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.457] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0050.457] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned 152 [0050.457] StrStrIW (lpFirst="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpSrch=".lolkek") returned 0x0 [0050.457] lstrcmpW (lpString1="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", lpString2="LOLKEK.txt") returned -1 [0050.457] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned 152 [0050.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eba808 [0050.457] lstrcpyW (in: lpString1=0x3eba808, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" [0050.457] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.457] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.457] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0050.457] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned 152 [0050.457] StrStrIW (lpFirst="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpSrch=".lolkek") returned 0x0 [0050.457] lstrcmpW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", lpString2="LOLKEK.txt") returned -1 [0050.457] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned 152 [0050.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eba580 [0050.457] lstrcpyW (in: lpString1=0x3eba580, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" [0050.457] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.457] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.457] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0050.457] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned 152 [0050.457] StrStrIW (lpFirst="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpSrch=".lolkek") returned 0x0 [0050.457] lstrcmpW (lpString1="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", lpString2="LOLKEK.txt") returned -1 [0050.457] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned 152 [0050.457] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eba2f8 [0050.457] lstrcpyW (in: lpString1=0x3eba2f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" [0050.458] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.458] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.458] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0050.458] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned 152 [0050.458] StrStrIW (lpFirst="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpSrch=".lolkek") returned 0x0 [0050.458] lstrcmpW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", lpString2="LOLKEK.txt") returned -1 [0050.458] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned 152 [0050.458] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ea9b68 [0050.458] lstrcpyW (in: lpString1=0x3ea9b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" [0050.458] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.472] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.472] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0050.472] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned 152 [0050.472] StrStrIW (lpFirst="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpSrch=".lolkek") returned 0x0 [0050.472] lstrcmpW (lpString1="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", lpString2="LOLKEK.txt") returned -1 [0050.472] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned 152 [0050.472] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ea9df0 [0050.472] lstrcpyW (in: lpString1=0x3ea9df0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" [0050.472] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.472] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.472] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0050.472] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned 152 [0050.472] StrStrIW (lpFirst="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpSrch=".lolkek") returned 0x0 [0050.473] lstrcmpW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", lpString2="LOLKEK.txt") returned -1 [0050.473] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned 152 [0050.473] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eaa078 [0050.473] lstrcpyW (in: lpString1=0x3eaa078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" [0050.473] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.475] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.475] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0050.475] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned 152 [0050.475] StrStrIW (lpFirst="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpSrch=".lolkek") returned 0x0 [0050.475] lstrcmpW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", lpString2="LOLKEK.txt") returned -1 [0050.475] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned 152 [0050.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eaa300 [0050.475] lstrcpyW (in: lpString1=0x3eaa300, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" [0050.475] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.478] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.479] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0050.479] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned 152 [0050.479] StrStrIW (lpFirst="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpSrch=".lolkek") returned 0x0 [0050.479] lstrcmpW (lpString1="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", lpString2="LOLKEK.txt") returned -1 [0050.479] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned 152 [0050.479] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eaa588 [0050.479] lstrcpyW (in: lpString1=0x3eaa588, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" [0050.479] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.485] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.485] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0050.485] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned 152 [0050.485] StrStrIW (lpFirst="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpSrch=".lolkek") returned 0x0 [0050.485] lstrcmpW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", lpString2="LOLKEK.txt") returned -1 [0050.485] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned 152 [0050.485] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3ebb738 [0050.486] lstrcpyW (in: lpString1=0x3ebb738, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" [0050.486] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.486] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.486] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0050.486] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned 152 [0050.486] StrStrIW (lpFirst="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpSrch=".lolkek") returned 0x0 [0050.486] lstrcmpW (lpString1="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", lpString2="LOLKEK.txt") returned -1 [0050.486] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned 152 [0050.486] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eaa810 [0050.486] lstrcpyW (in: lpString1=0x3eaa810, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" [0050.486] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.490] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.490] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0050.490] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned 152 [0050.490] StrStrIW (lpFirst="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpSrch=".lolkek") returned 0x0 [0050.490] lstrcmpW (lpString1="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", lpString2="LOLKEK.txt") returned -1 [0050.490] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned 152 [0050.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eaaa98 [0050.490] lstrcpyW (in: lpString1=0x3eaaa98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" [0050.491] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.504] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.504] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0050.504] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned 152 [0050.504] StrStrIW (lpFirst="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpSrch=".lolkek") returned 0x0 [0050.504] lstrcmpW (lpString1="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", lpString2="LOLKEK.txt") returned -1 [0050.504] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned 152 [0050.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eaad20 [0050.504] lstrcpyW (in: lpString1=0x3eaad20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" [0050.504] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.504] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.504] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0050.504] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned 152 [0050.504] StrStrIW (lpFirst="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpSrch=".lolkek") returned 0x0 [0050.504] lstrcmpW (lpString1="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", lpString2="LOLKEK.txt") returned -1 [0050.504] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned 152 [0050.504] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x264) returned 0x3eaafa8 [0050.504] lstrcpyW (in: lpString1=0x3eaafa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" [0050.504] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.504] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.505] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0050.505] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76") returned 119 [0050.505] StrStrIW (lpFirst="F90F18257CBB4D84216AC1E1F3BB2C76", lpSrch=".lolkek") returned 0x0 [0050.505] lstrcmpW (lpString1="F90F18257CBB4D84216AC1E1F3BB2C76", lpString2="LOLKEK.txt") returned -1 [0050.505] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76") returned 119 [0050.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x3c94d38 [0050.505] lstrcpyW (in: lpString1=0x3c94d38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" [0050.505] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.521] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.521] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 0 [0050.521] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.521] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\LOLKEK.txt") returned 97 [0050.521] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0050.522] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.522] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.522] CloseHandle (hObject=0x290) returned 1 [0050.522] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.522] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MetaData", cAlternateFileName="")) returned 0 [0050.522] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.522] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\LOLKEK.txt") returned 88 [0050.522] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.523] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.523] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.523] CloseHandle (hObject=0x24c) returned 1 [0050.523] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.523] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IME12", cAlternateFileName="")) returned 1 [0050.523] lstrcmpiW (lpString1="IME12", lpString2="Windows") returned -1 [0050.523] lstrcmpiW (lpString1="IME12", lpString2="Program Files") returned -1 [0050.523] lstrcmpiW (lpString1="IME12", lpString2="Program Files (x86)") returned -1 [0050.523] lstrcmpiW (lpString1="IME12", lpString2="$Recycle.bin") returned 1 [0050.523] lstrcmpiW (lpString1="IME12", lpString2="System Volume Information") returned -1 [0050.523] lstrcmpiW (lpString1="IME12", lpString2=".") returned 1 [0050.524] lstrcmpiW (lpString1="IME12", lpString2="..") returned 1 [0050.524] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12") returned 66 [0050.524] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.524] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12" [0050.524] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\*" [0050.524] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.528] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.529] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.529] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.529] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.529] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.529] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.529] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.529] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.529] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.529] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.529] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.529] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.529] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.529] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.529] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.529] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.529] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\LOLKEK.txt") returned 77 [0050.529] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\ime12\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.529] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.529] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.530] CloseHandle (hObject=0x25c) returned 1 [0050.530] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.530] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0050.530] lstrcmpiW (lpString1="IMJP12", lpString2="Windows") returned -1 [0050.530] lstrcmpiW (lpString1="IMJP12", lpString2="Program Files") returned -1 [0050.530] lstrcmpiW (lpString1="IMJP12", lpString2="Program Files (x86)") returned -1 [0050.530] lstrcmpiW (lpString1="IMJP12", lpString2="$Recycle.bin") returned 1 [0050.530] lstrcmpiW (lpString1="IMJP12", lpString2="System Volume Information") returned -1 [0050.530] lstrcmpiW (lpString1="IMJP12", lpString2=".") returned 1 [0050.530] lstrcmpiW (lpString1="IMJP12", lpString2="..") returned 1 [0050.530] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12") returned 67 [0050.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.530] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12" [0050.530] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\*" [0050.530] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.531] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.531] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.531] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.531] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.531] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.531] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.531] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.531] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.531] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.531] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.531] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.531] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.531] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.531] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.531] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.531] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.531] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\LOLKEK.txt") returned 78 [0050.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp12\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.531] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.531] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.532] CloseHandle (hObject=0x25c) returned 1 [0050.532] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.532] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0050.532] lstrcmpiW (lpString1="IMJP8_1", lpString2="Windows") returned -1 [0050.532] lstrcmpiW (lpString1="IMJP8_1", lpString2="Program Files") returned -1 [0050.532] lstrcmpiW (lpString1="IMJP8_1", lpString2="Program Files (x86)") returned -1 [0050.532] lstrcmpiW (lpString1="IMJP8_1", lpString2="$Recycle.bin") returned 1 [0050.532] lstrcmpiW (lpString1="IMJP8_1", lpString2="System Volume Information") returned -1 [0050.532] lstrcmpiW (lpString1="IMJP8_1", lpString2=".") returned 1 [0050.532] lstrcmpiW (lpString1="IMJP8_1", lpString2="..") returned 1 [0050.532] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1") returned 68 [0050.532] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.532] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1" [0050.532] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\*" [0050.532] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.532] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.532] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.532] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.532] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.532] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.532] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.533] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.533] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.533] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.533] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.533] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.533] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.533] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.533] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.533] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.533] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.533] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\LOLKEK.txt") returned 79 [0050.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp8_1\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.533] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.533] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.534] CloseHandle (hObject=0x25c) returned 1 [0050.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.534] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0050.534] lstrcmpiW (lpString1="IMJP9_0", lpString2="Windows") returned -1 [0050.534] lstrcmpiW (lpString1="IMJP9_0", lpString2="Program Files") returned -1 [0050.534] lstrcmpiW (lpString1="IMJP9_0", lpString2="Program Files (x86)") returned -1 [0050.534] lstrcmpiW (lpString1="IMJP9_0", lpString2="$Recycle.bin") returned 1 [0050.534] lstrcmpiW (lpString1="IMJP9_0", lpString2="System Volume Information") returned -1 [0050.534] lstrcmpiW (lpString1="IMJP9_0", lpString2=".") returned 1 [0050.534] lstrcmpiW (lpString1="IMJP9_0", lpString2="..") returned 1 [0050.534] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0") returned 68 [0050.534] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.534] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0" [0050.534] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\*" [0050.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.534] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.534] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.534] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.534] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.534] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.534] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.534] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.534] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.534] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.534] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.534] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.534] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.535] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.535] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.535] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.535] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.535] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\LOLKEK.txt") returned 79 [0050.535] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp9_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.535] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.535] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.536] CloseHandle (hObject=0x25c) returned 1 [0050.536] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.536] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0050.536] lstrcmpiW (lpString1="Internet Explorer", lpString2="Windows") returned -1 [0050.536] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files") returned -1 [0050.536] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files (x86)") returned -1 [0050.536] lstrcmpiW (lpString1="Internet Explorer", lpString2="$Recycle.bin") returned 1 [0050.536] lstrcmpiW (lpString1="Internet Explorer", lpString2="System Volume Information") returned -1 [0050.536] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0050.536] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0050.536] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer") returned 78 [0050.536] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.536] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer" [0050.536] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\*" [0050.536] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.539] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.539] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.539] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.539] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.539] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.539] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.539] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.539] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.539] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.539] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.539] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.539] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.539] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.539] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.539] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DOMStore", cAlternateFileName="")) returned 1 [0050.539] lstrcmpiW (lpString1="DOMStore", lpString2="Windows") returned -1 [0050.539] lstrcmpiW (lpString1="DOMStore", lpString2="Program Files") returned -1 [0050.539] lstrcmpiW (lpString1="DOMStore", lpString2="Program Files (x86)") returned -1 [0050.539] lstrcmpiW (lpString1="DOMStore", lpString2="$Recycle.bin") returned 1 [0050.539] lstrcmpiW (lpString1="DOMStore", lpString2="System Volume Information") returned -1 [0050.539] lstrcmpiW (lpString1="DOMStore", lpString2=".") returned 1 [0050.539] lstrcmpiW (lpString1="DOMStore", lpString2="..") returned 1 [0050.539] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore") returned 87 [0050.539] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.540] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore" [0050.540] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\*" [0050.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.540] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.540] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.540] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.540] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.540] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.540] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.540] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.540] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.540] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.540] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.540] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.540] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.540] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.540] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.540] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="36USA68T", cAlternateFileName="")) returned 1 [0050.540] lstrcmpiW (lpString1="36USA68T", lpString2="Windows") returned -1 [0050.540] lstrcmpiW (lpString1="36USA68T", lpString2="Program Files") returned -1 [0050.540] lstrcmpiW (lpString1="36USA68T", lpString2="Program Files (x86)") returned -1 [0050.540] lstrcmpiW (lpString1="36USA68T", lpString2="$Recycle.bin") returned 1 [0050.540] lstrcmpiW (lpString1="36USA68T", lpString2="System Volume Information") returned -1 [0050.540] lstrcmpiW (lpString1="36USA68T", lpString2=".") returned 1 [0050.540] lstrcmpiW (lpString1="36USA68T", lpString2="..") returned 1 [0050.540] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T") returned 96 [0050.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.540] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T" [0050.540] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\*" [0050.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.540] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.540] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.540] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.540] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.540] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.541] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.541] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.541] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.541] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.541] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.541] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.541] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.541] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.541] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.541] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="imagesrv.adition[1].xml", cAlternateFileName="IMAGES~1.XML")) returned 1 [0050.541] lstrcmpiW (lpString1="imagesrv.adition[1].xml", lpString2="Windows") returned -1 [0050.541] lstrcmpiW (lpString1="imagesrv.adition[1].xml", lpString2="Program Files") returned -1 [0050.541] lstrcmpiW (lpString1="imagesrv.adition[1].xml", lpString2="Program Files (x86)") returned -1 [0050.541] lstrcmpiW (lpString1="imagesrv.adition[1].xml", lpString2="$Recycle.bin") returned 1 [0050.541] lstrcmpiW (lpString1="imagesrv.adition[1].xml", lpString2="System Volume Information") returned -1 [0050.541] lstrcmpiW (lpString1="imagesrv.adition[1].xml", lpString2=".") returned 1 [0050.541] lstrcmpiW (lpString1="imagesrv.adition[1].xml", lpString2="..") returned 1 [0050.541] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml") returned 120 [0050.541] StrStrIW (lpFirst="imagesrv.adition[1].xml", lpSrch=".lolkek") returned 0x0 [0050.541] lstrcmpW (lpString1="imagesrv.adition[1].xml", lpString2="LOLKEK.txt") returned -1 [0050.541] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml") returned 120 [0050.541] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e4) returned 0x5c2078 [0050.541] lstrcpyW (in: lpString1=0x5c2078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" [0050.541] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.541] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.541] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="imagesrv.adition[1].xml", cAlternateFileName="IMAGES~1.XML")) returned 0 [0050.541] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.541] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\LOLKEK.txt") returned 107 [0050.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.542] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.542] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.542] CloseHandle (hObject=0x24c) returned 1 [0050.542] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.542] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3O75JDME", cAlternateFileName="")) returned 1 [0050.542] lstrcmpiW (lpString1="3O75JDME", lpString2="Windows") returned -1 [0050.542] lstrcmpiW (lpString1="3O75JDME", lpString2="Program Files") returned -1 [0050.542] lstrcmpiW (lpString1="3O75JDME", lpString2="Program Files (x86)") returned -1 [0050.542] lstrcmpiW (lpString1="3O75JDME", lpString2="$Recycle.bin") returned 1 [0050.542] lstrcmpiW (lpString1="3O75JDME", lpString2="System Volume Information") returned -1 [0050.542] lstrcmpiW (lpString1="3O75JDME", lpString2=".") returned 1 [0050.543] lstrcmpiW (lpString1="3O75JDME", lpString2="..") returned 1 [0050.543] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME") returned 96 [0050.543] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.543] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME" [0050.543] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\*" [0050.543] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.545] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.545] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.545] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.545] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.545] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.545] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.545] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.545] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.546] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.546] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.546] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.546] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.546] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.546] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.546] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="www.google[1].xml", cAlternateFileName="WWWGOO~1.XML")) returned 1 [0050.546] lstrcmpiW (lpString1="www.google[1].xml", lpString2="Windows") returned 1 [0050.546] lstrcmpiW (lpString1="www.google[1].xml", lpString2="Program Files") returned 1 [0050.546] lstrcmpiW (lpString1="www.google[1].xml", lpString2="Program Files (x86)") returned 1 [0050.546] lstrcmpiW (lpString1="www.google[1].xml", lpString2="$Recycle.bin") returned 1 [0050.546] lstrcmpiW (lpString1="www.google[1].xml", lpString2="System Volume Information") returned 1 [0050.546] lstrcmpiW (lpString1="www.google[1].xml", lpString2=".") returned 1 [0050.546] lstrcmpiW (lpString1="www.google[1].xml", lpString2="..") returned 1 [0050.546] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml") returned 114 [0050.546] StrStrIW (lpFirst="www.google[1].xml", lpSrch=".lolkek") returned 0x0 [0050.546] lstrcmpW (lpString1="www.google[1].xml", lpString2="LOLKEK.txt") returned 1 [0050.546] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml") returned 114 [0050.546] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1cc) returned 0x3e368e0 [0050.546] lstrcpyW (in: lpString1=0x3e368e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" [0050.546] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.546] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.546] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="www.google[1].xml", cAlternateFileName="WWWGOO~1.XML")) returned 0 [0050.546] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.546] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\LOLKEK.txt") returned 107 [0050.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.547] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.547] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.547] CloseHandle (hObject=0x1b4) returned 1 [0050.547] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.547] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0050.547] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0050.547] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0050.547] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0050.547] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0050.547] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0050.547] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0050.547] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0050.547] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat") returned 97 [0050.547] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0050.547] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0050.547] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat") returned 97 [0050.547] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x62f8a0 [0050.547] lstrcpyW (in: lpString1=0x62f8a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" [0050.548] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.548] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.548] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UV0DUWVB", cAlternateFileName="")) returned 1 [0050.548] lstrcmpiW (lpString1="UV0DUWVB", lpString2="Windows") returned -1 [0050.548] lstrcmpiW (lpString1="UV0DUWVB", lpString2="Program Files") returned 1 [0050.548] lstrcmpiW (lpString1="UV0DUWVB", lpString2="Program Files (x86)") returned 1 [0050.548] lstrcmpiW (lpString1="UV0DUWVB", lpString2="$Recycle.bin") returned 1 [0050.548] lstrcmpiW (lpString1="UV0DUWVB", lpString2="System Volume Information") returned 1 [0050.548] lstrcmpiW (lpString1="UV0DUWVB", lpString2=".") returned 1 [0050.548] lstrcmpiW (lpString1="UV0DUWVB", lpString2="..") returned 1 [0050.548] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB") returned 96 [0050.548] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.548] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB" [0050.548] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\*" [0050.548] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.548] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.548] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.548] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.548] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.548] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.548] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.548] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.548] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.548] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.548] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.548] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.548] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.548] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.548] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.548] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.548] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.548] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\LOLKEK.txt") returned 107 [0050.548] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\uv0duwvb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.549] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.549] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.549] CloseHandle (hObject=0x1b4) returned 1 [0050.550] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.550] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VGMTOI09", cAlternateFileName="")) returned 1 [0050.550] lstrcmpiW (lpString1="VGMTOI09", lpString2="Windows") returned -1 [0050.550] lstrcmpiW (lpString1="VGMTOI09", lpString2="Program Files") returned 1 [0050.550] lstrcmpiW (lpString1="VGMTOI09", lpString2="Program Files (x86)") returned 1 [0050.550] lstrcmpiW (lpString1="VGMTOI09", lpString2="$Recycle.bin") returned 1 [0050.550] lstrcmpiW (lpString1="VGMTOI09", lpString2="System Volume Information") returned 1 [0050.550] lstrcmpiW (lpString1="VGMTOI09", lpString2=".") returned 1 [0050.550] lstrcmpiW (lpString1="VGMTOI09", lpString2="..") returned 1 [0050.550] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09") returned 96 [0050.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.550] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09" [0050.550] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\*" [0050.550] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.550] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.550] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.550] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.550] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.550] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.550] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.550] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.550] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.550] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.550] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.550] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.550] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.550] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.550] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.550] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="www.msn[1].xml", cAlternateFileName="WWWMSN~1.XML")) returned 1 [0050.550] lstrcmpiW (lpString1="www.msn[1].xml", lpString2="Windows") returned 1 [0050.550] lstrcmpiW (lpString1="www.msn[1].xml", lpString2="Program Files") returned 1 [0050.550] lstrcmpiW (lpString1="www.msn[1].xml", lpString2="Program Files (x86)") returned 1 [0050.550] lstrcmpiW (lpString1="www.msn[1].xml", lpString2="$Recycle.bin") returned 1 [0050.550] lstrcmpiW (lpString1="www.msn[1].xml", lpString2="System Volume Information") returned 1 [0050.550] lstrcmpiW (lpString1="www.msn[1].xml", lpString2=".") returned 1 [0050.550] lstrcmpiW (lpString1="www.msn[1].xml", lpString2="..") returned 1 [0050.550] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml") returned 111 [0050.550] StrStrIW (lpFirst="www.msn[1].xml", lpSrch=".lolkek") returned 0x0 [0050.550] lstrcmpW (lpString1="www.msn[1].xml", lpString2="LOLKEK.txt") returned 1 [0050.550] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml") returned 111 [0050.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c0) returned 0x698b58 [0050.551] lstrcpyW (in: lpString1=0x698b58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" [0050.551] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.551] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.551] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="www.msn[1].xml", cAlternateFileName="WWWMSN~1.XML")) returned 0 [0050.551] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.551] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\LOLKEK.txt") returned 107 [0050.551] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.551] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.551] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.552] CloseHandle (hObject=0x1b4) returned 1 [0050.552] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.552] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VGMTOI09", cAlternateFileName="")) returned 0 [0050.552] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.552] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\LOLKEK.txt") returned 98 [0050.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.552] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.552] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.553] CloseHandle (hObject=0x25c) returned 1 [0050.553] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.553] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Services", cAlternateFileName="")) returned 1 [0050.553] lstrcmpiW (lpString1="Services", lpString2="Windows") returned -1 [0050.553] lstrcmpiW (lpString1="Services", lpString2="Program Files") returned 1 [0050.553] lstrcmpiW (lpString1="Services", lpString2="Program Files (x86)") returned 1 [0050.553] lstrcmpiW (lpString1="Services", lpString2="$Recycle.bin") returned 1 [0050.553] lstrcmpiW (lpString1="Services", lpString2="System Volume Information") returned -1 [0050.553] lstrcmpiW (lpString1="Services", lpString2=".") returned 1 [0050.553] lstrcmpiW (lpString1="Services", lpString2="..") returned 1 [0050.553] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services") returned 87 [0050.553] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.553] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services" [0050.553] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\*" [0050.553] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.554] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.554] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.554] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.554] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.554] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.554] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.554] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.554] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.554] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.554] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.554] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.554] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.554] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.554] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.555] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.555] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.555] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\LOLKEK.txt") returned 98 [0050.555] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\services\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.555] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.555] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.556] CloseHandle (hObject=0x25c) returned 1 [0050.556] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.556] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Services", cAlternateFileName="")) returned 0 [0050.556] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.556] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\LOLKEK.txt") returned 89 [0050.556] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.556] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.556] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.557] CloseHandle (hObject=0x1e0) returned 1 [0050.557] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.558] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 0 [0050.558] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0050.558] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\LOLKEK.txt") returned 71 [0050.558] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.559] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.559] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0050.559] CloseHandle (hObject=0x270) returned 1 [0050.559] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.560] lstrcmpiW (lpString1="Sun", lpString2="Windows") returned -1 [0050.560] lstrcmpiW (lpString1="Sun", lpString2="Program Files") returned 1 [0050.560] lstrcmpiW (lpString1="Sun", lpString2="Program Files (x86)") returned 1 [0050.560] lstrcmpiW (lpString1="Sun", lpString2="$Recycle.bin") returned 1 [0050.560] lstrcmpiW (lpString1="Sun", lpString2="System Volume Information") returned -1 [0050.560] lstrcmpiW (lpString1="Sun", lpString2=".") returned 1 [0050.560] lstrcmpiW (lpString1="Sun", lpString2="..") returned 1 [0050.560] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun") returned 54 [0050.560] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.560] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun" [0050.560] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\*" [0050.560] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0050.561] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.561] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.561] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.561] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.561] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.561] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.561] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.561] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.561] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.561] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.561] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.561] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.561] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.561] lstrcmpiW (lpString1="Java", lpString2="Windows") returned -1 [0050.561] lstrcmpiW (lpString1="Java", lpString2="Program Files") returned -1 [0050.561] lstrcmpiW (lpString1="Java", lpString2="Program Files (x86)") returned -1 [0050.561] lstrcmpiW (lpString1="Java", lpString2="$Recycle.bin") returned 1 [0050.561] lstrcmpiW (lpString1="Java", lpString2="System Volume Information") returned -1 [0050.561] lstrcmpiW (lpString1="Java", lpString2=".") returned 1 [0050.561] lstrcmpiW (lpString1="Java", lpString2="..") returned 1 [0050.561] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java") returned 59 [0050.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.562] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java" [0050.562] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\*" [0050.562] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.562] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.562] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.563] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.563] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.563] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.563] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.563] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.563] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.563] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.563] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.563] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.563] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.563] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.563] lstrcmpiW (lpString1="AU", lpString2="Windows") returned -1 [0050.563] lstrcmpiW (lpString1="AU", lpString2="Program Files") returned -1 [0050.563] lstrcmpiW (lpString1="AU", lpString2="Program Files (x86)") returned -1 [0050.563] lstrcmpiW (lpString1="AU", lpString2="$Recycle.bin") returned 1 [0050.563] lstrcmpiW (lpString1="AU", lpString2="System Volume Information") returned -1 [0050.563] lstrcmpiW (lpString1="AU", lpString2=".") returned 1 [0050.563] lstrcmpiW (lpString1="AU", lpString2="..") returned 1 [0050.563] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU") returned 62 [0050.563] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.563] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU" [0050.563] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\*" [0050.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.564] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.564] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.564] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.564] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.564] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.564] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.564] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.564] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.564] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.564] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.564] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.564] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.564] lstrcmpiW (lpString1="au.cab", lpString2="Windows") returned -1 [0050.564] lstrcmpiW (lpString1="au.cab", lpString2="Program Files") returned -1 [0050.564] lstrcmpiW (lpString1="au.cab", lpString2="Program Files (x86)") returned -1 [0050.564] lstrcmpiW (lpString1="au.cab", lpString2="$Recycle.bin") returned 1 [0050.564] lstrcmpiW (lpString1="au.cab", lpString2="System Volume Information") returned -1 [0050.564] lstrcmpiW (lpString1="au.cab", lpString2=".") returned 1 [0050.564] lstrcmpiW (lpString1="au.cab", lpString2="..") returned 1 [0050.564] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab") returned 69 [0050.564] StrStrIW (lpFirst="au.cab", lpSrch=".lolkek") returned 0x0 [0050.564] lstrcmpW (lpString1="au.cab", lpString2="LOLKEK.txt") returned -1 [0050.564] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab") returned 69 [0050.564] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x3de19d0 [0050.564] lstrcpyW (in: lpString1=0x3de19d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" [0050.564] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.564] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.565] lstrcmpiW (lpString1="au.msi", lpString2="Windows") returned -1 [0050.565] lstrcmpiW (lpString1="au.msi", lpString2="Program Files") returned -1 [0050.565] lstrcmpiW (lpString1="au.msi", lpString2="Program Files (x86)") returned -1 [0050.565] lstrcmpiW (lpString1="au.msi", lpString2="$Recycle.bin") returned 1 [0050.565] lstrcmpiW (lpString1="au.msi", lpString2="System Volume Information") returned -1 [0050.565] lstrcmpiW (lpString1="au.msi", lpString2=".") returned 1 [0050.565] lstrcmpiW (lpString1="au.msi", lpString2="..") returned 1 [0050.565] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi") returned 69 [0050.565] StrStrIW (lpFirst="au.msi", lpSrch=".lolkek") returned 0x0 [0050.565] lstrcmpW (lpString1="au.msi", lpString2="LOLKEK.txt") returned -1 [0050.565] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi") returned 69 [0050.565] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x62f460 [0050.565] lstrcpyW (in: lpString1=0x62f460, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" [0050.565] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.565] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.565] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.565] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\LOLKEK.txt") returned 73 [0050.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.565] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.566] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.566] CloseHandle (hObject=0x270) returned 1 [0050.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.566] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0050.566] lstrcmpiW (lpString1="Deployment", lpString2="Windows") returned -1 [0050.566] lstrcmpiW (lpString1="Deployment", lpString2="Program Files") returned -1 [0050.566] lstrcmpiW (lpString1="Deployment", lpString2="Program Files (x86)") returned -1 [0050.566] lstrcmpiW (lpString1="Deployment", lpString2="$Recycle.bin") returned 1 [0050.566] lstrcmpiW (lpString1="Deployment", lpString2="System Volume Information") returned -1 [0050.566] lstrcmpiW (lpString1="Deployment", lpString2=".") returned 1 [0050.566] lstrcmpiW (lpString1="Deployment", lpString2="..") returned 1 [0050.566] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment") returned 70 [0050.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.566] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment" [0050.566] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*" [0050.566] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.567] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.567] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.567] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.567] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.567] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.567] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.567] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.568] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.568] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.568] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.568] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.568] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.568] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.568] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.568] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1ea6db0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xfec5c570, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="deployment.properties", cAlternateFileName="DEPLOY~1.PRO")) returned 1 [0050.568] lstrcmpiW (lpString1="deployment.properties", lpString2="Windows") returned -1 [0050.568] lstrcmpiW (lpString1="deployment.properties", lpString2="Program Files") returned -1 [0050.568] lstrcmpiW (lpString1="deployment.properties", lpString2="Program Files (x86)") returned -1 [0050.568] lstrcmpiW (lpString1="deployment.properties", lpString2="$Recycle.bin") returned 1 [0050.568] lstrcmpiW (lpString1="deployment.properties", lpString2="System Volume Information") returned -1 [0050.568] lstrcmpiW (lpString1="deployment.properties", lpString2=".") returned 1 [0050.568] lstrcmpiW (lpString1="deployment.properties", lpString2="..") returned 1 [0050.568] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties") returned 92 [0050.568] StrStrIW (lpFirst="deployment.properties", lpSrch=".lolkek") returned 0x0 [0050.568] lstrcmpW (lpString1="deployment.properties", lpString2="LOLKEK.txt") returned -1 [0050.568] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties") returned 92 [0050.568] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x3dddfc8 [0050.568] lstrcpyW (in: lpString1=0x3dddfc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" [0050.568] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.568] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.568] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="security", cAlternateFileName="")) returned 1 [0050.568] lstrcmpiW (lpString1="security", lpString2="Windows") returned -1 [0050.568] lstrcmpiW (lpString1="security", lpString2="Program Files") returned 1 [0050.568] lstrcmpiW (lpString1="security", lpString2="Program Files (x86)") returned 1 [0050.568] lstrcmpiW (lpString1="security", lpString2="$Recycle.bin") returned 1 [0050.568] lstrcmpiW (lpString1="security", lpString2="System Volume Information") returned -1 [0050.568] lstrcmpiW (lpString1="security", lpString2=".") returned 1 [0050.568] lstrcmpiW (lpString1="security", lpString2="..") returned 1 [0050.568] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security") returned 79 [0050.568] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.568] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security" [0050.569] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*" [0050.569] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.573] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.573] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.573] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.573] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.573] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.573] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.573] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.573] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.573] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.573] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.573] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.573] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.573] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.573] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.573] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.573] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.573] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\LOLKEK.txt") returned 90 [0050.573] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\security\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.573] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.574] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.574] CloseHandle (hObject=0x1b4) returned 1 [0050.574] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.574] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tmp", cAlternateFileName="")) returned 1 [0050.574] lstrcmpiW (lpString1="tmp", lpString2="Windows") returned -1 [0050.574] lstrcmpiW (lpString1="tmp", lpString2="Program Files") returned 1 [0050.574] lstrcmpiW (lpString1="tmp", lpString2="Program Files (x86)") returned 1 [0050.574] lstrcmpiW (lpString1="tmp", lpString2="$Recycle.bin") returned 1 [0050.574] lstrcmpiW (lpString1="tmp", lpString2="System Volume Information") returned 1 [0050.574] lstrcmpiW (lpString1="tmp", lpString2=".") returned 1 [0050.574] lstrcmpiW (lpString1="tmp", lpString2="..") returned 1 [0050.574] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp") returned 74 [0050.574] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.574] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp" [0050.574] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*" [0050.574] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.575] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.575] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.575] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.575] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.575] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.575] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.575] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.575] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.575] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.575] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.575] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfaeead90, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="si", cAlternateFileName="")) returned 1 [0050.575] lstrcmpiW (lpString1="si", lpString2="Windows") returned -1 [0050.575] lstrcmpiW (lpString1="si", lpString2="Program Files") returned 1 [0050.575] lstrcmpiW (lpString1="si", lpString2="Program Files (x86)") returned 1 [0050.575] lstrcmpiW (lpString1="si", lpString2="$Recycle.bin") returned 1 [0050.575] lstrcmpiW (lpString1="si", lpString2="System Volume Information") returned -1 [0050.575] lstrcmpiW (lpString1="si", lpString2=".") returned 1 [0050.575] lstrcmpiW (lpString1="si", lpString2="..") returned 1 [0050.575] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si") returned 77 [0050.575] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.575] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si" [0050.575] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*" [0050.575] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.575] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.575] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.575] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.575] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.576] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.576] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.576] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.576] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.576] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.576] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.576] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.576] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.576] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0050.576] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\LOLKEK.txt") returned 88 [0050.576] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\tmp\\si\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.576] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.576] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.577] CloseHandle (hObject=0x24c) returned 1 [0050.577] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.577] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfaeead90, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="si", cAlternateFileName="")) returned 0 [0050.577] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.577] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\LOLKEK.txt") returned 85 [0050.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\tmp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.578] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.578] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.578] CloseHandle (hObject=0x1b4) returned 1 [0050.578] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.578] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tmp", cAlternateFileName="")) returned 0 [0050.578] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.578] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\LOLKEK.txt") returned 81 [0050.579] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.579] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.579] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.579] CloseHandle (hObject=0x2bc) returned 1 [0050.580] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.580] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jre1.7.0_45", cAlternateFileName="JRE17~1.0_4")) returned 1 [0050.580] lstrcmpiW (lpString1="jre1.7.0_45", lpString2="Windows") returned -1 [0050.580] lstrcmpiW (lpString1="jre1.7.0_45", lpString2="Program Files") returned -1 [0050.580] lstrcmpiW (lpString1="jre1.7.0_45", lpString2="Program Files (x86)") returned -1 [0050.580] lstrcmpiW (lpString1="jre1.7.0_45", lpString2="$Recycle.bin") returned 1 [0050.580] lstrcmpiW (lpString1="jre1.7.0_45", lpString2="System Volume Information") returned -1 [0050.580] lstrcmpiW (lpString1="jre1.7.0_45", lpString2=".") returned 1 [0050.580] lstrcmpiW (lpString1="jre1.7.0_45", lpString2="..") returned 1 [0050.580] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45") returned 71 [0050.580] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.580] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45" [0050.580] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*" [0050.580] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.580] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.580] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.580] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.580] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.580] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.580] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.580] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.580] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.580] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.580] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.580] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.580] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.580] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.580] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.580] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x182ac2a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Data1.cab", cAlternateFileName="")) returned 1 [0050.580] lstrcmpiW (lpString1="Data1.cab", lpString2="Windows") returned -1 [0050.580] lstrcmpiW (lpString1="Data1.cab", lpString2="Program Files") returned -1 [0050.580] lstrcmpiW (lpString1="Data1.cab", lpString2="Program Files (x86)") returned -1 [0050.580] lstrcmpiW (lpString1="Data1.cab", lpString2="$Recycle.bin") returned 1 [0050.580] lstrcmpiW (lpString1="Data1.cab", lpString2="System Volume Information") returned -1 [0050.580] lstrcmpiW (lpString1="Data1.cab", lpString2=".") returned 1 [0050.580] lstrcmpiW (lpString1="Data1.cab", lpString2="..") returned 1 [0050.580] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab") returned 81 [0050.580] StrStrIW (lpFirst="Data1.cab", lpSrch=".lolkek") returned 0x0 [0050.580] lstrcmpW (lpString1="Data1.cab", lpString2="LOLKEK.txt") returned -1 [0050.581] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab") returned 81 [0050.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cade78 [0050.581] lstrcpyW (in: lpString1=0x3cade78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" [0050.581] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.581] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.581] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jre1.7.0_45.msi", cAlternateFileName="JRE170~1.MSI")) returned 1 [0050.581] lstrcmpiW (lpString1="jre1.7.0_45.msi", lpString2="Windows") returned -1 [0050.581] lstrcmpiW (lpString1="jre1.7.0_45.msi", lpString2="Program Files") returned -1 [0050.581] lstrcmpiW (lpString1="jre1.7.0_45.msi", lpString2="Program Files (x86)") returned -1 [0050.581] lstrcmpiW (lpString1="jre1.7.0_45.msi", lpString2="$Recycle.bin") returned 1 [0050.581] lstrcmpiW (lpString1="jre1.7.0_45.msi", lpString2="System Volume Information") returned -1 [0050.581] lstrcmpiW (lpString1="jre1.7.0_45.msi", lpString2=".") returned 1 [0050.581] lstrcmpiW (lpString1="jre1.7.0_45.msi", lpString2="..") returned 1 [0050.581] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi") returned 87 [0050.581] StrStrIW (lpFirst="jre1.7.0_45.msi", lpSrch=".lolkek") returned 0x0 [0050.581] lstrcmpW (lpString1="jre1.7.0_45.msi", lpString2="LOLKEK.txt") returned -1 [0050.581] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi") returned 87 [0050.581] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb5fa0 [0050.581] lstrcpyW (in: lpString1=0x3eb5fa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" [0050.581] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.584] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.584] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jre1.7.0_45.msi", cAlternateFileName="JRE170~1.MSI")) returned 0 [0050.584] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.584] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\LOLKEK.txt") returned 82 [0050.584] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.585] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.585] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.585] CloseHandle (hObject=0x2bc) returned 1 [0050.585] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.587] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jre1.7.0_45", cAlternateFileName="JRE17~1.0_4")) returned 0 [0050.587] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.587] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\LOLKEK.txt") returned 70 [0050.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.587] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.587] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.588] CloseHandle (hObject=0x1ec) returned 1 [0050.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.588] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Java", cAlternateFileName="")) returned 0 [0050.588] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0050.588] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\LOLKEK.txt") returned 65 [0050.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.588] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.588] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0050.589] CloseHandle (hObject=0x1e0) returned 1 [0050.589] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.589] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sun", cAlternateFileName="")) returned 0 [0050.589] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0050.589] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\LOLKEK.txt") returned 61 [0050.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0050.590] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.590] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0050.590] CloseHandle (hObject=0x2a0) returned 1 [0050.590] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0050.591] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc9b560, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc9b560, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roaming", cAlternateFileName="")) returned 1 [0050.591] lstrcmpiW (lpString1="Roaming", lpString2="Windows") returned -1 [0050.591] lstrcmpiW (lpString1="Roaming", lpString2="Program Files") returned 1 [0050.591] lstrcmpiW (lpString1="Roaming", lpString2="Program Files (x86)") returned 1 [0050.591] lstrcmpiW (lpString1="Roaming", lpString2="$Recycle.bin") returned 1 [0050.591] lstrcmpiW (lpString1="Roaming", lpString2="System Volume Information") returned -1 [0050.591] lstrcmpiW (lpString1="Roaming", lpString2=".") returned 1 [0050.591] lstrcmpiW (lpString1="Roaming", lpString2="..") returned 1 [0050.591] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 49 [0050.591] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0f38 [0050.591] lstrcpyW (in: lpString1=0x3be0f38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0050.591] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*" [0050.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc9b560, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc9b560, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e198 [0050.591] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.592] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.592] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.592] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.592] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.592] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.592] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc9b560, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc9b560, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.592] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.592] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.592] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.592] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.592] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.592] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4b242130, ftCreationTime.dwHighDateTime=0x1d62d9e, ftLastAccessTime.dwLowDateTime=0xdd9b580, ftLastAccessTime.dwHighDateTime=0x1d62937, ftLastWriteTime.dwLowDateTime=0xdd9b580, ftLastWriteTime.dwHighDateTime=0x1d62937, nFileSizeHigh=0x0, nFileSizeLow=0x1dfa, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="0SjWEDJTA7-j1dLq4.mp3", cAlternateFileName="0SJWED~1.MP3")) returned 1 [0050.592] lstrcmpiW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2="Windows") returned -1 [0050.592] lstrcmpiW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2="Program Files") returned -1 [0050.592] lstrcmpiW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2="Program Files (x86)") returned -1 [0050.592] lstrcmpiW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2="$Recycle.bin") returned 1 [0050.592] lstrcmpiW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2="System Volume Information") returned -1 [0050.592] lstrcmpiW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2=".") returned 1 [0050.592] lstrcmpiW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2="..") returned 1 [0050.592] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3") returned 71 [0050.592] StrStrIW (lpFirst="0SjWEDJTA7-j1dLq4.mp3", lpSrch=".lolkek") returned 0x0 [0050.592] lstrcmpW (lpString1="0SjWEDJTA7-j1dLq4.mp3", lpString2="LOLKEK.txt") returned -1 [0050.592] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3") returned 71 [0050.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f318 [0050.592] lstrcpyW (in: lpString1=0x3e3f318, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0SjWEDJTA7-j1dLq4.mp3" [0050.592] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.609] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.609] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad419390, ftCreationTime.dwHighDateTime=0x1d628a1, ftLastAccessTime.dwLowDateTime=0x3228b270, ftLastAccessTime.dwHighDateTime=0x1d63016, ftLastWriteTime.dwLowDateTime=0x3228b270, ftLastWriteTime.dwHighDateTime=0x1d63016, nFileSizeHigh=0x0, nFileSizeLow=0x9f2b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="3bOE1KmijdJQ.bmp", cAlternateFileName="3BOE1K~1.BMP")) returned 1 [0050.609] lstrcmpiW (lpString1="3bOE1KmijdJQ.bmp", lpString2="Windows") returned -1 [0050.609] lstrcmpiW (lpString1="3bOE1KmijdJQ.bmp", lpString2="Program Files") returned -1 [0050.609] lstrcmpiW (lpString1="3bOE1KmijdJQ.bmp", lpString2="Program Files (x86)") returned -1 [0050.609] lstrcmpiW (lpString1="3bOE1KmijdJQ.bmp", lpString2="$Recycle.bin") returned 1 [0050.609] lstrcmpiW (lpString1="3bOE1KmijdJQ.bmp", lpString2="System Volume Information") returned -1 [0050.609] lstrcmpiW (lpString1="3bOE1KmijdJQ.bmp", lpString2=".") returned 1 [0050.609] lstrcmpiW (lpString1="3bOE1KmijdJQ.bmp", lpString2="..") returned 1 [0050.609] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp") returned 66 [0050.609] StrStrIW (lpFirst="3bOE1KmijdJQ.bmp", lpSrch=".lolkek") returned 0x0 [0050.609] lstrcmpW (lpString1="3bOE1KmijdJQ.bmp", lpString2="LOLKEK.txt") returned -1 [0050.609] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp") returned 66 [0050.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x6461a0 [0050.609] lstrcpyW (in: lpString1=0x6461a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\3bOE1KmijdJQ.bmp" [0050.609] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.609] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.609] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdf43cf90, ftCreationTime.dwHighDateTime=0x1d626ce, ftLastAccessTime.dwLowDateTime=0xbb0591c0, ftLastAccessTime.dwHighDateTime=0x1d62e64, ftLastWriteTime.dwLowDateTime=0xbb0591c0, ftLastWriteTime.dwHighDateTime=0x1d62e64, nFileSizeHigh=0x0, nFileSizeLow=0x3780, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="6-tqKu1GWLr2jDmBt.gif", cAlternateFileName="6-TQKU~1.GIF")) returned 1 [0050.609] lstrcmpiW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2="Windows") returned -1 [0050.609] lstrcmpiW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2="Program Files") returned -1 [0050.609] lstrcmpiW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2="Program Files (x86)") returned -1 [0050.609] lstrcmpiW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2="$Recycle.bin") returned 1 [0050.609] lstrcmpiW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2="System Volume Information") returned -1 [0050.610] lstrcmpiW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2=".") returned 1 [0050.610] lstrcmpiW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2="..") returned 1 [0050.610] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif") returned 71 [0050.610] StrStrIW (lpFirst="6-tqKu1GWLr2jDmBt.gif", lpSrch=".lolkek") returned 0x0 [0050.610] lstrcmpW (lpString1="6-tqKu1GWLr2jDmBt.gif", lpString2="LOLKEK.txt") returned -1 [0050.610] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif") returned 71 [0050.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f1f0 [0050.610] lstrcpyW (in: lpString1=0x3e3f1f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\6-tqKu1GWLr2jDmBt.gif" [0050.610] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.610] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.610] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb206940, ftCreationTime.dwHighDateTime=0x1d63234, ftLastAccessTime.dwLowDateTime=0x7ee075a0, ftLastAccessTime.dwHighDateTime=0x1d62920, ftLastWriteTime.dwLowDateTime=0x7ee075a0, ftLastWriteTime.dwHighDateTime=0x1d62920, nFileSizeHigh=0x0, nFileSizeLow=0xf661, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="7KsO54FTzhBfe6.ppt", cAlternateFileName="7KSO54~1.PPT")) returned 1 [0050.610] lstrcmpiW (lpString1="7KsO54FTzhBfe6.ppt", lpString2="Windows") returned -1 [0050.610] lstrcmpiW (lpString1="7KsO54FTzhBfe6.ppt", lpString2="Program Files") returned -1 [0050.610] lstrcmpiW (lpString1="7KsO54FTzhBfe6.ppt", lpString2="Program Files (x86)") returned -1 [0050.610] lstrcmpiW (lpString1="7KsO54FTzhBfe6.ppt", lpString2="$Recycle.bin") returned 1 [0050.610] lstrcmpiW (lpString1="7KsO54FTzhBfe6.ppt", lpString2="System Volume Information") returned -1 [0050.610] lstrcmpiW (lpString1="7KsO54FTzhBfe6.ppt", lpString2=".") returned 1 [0050.610] lstrcmpiW (lpString1="7KsO54FTzhBfe6.ppt", lpString2="..") returned 1 [0050.610] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt") returned 68 [0050.610] StrStrIW (lpFirst="7KsO54FTzhBfe6.ppt", lpSrch=".lolkek") returned 0x0 [0050.610] lstrcmpW (lpString1="7KsO54FTzhBfe6.ppt", lpString2="LOLKEK.txt") returned -1 [0050.610] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt") returned 68 [0050.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x3de1d28 [0050.610] lstrcpyW (in: lpString1=0x3de1d28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7KsO54FTzhBfe6.ppt" [0050.610] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.610] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.610] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5d35c9c0, ftCreationTime.dwHighDateTime=0x1d62abd, ftLastAccessTime.dwLowDateTime=0x778414f0, ftLastAccessTime.dwHighDateTime=0x1d62fb1, ftLastWriteTime.dwLowDateTime=0x778414f0, ftLastWriteTime.dwHighDateTime=0x1d62fb1, nFileSizeHigh=0x0, nFileSizeLow=0x15641, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="7sM1Cl5EcPw.jpg", cAlternateFileName="7SM1CL~1.JPG")) returned 1 [0050.610] lstrcmpiW (lpString1="7sM1Cl5EcPw.jpg", lpString2="Windows") returned -1 [0050.610] lstrcmpiW (lpString1="7sM1Cl5EcPw.jpg", lpString2="Program Files") returned -1 [0050.610] lstrcmpiW (lpString1="7sM1Cl5EcPw.jpg", lpString2="Program Files (x86)") returned -1 [0050.610] lstrcmpiW (lpString1="7sM1Cl5EcPw.jpg", lpString2="$Recycle.bin") returned 1 [0050.610] lstrcmpiW (lpString1="7sM1Cl5EcPw.jpg", lpString2="System Volume Information") returned -1 [0050.610] lstrcmpiW (lpString1="7sM1Cl5EcPw.jpg", lpString2=".") returned 1 [0050.610] lstrcmpiW (lpString1="7sM1Cl5EcPw.jpg", lpString2="..") returned 1 [0050.610] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg") returned 65 [0050.610] StrStrIW (lpFirst="7sM1Cl5EcPw.jpg", lpSrch=".lolkek") returned 0x0 [0050.610] lstrcmpW (lpString1="7sM1Cl5EcPw.jpg", lpString2="LOLKEK.txt") returned -1 [0050.610] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg") returned 65 [0050.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611958 [0050.610] lstrcpyW (in: lpString1=0x611958, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7sM1Cl5EcPw.jpg" [0050.610] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.610] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.610] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53d66360, ftCreationTime.dwHighDateTime=0x1d6311d, ftLastAccessTime.dwLowDateTime=0x8fcb3870, ftLastAccessTime.dwHighDateTime=0x1d624e1, ftLastWriteTime.dwLowDateTime=0x8fcb3870, ftLastWriteTime.dwHighDateTime=0x1d624e1, nFileSizeHigh=0x0, nFileSizeLow=0x955, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="7vZB7KAROdoFDPRMA.xlsx", cAlternateFileName="7VZB7K~1.XLS")) returned 1 [0050.610] lstrcmpiW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2="Windows") returned -1 [0050.611] lstrcmpiW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2="Program Files") returned -1 [0050.611] lstrcmpiW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2="Program Files (x86)") returned -1 [0050.611] lstrcmpiW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2="$Recycle.bin") returned 1 [0050.611] lstrcmpiW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2="System Volume Information") returned -1 [0050.611] lstrcmpiW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2=".") returned 1 [0050.611] lstrcmpiW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2="..") returned 1 [0050.611] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx") returned 72 [0050.611] StrStrIW (lpFirst="7vZB7KAROdoFDPRMA.xlsx", lpSrch=".lolkek") returned 0x0 [0050.611] lstrcmpW (lpString1="7vZB7KAROdoFDPRMA.xlsx", lpString2="LOLKEK.txt") returned -1 [0050.611] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx") returned 72 [0050.611] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca7508 [0050.611] lstrcpyW (in: lpString1=0x3ca7508, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7vZB7KAROdoFDPRMA.xlsx" [0050.611] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.614] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.614] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc2f894b0, ftCreationTime.dwHighDateTime=0x1d62313, ftLastAccessTime.dwLowDateTime=0xed5f8b50, ftLastAccessTime.dwHighDateTime=0x1d6311e, ftLastWriteTime.dwLowDateTime=0xed5f8b50, ftLastWriteTime.dwHighDateTime=0x1d6311e, nFileSizeHigh=0x0, nFileSizeLow=0x6bae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="9puKOI FoKwuqK.flv", cAlternateFileName="9PUKOI~1.FLV")) returned 1 [0050.614] lstrcmpiW (lpString1="9puKOI FoKwuqK.flv", lpString2="Windows") returned -1 [0050.614] lstrcmpiW (lpString1="9puKOI FoKwuqK.flv", lpString2="Program Files") returned -1 [0050.614] lstrcmpiW (lpString1="9puKOI FoKwuqK.flv", lpString2="Program Files (x86)") returned -1 [0050.614] lstrcmpiW (lpString1="9puKOI FoKwuqK.flv", lpString2="$Recycle.bin") returned 1 [0050.614] lstrcmpiW (lpString1="9puKOI FoKwuqK.flv", lpString2="System Volume Information") returned -1 [0050.614] lstrcmpiW (lpString1="9puKOI FoKwuqK.flv", lpString2=".") returned 1 [0050.614] lstrcmpiW (lpString1="9puKOI FoKwuqK.flv", lpString2="..") returned 1 [0050.614] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv") returned 68 [0050.614] StrStrIW (lpFirst="9puKOI FoKwuqK.flv", lpSrch=".lolkek") returned 0x0 [0050.614] lstrcmpW (lpString1="9puKOI FoKwuqK.flv", lpString2="LOLKEK.txt") returned -1 [0050.614] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv") returned 68 [0050.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x62fd88 [0050.614] lstrcpyW (in: lpString1=0x62fd88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9puKOI FoKwuqK.flv" [0050.614] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.637] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.637] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x17744700, ftCreationTime.dwHighDateTime=0x1d62e86, ftLastAccessTime.dwLowDateTime=0x47043010, ftLastAccessTime.dwHighDateTime=0x1d62e4b, ftLastWriteTime.dwLowDateTime=0x47043010, ftLastWriteTime.dwHighDateTime=0x1d62e4b, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="A3iChHJWhPHSFTacE.avi", cAlternateFileName="A3ICHH~1.AVI")) returned 1 [0050.637] lstrcmpiW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2="Windows") returned -1 [0050.637] lstrcmpiW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2="Program Files") returned -1 [0050.637] lstrcmpiW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2="Program Files (x86)") returned -1 [0050.637] lstrcmpiW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2="$Recycle.bin") returned 1 [0050.637] lstrcmpiW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2="System Volume Information") returned -1 [0050.637] lstrcmpiW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2=".") returned 1 [0050.637] lstrcmpiW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2="..") returned 1 [0050.637] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi") returned 71 [0050.637] StrStrIW (lpFirst="A3iChHJWhPHSFTacE.avi", lpSrch=".lolkek") returned 0x0 [0050.637] lstrcmpW (lpString1="A3iChHJWhPHSFTacE.avi", lpString2="LOLKEK.txt") returned -1 [0050.637] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi") returned 71 [0050.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f440 [0050.637] lstrcpyW (in: lpString1=0x3e3f440, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\A3iChHJWhPHSFTacE.avi" [0050.638] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.638] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.638] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Adobe", cAlternateFileName="")) returned 1 [0050.638] lstrcmpiW (lpString1="Adobe", lpString2="Windows") returned -1 [0050.638] lstrcmpiW (lpString1="Adobe", lpString2="Program Files") returned -1 [0050.638] lstrcmpiW (lpString1="Adobe", lpString2="Program Files (x86)") returned -1 [0050.638] lstrcmpiW (lpString1="Adobe", lpString2="$Recycle.bin") returned 1 [0050.638] lstrcmpiW (lpString1="Adobe", lpString2="System Volume Information") returned -1 [0050.638] lstrcmpiW (lpString1="Adobe", lpString2=".") returned 1 [0050.638] lstrcmpiW (lpString1="Adobe", lpString2="..") returned 1 [0050.638] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe") returned 55 [0050.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.638] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe" [0050.638] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*" [0050.638] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0050.643] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.643] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.643] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.643] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.643] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.643] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.644] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.644] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.644] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.644] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.644] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0050.644] lstrcmpiW (lpString1="Acrobat", lpString2="Windows") returned -1 [0050.644] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files") returned -1 [0050.644] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files (x86)") returned -1 [0050.644] lstrcmpiW (lpString1="Acrobat", lpString2="$Recycle.bin") returned 1 [0050.644] lstrcmpiW (lpString1="Acrobat", lpString2="System Volume Information") returned -1 [0050.644] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0050.644] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0050.644] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat") returned 63 [0050.644] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.644] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat" [0050.644] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*" [0050.644] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.644] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.644] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.644] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.644] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.644] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.644] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.644] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.644] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.644] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.644] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.644] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.644] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 1 [0050.644] lstrcmpiW (lpString1="10.0", lpString2="Windows") returned -1 [0050.644] lstrcmpiW (lpString1="10.0", lpString2="Program Files") returned -1 [0050.645] lstrcmpiW (lpString1="10.0", lpString2="Program Files (x86)") returned -1 [0050.645] lstrcmpiW (lpString1="10.0", lpString2="$Recycle.bin") returned 1 [0050.645] lstrcmpiW (lpString1="10.0", lpString2="System Volume Information") returned -1 [0050.645] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0050.645] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0050.645] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0") returned 68 [0050.645] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.645] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0" [0050.645] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*" [0050.645] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.645] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.645] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.645] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.645] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.645] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.645] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.645] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.645] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.645] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.645] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.645] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.645] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.645] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.645] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.645] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Collab", cAlternateFileName="")) returned 1 [0050.645] lstrcmpiW (lpString1="Collab", lpString2="Windows") returned -1 [0050.645] lstrcmpiW (lpString1="Collab", lpString2="Program Files") returned -1 [0050.645] lstrcmpiW (lpString1="Collab", lpString2="Program Files (x86)") returned -1 [0050.645] lstrcmpiW (lpString1="Collab", lpString2="$Recycle.bin") returned 1 [0050.646] lstrcmpiW (lpString1="Collab", lpString2="System Volume Information") returned -1 [0050.646] lstrcmpiW (lpString1="Collab", lpString2=".") returned 1 [0050.646] lstrcmpiW (lpString1="Collab", lpString2="..") returned 1 [0050.646] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab") returned 75 [0050.646] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.646] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab" [0050.646] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*" [0050.646] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.649] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.649] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.649] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.649] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.649] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.649] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.649] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.649] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.649] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.649] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.649] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.649] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.649] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.649] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.649] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.649] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.649] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\LOLKEK.txt") returned 86 [0050.649] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.650] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.650] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.650] CloseHandle (hObject=0x25c) returned 1 [0050.650] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.650] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Forms", cAlternateFileName="")) returned 1 [0050.650] lstrcmpiW (lpString1="Forms", lpString2="Windows") returned -1 [0050.650] lstrcmpiW (lpString1="Forms", lpString2="Program Files") returned -1 [0050.650] lstrcmpiW (lpString1="Forms", lpString2="Program Files (x86)") returned -1 [0050.650] lstrcmpiW (lpString1="Forms", lpString2="$Recycle.bin") returned 1 [0050.650] lstrcmpiW (lpString1="Forms", lpString2="System Volume Information") returned -1 [0050.650] lstrcmpiW (lpString1="Forms", lpString2=".") returned 1 [0050.650] lstrcmpiW (lpString1="Forms", lpString2="..") returned 1 [0050.650] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms") returned 74 [0050.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.651] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms" [0050.651] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*" [0050.651] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.651] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.651] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.651] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.651] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.651] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.651] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.651] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.651] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.651] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.651] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.651] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.651] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.651] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.651] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.651] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.651] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.651] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\LOLKEK.txt") returned 85 [0050.651] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.651] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.651] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.652] CloseHandle (hObject=0x25c) returned 1 [0050.652] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.652] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JavaScripts", cAlternateFileName="JAVASC~1")) returned 1 [0050.652] lstrcmpiW (lpString1="JavaScripts", lpString2="Windows") returned -1 [0050.652] lstrcmpiW (lpString1="JavaScripts", lpString2="Program Files") returned -1 [0050.652] lstrcmpiW (lpString1="JavaScripts", lpString2="Program Files (x86)") returned -1 [0050.652] lstrcmpiW (lpString1="JavaScripts", lpString2="$Recycle.bin") returned 1 [0050.652] lstrcmpiW (lpString1="JavaScripts", lpString2="System Volume Information") returned -1 [0050.652] lstrcmpiW (lpString1="JavaScripts", lpString2=".") returned 1 [0050.652] lstrcmpiW (lpString1="JavaScripts", lpString2="..") returned 1 [0050.652] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts") returned 80 [0050.652] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.652] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts" [0050.652] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*" [0050.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.653] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.653] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.653] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.653] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.653] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.653] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.653] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.653] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.653] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.653] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.653] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.653] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.653] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.653] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.653] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="glob.js", cAlternateFileName="")) returned 1 [0050.653] lstrcmpiW (lpString1="glob.js", lpString2="Windows") returned -1 [0050.653] lstrcmpiW (lpString1="glob.js", lpString2="Program Files") returned -1 [0050.653] lstrcmpiW (lpString1="glob.js", lpString2="Program Files (x86)") returned -1 [0050.653] lstrcmpiW (lpString1="glob.js", lpString2="$Recycle.bin") returned 1 [0050.653] lstrcmpiW (lpString1="glob.js", lpString2="System Volume Information") returned -1 [0050.653] lstrcmpiW (lpString1="glob.js", lpString2=".") returned 1 [0050.653] lstrcmpiW (lpString1="glob.js", lpString2="..") returned 1 [0050.653] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js") returned 88 [0050.653] StrStrIW (lpFirst="glob.js", lpSrch=".lolkek") returned 0x0 [0050.653] lstrcmpW (lpString1="glob.js", lpString2="LOLKEK.txt") returned -1 [0050.653] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js") returned 88 [0050.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x3c948d8 [0050.653] lstrcpyW (in: lpString1=0x3c948d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" [0050.653] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.653] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.653] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 1 [0050.653] lstrcmpiW (lpString1="glob.settings.js", lpString2="Windows") returned -1 [0050.653] lstrcmpiW (lpString1="glob.settings.js", lpString2="Program Files") returned -1 [0050.653] lstrcmpiW (lpString1="glob.settings.js", lpString2="Program Files (x86)") returned -1 [0050.653] lstrcmpiW (lpString1="glob.settings.js", lpString2="$Recycle.bin") returned 1 [0050.653] lstrcmpiW (lpString1="glob.settings.js", lpString2="System Volume Information") returned -1 [0050.653] lstrcmpiW (lpString1="glob.settings.js", lpString2=".") returned 1 [0050.653] lstrcmpiW (lpString1="glob.settings.js", lpString2="..") returned 1 [0050.653] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js") returned 97 [0050.653] StrStrIW (lpFirst="glob.settings.js", lpSrch=".lolkek") returned 0x0 [0050.653] lstrcmpW (lpString1="glob.settings.js", lpString2="LOLKEK.txt") returned -1 [0050.653] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js") returned 97 [0050.653] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x3bf11e8 [0050.654] lstrcpyW (in: lpString1=0x3bf11e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" [0050.654] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.654] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.654] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 0 [0050.654] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.654] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\LOLKEK.txt") returned 91 [0050.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.654] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.654] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.655] CloseHandle (hObject=0x25c) returned 1 [0050.655] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.655] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Security", cAlternateFileName="")) returned 1 [0050.655] lstrcmpiW (lpString1="Security", lpString2="Windows") returned -1 [0050.655] lstrcmpiW (lpString1="Security", lpString2="Program Files") returned 1 [0050.655] lstrcmpiW (lpString1="Security", lpString2="Program Files (x86)") returned 1 [0050.655] lstrcmpiW (lpString1="Security", lpString2="$Recycle.bin") returned 1 [0050.655] lstrcmpiW (lpString1="Security", lpString2="System Volume Information") returned -1 [0050.655] lstrcmpiW (lpString1="Security", lpString2=".") returned 1 [0050.655] lstrcmpiW (lpString1="Security", lpString2="..") returned 1 [0050.655] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security") returned 77 [0050.655] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.655] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security" [0050.655] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*" [0050.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.655] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.655] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.655] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.655] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.655] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.655] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.655] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.655] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.655] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.655] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.655] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.655] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.655] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.655] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.655] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda8cdc00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8f3d60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x1517, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="addressbook.acrodata", cAlternateFileName="ADDRES~1.ACR")) returned 1 [0050.656] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="Windows") returned -1 [0050.656] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="Program Files") returned -1 [0050.656] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="Program Files (x86)") returned -1 [0050.656] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="$Recycle.bin") returned 1 [0050.656] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="System Volume Information") returned -1 [0050.656] lstrcmpiW (lpString1="addressbook.acrodata", lpString2=".") returned 1 [0050.656] lstrcmpiW (lpString1="addressbook.acrodata", lpString2="..") returned 1 [0050.656] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata") returned 98 [0050.656] StrStrIW (lpFirst="addressbook.acrodata", lpSrch=".lolkek") returned 0x0 [0050.656] lstrcmpW (lpString1="addressbook.acrodata", lpString2="LOLKEK.txt") returned -1 [0050.656] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata") returned 98 [0050.656] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3eb7b50 [0050.656] lstrcpyW (in: lpString1=0x3eb7b50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" [0050.656] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.658] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.658] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CRLCache", cAlternateFileName="")) returned 1 [0050.658] lstrcmpiW (lpString1="CRLCache", lpString2="Windows") returned -1 [0050.658] lstrcmpiW (lpString1="CRLCache", lpString2="Program Files") returned -1 [0050.658] lstrcmpiW (lpString1="CRLCache", lpString2="Program Files (x86)") returned -1 [0050.658] lstrcmpiW (lpString1="CRLCache", lpString2="$Recycle.bin") returned 1 [0050.658] lstrcmpiW (lpString1="CRLCache", lpString2="System Volume Information") returned -1 [0050.658] lstrcmpiW (lpString1="CRLCache", lpString2=".") returned 1 [0050.658] lstrcmpiW (lpString1="CRLCache", lpString2="..") returned 1 [0050.658] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache") returned 86 [0050.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.658] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" [0050.658] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*" [0050.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.659] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.659] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.659] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.659] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.659] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.659] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.659] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.659] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.659] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.659] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.659] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.659] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.659] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.659] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.659] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda5adf20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefc97c0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", cAlternateFileName="48B764~1.CRL")) returned 1 [0050.659] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="Windows") returned -1 [0050.659] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="Program Files") returned -1 [0050.659] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="Program Files (x86)") returned -1 [0050.659] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="$Recycle.bin") returned 1 [0050.659] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="System Volume Information") returned -1 [0050.659] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2=".") returned 1 [0050.659] lstrcmpiW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="..") returned 1 [0050.659] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl") returned 131 [0050.659] StrStrIW (lpFirst="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpSrch=".lolkek") returned 0x0 [0050.659] lstrcmpW (lpString1="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", lpString2="LOLKEK.txt") returned -1 [0050.659] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl") returned 131 [0050.659] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x210) returned 0x3ec7520 [0050.659] lstrcpyW (in: lpString1=0x3ec7520, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" [0050.659] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.674] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.675] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 1 [0050.675] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="Windows") returned -1 [0050.675] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="Program Files") returned -1 [0050.675] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="Program Files (x86)") returned -1 [0050.675] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="$Recycle.bin") returned 1 [0050.675] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="System Volume Information") returned -1 [0050.675] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2=".") returned 1 [0050.675] lstrcmpiW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="..") returned 1 [0050.675] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl") returned 131 [0050.675] StrStrIW (lpFirst="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpSrch=".lolkek") returned 0x0 [0050.675] lstrcmpW (lpString1="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", lpString2="LOLKEK.txt") returned -1 [0050.675] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl") returned 131 [0050.675] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x210) returned 0x631ed0 [0050.675] lstrcpyW (in: lpString1=0x631ed0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" [0050.675] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.675] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.675] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 0 [0050.675] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0050.675] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\LOLKEK.txt") returned 97 [0050.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.679] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.679] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.680] CloseHandle (hObject=0x280) returned 1 [0050.680] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.680] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CRLCache", cAlternateFileName="")) returned 0 [0050.680] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.680] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\LOLKEK.txt") returned 88 [0050.680] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.680] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.680] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.681] CloseHandle (hObject=0x25c) returned 1 [0050.681] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.681] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Security", cAlternateFileName="")) returned 0 [0050.681] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.681] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\LOLKEK.txt") returned 79 [0050.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.682] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.682] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.682] CloseHandle (hObject=0x2bc) returned 1 [0050.682] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.684] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 0 [0050.684] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.684] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\LOLKEK.txt") returned 74 [0050.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.684] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.684] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.685] CloseHandle (hObject=0x1e0) returned 1 [0050.685] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.685] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0050.685] lstrcmpiW (lpString1="Flash Player", lpString2="Windows") returned -1 [0050.685] lstrcmpiW (lpString1="Flash Player", lpString2="Program Files") returned -1 [0050.685] lstrcmpiW (lpString1="Flash Player", lpString2="Program Files (x86)") returned -1 [0050.685] lstrcmpiW (lpString1="Flash Player", lpString2="$Recycle.bin") returned 1 [0050.685] lstrcmpiW (lpString1="Flash Player", lpString2="System Volume Information") returned -1 [0050.685] lstrcmpiW (lpString1="Flash Player", lpString2=".") returned 1 [0050.685] lstrcmpiW (lpString1="Flash Player", lpString2="..") returned 1 [0050.685] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player") returned 68 [0050.685] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.685] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player" [0050.685] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*" [0050.685] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.696] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.696] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.696] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.696] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.696] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.696] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.696] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.697] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.697] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.697] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.697] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 1 [0050.697] lstrcmpiW (lpString1="AssetCache", lpString2="Windows") returned -1 [0050.697] lstrcmpiW (lpString1="AssetCache", lpString2="Program Files") returned -1 [0050.697] lstrcmpiW (lpString1="AssetCache", lpString2="Program Files (x86)") returned -1 [0050.697] lstrcmpiW (lpString1="AssetCache", lpString2="$Recycle.bin") returned 1 [0050.697] lstrcmpiW (lpString1="AssetCache", lpString2="System Volume Information") returned -1 [0050.697] lstrcmpiW (lpString1="AssetCache", lpString2=".") returned 1 [0050.697] lstrcmpiW (lpString1="AssetCache", lpString2="..") returned 1 [0050.697] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache") returned 79 [0050.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.697] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache" [0050.697] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*" [0050.697] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.697] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.697] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.697] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.697] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.697] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.697] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.697] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.697] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.697] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.697] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.697] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.697] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D5NTRC6R", cAlternateFileName="")) returned 1 [0050.697] lstrcmpiW (lpString1="D5NTRC6R", lpString2="Windows") returned -1 [0050.697] lstrcmpiW (lpString1="D5NTRC6R", lpString2="Program Files") returned -1 [0050.697] lstrcmpiW (lpString1="D5NTRC6R", lpString2="Program Files (x86)") returned -1 [0050.697] lstrcmpiW (lpString1="D5NTRC6R", lpString2="$Recycle.bin") returned 1 [0050.697] lstrcmpiW (lpString1="D5NTRC6R", lpString2="System Volume Information") returned -1 [0050.697] lstrcmpiW (lpString1="D5NTRC6R", lpString2=".") returned 1 [0050.697] lstrcmpiW (lpString1="D5NTRC6R", lpString2="..") returned 1 [0050.698] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R") returned 88 [0050.698] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0050.698] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" [0050.698] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*" [0050.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.700] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.700] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.700] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.700] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.700] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.700] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.700] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.701] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.701] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.701] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.701] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.701] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.701] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.701] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.701] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.701] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.701] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\LOLKEK.txt") returned 99 [0050.701] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.701] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.701] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.702] CloseHandle (hObject=0x1b4) returned 1 [0050.702] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0050.702] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D5NTRC6R", cAlternateFileName="")) returned 0 [0050.702] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.702] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\LOLKEK.txt") returned 90 [0050.702] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.703] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.703] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.703] CloseHandle (hObject=0x2bc) returned 1 [0050.703] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.703] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 0 [0050.703] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.703] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\LOLKEK.txt") returned 79 [0050.703] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.704] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.704] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.705] CloseHandle (hObject=0x1e0) returned 1 [0050.705] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.706] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Headlights", cAlternateFileName="HEADLI~1")) returned 1 [0050.706] lstrcmpiW (lpString1="Headlights", lpString2="Windows") returned -1 [0050.706] lstrcmpiW (lpString1="Headlights", lpString2="Program Files") returned -1 [0050.706] lstrcmpiW (lpString1="Headlights", lpString2="Program Files (x86)") returned -1 [0050.706] lstrcmpiW (lpString1="Headlights", lpString2="$Recycle.bin") returned 1 [0050.706] lstrcmpiW (lpString1="Headlights", lpString2="System Volume Information") returned -1 [0050.706] lstrcmpiW (lpString1="Headlights", lpString2=".") returned 1 [0050.706] lstrcmpiW (lpString1="Headlights", lpString2="..") returned 1 [0050.706] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights") returned 66 [0050.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.706] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights" [0050.706] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*" [0050.706] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.706] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.706] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.706] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.706] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.706] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.706] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.706] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.706] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.706] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.707] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.707] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.707] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.707] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.707] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.707] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.707] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.707] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\LOLKEK.txt") returned 77 [0050.707] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.707] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.707] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.708] CloseHandle (hObject=0x1e0) returned 1 [0050.708] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.708] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0050.708] lstrcmpiW (lpString1="Linguistics", lpString2="Windows") returned -1 [0050.708] lstrcmpiW (lpString1="Linguistics", lpString2="Program Files") returned -1 [0050.708] lstrcmpiW (lpString1="Linguistics", lpString2="Program Files (x86)") returned -1 [0050.708] lstrcmpiW (lpString1="Linguistics", lpString2="$Recycle.bin") returned 1 [0050.708] lstrcmpiW (lpString1="Linguistics", lpString2="System Volume Information") returned -1 [0050.708] lstrcmpiW (lpString1="Linguistics", lpString2=".") returned 1 [0050.708] lstrcmpiW (lpString1="Linguistics", lpString2="..") returned 1 [0050.708] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics") returned 67 [0050.708] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.708] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics" [0050.708] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*" [0050.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.708] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.708] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.708] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.708] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.708] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.708] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.708] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.708] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.708] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.708] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.708] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.708] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.708] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.709] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.709] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0050.709] lstrcmpiW (lpString1="Dictionaries", lpString2="Windows") returned -1 [0050.709] lstrcmpiW (lpString1="Dictionaries", lpString2="Program Files") returned -1 [0050.709] lstrcmpiW (lpString1="Dictionaries", lpString2="Program Files (x86)") returned -1 [0050.709] lstrcmpiW (lpString1="Dictionaries", lpString2="$Recycle.bin") returned 1 [0050.709] lstrcmpiW (lpString1="Dictionaries", lpString2="System Volume Information") returned -1 [0050.709] lstrcmpiW (lpString1="Dictionaries", lpString2=".") returned 1 [0050.709] lstrcmpiW (lpString1="Dictionaries", lpString2="..") returned 1 [0050.709] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries") returned 80 [0050.709] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.709] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries" [0050.709] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*" [0050.709] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.709] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.709] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.709] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.709] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.709] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.709] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.709] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.709] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.709] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.709] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.709] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.709] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.709] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.709] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.709] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.709] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.709] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\LOLKEK.txt") returned 91 [0050.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0050.710] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.710] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.710] CloseHandle (hObject=0x2bc) returned 1 [0050.711] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.711] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 0 [0050.711] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.711] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\LOLKEK.txt") returned 78 [0050.711] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.711] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.711] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.712] CloseHandle (hObject=0x1e0) returned 1 [0050.712] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.712] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 1 [0050.712] lstrcmpiW (lpString1="LogTransport2", lpString2="Windows") returned -1 [0050.712] lstrcmpiW (lpString1="LogTransport2", lpString2="Program Files") returned -1 [0050.712] lstrcmpiW (lpString1="LogTransport2", lpString2="Program Files (x86)") returned -1 [0050.712] lstrcmpiW (lpString1="LogTransport2", lpString2="$Recycle.bin") returned 1 [0050.712] lstrcmpiW (lpString1="LogTransport2", lpString2="System Volume Information") returned -1 [0050.712] lstrcmpiW (lpString1="LogTransport2", lpString2=".") returned 1 [0050.712] lstrcmpiW (lpString1="LogTransport2", lpString2="..") returned 1 [0050.712] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2") returned 69 [0050.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0050.712] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2" [0050.712] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*" [0050.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.712] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.712] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.712] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.712] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.712] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.712] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.712] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.712] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.712] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.712] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.712] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.712] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.712] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.712] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.712] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.712] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.712] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\LOLKEK.txt") returned 80 [0050.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0050.713] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.713] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.713] CloseHandle (hObject=0x1e0) returned 1 [0050.714] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0050.714] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 0 [0050.714] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0050.714] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LOLKEK.txt") returned 66 [0050.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0050.714] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.714] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0050.715] CloseHandle (hObject=0x1ec) returned 1 [0050.715] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.715] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80bf0cf0, ftCreationTime.dwHighDateTime=0x1d62e3f, ftLastAccessTime.dwLowDateTime=0x9ead2250, ftLastAccessTime.dwHighDateTime=0x1d62b6b, ftLastWriteTime.dwLowDateTime=0x9ead2250, ftLastWriteTime.dwHighDateTime=0x1d62b6b, nFileSizeHigh=0x0, nFileSizeLow=0x17064, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="AKiamCp67zNfKwrYU.wav", cAlternateFileName="AKIAMC~1.WAV")) returned 1 [0050.715] lstrcmpiW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2="Windows") returned -1 [0050.715] lstrcmpiW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2="Program Files") returned -1 [0050.715] lstrcmpiW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2="Program Files (x86)") returned -1 [0050.715] lstrcmpiW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2="$Recycle.bin") returned 1 [0050.715] lstrcmpiW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2="System Volume Information") returned -1 [0050.715] lstrcmpiW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2=".") returned 1 [0050.715] lstrcmpiW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2="..") returned 1 [0050.715] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav") returned 71 [0050.715] StrStrIW (lpFirst="AKiamCp67zNfKwrYU.wav", lpSrch=".lolkek") returned 0x0 [0050.715] lstrcmpW (lpString1="AKiamCp67zNfKwrYU.wav", lpString2="LOLKEK.txt") returned -1 [0050.715] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav") returned 71 [0050.715] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f568 [0050.715] lstrcpyW (in: lpString1=0x3e3f568, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\AKiamCp67zNfKwrYU.wav" [0050.715] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.715] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.715] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f2e6870, ftCreationTime.dwHighDateTime=0x1d631a1, ftLastAccessTime.dwLowDateTime=0x34dd99b0, ftLastAccessTime.dwHighDateTime=0x1d625d8, ftLastWriteTime.dwLowDateTime=0x34dd99b0, ftLastWriteTime.dwHighDateTime=0x1d625d8, nFileSizeHigh=0x0, nFileSizeLow=0xe299, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Anwfb-.gif", cAlternateFileName="")) returned 1 [0050.715] lstrcmpiW (lpString1="Anwfb-.gif", lpString2="Windows") returned -1 [0050.715] lstrcmpiW (lpString1="Anwfb-.gif", lpString2="Program Files") returned -1 [0050.715] lstrcmpiW (lpString1="Anwfb-.gif", lpString2="Program Files (x86)") returned -1 [0050.715] lstrcmpiW (lpString1="Anwfb-.gif", lpString2="$Recycle.bin") returned 1 [0050.715] lstrcmpiW (lpString1="Anwfb-.gif", lpString2="System Volume Information") returned -1 [0050.715] lstrcmpiW (lpString1="Anwfb-.gif", lpString2=".") returned 1 [0050.715] lstrcmpiW (lpString1="Anwfb-.gif", lpString2="..") returned 1 [0050.715] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif") returned 60 [0050.715] StrStrIW (lpFirst="Anwfb-.gif", lpSrch=".lolkek") returned 0x0 [0050.715] lstrcmpW (lpString1="Anwfb-.gif", lpString2="LOLKEK.txt") returned -1 [0050.715] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif") returned 60 [0050.715] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0060 [0050.715] lstrcpyW (in: lpString1=0x3da0060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Anwfb-.gif" [0050.715] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.715] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.715] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2956190, ftCreationTime.dwHighDateTime=0x1d62911, ftLastAccessTime.dwLowDateTime=0xceb30570, ftLastAccessTime.dwHighDateTime=0x1d632d5, ftLastWriteTime.dwLowDateTime=0xceb30570, ftLastWriteTime.dwHighDateTime=0x1d632d5, nFileSizeHigh=0x0, nFileSizeLow=0x60a3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="B2Y6UXfE5DLw.swf", cAlternateFileName="B2Y6UX~1.SWF")) returned 1 [0050.715] lstrcmpiW (lpString1="B2Y6UXfE5DLw.swf", lpString2="Windows") returned -1 [0050.715] lstrcmpiW (lpString1="B2Y6UXfE5DLw.swf", lpString2="Program Files") returned -1 [0050.715] lstrcmpiW (lpString1="B2Y6UXfE5DLw.swf", lpString2="Program Files (x86)") returned -1 [0050.716] lstrcmpiW (lpString1="B2Y6UXfE5DLw.swf", lpString2="$Recycle.bin") returned 1 [0050.716] lstrcmpiW (lpString1="B2Y6UXfE5DLw.swf", lpString2="System Volume Information") returned -1 [0050.716] lstrcmpiW (lpString1="B2Y6UXfE5DLw.swf", lpString2=".") returned 1 [0050.716] lstrcmpiW (lpString1="B2Y6UXfE5DLw.swf", lpString2="..") returned 1 [0050.716] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf") returned 66 [0050.716] StrStrIW (lpFirst="B2Y6UXfE5DLw.swf", lpSrch=".lolkek") returned 0x0 [0050.716] lstrcmpW (lpString1="B2Y6UXfE5DLw.swf", lpString2="LOLKEK.txt") returned -1 [0050.716] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf") returned 66 [0050.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x62f730 [0050.716] lstrcpyW (in: lpString1=0x62f730, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\B2Y6UXfE5DLw.swf" [0050.716] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.716] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.716] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc36d290, ftCreationTime.dwHighDateTime=0x1d62d63, ftLastAccessTime.dwLowDateTime=0x1e97f4f0, ftLastAccessTime.dwHighDateTime=0x1d6323c, ftLastWriteTime.dwLowDateTime=0x1e97f4f0, ftLastWriteTime.dwHighDateTime=0x1d6323c, nFileSizeHigh=0x0, nFileSizeLow=0x569a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Crkl.mp4", cAlternateFileName="")) returned 1 [0050.716] lstrcmpiW (lpString1="Crkl.mp4", lpString2="Windows") returned -1 [0050.716] lstrcmpiW (lpString1="Crkl.mp4", lpString2="Program Files") returned -1 [0050.716] lstrcmpiW (lpString1="Crkl.mp4", lpString2="Program Files (x86)") returned -1 [0050.716] lstrcmpiW (lpString1="Crkl.mp4", lpString2="$Recycle.bin") returned 1 [0050.716] lstrcmpiW (lpString1="Crkl.mp4", lpString2="System Volume Information") returned -1 [0050.716] lstrcmpiW (lpString1="Crkl.mp4", lpString2=".") returned 1 [0050.716] lstrcmpiW (lpString1="Crkl.mp4", lpString2="..") returned 1 [0050.716] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4") returned 58 [0050.716] StrStrIW (lpFirst="Crkl.mp4", lpSrch=".lolkek") returned 0x0 [0050.716] lstrcmpW (lpString1="Crkl.mp4", lpString2="LOLKEK.txt") returned -1 [0050.716] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4") returned 58 [0050.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7668 [0050.716] lstrcpyW (in: lpString1=0x3ca7668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Crkl.mp4" [0050.716] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.721] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.721] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4b6cf0, ftCreationTime.dwHighDateTime=0x1d62f5f, ftLastAccessTime.dwLowDateTime=0x9dfba8c0, ftLastAccessTime.dwHighDateTime=0x1d6279e, ftLastWriteTime.dwLowDateTime=0x9dfba8c0, ftLastWriteTime.dwHighDateTime=0x1d6279e, nFileSizeHigh=0x0, nFileSizeLow=0x6acf, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="cz-l2nogcdgl-DkX55.avi", cAlternateFileName="CZ-L2N~1.AVI")) returned 1 [0050.721] lstrcmpiW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2="Windows") returned -1 [0050.721] lstrcmpiW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2="Program Files") returned -1 [0050.721] lstrcmpiW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2="Program Files (x86)") returned -1 [0050.721] lstrcmpiW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2="$Recycle.bin") returned 1 [0050.721] lstrcmpiW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2="System Volume Information") returned -1 [0050.721] lstrcmpiW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2=".") returned 1 [0050.721] lstrcmpiW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2="..") returned 1 [0050.721] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi") returned 72 [0050.721] StrStrIW (lpFirst="cz-l2nogcdgl-DkX55.avi", lpSrch=".lolkek") returned 0x0 [0050.721] lstrcmpW (lpString1="cz-l2nogcdgl-DkX55.avi", lpString2="LOLKEK.txt") returned -1 [0050.722] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi") returned 72 [0050.722] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3cab668 [0050.722] lstrcpyW (in: lpString1=0x3cab668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\cz-l2nogcdgl-DkX55.avi" [0050.722] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.726] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.726] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfab87f60, ftCreationTime.dwHighDateTime=0x1d62f51, ftLastAccessTime.dwLowDateTime=0x3331b360, ftLastAccessTime.dwHighDateTime=0x1d62e68, ftLastWriteTime.dwLowDateTime=0x3331b360, ftLastWriteTime.dwHighDateTime=0x1d62e68, nFileSizeHigh=0x0, nFileSizeLow=0x12c6e, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="eriJy_El7Fc78.flv", cAlternateFileName="ERIJY_~1.FLV")) returned 1 [0050.726] lstrcmpiW (lpString1="eriJy_El7Fc78.flv", lpString2="Windows") returned -1 [0050.726] lstrcmpiW (lpString1="eriJy_El7Fc78.flv", lpString2="Program Files") returned -1 [0050.726] lstrcmpiW (lpString1="eriJy_El7Fc78.flv", lpString2="Program Files (x86)") returned -1 [0050.726] lstrcmpiW (lpString1="eriJy_El7Fc78.flv", lpString2="$Recycle.bin") returned 1 [0050.726] lstrcmpiW (lpString1="eriJy_El7Fc78.flv", lpString2="System Volume Information") returned -1 [0050.726] lstrcmpiW (lpString1="eriJy_El7Fc78.flv", lpString2=".") returned 1 [0050.726] lstrcmpiW (lpString1="eriJy_El7Fc78.flv", lpString2="..") returned 1 [0050.726] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv") returned 67 [0050.726] StrStrIW (lpFirst="eriJy_El7Fc78.flv", lpSrch=".lolkek") returned 0x0 [0050.726] lstrcmpW (lpString1="eriJy_El7Fc78.flv", lpString2="LOLKEK.txt") returned -1 [0050.726] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv") returned 67 [0050.726] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x6196c0 [0050.726] lstrcpyW (in: lpString1=0x6196c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\eriJy_El7Fc78.flv" [0050.726] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.734] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.734] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xafa587d0, ftCreationTime.dwHighDateTime=0x1d6277b, ftLastAccessTime.dwLowDateTime=0x9852f090, ftLastAccessTime.dwHighDateTime=0x1d63216, ftLastWriteTime.dwLowDateTime=0x9852f090, ftLastWriteTime.dwHighDateTime=0x1d63216, nFileSizeHigh=0x0, nFileSizeLow=0x1ce4, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="fuglHs.ppt", cAlternateFileName="")) returned 1 [0050.734] lstrcmpiW (lpString1="fuglHs.ppt", lpString2="Windows") returned -1 [0050.734] lstrcmpiW (lpString1="fuglHs.ppt", lpString2="Program Files") returned -1 [0050.734] lstrcmpiW (lpString1="fuglHs.ppt", lpString2="Program Files (x86)") returned -1 [0050.734] lstrcmpiW (lpString1="fuglHs.ppt", lpString2="$Recycle.bin") returned 1 [0050.734] lstrcmpiW (lpString1="fuglHs.ppt", lpString2="System Volume Information") returned -1 [0050.734] lstrcmpiW (lpString1="fuglHs.ppt", lpString2=".") returned 1 [0050.734] lstrcmpiW (lpString1="fuglHs.ppt", lpString2="..") returned 1 [0050.734] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt") returned 60 [0050.734] StrStrIW (lpFirst="fuglHs.ppt", lpSrch=".lolkek") returned 0x0 [0050.734] lstrcmpW (lpString1="fuglHs.ppt", lpString2="LOLKEK.txt") returned -1 [0050.734] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt") returned 60 [0050.734] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0460 [0050.734] lstrcpyW (in: lpString1=0x3da0460, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fuglHs.ppt" [0050.734] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.741] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.741] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd5806950, ftCreationTime.dwHighDateTime=0x1d62a93, ftLastAccessTime.dwLowDateTime=0xac857b60, ftLastAccessTime.dwHighDateTime=0x1d62e87, ftLastWriteTime.dwLowDateTime=0xac857b60, ftLastWriteTime.dwHighDateTime=0x1d62e87, nFileSizeHigh=0x0, nFileSizeLow=0x677e, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="G_2fmklG9B.flv", cAlternateFileName="G_2FMK~1.FLV")) returned 1 [0050.741] lstrcmpiW (lpString1="G_2fmklG9B.flv", lpString2="Windows") returned -1 [0050.742] lstrcmpiW (lpString1="G_2fmklG9B.flv", lpString2="Program Files") returned -1 [0050.742] lstrcmpiW (lpString1="G_2fmklG9B.flv", lpString2="Program Files (x86)") returned -1 [0050.742] lstrcmpiW (lpString1="G_2fmklG9B.flv", lpString2="$Recycle.bin") returned 1 [0050.742] lstrcmpiW (lpString1="G_2fmklG9B.flv", lpString2="System Volume Information") returned -1 [0050.742] lstrcmpiW (lpString1="G_2fmklG9B.flv", lpString2=".") returned 1 [0050.742] lstrcmpiW (lpString1="G_2fmklG9B.flv", lpString2="..") returned 1 [0050.742] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv") returned 64 [0050.742] StrStrIW (lpFirst="G_2fmklG9B.flv", lpSrch=".lolkek") returned 0x0 [0050.742] lstrcmpW (lpString1="G_2fmklG9B.flv", lpString2="LOLKEK.txt") returned -1 [0050.742] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv") returned 64 [0050.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x611a70 [0050.742] lstrcpyW (in: lpString1=0x611a70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\G_2fmklG9B.flv" [0050.742] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.742] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc498da0, ftCreationTime.dwHighDateTime=0x1d6308c, ftLastAccessTime.dwLowDateTime=0x87f63980, ftLastAccessTime.dwHighDateTime=0x1d625d9, ftLastWriteTime.dwLowDateTime=0x87f63980, ftLastWriteTime.dwHighDateTime=0x1d625d9, nFileSizeHigh=0x0, nFileSizeLow=0x752f, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="HPAl.wav", cAlternateFileName="")) returned 1 [0050.742] lstrcmpiW (lpString1="HPAl.wav", lpString2="Windows") returned -1 [0050.742] lstrcmpiW (lpString1="HPAl.wav", lpString2="Program Files") returned -1 [0050.742] lstrcmpiW (lpString1="HPAl.wav", lpString2="Program Files (x86)") returned -1 [0050.742] lstrcmpiW (lpString1="HPAl.wav", lpString2="$Recycle.bin") returned 1 [0050.742] lstrcmpiW (lpString1="HPAl.wav", lpString2="System Volume Information") returned -1 [0050.742] lstrcmpiW (lpString1="HPAl.wav", lpString2=".") returned 1 [0050.742] lstrcmpiW (lpString1="HPAl.wav", lpString2="..") returned 1 [0050.742] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav") returned 58 [0050.742] StrStrIW (lpFirst="HPAl.wav", lpSrch=".lolkek") returned 0x0 [0050.742] lstrcmpW (lpString1="HPAl.wav", lpString2="LOLKEK.txt") returned -1 [0050.742] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav") returned 58 [0050.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7760 [0050.742] lstrcpyW (in: lpString1=0x3ca7760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\HPAl.wav" [0050.742] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.748] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.748] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43e077d0, ftCreationTime.dwHighDateTime=0x1d62d0c, ftLastAccessTime.dwLowDateTime=0xc559c660, ftLastAccessTime.dwHighDateTime=0x1d624f9, ftLastWriteTime.dwLowDateTime=0xc559c660, ftLastWriteTime.dwHighDateTime=0x1d624f9, nFileSizeHigh=0x0, nFileSizeLow=0x133a9, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="i6WnfrxcQfGmhut.mp4", cAlternateFileName="I6WNFR~1.MP4")) returned 1 [0050.749] lstrcmpiW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2="Windows") returned -1 [0050.749] lstrcmpiW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2="Program Files") returned -1 [0050.749] lstrcmpiW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2="Program Files (x86)") returned -1 [0050.749] lstrcmpiW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2="$Recycle.bin") returned 1 [0050.749] lstrcmpiW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2="System Volume Information") returned -1 [0050.749] lstrcmpiW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2=".") returned 1 [0050.749] lstrcmpiW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2="..") returned 1 [0050.749] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4") returned 69 [0050.749] StrStrIW (lpFirst="i6WnfrxcQfGmhut.mp4", lpSrch=".lolkek") returned 0x0 [0050.749] lstrcmpW (lpString1="i6WnfrxcQfGmhut.mp4", lpString2="LOLKEK.txt") returned -1 [0050.749] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4") returned 69 [0050.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x617b68 [0050.749] lstrcpyW (in: lpString1=0x617b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\i6WnfrxcQfGmhut.mp4" [0050.749] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.756] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.756] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0050.756] lstrcmpiW (lpString1="Identities", lpString2="Windows") returned -1 [0050.756] lstrcmpiW (lpString1="Identities", lpString2="Program Files") returned -1 [0050.756] lstrcmpiW (lpString1="Identities", lpString2="Program Files (x86)") returned -1 [0050.756] lstrcmpiW (lpString1="Identities", lpString2="$Recycle.bin") returned 1 [0050.756] lstrcmpiW (lpString1="Identities", lpString2="System Volume Information") returned -1 [0050.756] lstrcmpiW (lpString1="Identities", lpString2=".") returned 1 [0050.756] lstrcmpiW (lpString1="Identities", lpString2="..") returned 1 [0050.757] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities") returned 60 [0050.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0050.757] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities" [0050.757] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*" [0050.757] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0050.757] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.757] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.757] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.757] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.757] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.757] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.757] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.757] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.757] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.757] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.757] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.757] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.758] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.758] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.758] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0050.758] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="Windows") returned -1 [0050.758] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="Program Files") returned -1 [0050.758] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="Program Files (x86)") returned -1 [0050.758] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="$Recycle.bin") returned 1 [0050.758] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="System Volume Information") returned -1 [0050.758] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0050.758] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0050.758] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned 99 [0050.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.758] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" [0050.758] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*" [0050.758] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.758] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.758] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.758] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.758] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.758] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.758] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.758] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.758] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.758] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.758] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.758] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.758] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.758] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.758] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.759] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.759] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\LOLKEK.txt") returned 110 [0050.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0050.759] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.759] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.760] CloseHandle (hObject=0x25c) returned 1 [0050.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.760] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0050.760] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0050.760] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\LOLKEK.txt") returned 71 [0050.760] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.761] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.761] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0050.761] CloseHandle (hObject=0x1b4) returned 1 [0050.762] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0050.762] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x71186350, ftCreationTime.dwHighDateTime=0x1d62840, ftLastAccessTime.dwLowDateTime=0xe3136840, ftLastAccessTime.dwHighDateTime=0x1d62428, ftLastWriteTime.dwLowDateTime=0xe3136840, ftLastWriteTime.dwHighDateTime=0x1d62428, nFileSizeHigh=0x0, nFileSizeLow=0x1371f, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="KMto12_YHXj_Em.wav", cAlternateFileName="KMTO12~1.WAV")) returned 1 [0050.762] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav") returned 68 [0050.762] StrStrIW (lpFirst="KMto12_YHXj_Em.wav", lpSrch=".lolkek") returned 0x0 [0050.762] lstrcmpW (lpString1="KMto12_YHXj_Em.wav", lpString2="LOLKEK.txt") returned -1 [0050.762] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav") returned 68 [0050.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x60e930 [0050.762] lstrcpyW (in: lpString1=0x60e930, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KMto12_YHXj_Em.wav" [0050.762] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.773] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.773] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x39f3b960, ftCreationTime.dwHighDateTime=0x1d62c78, ftLastAccessTime.dwLowDateTime=0xe7aca780, ftLastAccessTime.dwHighDateTime=0x1d62cd0, ftLastWriteTime.dwLowDateTime=0xe7aca780, ftLastWriteTime.dwHighDateTime=0x1d62cd0, nFileSizeHigh=0x0, nFileSizeLow=0x9123, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="KQ2spxOh8mTt0.flv", cAlternateFileName="KQ2SPX~1.FLV")) returned 1 [0050.773] lstrcmpiW (lpString1="KQ2spxOh8mTt0.flv", lpString2="Windows") returned -1 [0050.773] lstrcmpiW (lpString1="KQ2spxOh8mTt0.flv", lpString2="Program Files") returned -1 [0050.773] lstrcmpiW (lpString1="KQ2spxOh8mTt0.flv", lpString2="Program Files (x86)") returned -1 [0050.773] lstrcmpiW (lpString1="KQ2spxOh8mTt0.flv", lpString2="$Recycle.bin") returned 1 [0050.773] lstrcmpiW (lpString1="KQ2spxOh8mTt0.flv", lpString2="System Volume Information") returned -1 [0050.773] lstrcmpiW (lpString1="KQ2spxOh8mTt0.flv", lpString2=".") returned 1 [0050.773] lstrcmpiW (lpString1="KQ2spxOh8mTt0.flv", lpString2="..") returned 1 [0050.773] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv") returned 67 [0050.773] StrStrIW (lpFirst="KQ2spxOh8mTt0.flv", lpSrch=".lolkek") returned 0x0 [0050.773] lstrcmpW (lpString1="KQ2spxOh8mTt0.flv", lpString2="LOLKEK.txt") returned -1 [0050.773] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv") returned 67 [0050.773] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x3ca5fc8 [0050.773] lstrcpyW (in: lpString1=0x3ca5fc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KQ2spxOh8mTt0.flv" [0050.773] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.773] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.773] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88fd5460, ftCreationTime.dwHighDateTime=0x1d62d9c, ftLastAccessTime.dwLowDateTime=0xb46ed10, ftLastAccessTime.dwHighDateTime=0x1d63184, ftLastWriteTime.dwLowDateTime=0xb46ed10, ftLastWriteTime.dwHighDateTime=0x1d63184, nFileSizeHigh=0x0, nFileSizeLow=0xb6b6, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="l78JnX.flv", cAlternateFileName="")) returned 1 [0050.773] lstrcmpiW (lpString1="l78JnX.flv", lpString2="Windows") returned -1 [0050.773] lstrcmpiW (lpString1="l78JnX.flv", lpString2="Program Files") returned -1 [0050.773] lstrcmpiW (lpString1="l78JnX.flv", lpString2="Program Files (x86)") returned -1 [0050.773] lstrcmpiW (lpString1="l78JnX.flv", lpString2="$Recycle.bin") returned 1 [0050.773] lstrcmpiW (lpString1="l78JnX.flv", lpString2="System Volume Information") returned -1 [0050.773] lstrcmpiW (lpString1="l78JnX.flv", lpString2=".") returned 1 [0050.773] lstrcmpiW (lpString1="l78JnX.flv", lpString2="..") returned 1 [0050.773] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv") returned 60 [0050.774] StrStrIW (lpFirst="l78JnX.flv", lpSrch=".lolkek") returned 0x0 [0050.774] lstrcmpW (lpString1="l78JnX.flv", lpString2="LOLKEK.txt") returned -1 [0050.774] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv") returned 60 [0050.774] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0560 [0050.774] lstrcpyW (in: lpString1=0x3da0560, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\l78JnX.flv" [0050.774] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.778] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.778] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5aadc960, ftCreationTime.dwHighDateTime=0x1d624a9, ftLastAccessTime.dwLowDateTime=0xe5c484a0, ftLastAccessTime.dwHighDateTime=0x1d62c22, ftLastWriteTime.dwLowDateTime=0xe5c484a0, ftLastWriteTime.dwHighDateTime=0x1d62c22, nFileSizeHigh=0x0, nFileSizeLow=0x16e5c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="lEA_MSZ.flv", cAlternateFileName="")) returned 1 [0050.778] lstrcmpiW (lpString1="lEA_MSZ.flv", lpString2="Windows") returned -1 [0050.778] lstrcmpiW (lpString1="lEA_MSZ.flv", lpString2="Program Files") returned -1 [0050.778] lstrcmpiW (lpString1="lEA_MSZ.flv", lpString2="Program Files (x86)") returned -1 [0050.778] lstrcmpiW (lpString1="lEA_MSZ.flv", lpString2="$Recycle.bin") returned 1 [0050.778] lstrcmpiW (lpString1="lEA_MSZ.flv", lpString2="System Volume Information") returned -1 [0050.778] lstrcmpiW (lpString1="lEA_MSZ.flv", lpString2=".") returned 1 [0050.778] lstrcmpiW (lpString1="lEA_MSZ.flv", lpString2="..") returned 1 [0050.778] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv") returned 61 [0050.779] StrStrIW (lpFirst="lEA_MSZ.flv", lpSrch=".lolkek") returned 0x0 [0050.779] lstrcmpW (lpString1="lEA_MSZ.flv", lpString2="LOLKEK.txt") returned -1 [0050.779] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv") returned 61 [0050.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0660 [0050.779] lstrcpyW (in: lpString1=0x3da0660, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lEA_MSZ.flv" [0050.779] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.779] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.779] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827128f0, ftCreationTime.dwHighDateTime=0x1d6271c, ftLastAccessTime.dwLowDateTime=0x4dedd5a0, ftLastAccessTime.dwHighDateTime=0x1d62b87, ftLastWriteTime.dwLowDateTime=0x4dedd5a0, ftLastWriteTime.dwHighDateTime=0x1d62b87, nFileSizeHigh=0x0, nFileSizeLow=0x9248, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="low2OM4RNbT3PCPHI4.m4a", cAlternateFileName="LOW2OM~1.M4A")) returned 1 [0050.779] lstrcmpiW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2="Windows") returned -1 [0050.779] lstrcmpiW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2="Program Files") returned -1 [0050.779] lstrcmpiW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2="Program Files (x86)") returned -1 [0050.779] lstrcmpiW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2="$Recycle.bin") returned 1 [0050.779] lstrcmpiW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2="System Volume Information") returned -1 [0050.779] lstrcmpiW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2=".") returned 1 [0050.779] lstrcmpiW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2="..") returned 1 [0050.779] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a") returned 72 [0050.779] StrStrIW (lpFirst="low2OM4RNbT3PCPHI4.m4a", lpSrch=".lolkek") returned 0x0 [0050.779] lstrcmpW (lpString1="low2OM4RNbT3PCPHI4.m4a", lpString2="LOLKEK.txt") returned 1 [0050.779] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a") returned 72 [0050.779] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3cab7a0 [0050.779] lstrcpyW (in: lpString1=0x3cab7a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\low2OM4RNbT3PCPHI4.m4a" [0050.779] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.783] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.783] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Macromedia", cAlternateFileName="MACROM~1")) returned 1 [0050.783] lstrcmpiW (lpString1="Macromedia", lpString2="Windows") returned -1 [0050.784] lstrcmpiW (lpString1="Macromedia", lpString2="Program Files") returned -1 [0050.784] lstrcmpiW (lpString1="Macromedia", lpString2="Program Files (x86)") returned -1 [0050.784] lstrcmpiW (lpString1="Macromedia", lpString2="$Recycle.bin") returned 1 [0050.784] lstrcmpiW (lpString1="Macromedia", lpString2="System Volume Information") returned -1 [0050.784] lstrcmpiW (lpString1="Macromedia", lpString2=".") returned 1 [0050.784] lstrcmpiW (lpString1="Macromedia", lpString2="..") returned 1 [0050.784] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia") returned 60 [0050.784] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.784] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia" [0050.784] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*" [0050.784] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0050.784] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.784] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.784] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.784] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.784] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.784] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.784] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.784] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.784] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.784] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.784] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.784] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.784] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.784] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.784] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0050.784] lstrcmpiW (lpString1="Flash Player", lpString2="Windows") returned -1 [0050.784] lstrcmpiW (lpString1="Flash Player", lpString2="Program Files") returned -1 [0050.784] lstrcmpiW (lpString1="Flash Player", lpString2="Program Files (x86)") returned -1 [0050.784] lstrcmpiW (lpString1="Flash Player", lpString2="$Recycle.bin") returned 1 [0050.784] lstrcmpiW (lpString1="Flash Player", lpString2="System Volume Information") returned -1 [0050.785] lstrcmpiW (lpString1="Flash Player", lpString2=".") returned 1 [0050.785] lstrcmpiW (lpString1="Flash Player", lpString2="..") returned 1 [0050.785] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player") returned 73 [0050.785] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.785] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player" [0050.785] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*" [0050.785] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.785] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.785] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.785] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.785] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.785] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.785] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.785] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.785] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.785] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.785] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.785] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.785] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.785] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.785] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.785] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="#SharedObjects", cAlternateFileName="#SHARE~1")) returned 1 [0050.785] lstrcmpiW (lpString1="#SharedObjects", lpString2="Windows") returned -1 [0050.785] lstrcmpiW (lpString1="#SharedObjects", lpString2="Program Files") returned -1 [0050.785] lstrcmpiW (lpString1="#SharedObjects", lpString2="Program Files (x86)") returned -1 [0050.785] lstrcmpiW (lpString1="#SharedObjects", lpString2="$Recycle.bin") returned -1 [0050.785] lstrcmpiW (lpString1="#SharedObjects", lpString2="System Volume Information") returned -1 [0050.785] lstrcmpiW (lpString1="#SharedObjects", lpString2=".") returned -1 [0050.785] lstrcmpiW (lpString1="#SharedObjects", lpString2="..") returned -1 [0050.785] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects") returned 88 [0050.785] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0050.786] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects" [0050.786] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*" [0050.786] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.787] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.787] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.787] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.787] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.787] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.787] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.787] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.787] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.787] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.787] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.787] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.787] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.787] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.787] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.787] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 1 [0050.787] lstrcmpiW (lpString1="P7Y3F7QB", lpString2="Windows") returned -1 [0050.787] lstrcmpiW (lpString1="P7Y3F7QB", lpString2="Program Files") returned -1 [0050.787] lstrcmpiW (lpString1="P7Y3F7QB", lpString2="Program Files (x86)") returned -1 [0050.787] lstrcmpiW (lpString1="P7Y3F7QB", lpString2="$Recycle.bin") returned 1 [0050.787] lstrcmpiW (lpString1="P7Y3F7QB", lpString2="System Volume Information") returned -1 [0050.787] lstrcmpiW (lpString1="P7Y3F7QB", lpString2=".") returned 1 [0050.787] lstrcmpiW (lpString1="P7Y3F7QB", lpString2="..") returned 1 [0050.787] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB") returned 97 [0050.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.787] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" [0050.787] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*" [0050.787] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.788] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.788] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.788] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.788] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.788] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.788] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.788] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.789] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.789] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.789] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.789] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.789] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.789] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.789] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.789] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.789] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.789] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\LOLKEK.txt") returned 108 [0050.789] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.789] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.789] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.790] CloseHandle (hObject=0x280) returned 1 [0050.790] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.790] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 0 [0050.790] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.790] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\LOLKEK.txt") returned 99 [0050.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.791] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.791] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.791] CloseHandle (hObject=0x1b4) returned 1 [0050.791] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.791] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 1 [0050.791] lstrcmpiW (lpString1="macromedia.com", lpString2="Windows") returned -1 [0050.791] lstrcmpiW (lpString1="macromedia.com", lpString2="Program Files") returned -1 [0050.791] lstrcmpiW (lpString1="macromedia.com", lpString2="Program Files (x86)") returned -1 [0050.791] lstrcmpiW (lpString1="macromedia.com", lpString2="$Recycle.bin") returned 1 [0050.791] lstrcmpiW (lpString1="macromedia.com", lpString2="System Volume Information") returned -1 [0050.791] lstrcmpiW (lpString1="macromedia.com", lpString2=".") returned 1 [0050.792] lstrcmpiW (lpString1="macromedia.com", lpString2="..") returned 1 [0050.792] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com") returned 88 [0050.792] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0050.792] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com" [0050.792] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*" [0050.792] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.792] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.792] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.792] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.792] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.792] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.792] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.792] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.792] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.792] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.792] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.792] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.792] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.792] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.792] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.792] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="support", cAlternateFileName="")) returned 1 [0050.792] lstrcmpiW (lpString1="support", lpString2="Windows") returned -1 [0050.792] lstrcmpiW (lpString1="support", lpString2="Program Files") returned 1 [0050.792] lstrcmpiW (lpString1="support", lpString2="Program Files (x86)") returned 1 [0050.792] lstrcmpiW (lpString1="support", lpString2="$Recycle.bin") returned 1 [0050.792] lstrcmpiW (lpString1="support", lpString2="System Volume Information") returned -1 [0050.792] lstrcmpiW (lpString1="support", lpString2=".") returned 1 [0050.792] lstrcmpiW (lpString1="support", lpString2="..") returned 1 [0050.792] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support") returned 96 [0050.792] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0050.792] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support" [0050.792] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*" [0050.792] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.793] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.793] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.793] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.793] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.793] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.793] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.793] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.793] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.793] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.793] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.793] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.793] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.793] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.793] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.793] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 1 [0050.793] lstrcmpiW (lpString1="flashplayer", lpString2="Windows") returned -1 [0050.793] lstrcmpiW (lpString1="flashplayer", lpString2="Program Files") returned -1 [0050.793] lstrcmpiW (lpString1="flashplayer", lpString2="Program Files (x86)") returned -1 [0050.793] lstrcmpiW (lpString1="flashplayer", lpString2="$Recycle.bin") returned 1 [0050.794] lstrcmpiW (lpString1="flashplayer", lpString2="System Volume Information") returned -1 [0050.794] lstrcmpiW (lpString1="flashplayer", lpString2=".") returned 1 [0050.794] lstrcmpiW (lpString1="flashplayer", lpString2="..") returned 1 [0050.794] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer") returned 108 [0050.794] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0050.794] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" [0050.794] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*" [0050.794] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.795] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.795] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.795] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.795] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.795] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.795] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.795] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.795] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.795] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.795] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.795] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.795] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.795] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.795] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.795] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sys", cAlternateFileName="")) returned 1 [0050.795] lstrcmpiW (lpString1="sys", lpString2="Windows") returned -1 [0050.796] lstrcmpiW (lpString1="sys", lpString2="Program Files") returned 1 [0050.796] lstrcmpiW (lpString1="sys", lpString2="Program Files (x86)") returned 1 [0050.796] lstrcmpiW (lpString1="sys", lpString2="$Recycle.bin") returned 1 [0050.796] lstrcmpiW (lpString1="sys", lpString2="System Volume Information") returned -1 [0050.796] lstrcmpiW (lpString1="sys", lpString2=".") returned 1 [0050.796] lstrcmpiW (lpString1="sys", lpString2="..") returned 1 [0050.796] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys") returned 112 [0050.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ec7e38 [0050.796] lstrcpyW (in: lpString1=0x3ec7e38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" [0050.796] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*" [0050.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0050.796] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.796] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.796] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.796] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.796] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.797] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.797] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.797] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.797] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.797] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.797] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.797] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.797] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.797] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.797] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="settings.sol", cAlternateFileName="")) returned 1 [0050.797] lstrcmpiW (lpString1="settings.sol", lpString2="Windows") returned -1 [0050.797] lstrcmpiW (lpString1="settings.sol", lpString2="Program Files") returned 1 [0050.797] lstrcmpiW (lpString1="settings.sol", lpString2="Program Files (x86)") returned 1 [0050.797] lstrcmpiW (lpString1="settings.sol", lpString2="$Recycle.bin") returned 1 [0050.797] lstrcmpiW (lpString1="settings.sol", lpString2="System Volume Information") returned -1 [0050.797] lstrcmpiW (lpString1="settings.sol", lpString2=".") returned 1 [0050.797] lstrcmpiW (lpString1="settings.sol", lpString2="..") returned 1 [0050.797] wsprintfW (in: param_1=0x3ec7e38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol") returned 125 [0050.797] StrStrIW (lpFirst="settings.sol", lpSrch=".lolkek") returned 0x0 [0050.797] lstrcmpW (lpString1="settings.sol", lpString2="LOLKEK.txt") returned 1 [0050.797] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol") returned 125 [0050.797] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f8) returned 0x6985c8 [0050.797] lstrcpyW (in: lpString1=0x6985c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" [0050.797] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.801] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.801] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="settings.sol", cAlternateFileName="")) returned 0 [0050.801] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0050.801] wsprintfW (in: param_1=0x3ec7e38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\LOLKEK.txt") returned 123 [0050.801] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0050.802] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.802] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0050.802] CloseHandle (hObject=0x224) returned 1 [0050.802] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ec7e38 | out: hHeap=0x5a0000) returned 1 [0050.802] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sys", cAlternateFileName="")) returned 0 [0050.802] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0050.802] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\LOLKEK.txt") returned 119 [0050.802] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0050.803] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.803] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.803] CloseHandle (hObject=0x280) returned 1 [0050.803] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0050.805] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 0 [0050.805] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.805] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\LOLKEK.txt") returned 107 [0050.805] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0050.805] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.805] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.806] CloseHandle (hObject=0x210) returned 1 [0050.806] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0050.806] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="support", cAlternateFileName="")) returned 0 [0050.806] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.806] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\LOLKEK.txt") returned 99 [0050.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.809] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.809] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.810] CloseHandle (hObject=0x1b4) returned 1 [0050.810] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.810] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 0 [0050.810] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.810] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\LOLKEK.txt") returned 84 [0050.810] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.810] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.810] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.811] CloseHandle (hObject=0x268) returned 1 [0050.811] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.811] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0050.811] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0050.811] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\LOLKEK.txt") returned 71 [0050.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.811] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.811] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0050.812] CloseHandle (hObject=0x270) returned 1 [0050.812] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.813] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7436db90, ftCreationTime.dwHighDateTime=0x1d62ffa, ftLastAccessTime.dwLowDateTime=0x347cad20, ftLastAccessTime.dwHighDateTime=0x1d630dd, ftLastWriteTime.dwLowDateTime=0x347cad20, ftLastWriteTime.dwHighDateTime=0x1d630dd, nFileSizeHigh=0x0, nFileSizeLow=0x1326c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Mb_L 1TNQJV2mB.mp4", cAlternateFileName="MB_L1T~1.MP4")) returned 1 [0050.813] lstrcmpiW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2="Windows") returned -1 [0050.813] lstrcmpiW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2="Program Files") returned -1 [0050.813] lstrcmpiW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2="Program Files (x86)") returned -1 [0050.813] lstrcmpiW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2="$Recycle.bin") returned 1 [0050.813] lstrcmpiW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2="System Volume Information") returned -1 [0050.813] lstrcmpiW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2=".") returned 1 [0050.813] lstrcmpiW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2="..") returned 1 [0050.813] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4") returned 68 [0050.813] StrStrIW (lpFirst="Mb_L 1TNQJV2mB.mp4", lpSrch=".lolkek") returned 0x0 [0050.813] lstrcmpW (lpString1="Mb_L 1TNQJV2mB.mp4", lpString2="LOLKEK.txt") returned 1 [0050.813] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4") returned 68 [0050.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x618968 [0050.813] lstrcpyW (in: lpString1=0x618968, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mb_L 1TNQJV2mB.mp4" [0050.813] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.815] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.815] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0050.815] lstrcmpiW (lpString1="Microsoft", lpString2="Windows") returned -1 [0050.815] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files") returned -1 [0050.815] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files (x86)") returned -1 [0050.815] lstrcmpiW (lpString1="Microsoft", lpString2="$Recycle.bin") returned 1 [0050.815] lstrcmpiW (lpString1="Microsoft", lpString2="System Volume Information") returned -1 [0050.815] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0050.815] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0050.815] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned 59 [0050.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0050.815] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" [0050.815] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*" [0050.815] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0050.815] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.815] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.815] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.815] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.815] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.815] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.815] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.815] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.815] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.815] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.815] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.815] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.815] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.815] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.815] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AddIns", cAlternateFileName="")) returned 1 [0050.815] lstrcmpiW (lpString1="AddIns", lpString2="Windows") returned -1 [0050.815] lstrcmpiW (lpString1="AddIns", lpString2="Program Files") returned -1 [0050.815] lstrcmpiW (lpString1="AddIns", lpString2="Program Files (x86)") returned -1 [0050.815] lstrcmpiW (lpString1="AddIns", lpString2="$Recycle.bin") returned 1 [0050.815] lstrcmpiW (lpString1="AddIns", lpString2="System Volume Information") returned -1 [0050.815] lstrcmpiW (lpString1="AddIns", lpString2=".") returned 1 [0050.815] lstrcmpiW (lpString1="AddIns", lpString2="..") returned 1 [0050.815] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns") returned 66 [0050.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.816] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns" [0050.816] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*" [0050.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.817] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.817] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.817] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.817] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.817] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.817] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.817] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.817] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.817] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.817] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.817] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.817] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.817] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.817] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.817] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.817] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.817] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\LOLKEK.txt") returned 77 [0050.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.818] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.818] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.818] CloseHandle (hObject=0x24c) returned 1 [0050.819] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.819] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0050.819] lstrcmpiW (lpString1="Credentials", lpString2="Windows") returned -1 [0050.819] lstrcmpiW (lpString1="Credentials", lpString2="Program Files") returned -1 [0050.819] lstrcmpiW (lpString1="Credentials", lpString2="Program Files (x86)") returned -1 [0050.819] lstrcmpiW (lpString1="Credentials", lpString2="$Recycle.bin") returned 1 [0050.819] lstrcmpiW (lpString1="Credentials", lpString2="System Volume Information") returned -1 [0050.819] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0050.819] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0050.819] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials") returned 71 [0050.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.819] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials" [0050.819] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*" [0050.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.819] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.819] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.819] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.819] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.819] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.819] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.819] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.819] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.819] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.819] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.819] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.819] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.819] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.819] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.819] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.819] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.819] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\LOLKEK.txt") returned 82 [0050.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.820] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.820] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.820] CloseHandle (hObject=0x24c) returned 1 [0050.821] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.821] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Crypto", cAlternateFileName="")) returned 1 [0050.821] lstrcmpiW (lpString1="Crypto", lpString2="Windows") returned -1 [0050.821] lstrcmpiW (lpString1="Crypto", lpString2="Program Files") returned -1 [0050.821] lstrcmpiW (lpString1="Crypto", lpString2="Program Files (x86)") returned -1 [0050.821] lstrcmpiW (lpString1="Crypto", lpString2="$Recycle.bin") returned 1 [0050.821] lstrcmpiW (lpString1="Crypto", lpString2="System Volume Information") returned -1 [0050.821] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1 [0050.821] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1 [0050.821] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto") returned 66 [0050.821] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.821] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto" [0050.821] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*" [0050.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.821] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.821] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.821] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.821] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.821] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.821] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.821] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.821] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.821] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.821] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.821] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.821] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.821] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.821] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.821] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 1 [0050.821] lstrcmpiW (lpString1="RSA", lpString2="Windows") returned -1 [0050.821] lstrcmpiW (lpString1="RSA", lpString2="Program Files") returned 1 [0050.822] lstrcmpiW (lpString1="RSA", lpString2="Program Files (x86)") returned 1 [0050.822] lstrcmpiW (lpString1="RSA", lpString2="$Recycle.bin") returned 1 [0050.822] lstrcmpiW (lpString1="RSA", lpString2="System Volume Information") returned -1 [0050.822] lstrcmpiW (lpString1="RSA", lpString2=".") returned 1 [0050.822] lstrcmpiW (lpString1="RSA", lpString2="..") returned 1 [0050.822] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA") returned 70 [0050.822] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.822] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA" [0050.822] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*" [0050.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.822] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.822] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.822] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.822] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.822] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.822] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.822] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.822] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.822] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.822] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.822] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.822] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.822] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.822] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.822] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0050.822] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="Windows") returned -1 [0050.822] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="Program Files") returned 1 [0050.822] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="Program Files (x86)") returned 1 [0050.822] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="$Recycle.bin") returned 1 [0050.822] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="System Volume Information") returned -1 [0050.823] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0050.823] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0050.823] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 117 [0050.823] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0050.823] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0050.823] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0050.823] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.826] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.827] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.827] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.827] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.827] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.827] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.827] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.827] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.827] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.827] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.827] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.827] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.827] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.827] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.827] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xa1e34990, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="83AA4C~1")) returned 1 [0050.827] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Windows") returned -1 [0050.827] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files") returned -1 [0050.827] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files (x86)") returned -1 [0050.827] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="$Recycle.bin") returned 1 [0050.827] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="System Volume Information") returned -1 [0050.827] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".") returned 1 [0050.827] lstrcmpiW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="..") returned 1 [0050.827] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 187 [0050.827] StrStrIW (lpFirst="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpSrch=".lolkek") returned 0x0 [0050.827] lstrcmpW (lpString1="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="LOLKEK.txt") returned -1 [0050.827] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 187 [0050.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2f0) returned 0x66aa10 [0050.827] lstrcpyW (in: lpString1=0x66aa10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0050.827] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.827] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.827] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x57, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="932A2D~1")) returned 1 [0050.827] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Windows") returned -1 [0050.827] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files") returned -1 [0050.827] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files (x86)") returned -1 [0050.827] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="$Recycle.bin") returned 1 [0050.827] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="System Volume Information") returned -1 [0050.827] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".") returned 1 [0050.827] lstrcmpiW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="..") returned 1 [0050.827] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 187 [0050.827] StrStrIW (lpFirst="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpSrch=".lolkek") returned 0x0 [0050.827] lstrcmpW (lpString1="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="LOLKEK.txt") returned -1 [0050.827] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 187 [0050.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2f0) returned 0x3ddd6c0 [0050.827] lstrcpyW (in: lpString1=0x3ddd6c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0050.827] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.828] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.828] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 1 [0050.828] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Windows") returned -1 [0050.828] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files") returned -1 [0050.828] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="Program Files (x86)") returned -1 [0050.828] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="$Recycle.bin") returned 1 [0050.828] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="System Volume Information") returned -1 [0050.828] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2=".") returned 1 [0050.828] lstrcmpiW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="..") returned 1 [0050.828] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 187 [0050.828] StrStrIW (lpFirst="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpSrch=".lolkek") returned 0x0 [0050.828] lstrcmpW (lpString1="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", lpString2="LOLKEK.txt") returned -1 [0050.828] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned 187 [0050.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2f0) returned 0x62fa38 [0050.828] lstrcpyW (in: lpString1=0x62fa38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" [0050.828] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.830] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.830] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 0 [0050.830] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.831] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\LOLKEK.txt") returned 128 [0050.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.832] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.832] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.833] CloseHandle (hObject=0x268) returned 1 [0050.833] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.833] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0050.833] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.833] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\LOLKEK.txt") returned 81 [0050.833] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.834] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.834] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.835] CloseHandle (hObject=0x270) returned 1 [0050.835] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.836] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 0 [0050.836] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.836] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\LOLKEK.txt") returned 77 [0050.836] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.836] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.836] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.837] CloseHandle (hObject=0x24c) returned 1 [0050.837] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.837] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0050.837] lstrcmpiW (lpString1="Document Building Blocks", lpString2="Windows") returned -1 [0050.837] lstrcmpiW (lpString1="Document Building Blocks", lpString2="Program Files") returned -1 [0050.837] lstrcmpiW (lpString1="Document Building Blocks", lpString2="Program Files (x86)") returned -1 [0050.837] lstrcmpiW (lpString1="Document Building Blocks", lpString2="$Recycle.bin") returned 1 [0050.837] lstrcmpiW (lpString1="Document Building Blocks", lpString2="System Volume Information") returned -1 [0050.837] lstrcmpiW (lpString1="Document Building Blocks", lpString2=".") returned 1 [0050.837] lstrcmpiW (lpString1="Document Building Blocks", lpString2="..") returned 1 [0050.837] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks") returned 84 [0050.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.837] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks" [0050.837] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*" [0050.837] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.837] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.837] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.837] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.838] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.838] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.838] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.838] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.838] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.838] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.838] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.838] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.838] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.838] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.838] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.838] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1033", cAlternateFileName="")) returned 1 [0050.838] lstrcmpiW (lpString1="1033", lpString2="Windows") returned -1 [0050.838] lstrcmpiW (lpString1="1033", lpString2="Program Files") returned -1 [0050.838] lstrcmpiW (lpString1="1033", lpString2="Program Files (x86)") returned -1 [0050.838] lstrcmpiW (lpString1="1033", lpString2="$Recycle.bin") returned 1 [0050.838] lstrcmpiW (lpString1="1033", lpString2="System Volume Information") returned -1 [0050.838] lstrcmpiW (lpString1="1033", lpString2=".") returned 1 [0050.838] lstrcmpiW (lpString1="1033", lpString2="..") returned 1 [0050.838] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033") returned 89 [0050.838] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.838] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033" [0050.838] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*" [0050.838] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.838] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.838] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.838] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.838] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.838] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.838] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.838] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.839] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.839] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.839] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.839] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.839] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.839] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.839] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.839] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="14", cAlternateFileName="")) returned 1 [0050.839] lstrcmpiW (lpString1="14", lpString2="Windows") returned -1 [0050.839] lstrcmpiW (lpString1="14", lpString2="Program Files") returned -1 [0050.839] lstrcmpiW (lpString1="14", lpString2="Program Files (x86)") returned -1 [0050.839] lstrcmpiW (lpString1="14", lpString2="$Recycle.bin") returned 1 [0050.839] lstrcmpiW (lpString1="14", lpString2="System Volume Information") returned -1 [0050.839] lstrcmpiW (lpString1="14", lpString2=".") returned 1 [0050.839] lstrcmpiW (lpString1="14", lpString2="..") returned 1 [0050.839] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14") returned 92 [0050.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0050.839] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14" [0050.839] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*" [0050.839] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.841] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.841] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.841] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.841] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.841] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.841] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.841] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.841] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.841] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.841] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.841] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.841] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.841] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.841] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.841] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0050.841] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="Windows") returned -1 [0050.841] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="Program Files") returned -1 [0050.841] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="Program Files (x86)") returned -1 [0050.841] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="$Recycle.bin") returned 1 [0050.841] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="System Volume Information") returned -1 [0050.841] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2=".") returned 1 [0050.841] lstrcmpiW (lpString1="Built-In Building Blocks.dotx", lpString2="..") returned 1 [0050.841] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx") returned 122 [0050.841] StrStrIW (lpFirst="Built-In Building Blocks.dotx", lpSrch=".lolkek") returned 0x0 [0050.841] lstrcmpW (lpString1="Built-In Building Blocks.dotx", lpString2="LOLKEK.txt") returned -1 [0050.841] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx") returned 122 [0050.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x634058 [0050.842] lstrcpyW (in: lpString1=0x634058, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" [0050.842] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.842] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.842] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 0 [0050.842] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.842] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\LOLKEK.txt") returned 103 [0050.842] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x268 [0050.842] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.842] WriteFile (in: hFile=0x268, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.843] CloseHandle (hObject=0x268) returned 1 [0050.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0050.843] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="14", cAlternateFileName="")) returned 0 [0050.843] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.843] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\LOLKEK.txt") returned 100 [0050.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.843] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.843] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.844] CloseHandle (hObject=0x270) returned 1 [0050.844] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.845] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1033", cAlternateFileName="")) returned 0 [0050.845] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.845] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\LOLKEK.txt") returned 95 [0050.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.845] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.845] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.846] CloseHandle (hObject=0x24c) returned 1 [0050.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.846] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Excel", cAlternateFileName="")) returned 1 [0050.846] lstrcmpiW (lpString1="Excel", lpString2="Windows") returned -1 [0050.846] lstrcmpiW (lpString1="Excel", lpString2="Program Files") returned -1 [0050.846] lstrcmpiW (lpString1="Excel", lpString2="Program Files (x86)") returned -1 [0050.846] lstrcmpiW (lpString1="Excel", lpString2="$Recycle.bin") returned 1 [0050.846] lstrcmpiW (lpString1="Excel", lpString2="System Volume Information") returned -1 [0050.846] lstrcmpiW (lpString1="Excel", lpString2=".") returned 1 [0050.846] lstrcmpiW (lpString1="Excel", lpString2="..") returned 1 [0050.846] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel") returned 65 [0050.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.846] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel" [0050.846] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*" [0050.846] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.847] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.847] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.847] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.847] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.847] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.847] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.847] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.847] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.847] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.847] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.847] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.847] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.847] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.847] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.847] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0050.847] lstrcmpiW (lpString1="XLSTART", lpString2="Windows") returned 1 [0050.847] lstrcmpiW (lpString1="XLSTART", lpString2="Program Files") returned 1 [0050.847] lstrcmpiW (lpString1="XLSTART", lpString2="Program Files (x86)") returned 1 [0050.847] lstrcmpiW (lpString1="XLSTART", lpString2="$Recycle.bin") returned 1 [0050.847] lstrcmpiW (lpString1="XLSTART", lpString2="System Volume Information") returned 1 [0050.847] lstrcmpiW (lpString1="XLSTART", lpString2=".") returned 1 [0050.847] lstrcmpiW (lpString1="XLSTART", lpString2="..") returned 1 [0050.847] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART") returned 73 [0050.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.847] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART" [0050.847] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*" [0050.847] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.848] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.848] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.848] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.848] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.848] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.848] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.848] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.848] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.848] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.848] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.848] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.848] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.848] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.848] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.848] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.848] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0050.848] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\LOLKEK.txt") returned 84 [0050.848] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0050.848] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.848] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0050.849] CloseHandle (hObject=0x270) returned 1 [0050.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0050.849] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0050.849] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.849] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\LOLKEK.txt") returned 76 [0050.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.849] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.849] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.850] CloseHandle (hObject=0x24c) returned 1 [0050.850] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.850] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IME12", cAlternateFileName="")) returned 1 [0050.850] lstrcmpiW (lpString1="IME12", lpString2="Windows") returned -1 [0050.850] lstrcmpiW (lpString1="IME12", lpString2="Program Files") returned -1 [0050.850] lstrcmpiW (lpString1="IME12", lpString2="Program Files (x86)") returned -1 [0050.850] lstrcmpiW (lpString1="IME12", lpString2="$Recycle.bin") returned 1 [0050.850] lstrcmpiW (lpString1="IME12", lpString2="System Volume Information") returned -1 [0050.850] lstrcmpiW (lpString1="IME12", lpString2=".") returned 1 [0050.850] lstrcmpiW (lpString1="IME12", lpString2="..") returned 1 [0050.850] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12") returned 65 [0050.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.850] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12" [0050.850] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*" [0050.850] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.851] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.851] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.851] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.851] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.851] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.851] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.851] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.851] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.851] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.851] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.851] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.851] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.851] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.851] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.851] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.851] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.851] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\LOLKEK.txt") returned 76 [0050.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.852] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.852] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.852] CloseHandle (hObject=0x24c) returned 1 [0050.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.852] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0050.852] lstrcmpiW (lpString1="IMJP12", lpString2="Windows") returned -1 [0050.852] lstrcmpiW (lpString1="IMJP12", lpString2="Program Files") returned -1 [0050.852] lstrcmpiW (lpString1="IMJP12", lpString2="Program Files (x86)") returned -1 [0050.852] lstrcmpiW (lpString1="IMJP12", lpString2="$Recycle.bin") returned 1 [0050.852] lstrcmpiW (lpString1="IMJP12", lpString2="System Volume Information") returned -1 [0050.853] lstrcmpiW (lpString1="IMJP12", lpString2=".") returned 1 [0050.853] lstrcmpiW (lpString1="IMJP12", lpString2="..") returned 1 [0050.853] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12") returned 66 [0050.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.853] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12" [0050.853] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*" [0050.853] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.853] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.853] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.853] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.853] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.853] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.853] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.853] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.853] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.853] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.853] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.853] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.853] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.853] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.853] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.853] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.853] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.853] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\LOLKEK.txt") returned 77 [0050.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.854] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.854] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.855] CloseHandle (hObject=0x24c) returned 1 [0050.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.855] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0050.855] lstrcmpiW (lpString1="IMJP8_1", lpString2="Windows") returned -1 [0050.855] lstrcmpiW (lpString1="IMJP8_1", lpString2="Program Files") returned -1 [0050.855] lstrcmpiW (lpString1="IMJP8_1", lpString2="Program Files (x86)") returned -1 [0050.855] lstrcmpiW (lpString1="IMJP8_1", lpString2="$Recycle.bin") returned 1 [0050.855] lstrcmpiW (lpString1="IMJP8_1", lpString2="System Volume Information") returned -1 [0050.855] lstrcmpiW (lpString1="IMJP8_1", lpString2=".") returned 1 [0050.855] lstrcmpiW (lpString1="IMJP8_1", lpString2="..") returned 1 [0050.855] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1") returned 67 [0050.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.855] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1" [0050.855] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*" [0050.855] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.855] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.855] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.855] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.855] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.855] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.855] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.855] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.855] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.855] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.855] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.855] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.855] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.855] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.855] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.855] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.856] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.856] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\LOLKEK.txt") returned 78 [0050.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.856] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.856] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.857] CloseHandle (hObject=0x24c) returned 1 [0050.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.857] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0050.857] lstrcmpiW (lpString1="IMJP9_0", lpString2="Windows") returned -1 [0050.857] lstrcmpiW (lpString1="IMJP9_0", lpString2="Program Files") returned -1 [0050.857] lstrcmpiW (lpString1="IMJP9_0", lpString2="Program Files (x86)") returned -1 [0050.857] lstrcmpiW (lpString1="IMJP9_0", lpString2="$Recycle.bin") returned 1 [0050.857] lstrcmpiW (lpString1="IMJP9_0", lpString2="System Volume Information") returned -1 [0050.857] lstrcmpiW (lpString1="IMJP9_0", lpString2=".") returned 1 [0050.857] lstrcmpiW (lpString1="IMJP9_0", lpString2="..") returned 1 [0050.857] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0") returned 67 [0050.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.857] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0" [0050.857] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*" [0050.857] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.858] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.858] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.858] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.858] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.858] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.858] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.858] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.858] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.858] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.858] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.858] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.858] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.858] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.858] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.858] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.858] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0050.858] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\LOLKEK.txt") returned 78 [0050.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0050.859] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.859] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0050.859] CloseHandle (hObject=0x24c) returned 1 [0050.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0050.859] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0050.859] lstrcmpiW (lpString1="Internet Explorer", lpString2="Windows") returned -1 [0050.859] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files") returned -1 [0050.859] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files (x86)") returned -1 [0050.859] lstrcmpiW (lpString1="Internet Explorer", lpString2="$Recycle.bin") returned 1 [0050.859] lstrcmpiW (lpString1="Internet Explorer", lpString2="System Volume Information") returned -1 [0050.859] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0050.860] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0050.860] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer") returned 77 [0050.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0050.860] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer" [0050.860] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" [0050.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0050.860] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.860] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.860] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.860] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.860] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.860] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.860] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.860] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.860] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.860] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.860] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0050.860] lstrcmpiW (lpString1="Quick Launch", lpString2="Windows") returned -1 [0050.860] lstrcmpiW (lpString1="Quick Launch", lpString2="Program Files") returned 1 [0050.860] lstrcmpiW (lpString1="Quick Launch", lpString2="Program Files (x86)") returned 1 [0050.860] lstrcmpiW (lpString1="Quick Launch", lpString2="$Recycle.bin") returned 1 [0050.860] lstrcmpiW (lpString1="Quick Launch", lpString2="System Volume Information") returned -1 [0050.860] lstrcmpiW (lpString1="Quick Launch", lpString2=".") returned 1 [0050.860] lstrcmpiW (lpString1="Quick Launch", lpString2="..") returned 1 [0050.860] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch") returned 90 [0050.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0050.860] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" [0050.860] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" [0050.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0050.860] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.860] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.860] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.860] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.860] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.860] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.861] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.861] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.861] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.861] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.861] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.861] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4eb35ad0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0050.861] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0050.861] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0050.861] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0050.861] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0050.861] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0050.861] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0050.861] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0050.861] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 102 [0050.861] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0050.861] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0050.861] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 102 [0050.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3de0f28 [0050.861] lstrcpyW (in: lpString1=0x3de0f28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" [0050.861] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.861] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.861] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a683760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0050.861] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Windows") returned -1 [0050.861] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Program Files") returned -1 [0050.861] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Program Files (x86)") returned -1 [0050.861] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="$Recycle.bin") returned 1 [0050.861] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="System Volume Information") returned -1 [0050.861] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".") returned 1 [0050.861] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="..") returned 1 [0050.861] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk") returned 108 [0050.861] StrStrIW (lpFirst="Google Chrome.lnk", lpSrch=".lolkek") returned 0x0 [0050.861] lstrcmpW (lpString1="Google Chrome.lnk", lpString2="LOLKEK.txt") returned -1 [0050.861] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk") returned 108 [0050.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60f0b8 [0050.861] lstrcpyW (in: lpString1=0x60f0b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" [0050.861] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.861] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.861] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb0f970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb0f970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4eb0f970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0050.861] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="Windows") returned -1 [0050.861] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="Program Files") returned -1 [0050.861] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="Program Files (x86)") returned -1 [0050.861] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="$Recycle.bin") returned 1 [0050.861] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="System Volume Information") returned -1 [0050.861] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2=".") returned 1 [0050.861] lstrcmpiW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="..") returned 1 [0050.861] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk") returned 127 [0050.861] StrStrIW (lpFirst="Launch Internet Explorer Browser.lnk", lpSrch=".lolkek") returned 0x0 [0050.862] lstrcmpW (lpString1="Launch Internet Explorer Browser.lnk", lpString2="LOLKEK.txt") returned -1 [0050.862] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk") returned 127 [0050.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x200) returned 0x3e3e6f0 [0050.862] lstrcpyW (in: lpString1=0x3e3e6f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" [0050.862] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.909] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.909] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0050.909] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Windows") returned -1 [0050.909] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Program Files") returned 1 [0050.909] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Program Files (x86)") returned 1 [0050.909] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="$Recycle.bin") returned 1 [0050.909] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="System Volume Information") returned -1 [0050.909] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2=".") returned 1 [0050.909] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="..") returned 1 [0050.909] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 108 [0050.909] StrStrIW (lpFirst="Shows Desktop.lnk", lpSrch=".lolkek") returned 0x0 [0050.909] lstrcmpW (lpString1="Shows Desktop.lnk", lpString2="LOLKEK.txt") returned 1 [0050.909] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 108 [0050.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60f280 [0050.909] lstrcpyW (in: lpString1=0x60f280, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" [0050.909] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.914] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.914] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0050.914] lstrcmpiW (lpString1="User Pinned", lpString2="Windows") returned -1 [0050.914] lstrcmpiW (lpString1="User Pinned", lpString2="Program Files") returned 1 [0050.914] lstrcmpiW (lpString1="User Pinned", lpString2="Program Files (x86)") returned 1 [0050.914] lstrcmpiW (lpString1="User Pinned", lpString2="$Recycle.bin") returned 1 [0050.914] lstrcmpiW (lpString1="User Pinned", lpString2="System Volume Information") returned 1 [0050.914] lstrcmpiW (lpString1="User Pinned", lpString2=".") returned 1 [0050.914] lstrcmpiW (lpString1="User Pinned", lpString2="..") returned 1 [0050.914] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 102 [0050.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0050.914] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" [0050.914] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" [0050.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0050.915] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.915] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.915] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.915] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.915] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.915] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.915] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.915] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.915] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.915] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.915] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.915] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.915] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.915] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.915] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0050.915] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="Windows") returned -1 [0050.915] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="Program Files") returned -1 [0050.915] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="Program Files (x86)") returned -1 [0050.915] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="$Recycle.bin") returned 1 [0050.915] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="System Volume Information") returned -1 [0050.915] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2=".") returned 1 [0050.915] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="..") returned 1 [0050.915] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned 123 [0050.915] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0050.915] lstrcpyW (in: lpString1=0x3dc1dd8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" [0050.915] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" [0050.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.916] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.916] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.916] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.916] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.916] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.916] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.916] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.916] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.916] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.916] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.916] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.916] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.916] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.916] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.916] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0050.916] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0050.916] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\LOLKEK.txt") returned 134 [0050.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.917] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.917] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.918] CloseHandle (hObject=0x1b4) returned 1 [0050.918] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0050.918] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0050.918] lstrcmpiW (lpString1="TaskBar", lpString2="Windows") returned -1 [0050.918] lstrcmpiW (lpString1="TaskBar", lpString2="Program Files") returned 1 [0050.918] lstrcmpiW (lpString1="TaskBar", lpString2="Program Files (x86)") returned 1 [0050.918] lstrcmpiW (lpString1="TaskBar", lpString2="$Recycle.bin") returned 1 [0050.918] lstrcmpiW (lpString1="TaskBar", lpString2="System Volume Information") returned 1 [0050.918] lstrcmpiW (lpString1="TaskBar", lpString2=".") returned 1 [0050.918] lstrcmpiW (lpString1="TaskBar", lpString2="..") returned 1 [0050.918] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned 110 [0050.918] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dc1dd8 [0050.918] lstrcpyW (in: lpString1=0x3dc1dd8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" [0050.918] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" [0050.918] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0050.918] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0050.918] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0050.918] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0050.918] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0050.918] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0050.918] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0050.918] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0050.918] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0050.918] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0050.918] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0050.918] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0050.918] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0050.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0050.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0050.918] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc4b320, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0050.919] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0050.919] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 122 [0050.919] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0050.919] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0050.919] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 122 [0050.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x3e3e8f8 [0050.919] lstrcpyW (in: lpString1=0x3e3e8f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" [0050.919] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.928] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.928] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e02c640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e02c640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0050.928] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk") returned 128 [0050.928] StrStrIW (lpFirst="Google Chrome.lnk", lpSrch=".lolkek") returned 0x0 [0050.928] lstrcmpW (lpString1="Google Chrome.lnk", lpString2="LOLKEK.txt") returned -1 [0050.928] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk") returned 128 [0050.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x204) returned 0x5c6968 [0050.928] lstrcpyW (in: lpString1=0x5c6968, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" [0050.928] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.928] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.928] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc251c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc251c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0050.928] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk") returned 136 [0050.928] StrStrIW (lpFirst="Internet Explorer (2).lnk", lpSrch=".lolkek") returned 0x0 [0050.928] lstrcmpW (lpString1="Internet Explorer (2).lnk", lpString2="LOLKEK.txt") returned -1 [0050.928] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk") returned 136 [0050.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x224) returned 0x3eae240 [0050.928] lstrcpyW (in: lpString1=0x3eae240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" [0050.928] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.932] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.932] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0050.932] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk") returned 132 [0050.932] StrStrIW (lpFirst="Internet Explorer.lnk", lpSrch=".lolkek") returned 0x0 [0050.932] lstrcmpW (lpString1="Internet Explorer.lnk", lpString2="LOLKEK.txt") returned -1 [0050.932] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk") returned 132 [0050.932] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x214) returned 0x3ca60e0 [0050.932] lstrcpyW (in: lpString1=0x3ca60e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" [0050.932] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.933] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.933] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0de7e00, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0050.933] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk") returned 130 [0050.933] StrStrIW (lpFirst="Mozilla Firefox.lnk", lpSrch=".lolkek") returned 0x0 [0050.933] lstrcmpW (lpString1="Mozilla Firefox.lnk", lpString2="LOLKEK.txt") returned 1 [0050.933] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk") returned 130 [0050.933] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x20c) returned 0x3ca5768 [0050.933] lstrcpyW (in: lpString1=0x3ca5768, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" [0050.933] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.986] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.986] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0050.986] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk") returned 135 [0050.986] StrStrIW (lpFirst="Windows Explorer (2).lnk", lpSrch=".lolkek") returned 0x0 [0050.986] lstrcmpW (lpString1="Windows Explorer (2).lnk", lpString2="LOLKEK.txt") returned 1 [0050.986] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk") returned 135 [0050.986] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c7430 [0050.986] lstrcpyW (in: lpString1=0x5c7430, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" [0050.986] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.988] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.988] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0050.988] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk") returned 131 [0050.988] StrStrIW (lpFirst="Windows Explorer.lnk", lpSrch=".lolkek") returned 0x0 [0050.988] lstrcmpW (lpString1="Windows Explorer.lnk", lpString2="LOLKEK.txt") returned 1 [0050.988] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk") returned 131 [0050.988] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x210) returned 0x3dd4c80 [0050.988] lstrcpyW (in: lpString1=0x3dd4c80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" [0050.988] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.990] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.990] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0050.990] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk") returned 139 [0050.990] StrStrIW (lpFirst="Windows Media Player (2).lnk", lpSrch=".lolkek") returned 0x0 [0050.990] lstrcmpW (lpString1="Windows Media Player (2).lnk", lpString2="LOLKEK.txt") returned 1 [0050.990] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk") returned 139 [0050.990] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x230) returned 0x3ca5980 [0050.990] lstrcpyW (in: lpString1=0x3ca5980, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" [0050.990] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.992] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.992] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0050.992] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk") returned 135 [0050.992] StrStrIW (lpFirst="Windows Media Player.lnk", lpSrch=".lolkek") returned 0x0 [0050.992] lstrcmpW (lpString1="Windows Media Player.lnk", lpString2="LOLKEK.txt") returned 1 [0050.992] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk") returned 135 [0050.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c6fe0 [0050.992] lstrcpyW (in: lpString1=0x5c6fe0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" [0050.992] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0050.995] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.995] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0050.995] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0050.995] wsprintfW (in: param_1=0x3dc1dd8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\LOLKEK.txt") returned 121 [0050.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0050.996] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.996] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0050.996] CloseHandle (hObject=0x1b4) returned 1 [0050.996] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dc1dd8 | out: hHeap=0x5a0000) returned 1 [0050.997] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0050.997] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0050.997] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\LOLKEK.txt") returned 113 [0050.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0050.997] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0050.997] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0050.998] CloseHandle (hObject=0x224) returned 1 [0050.998] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0050.998] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0050.998] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Windows") returned -1 [0050.998] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Program Files") returned 1 [0050.998] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Program Files (x86)") returned 1 [0050.998] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="$Recycle.bin") returned 1 [0050.998] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="System Volume Information") returned 1 [0050.998] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2=".") returned 1 [0050.998] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="..") returned 1 [0050.998] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 110 [0050.998] StrStrIW (lpFirst="Window Switcher.lnk", lpSrch=".lolkek") returned 0x0 [0050.998] lstrcmpW (lpString1="Window Switcher.lnk", lpString2="LOLKEK.txt") returned 1 [0050.998] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 110 [0050.998] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x613850 [0050.998] lstrcpyW (in: lpString1=0x613850, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" [0050.998] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.001] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.001] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0051.001] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.001] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\LOLKEK.txt") returned 101 [0051.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.002] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.002] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.003] CloseHandle (hObject=0x270) returned 1 [0051.003] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.003] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UserData", cAlternateFileName="")) returned 1 [0051.003] lstrcmpiW (lpString1="UserData", lpString2="Windows") returned -1 [0051.003] lstrcmpiW (lpString1="UserData", lpString2="Program Files") returned 1 [0051.003] lstrcmpiW (lpString1="UserData", lpString2="Program Files (x86)") returned 1 [0051.003] lstrcmpiW (lpString1="UserData", lpString2="$Recycle.bin") returned 1 [0051.003] lstrcmpiW (lpString1="UserData", lpString2="System Volume Information") returned 1 [0051.003] lstrcmpiW (lpString1="UserData", lpString2=".") returned 1 [0051.003] lstrcmpiW (lpString1="UserData", lpString2="..") returned 1 [0051.003] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData") returned 86 [0051.003] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.003] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData" [0051.003] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*" [0051.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.007] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.007] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.007] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.007] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.007] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.007] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.007] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.007] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.007] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.007] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.007] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.007] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.007] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.007] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.007] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Low", cAlternateFileName="")) returned 1 [0051.007] lstrcmpiW (lpString1="Low", lpString2="Windows") returned -1 [0051.007] lstrcmpiW (lpString1="Low", lpString2="Program Files") returned -1 [0051.007] lstrcmpiW (lpString1="Low", lpString2="Program Files (x86)") returned -1 [0051.007] lstrcmpiW (lpString1="Low", lpString2="$Recycle.bin") returned 1 [0051.007] lstrcmpiW (lpString1="Low", lpString2="System Volume Information") returned -1 [0051.007] lstrcmpiW (lpString1="Low", lpString2=".") returned 1 [0051.007] lstrcmpiW (lpString1="Low", lpString2="..") returned 1 [0051.007] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low") returned 90 [0051.007] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.008] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low" [0051.008] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*" [0051.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.008] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.008] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.008] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.008] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.008] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.008] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.008] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.008] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.008] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.008] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.008] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.008] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.008] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="65UX3YG0", cAlternateFileName="")) returned 1 [0051.008] lstrcmpiW (lpString1="65UX3YG0", lpString2="Windows") returned -1 [0051.008] lstrcmpiW (lpString1="65UX3YG0", lpString2="Program Files") returned -1 [0051.008] lstrcmpiW (lpString1="65UX3YG0", lpString2="Program Files (x86)") returned -1 [0051.008] lstrcmpiW (lpString1="65UX3YG0", lpString2="$Recycle.bin") returned 1 [0051.008] lstrcmpiW (lpString1="65UX3YG0", lpString2="System Volume Information") returned -1 [0051.008] lstrcmpiW (lpString1="65UX3YG0", lpString2=".") returned 1 [0051.008] lstrcmpiW (lpString1="65UX3YG0", lpString2="..") returned 1 [0051.008] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0") returned 99 [0051.008] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.009] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" [0051.009] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*" [0051.009] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.011] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.011] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.011] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.011] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.011] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.011] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.011] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.011] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.011] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.011] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.011] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.011] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.011] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.011] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.011] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.011] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.011] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\LOLKEK.txt") returned 110 [0051.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.011] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.012] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.012] CloseHandle (hObject=0x270) returned 1 [0051.012] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.012] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AY721QDR", cAlternateFileName="")) returned 1 [0051.013] lstrcmpiW (lpString1="AY721QDR", lpString2="Windows") returned -1 [0051.013] lstrcmpiW (lpString1="AY721QDR", lpString2="Program Files") returned -1 [0051.013] lstrcmpiW (lpString1="AY721QDR", lpString2="Program Files (x86)") returned -1 [0051.013] lstrcmpiW (lpString1="AY721QDR", lpString2="$Recycle.bin") returned 1 [0051.013] lstrcmpiW (lpString1="AY721QDR", lpString2="System Volume Information") returned -1 [0051.013] lstrcmpiW (lpString1="AY721QDR", lpString2=".") returned 1 [0051.013] lstrcmpiW (lpString1="AY721QDR", lpString2="..") returned 1 [0051.013] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR") returned 99 [0051.013] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.013] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" [0051.013] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*" [0051.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.013] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.013] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.013] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.013] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.013] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.013] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.013] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.013] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.013] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.013] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.013] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.013] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.013] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.013] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.013] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.013] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.013] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\LOLKEK.txt") returned 110 [0051.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.014] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.014] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.015] CloseHandle (hObject=0x270) returned 1 [0051.015] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.015] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DZBKZBIC", cAlternateFileName="")) returned 1 [0051.015] lstrcmpiW (lpString1="DZBKZBIC", lpString2="Windows") returned -1 [0051.015] lstrcmpiW (lpString1="DZBKZBIC", lpString2="Program Files") returned -1 [0051.015] lstrcmpiW (lpString1="DZBKZBIC", lpString2="Program Files (x86)") returned -1 [0051.015] lstrcmpiW (lpString1="DZBKZBIC", lpString2="$Recycle.bin") returned 1 [0051.015] lstrcmpiW (lpString1="DZBKZBIC", lpString2="System Volume Information") returned -1 [0051.015] lstrcmpiW (lpString1="DZBKZBIC", lpString2=".") returned 1 [0051.015] lstrcmpiW (lpString1="DZBKZBIC", lpString2="..") returned 1 [0051.015] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC") returned 99 [0051.015] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.015] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" [0051.015] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*" [0051.015] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.015] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.015] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.015] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.015] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.015] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.015] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.015] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.015] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.015] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.015] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.015] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.015] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.015] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.015] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.015] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.015] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.015] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\LOLKEK.txt") returned 110 [0051.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.016] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.016] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.016] CloseHandle (hObject=0x270) returned 1 [0051.016] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.016] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0051.016] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0051.016] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0051.017] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0051.017] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0051.017] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0051.017] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0051.017] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0051.017] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat") returned 100 [0051.017] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0051.017] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0051.017] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat") returned 100 [0051.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x61a2d0 [0051.017] lstrcpyW (in: lpString1=0x61a2d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" [0051.017] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.017] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.017] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 1 [0051.017] lstrcmpiW (lpString1="VRLZOZ0E", lpString2="Windows") returned -1 [0051.017] lstrcmpiW (lpString1="VRLZOZ0E", lpString2="Program Files") returned 1 [0051.017] lstrcmpiW (lpString1="VRLZOZ0E", lpString2="Program Files (x86)") returned 1 [0051.017] lstrcmpiW (lpString1="VRLZOZ0E", lpString2="$Recycle.bin") returned 1 [0051.017] lstrcmpiW (lpString1="VRLZOZ0E", lpString2="System Volume Information") returned 1 [0051.017] lstrcmpiW (lpString1="VRLZOZ0E", lpString2=".") returned 1 [0051.017] lstrcmpiW (lpString1="VRLZOZ0E", lpString2="..") returned 1 [0051.017] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E") returned 99 [0051.017] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.017] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" [0051.017] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*" [0051.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.017] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.017] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.017] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.017] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.017] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.017] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.017] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.017] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.017] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.017] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.017] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.017] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.017] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.017] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.017] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.018] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.018] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\LOLKEK.txt") returned 110 [0051.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.018] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.018] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.019] CloseHandle (hObject=0x270) returned 1 [0051.019] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.019] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 0 [0051.019] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.019] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\LOLKEK.txt") returned 101 [0051.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.019] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.019] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.020] CloseHandle (hObject=0x224) returned 1 [0051.020] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.020] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Low", cAlternateFileName="")) returned 0 [0051.020] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.020] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\LOLKEK.txt") returned 97 [0051.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0051.020] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.020] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.021] CloseHandle (hObject=0x2bc) returned 1 [0051.021] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.022] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UserData", cAlternateFileName="")) returned 0 [0051.022] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.022] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\LOLKEK.txt") returned 88 [0051.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0051.022] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.023] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.023] CloseHandle (hObject=0x24c) returned 1 [0051.023] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.023] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MMC", cAlternateFileName="")) returned 1 [0051.023] lstrcmpiW (lpString1="MMC", lpString2="Windows") returned -1 [0051.023] lstrcmpiW (lpString1="MMC", lpString2="Program Files") returned -1 [0051.023] lstrcmpiW (lpString1="MMC", lpString2="Program Files (x86)") returned -1 [0051.023] lstrcmpiW (lpString1="MMC", lpString2="$Recycle.bin") returned 1 [0051.023] lstrcmpiW (lpString1="MMC", lpString2="System Volume Information") returned -1 [0051.023] lstrcmpiW (lpString1="MMC", lpString2=".") returned 1 [0051.023] lstrcmpiW (lpString1="MMC", lpString2="..") returned 1 [0051.023] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC") returned 63 [0051.023] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.023] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC" [0051.023] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*" [0051.023] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.024] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.024] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.024] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.024] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.024] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.024] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.024] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.024] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.024] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.024] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.024] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.024] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.024] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.024] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.024] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.024] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.024] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\LOLKEK.txt") returned 74 [0051.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0051.025] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.025] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.025] CloseHandle (hObject=0x24c) returned 1 [0051.025] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.025] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS Project", cAlternateFileName="MSPROJ~1")) returned 1 [0051.025] lstrcmpiW (lpString1="MS Project", lpString2="Windows") returned -1 [0051.025] lstrcmpiW (lpString1="MS Project", lpString2="Program Files") returned -1 [0051.026] lstrcmpiW (lpString1="MS Project", lpString2="Program Files (x86)") returned -1 [0051.026] lstrcmpiW (lpString1="MS Project", lpString2="$Recycle.bin") returned 1 [0051.026] lstrcmpiW (lpString1="MS Project", lpString2="System Volume Information") returned -1 [0051.026] lstrcmpiW (lpString1="MS Project", lpString2=".") returned 1 [0051.026] lstrcmpiW (lpString1="MS Project", lpString2="..") returned 1 [0051.026] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project") returned 70 [0051.026] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.026] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project" [0051.026] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*" [0051.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.029] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.029] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.029] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.029] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.029] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.029] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.029] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.029] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.029] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.029] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.029] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.029] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.029] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.029] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.029] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="14", cAlternateFileName="")) returned 1 [0051.029] lstrcmpiW (lpString1="14", lpString2="Windows") returned -1 [0051.029] lstrcmpiW (lpString1="14", lpString2="Program Files") returned -1 [0051.029] lstrcmpiW (lpString1="14", lpString2="Program Files (x86)") returned -1 [0051.029] lstrcmpiW (lpString1="14", lpString2="$Recycle.bin") returned 1 [0051.029] lstrcmpiW (lpString1="14", lpString2="System Volume Information") returned -1 [0051.029] lstrcmpiW (lpString1="14", lpString2=".") returned 1 [0051.029] lstrcmpiW (lpString1="14", lpString2="..") returned 1 [0051.029] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14") returned 73 [0051.029] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.030] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14" [0051.030] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*" [0051.030] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.031] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.031] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.031] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.031] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.032] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.032] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.032] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.032] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.032] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.032] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.032] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.032] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.032] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.032] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.032] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1033", cAlternateFileName="")) returned 1 [0051.032] lstrcmpiW (lpString1="1033", lpString2="Windows") returned -1 [0051.032] lstrcmpiW (lpString1="1033", lpString2="Program Files") returned -1 [0051.032] lstrcmpiW (lpString1="1033", lpString2="Program Files (x86)") returned -1 [0051.032] lstrcmpiW (lpString1="1033", lpString2="$Recycle.bin") returned 1 [0051.032] lstrcmpiW (lpString1="1033", lpString2="System Volume Information") returned -1 [0051.032] lstrcmpiW (lpString1="1033", lpString2=".") returned 1 [0051.032] lstrcmpiW (lpString1="1033", lpString2="..") returned 1 [0051.032] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033") returned 78 [0051.032] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.033] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033" [0051.033] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*" [0051.033] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.034] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.034] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.034] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.034] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.034] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.034] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.034] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.034] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.034] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.034] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.034] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.034] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.034] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.034] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.034] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Global.MPT", cAlternateFileName="")) returned 1 [0051.034] lstrcmpiW (lpString1="Global.MPT", lpString2="Windows") returned -1 [0051.034] lstrcmpiW (lpString1="Global.MPT", lpString2="Program Files") returned -1 [0051.034] lstrcmpiW (lpString1="Global.MPT", lpString2="Program Files (x86)") returned -1 [0051.034] lstrcmpiW (lpString1="Global.MPT", lpString2="$Recycle.bin") returned 1 [0051.034] lstrcmpiW (lpString1="Global.MPT", lpString2="System Volume Information") returned -1 [0051.034] lstrcmpiW (lpString1="Global.MPT", lpString2=".") returned 1 [0051.034] lstrcmpiW (lpString1="Global.MPT", lpString2="..") returned 1 [0051.034] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT") returned 89 [0051.034] StrStrIW (lpFirst="Global.MPT", lpSrch=".lolkek") returned 0x0 [0051.034] lstrcmpW (lpString1="Global.MPT", lpString2="LOLKEK.txt") returned -1 [0051.034] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT") returned 89 [0051.034] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x62c750 [0051.034] lstrcpyW (in: lpString1=0x62c750, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" [0051.034] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.035] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.035] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Global.MPT", cAlternateFileName="")) returned 0 [0051.035] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.035] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\LOLKEK.txt") returned 89 [0051.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.036] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.036] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.037] CloseHandle (hObject=0x1b4) returned 1 [0051.037] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.037] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1033", cAlternateFileName="")) returned 0 [0051.037] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.037] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\LOLKEK.txt") returned 84 [0051.037] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.037] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.037] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.038] CloseHandle (hObject=0x224) returned 1 [0051.038] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.038] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="14", cAlternateFileName="")) returned 0 [0051.038] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.038] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\LOLKEK.txt") returned 81 [0051.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0051.038] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.038] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.039] CloseHandle (hObject=0x24c) returned 1 [0051.039] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.039] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Network", cAlternateFileName="")) returned 1 [0051.039] lstrcmpiW (lpString1="Network", lpString2="Windows") returned -1 [0051.039] lstrcmpiW (lpString1="Network", lpString2="Program Files") returned -1 [0051.039] lstrcmpiW (lpString1="Network", lpString2="Program Files (x86)") returned -1 [0051.039] lstrcmpiW (lpString1="Network", lpString2="$Recycle.bin") returned 1 [0051.039] lstrcmpiW (lpString1="Network", lpString2="System Volume Information") returned -1 [0051.039] lstrcmpiW (lpString1="Network", lpString2=".") returned 1 [0051.039] lstrcmpiW (lpString1="Network", lpString2="..") returned 1 [0051.039] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network") returned 67 [0051.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.039] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network" [0051.039] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*" [0051.039] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.040] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.040] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.040] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.040] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.040] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.040] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.040] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.040] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.040] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.040] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.040] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.040] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.040] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.040] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.040] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0051.040] lstrcmpiW (lpString1="Connections", lpString2="Windows") returned -1 [0051.040] lstrcmpiW (lpString1="Connections", lpString2="Program Files") returned -1 [0051.040] lstrcmpiW (lpString1="Connections", lpString2="Program Files (x86)") returned -1 [0051.040] lstrcmpiW (lpString1="Connections", lpString2="$Recycle.bin") returned 1 [0051.040] lstrcmpiW (lpString1="Connections", lpString2="System Volume Information") returned -1 [0051.040] lstrcmpiW (lpString1="Connections", lpString2=".") returned 1 [0051.040] lstrcmpiW (lpString1="Connections", lpString2="..") returned 1 [0051.040] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections") returned 79 [0051.040] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.040] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections" [0051.040] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*" [0051.040] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.040] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.040] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.040] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.041] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.041] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.041] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.041] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.041] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.041] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.041] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.041] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pbk", cAlternateFileName="")) returned 1 [0051.041] lstrcmpiW (lpString1="Pbk", lpString2="Windows") returned -1 [0051.041] lstrcmpiW (lpString1="Pbk", lpString2="Program Files") returned -1 [0051.041] lstrcmpiW (lpString1="Pbk", lpString2="Program Files (x86)") returned -1 [0051.041] lstrcmpiW (lpString1="Pbk", lpString2="$Recycle.bin") returned 1 [0051.041] lstrcmpiW (lpString1="Pbk", lpString2="System Volume Information") returned -1 [0051.041] lstrcmpiW (lpString1="Pbk", lpString2=".") returned 1 [0051.041] lstrcmpiW (lpString1="Pbk", lpString2="..") returned 1 [0051.041] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk") returned 83 [0051.041] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.041] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk" [0051.041] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*" [0051.041] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.041] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.041] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.041] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.041] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.041] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.041] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.041] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.041] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.041] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.041] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.041] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.041] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0051.041] lstrcmpiW (lpString1="_hiddenPbk", lpString2="Windows") returned -1 [0051.041] lstrcmpiW (lpString1="_hiddenPbk", lpString2="Program Files") returned -1 [0051.041] lstrcmpiW (lpString1="_hiddenPbk", lpString2="Program Files (x86)") returned -1 [0051.042] lstrcmpiW (lpString1="_hiddenPbk", lpString2="$Recycle.bin") returned 1 [0051.042] lstrcmpiW (lpString1="_hiddenPbk", lpString2="System Volume Information") returned -1 [0051.042] lstrcmpiW (lpString1="_hiddenPbk", lpString2=".") returned 1 [0051.042] lstrcmpiW (lpString1="_hiddenPbk", lpString2="..") returned 1 [0051.042] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned 94 [0051.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.042] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" [0051.042] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*" [0051.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.042] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.042] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.042] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.042] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.042] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.042] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.042] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.042] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.042] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.042] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.042] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.042] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.042] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.042] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.042] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0051.042] lstrcmpiW (lpString1="rasphone.pbk", lpString2="Windows") returned -1 [0051.042] lstrcmpiW (lpString1="rasphone.pbk", lpString2="Program Files") returned 1 [0051.042] lstrcmpiW (lpString1="rasphone.pbk", lpString2="Program Files (x86)") returned 1 [0051.043] lstrcmpiW (lpString1="rasphone.pbk", lpString2="$Recycle.bin") returned 1 [0051.043] lstrcmpiW (lpString1="rasphone.pbk", lpString2="System Volume Information") returned -1 [0051.043] lstrcmpiW (lpString1="rasphone.pbk", lpString2=".") returned 1 [0051.043] lstrcmpiW (lpString1="rasphone.pbk", lpString2="..") returned 1 [0051.043] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned 107 [0051.043] StrStrIW (lpFirst="rasphone.pbk", lpSrch=".lolkek") returned 0x0 [0051.043] lstrcmpW (lpString1="rasphone.pbk", lpString2="LOLKEK.txt") returned 1 [0051.043] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned 107 [0051.043] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x634250 [0051.043] lstrcpyW (in: lpString1=0x634250, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" [0051.043] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.043] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.043] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0051.043] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.043] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\LOLKEK.txt") returned 105 [0051.043] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0051.043] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.043] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.044] CloseHandle (hObject=0x27c) returned 1 [0051.044] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.044] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 0 [0051.044] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.045] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\LOLKEK.txt") returned 94 [0051.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.045] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.045] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.046] CloseHandle (hObject=0x1b4) returned 1 [0051.046] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.046] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pbk", cAlternateFileName="")) returned 0 [0051.046] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.046] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\LOLKEK.txt") returned 90 [0051.046] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.046] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.046] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.047] CloseHandle (hObject=0x224) returned 1 [0051.047] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.047] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.047] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\LOLKEK.txt") returned 78 [0051.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0051.047] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.048] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.048] CloseHandle (hObject=0x24c) returned 1 [0051.048] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.049] lstrcmpiW (lpString1="Office", lpString2="Windows") returned -1 [0051.049] lstrcmpiW (lpString1="Office", lpString2="Program Files") returned -1 [0051.049] lstrcmpiW (lpString1="Office", lpString2="Program Files (x86)") returned -1 [0051.049] lstrcmpiW (lpString1="Office", lpString2="$Recycle.bin") returned 1 [0051.049] lstrcmpiW (lpString1="Office", lpString2="System Volume Information") returned -1 [0051.049] lstrcmpiW (lpString1="Office", lpString2=".") returned 1 [0051.049] lstrcmpiW (lpString1="Office", lpString2="..") returned 1 [0051.049] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office") returned 66 [0051.049] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.050] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office" [0051.050] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*" [0051.050] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.052] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.052] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.052] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.052] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.052] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.052] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.052] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.052] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.052] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.052] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.052] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.052] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.052] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.052] lstrcmpiW (lpString1="MSO1033.acl", lpString2="Windows") returned -1 [0051.052] lstrcmpiW (lpString1="MSO1033.acl", lpString2="Program Files") returned -1 [0051.052] lstrcmpiW (lpString1="MSO1033.acl", lpString2="Program Files (x86)") returned -1 [0051.052] lstrcmpiW (lpString1="MSO1033.acl", lpString2="$Recycle.bin") returned 1 [0051.052] lstrcmpiW (lpString1="MSO1033.acl", lpString2="System Volume Information") returned -1 [0051.052] lstrcmpiW (lpString1="MSO1033.acl", lpString2=".") returned 1 [0051.052] lstrcmpiW (lpString1="MSO1033.acl", lpString2="..") returned 1 [0051.052] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl") returned 78 [0051.052] StrStrIW (lpFirst="MSO1033.acl", lpSrch=".lolkek") returned 0x0 [0051.052] lstrcmpW (lpString1="MSO1033.acl", lpString2="LOLKEK.txt") returned 1 [0051.052] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl") returned 78 [0051.052] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616478 [0051.052] lstrcpyW (in: lpString1=0x616478, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" [0051.052] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.071] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.071] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Recent", cAlternateFileName="")) returned 1 [0051.071] lstrcmpiW (lpString1="Recent", lpString2="Windows") returned -1 [0051.071] lstrcmpiW (lpString1="Recent", lpString2="Program Files") returned 1 [0051.071] lstrcmpiW (lpString1="Recent", lpString2="Program Files (x86)") returned 1 [0051.071] lstrcmpiW (lpString1="Recent", lpString2="$Recycle.bin") returned 1 [0051.071] lstrcmpiW (lpString1="Recent", lpString2="System Volume Information") returned -1 [0051.071] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0051.071] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0051.071] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent") returned 73 [0051.071] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.071] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent" [0051.071] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*" [0051.071] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.075] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.075] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.075] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.075] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.075] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.075] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.075] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.075] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.075] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.075] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.075] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.075] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.075] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.075] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.075] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90b3d80, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x59a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Global.LNK", cAlternateFileName="")) returned 1 [0051.075] lstrcmpiW (lpString1="Global.LNK", lpString2="Windows") returned -1 [0051.075] lstrcmpiW (lpString1="Global.LNK", lpString2="Program Files") returned -1 [0051.075] lstrcmpiW (lpString1="Global.LNK", lpString2="Program Files (x86)") returned -1 [0051.075] lstrcmpiW (lpString1="Global.LNK", lpString2="$Recycle.bin") returned 1 [0051.075] lstrcmpiW (lpString1="Global.LNK", lpString2="System Volume Information") returned -1 [0051.075] lstrcmpiW (lpString1="Global.LNK", lpString2=".") returned 1 [0051.075] lstrcmpiW (lpString1="Global.LNK", lpString2="..") returned 1 [0051.075] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK") returned 84 [0051.075] StrStrIW (lpFirst="Global.LNK", lpSrch=".lolkek") returned 0x0 [0051.075] lstrcmpW (lpString1="Global.LNK", lpString2="LOLKEK.txt") returned -1 [0051.075] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK") returned 84 [0051.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb6540 [0051.076] lstrcpyW (in: lpString1=0x3eb6540, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" [0051.076] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.076] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.076] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x34, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0051.076] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0051.076] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0051.076] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0051.076] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0051.076] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0051.076] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0051.076] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0051.076] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat") returned 83 [0051.076] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0051.076] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0051.076] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat") returned 83 [0051.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cae530 [0051.076] lstrcpyW (in: lpString1=0x3cae530, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" [0051.076] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.076] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.076] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0051.076] lstrcmpiW (lpString1="Templates.LNK", lpString2="Windows") returned -1 [0051.076] lstrcmpiW (lpString1="Templates.LNK", lpString2="Program Files") returned 1 [0051.076] lstrcmpiW (lpString1="Templates.LNK", lpString2="Program Files (x86)") returned 1 [0051.076] lstrcmpiW (lpString1="Templates.LNK", lpString2="$Recycle.bin") returned 1 [0051.076] lstrcmpiW (lpString1="Templates.LNK", lpString2="System Volume Information") returned 1 [0051.076] lstrcmpiW (lpString1="Templates.LNK", lpString2=".") returned 1 [0051.076] lstrcmpiW (lpString1="Templates.LNK", lpString2="..") returned 1 [0051.076] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK") returned 87 [0051.076] StrStrIW (lpFirst="Templates.LNK", lpSrch=".lolkek") returned 0x0 [0051.076] lstrcmpW (lpString1="Templates.LNK", lpString2="LOLKEK.txt") returned 1 [0051.076] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK") returned 87 [0051.076] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb63d8 [0051.076] lstrcpyW (in: lpString1=0x3eb63d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" [0051.076] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.078] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.078] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0051.078] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.078] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\LOLKEK.txt") returned 84 [0051.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.079] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.079] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.080] CloseHandle (hObject=0x1b4) returned 1 [0051.080] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.080] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Recent", cAlternateFileName="")) returned 0 [0051.080] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.080] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\LOLKEK.txt") returned 77 [0051.080] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.080] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.080] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.081] CloseHandle (hObject=0x270) returned 1 [0051.081] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.082] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outlook", cAlternateFileName="")) returned 1 [0051.082] lstrcmpiW (lpString1="Outlook", lpString2="Windows") returned -1 [0051.082] lstrcmpiW (lpString1="Outlook", lpString2="Program Files") returned -1 [0051.082] lstrcmpiW (lpString1="Outlook", lpString2="Program Files (x86)") returned -1 [0051.082] lstrcmpiW (lpString1="Outlook", lpString2="$Recycle.bin") returned 1 [0051.082] lstrcmpiW (lpString1="Outlook", lpString2="System Volume Information") returned -1 [0051.082] lstrcmpiW (lpString1="Outlook", lpString2=".") returned 1 [0051.082] lstrcmpiW (lpString1="Outlook", lpString2="..") returned 1 [0051.082] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook") returned 67 [0051.083] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.083] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook" [0051.083] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*" [0051.083] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.084] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.084] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.084] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.084] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.084] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.084] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.084] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.084] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.084] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.084] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.084] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.084] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.084] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.084] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.084] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de69980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5de69980, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5e0c9040, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0051.084] lstrcmpiW (lpString1="Outlook.srs", lpString2="Windows") returned -1 [0051.084] lstrcmpiW (lpString1="Outlook.srs", lpString2="Program Files") returned -1 [0051.084] lstrcmpiW (lpString1="Outlook.srs", lpString2="Program Files (x86)") returned -1 [0051.084] lstrcmpiW (lpString1="Outlook.srs", lpString2="$Recycle.bin") returned 1 [0051.084] lstrcmpiW (lpString1="Outlook.srs", lpString2="System Volume Information") returned -1 [0051.084] lstrcmpiW (lpString1="Outlook.srs", lpString2=".") returned 1 [0051.084] lstrcmpiW (lpString1="Outlook.srs", lpString2="..") returned 1 [0051.084] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs") returned 79 [0051.084] StrStrIW (lpFirst="Outlook.srs", lpSrch=".lolkek") returned 0x0 [0051.084] lstrcmpW (lpString1="Outlook.srs", lpString2="LOLKEK.txt") returned 1 [0051.084] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs") returned 79 [0051.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6178f8 [0051.084] lstrcpyW (in: lpString1=0x6178f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" [0051.084] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.093] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.093] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0051.093] lstrcmpiW (lpString1="Outlook.xml", lpString2="Windows") returned -1 [0051.093] lstrcmpiW (lpString1="Outlook.xml", lpString2="Program Files") returned -1 [0051.093] lstrcmpiW (lpString1="Outlook.xml", lpString2="Program Files (x86)") returned -1 [0051.093] lstrcmpiW (lpString1="Outlook.xml", lpString2="$Recycle.bin") returned 1 [0051.093] lstrcmpiW (lpString1="Outlook.xml", lpString2="System Volume Information") returned -1 [0051.093] lstrcmpiW (lpString1="Outlook.xml", lpString2=".") returned 1 [0051.093] lstrcmpiW (lpString1="Outlook.xml", lpString2="..") returned 1 [0051.093] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml") returned 79 [0051.093] StrStrIW (lpFirst="Outlook.xml", lpSrch=".lolkek") returned 0x0 [0051.093] lstrcmpW (lpString1="Outlook.xml", lpString2="LOLKEK.txt") returned 1 [0051.094] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml") returned 79 [0051.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x6160a0 [0051.094] lstrcpyW (in: lpString1=0x6160a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" [0051.094] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.106] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.106] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outlook.xml", cAlternateFileName="")) returned 0 [0051.106] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.106] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\LOLKEK.txt") returned 78 [0051.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.107] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.107] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.107] CloseHandle (hObject=0x270) returned 1 [0051.108] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.108] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PowerPoint", cAlternateFileName="POWERP~1")) returned 1 [0051.108] lstrcmpiW (lpString1="PowerPoint", lpString2="Windows") returned -1 [0051.108] lstrcmpiW (lpString1="PowerPoint", lpString2="Program Files") returned -1 [0051.108] lstrcmpiW (lpString1="PowerPoint", lpString2="Program Files (x86)") returned -1 [0051.108] lstrcmpiW (lpString1="PowerPoint", lpString2="$Recycle.bin") returned 1 [0051.108] lstrcmpiW (lpString1="PowerPoint", lpString2="System Volume Information") returned -1 [0051.108] lstrcmpiW (lpString1="PowerPoint", lpString2=".") returned 1 [0051.108] lstrcmpiW (lpString1="PowerPoint", lpString2="..") returned 1 [0051.108] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint") returned 70 [0051.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.108] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint" [0051.108] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*" [0051.108] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.119] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.119] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.119] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.119] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.119] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.119] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.119] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.119] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.119] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.119] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.119] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.119] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.119] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.119] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.119] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.119] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.119] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\LOLKEK.txt") returned 81 [0051.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0051.120] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.120] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.120] CloseHandle (hObject=0x27c) returned 1 [0051.120] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.120] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Proof", cAlternateFileName="")) returned 1 [0051.120] lstrcmpiW (lpString1="Proof", lpString2="Windows") returned -1 [0051.120] lstrcmpiW (lpString1="Proof", lpString2="Program Files") returned 1 [0051.120] lstrcmpiW (lpString1="Proof", lpString2="Program Files (x86)") returned 1 [0051.120] lstrcmpiW (lpString1="Proof", lpString2="$Recycle.bin") returned 1 [0051.120] lstrcmpiW (lpString1="Proof", lpString2="System Volume Information") returned -1 [0051.120] lstrcmpiW (lpString1="Proof", lpString2=".") returned 1 [0051.120] lstrcmpiW (lpString1="Proof", lpString2="..") returned 1 [0051.120] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof") returned 65 [0051.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.121] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof" [0051.121] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*" [0051.121] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.125] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.125] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.125] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.125] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.125] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.125] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.125] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.125] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.125] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.125] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.125] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.125] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.125] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.125] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.125] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.125] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.125] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\LOLKEK.txt") returned 76 [0051.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0051.126] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.126] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.127] CloseHandle (hObject=0x25c) returned 1 [0051.127] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.127] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Protect", cAlternateFileName="")) returned 1 [0051.127] lstrcmpiW (lpString1="Protect", lpString2="Windows") returned -1 [0051.127] lstrcmpiW (lpString1="Protect", lpString2="Program Files") returned 1 [0051.127] lstrcmpiW (lpString1="Protect", lpString2="Program Files (x86)") returned 1 [0051.127] lstrcmpiW (lpString1="Protect", lpString2="$Recycle.bin") returned 1 [0051.127] lstrcmpiW (lpString1="Protect", lpString2="System Volume Information") returned -1 [0051.127] lstrcmpiW (lpString1="Protect", lpString2=".") returned 1 [0051.127] lstrcmpiW (lpString1="Protect", lpString2="..") returned 1 [0051.127] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect") returned 67 [0051.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.127] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect" [0051.127] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*" [0051.127] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.128] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.128] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.128] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.128] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.128] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.128] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.128] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.128] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.128] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.128] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.128] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.128] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.128] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.128] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.128] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0051.128] lstrcmpiW (lpString1="CREDHIST", lpString2="Windows") returned -1 [0051.128] lstrcmpiW (lpString1="CREDHIST", lpString2="Program Files") returned -1 [0051.128] lstrcmpiW (lpString1="CREDHIST", lpString2="Program Files (x86)") returned -1 [0051.128] lstrcmpiW (lpString1="CREDHIST", lpString2="$Recycle.bin") returned 1 [0051.128] lstrcmpiW (lpString1="CREDHIST", lpString2="System Volume Information") returned -1 [0051.128] lstrcmpiW (lpString1="CREDHIST", lpString2=".") returned 1 [0051.128] lstrcmpiW (lpString1="CREDHIST", lpString2="..") returned 1 [0051.128] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 76 [0051.128] StrStrIW (lpFirst="CREDHIST", lpSrch=".lolkek") returned 0x0 [0051.128] lstrcmpW (lpString1="CREDHIST", lpString2="LOLKEK.txt") returned -1 [0051.128] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 76 [0051.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616eb8 [0051.128] lstrcpyW (in: lpString1=0x616eb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" [0051.128] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.128] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.128] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0051.128] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="Windows") returned -1 [0051.128] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="Program Files") returned 1 [0051.128] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="Program Files (x86)") returned 1 [0051.128] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="$Recycle.bin") returned 1 [0051.128] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="System Volume Information") returned -1 [0051.128] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0051.128] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0051.128] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned 113 [0051.128] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.129] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" [0051.129] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*" [0051.129] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.140] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.140] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.140] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.140] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.140] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.140] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.140] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.140] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.140] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.140] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.140] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.140] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.140] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.140] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.140] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0051.140] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="Windows") returned -1 [0051.140] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="Program Files") returned -1 [0051.141] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="Program Files (x86)") returned -1 [0051.141] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="$Recycle.bin") returned 1 [0051.141] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="System Volume Information") returned -1 [0051.141] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2=".") returned 1 [0051.141] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="..") returned 1 [0051.141] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned 150 [0051.141] StrStrIW (lpFirst="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpSrch=".lolkek") returned 0x0 [0051.141] lstrcmpW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="LOLKEK.txt") returned -1 [0051.141] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned 150 [0051.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x25c) returned 0x3ec06a8 [0051.141] lstrcpyW (in: lpString1=0x3ec06a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" [0051.141] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.141] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.141] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0051.141] lstrcmpiW (lpString1="Preferred", lpString2="Windows") returned -1 [0051.141] lstrcmpiW (lpString1="Preferred", lpString2="Program Files") returned -1 [0051.141] lstrcmpiW (lpString1="Preferred", lpString2="Program Files (x86)") returned -1 [0051.141] lstrcmpiW (lpString1="Preferred", lpString2="$Recycle.bin") returned 1 [0051.141] lstrcmpiW (lpString1="Preferred", lpString2="System Volume Information") returned -1 [0051.141] lstrcmpiW (lpString1="Preferred", lpString2=".") returned 1 [0051.141] lstrcmpiW (lpString1="Preferred", lpString2="..") returned 1 [0051.141] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned 123 [0051.141] StrStrIW (lpFirst="Preferred", lpSrch=".lolkek") returned 0x0 [0051.141] lstrcmpW (lpString1="Preferred", lpString2="LOLKEK.txt") returned 1 [0051.141] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned 123 [0051.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f0) returned 0x3ca6420 [0051.141] lstrcpyW (in: lpString1=0x3ca6420, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" [0051.141] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.141] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.141] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0051.141] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.142] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\LOLKEK.txt") returned 124 [0051.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.143] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.143] WriteFile (in: hFile=0x214, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.143] CloseHandle (hObject=0x214) returned 1 [0051.143] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.143] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0051.143] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="Windows") returned -1 [0051.143] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="Program Files") returned 1 [0051.143] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="Program Files (x86)") returned 1 [0051.143] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="$Recycle.bin") returned 1 [0051.143] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="System Volume Information") returned -1 [0051.143] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2=".") returned 1 [0051.143] lstrcmpiW (lpString1="S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="..") returned 1 [0051.143] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 114 [0051.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.144] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" [0051.144] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*" [0051.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.148] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.148] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.148] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.148] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.148] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.148] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.148] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.148] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.149] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.149] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.149] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.149] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.149] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.149] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.149] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf923e050, ftCreationTime.dwHighDateTime=0x1d3aab9, ftLastAccessTime.dwLowDateTime=0xf923e050, ftLastAccessTime.dwHighDateTime=0x1d3aab9, ftLastWriteTime.dwLowDateTime=0xf923e050, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="02540a10-7eb7-4b20-a8c7-470f8986389c", cAlternateFileName="02540A~1")) returned 1 [0051.149] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="Windows") returned -1 [0051.149] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="Program Files") returned -1 [0051.149] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="Program Files (x86)") returned -1 [0051.149] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="$Recycle.bin") returned 1 [0051.149] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="System Volume Information") returned -1 [0051.149] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2=".") returned 1 [0051.149] lstrcmpiW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="..") returned 1 [0051.149] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c") returned 151 [0051.149] StrStrIW (lpFirst="02540a10-7eb7-4b20-a8c7-470f8986389c", lpSrch=".lolkek") returned 0x0 [0051.149] lstrcmpW (lpString1="02540a10-7eb7-4b20-a8c7-470f8986389c", lpString2="LOLKEK.txt") returned -1 [0051.149] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c") returned 151 [0051.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec0910 [0051.149] lstrcpyW (in: lpString1=0x3ec0910, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" [0051.149] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.149] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.149] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xdc5ea830, ftCreationTime.dwHighDateTime=0x1d41fce, ftLastAccessTime.dwLowDateTime=0xdc5ea830, ftLastAccessTime.dwHighDateTime=0x1d41fce, ftLastWriteTime.dwLowDateTime=0xdc5ea830, ftLastWriteTime.dwHighDateTime=0x1d41fce, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0e15476d-d8fe-46ca-8099-ebdcf80f637c", cAlternateFileName="0E1547~1")) returned 1 [0051.149] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="Windows") returned -1 [0051.149] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="Program Files") returned -1 [0051.149] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="Program Files (x86)") returned -1 [0051.149] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="$Recycle.bin") returned 1 [0051.149] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="System Volume Information") returned -1 [0051.149] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2=".") returned 1 [0051.149] lstrcmpiW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="..") returned 1 [0051.149] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c") returned 151 [0051.149] StrStrIW (lpFirst="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpSrch=".lolkek") returned 0x0 [0051.149] lstrcmpW (lpString1="0e15476d-d8fe-46ca-8099-ebdcf80f637c", lpString2="LOLKEK.txt") returned -1 [0051.149] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c") returned 151 [0051.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec0b78 [0051.149] lstrcpyW (in: lpString1=0x3ec0b78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" [0051.149] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.149] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.149] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf6409280, ftCreationTime.dwHighDateTime=0x1d4ae2c, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xf6409280, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="102a7bc8-3f85-4bb4-840a-38257d2965d2", cAlternateFileName="102A7B~1")) returned 1 [0051.149] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="Windows") returned -1 [0051.149] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="Program Files") returned -1 [0051.149] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="Program Files (x86)") returned -1 [0051.149] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="$Recycle.bin") returned 1 [0051.149] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="System Volume Information") returned -1 [0051.149] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2=".") returned 1 [0051.150] lstrcmpiW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="..") returned 1 [0051.150] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2") returned 151 [0051.150] StrStrIW (lpFirst="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpSrch=".lolkek") returned 0x0 [0051.150] lstrcmpW (lpString1="102a7bc8-3f85-4bb4-840a-38257d2965d2", lpString2="LOLKEK.txt") returned -1 [0051.150] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2") returned 151 [0051.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec0de0 [0051.150] lstrcpyW (in: lpString1=0x3ec0de0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" [0051.150] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.162] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.162] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542b0350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542b0350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x542b0350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2be989a0-16a1-424b-9211-51aa3bb43e5d", cAlternateFileName="2BE989~1")) returned 1 [0051.162] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="Windows") returned -1 [0051.162] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="Program Files") returned -1 [0051.162] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="Program Files (x86)") returned -1 [0051.162] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="$Recycle.bin") returned 1 [0051.162] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="System Volume Information") returned -1 [0051.162] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2=".") returned 1 [0051.162] lstrcmpiW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="..") returned 1 [0051.162] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d") returned 151 [0051.162] StrStrIW (lpFirst="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpSrch=".lolkek") returned 0x0 [0051.162] lstrcmpW (lpString1="2be989a0-16a1-424b-9211-51aa3bb43e5d", lpString2="LOLKEK.txt") returned -1 [0051.162] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d") returned 151 [0051.162] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec1048 [0051.162] lstrcpyW (in: lpString1=0x3ec1048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" [0051.162] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.171] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.171] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x89f07f80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", cAlternateFileName="915F9E~1")) returned 1 [0051.171] lstrcmpiW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2="Windows") returned -1 [0051.172] lstrcmpiW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2="Program Files") returned -1 [0051.172] lstrcmpiW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2="Program Files (x86)") returned -1 [0051.172] lstrcmpiW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2="$Recycle.bin") returned 1 [0051.172] lstrcmpiW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2="System Volume Information") returned -1 [0051.172] lstrcmpiW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2=".") returned 1 [0051.172] lstrcmpiW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2="..") returned 1 [0051.172] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7") returned 151 [0051.172] StrStrIW (lpFirst="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpSrch=".lolkek") returned 0x0 [0051.172] lstrcmpW (lpString1="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", lpString2="LOLKEK.txt") returned -1 [0051.172] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7") returned 151 [0051.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec12b0 [0051.172] lstrcpyW (in: lpString1=0x3ec12b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" [0051.172] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.172] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.172] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x17ffec90, ftCreationTime.dwHighDateTime=0x1d3373c, ftLastAccessTime.dwLowDateTime=0x17ffec90, ftLastAccessTime.dwHighDateTime=0x1d3373c, ftLastWriteTime.dwLowDateTime=0x18024df0, ftLastWriteTime.dwHighDateTime=0x1d3373c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fbbe72db-afd8-443b-88dd-64b20388700d", cAlternateFileName="FBBE72~1")) returned 1 [0051.172] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="Windows") returned -1 [0051.172] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="Program Files") returned -1 [0051.172] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="Program Files (x86)") returned -1 [0051.172] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="$Recycle.bin") returned 1 [0051.172] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="System Volume Information") returned -1 [0051.172] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2=".") returned 1 [0051.172] lstrcmpiW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="..") returned 1 [0051.172] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d") returned 151 [0051.172] StrStrIW (lpFirst="fbbe72db-afd8-443b-88dd-64b20388700d", lpSrch=".lolkek") returned 0x0 [0051.172] lstrcmpW (lpString1="fbbe72db-afd8-443b-88dd-64b20388700d", lpString2="LOLKEK.txt") returned -1 [0051.172] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d") returned 151 [0051.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec1518 [0051.172] lstrcpyW (in: lpString1=0x3ec1518, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" [0051.172] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.181] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.181] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x89f54240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0051.181] lstrcmpiW (lpString1="Preferred", lpString2="Windows") returned -1 [0051.181] lstrcmpiW (lpString1="Preferred", lpString2="Program Files") returned -1 [0051.181] lstrcmpiW (lpString1="Preferred", lpString2="Program Files (x86)") returned -1 [0051.181] lstrcmpiW (lpString1="Preferred", lpString2="$Recycle.bin") returned 1 [0051.181] lstrcmpiW (lpString1="Preferred", lpString2="System Volume Information") returned -1 [0051.181] lstrcmpiW (lpString1="Preferred", lpString2=".") returned 1 [0051.181] lstrcmpiW (lpString1="Preferred", lpString2="..") returned 1 [0051.181] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred") returned 124 [0051.181] StrStrIW (lpFirst="Preferred", lpSrch=".lolkek") returned 0x0 [0051.181] lstrcmpW (lpString1="Preferred", lpString2="LOLKEK.txt") returned 1 [0051.181] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred") returned 124 [0051.181] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f4) returned 0x3e3eaf0 [0051.181] lstrcpyW (in: lpString1=0x3e3eaf0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" [0051.181] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.181] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.181] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x89f54240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0051.181] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.182] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\LOLKEK.txt") returned 125 [0051.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0051.183] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.183] WriteFile (in: hFile=0x214, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.183] CloseHandle (hObject=0x214) returned 1 [0051.184] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.184] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0051.184] lstrcmpiW (lpString1="SYNCHIST", lpString2="Windows") returned -1 [0051.184] lstrcmpiW (lpString1="SYNCHIST", lpString2="Program Files") returned 1 [0051.184] lstrcmpiW (lpString1="SYNCHIST", lpString2="Program Files (x86)") returned 1 [0051.184] lstrcmpiW (lpString1="SYNCHIST", lpString2="$Recycle.bin") returned 1 [0051.184] lstrcmpiW (lpString1="SYNCHIST", lpString2="System Volume Information") returned -1 [0051.184] lstrcmpiW (lpString1="SYNCHIST", lpString2=".") returned 1 [0051.184] lstrcmpiW (lpString1="SYNCHIST", lpString2="..") returned 1 [0051.184] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST") returned 76 [0051.184] StrStrIW (lpFirst="SYNCHIST", lpSrch=".lolkek") returned 0x0 [0051.184] lstrcmpW (lpString1="SYNCHIST", lpString2="LOLKEK.txt") returned 1 [0051.184] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST") returned 76 [0051.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x616998 [0051.184] lstrcpyW (in: lpString1=0x616998, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" [0051.184] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.195] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.195] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0051.195] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.195] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\LOLKEK.txt") returned 78 [0051.195] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0051.195] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.195] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.196] CloseHandle (hObject=0x25c) returned 1 [0051.196] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.198] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0051.198] lstrcmpiW (lpString1="Publisher", lpString2="Windows") returned -1 [0051.198] lstrcmpiW (lpString1="Publisher", lpString2="Program Files") returned 1 [0051.198] lstrcmpiW (lpString1="Publisher", lpString2="Program Files (x86)") returned 1 [0051.198] lstrcmpiW (lpString1="Publisher", lpString2="$Recycle.bin") returned 1 [0051.198] lstrcmpiW (lpString1="Publisher", lpString2="System Volume Information") returned -1 [0051.198] lstrcmpiW (lpString1="Publisher", lpString2=".") returned 1 [0051.198] lstrcmpiW (lpString1="Publisher", lpString2="..") returned 1 [0051.198] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher") returned 69 [0051.198] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.198] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher" [0051.198] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*" [0051.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.204] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.204] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.204] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.204] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.204] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.204] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.204] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.204] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.204] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.204] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.204] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.204] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.204] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.204] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.204] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.204] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.204] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\LOLKEK.txt") returned 80 [0051.204] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.205] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.205] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.206] CloseHandle (hObject=0x210) returned 1 [0051.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.206] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Publisher Building Blocks", cAlternateFileName="PUBLIS~2")) returned 1 [0051.206] lstrcmpiW (lpString1="Publisher Building Blocks", lpString2="Windows") returned -1 [0051.206] lstrcmpiW (lpString1="Publisher Building Blocks", lpString2="Program Files") returned 1 [0051.206] lstrcmpiW (lpString1="Publisher Building Blocks", lpString2="Program Files (x86)") returned 1 [0051.206] lstrcmpiW (lpString1="Publisher Building Blocks", lpString2="$Recycle.bin") returned 1 [0051.206] lstrcmpiW (lpString1="Publisher Building Blocks", lpString2="System Volume Information") returned -1 [0051.206] lstrcmpiW (lpString1="Publisher Building Blocks", lpString2=".") returned 1 [0051.206] lstrcmpiW (lpString1="Publisher Building Blocks", lpString2="..") returned 1 [0051.206] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks") returned 85 [0051.206] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.206] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks" [0051.206] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*" [0051.206] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.224] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.224] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.224] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.224] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.224] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.224] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.224] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.224] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.224] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.224] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.224] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.224] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.224] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.224] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.224] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 1 [0051.225] lstrcmpiW (lpString1="ContentStore.xml", lpString2="Windows") returned -1 [0051.225] lstrcmpiW (lpString1="ContentStore.xml", lpString2="Program Files") returned -1 [0051.225] lstrcmpiW (lpString1="ContentStore.xml", lpString2="Program Files (x86)") returned -1 [0051.225] lstrcmpiW (lpString1="ContentStore.xml", lpString2="$Recycle.bin") returned 1 [0051.225] lstrcmpiW (lpString1="ContentStore.xml", lpString2="System Volume Information") returned -1 [0051.225] lstrcmpiW (lpString1="ContentStore.xml", lpString2=".") returned 1 [0051.225] lstrcmpiW (lpString1="ContentStore.xml", lpString2="..") returned 1 [0051.225] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml") returned 102 [0051.225] StrStrIW (lpFirst="ContentStore.xml", lpSrch=".lolkek") returned 0x0 [0051.225] lstrcmpW (lpString1="ContentStore.xml", lpString2="LOLKEK.txt") returned -1 [0051.225] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml") returned 102 [0051.225] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3be0050 [0051.225] lstrcpyW (in: lpString1=0x3be0050, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" [0051.225] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.225] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.225] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 0 [0051.225] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.225] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\LOLKEK.txt") returned 96 [0051.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.226] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.226] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.227] CloseHandle (hObject=0x1e0) returned 1 [0051.227] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.227] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Speech", cAlternateFileName="")) returned 1 [0051.227] lstrcmpiW (lpString1="Speech", lpString2="Windows") returned -1 [0051.227] lstrcmpiW (lpString1="Speech", lpString2="Program Files") returned 1 [0051.227] lstrcmpiW (lpString1="Speech", lpString2="Program Files (x86)") returned 1 [0051.227] lstrcmpiW (lpString1="Speech", lpString2="$Recycle.bin") returned 1 [0051.227] lstrcmpiW (lpString1="Speech", lpString2="System Volume Information") returned -1 [0051.227] lstrcmpiW (lpString1="Speech", lpString2=".") returned 1 [0051.227] lstrcmpiW (lpString1="Speech", lpString2="..") returned 1 [0051.227] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech") returned 66 [0051.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.227] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech" [0051.227] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*" [0051.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.227] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.227] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.227] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.227] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.227] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.227] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.227] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.228] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.228] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.228] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.228] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.228] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.228] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.228] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.228] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.228] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.228] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\LOLKEK.txt") returned 77 [0051.228] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.228] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.228] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.229] CloseHandle (hObject=0x1e0) returned 1 [0051.229] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.229] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0051.229] lstrcmpiW (lpString1="SystemCertificates", lpString2="Windows") returned -1 [0051.229] lstrcmpiW (lpString1="SystemCertificates", lpString2="Program Files") returned 1 [0051.229] lstrcmpiW (lpString1="SystemCertificates", lpString2="Program Files (x86)") returned 1 [0051.229] lstrcmpiW (lpString1="SystemCertificates", lpString2="$Recycle.bin") returned 1 [0051.229] lstrcmpiW (lpString1="SystemCertificates", lpString2="System Volume Information") returned 1 [0051.229] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1 [0051.229] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1 [0051.229] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned 78 [0051.229] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.229] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates" [0051.229] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" [0051.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.230] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.230] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.230] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.230] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.230] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.230] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.230] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.230] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.230] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.230] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.230] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.230] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.230] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.230] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.230] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="My", cAlternateFileName="")) returned 1 [0051.230] lstrcmpiW (lpString1="My", lpString2="Windows") returned -1 [0051.230] lstrcmpiW (lpString1="My", lpString2="Program Files") returned -1 [0051.230] lstrcmpiW (lpString1="My", lpString2="Program Files (x86)") returned -1 [0051.230] lstrcmpiW (lpString1="My", lpString2="$Recycle.bin") returned 1 [0051.230] lstrcmpiW (lpString1="My", lpString2="System Volume Information") returned -1 [0051.230] lstrcmpiW (lpString1="My", lpString2=".") returned 1 [0051.230] lstrcmpiW (lpString1="My", lpString2="..") returned 1 [0051.230] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My") returned 81 [0051.230] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.230] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" [0051.230] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" [0051.230] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.231] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.231] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.231] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.231] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.231] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.231] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.231] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.231] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.231] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.231] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.231] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.231] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.231] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.231] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.231] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0051.231] lstrcmpiW (lpString1="Certificates", lpString2="Windows") returned -1 [0051.231] lstrcmpiW (lpString1="Certificates", lpString2="Program Files") returned -1 [0051.231] lstrcmpiW (lpString1="Certificates", lpString2="Program Files (x86)") returned -1 [0051.231] lstrcmpiW (lpString1="Certificates", lpString2="$Recycle.bin") returned 1 [0051.231] lstrcmpiW (lpString1="Certificates", lpString2="System Volume Information") returned -1 [0051.231] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1 [0051.231] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1 [0051.231] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates") returned 94 [0051.231] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.232] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" [0051.232] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" [0051.232] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.232] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.232] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.232] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.232] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.232] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.232] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.232] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.232] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.232] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.232] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.232] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.232] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.232] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.232] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.232] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.232] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.232] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\LOLKEK.txt") returned 105 [0051.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.233] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.233] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.234] CloseHandle (hObject=0x210) returned 1 [0051.234] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.234] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CRLs", cAlternateFileName="")) returned 1 [0051.234] lstrcmpiW (lpString1="CRLs", lpString2="Windows") returned -1 [0051.234] lstrcmpiW (lpString1="CRLs", lpString2="Program Files") returned -1 [0051.234] lstrcmpiW (lpString1="CRLs", lpString2="Program Files (x86)") returned -1 [0051.234] lstrcmpiW (lpString1="CRLs", lpString2="$Recycle.bin") returned 1 [0051.234] lstrcmpiW (lpString1="CRLs", lpString2="System Volume Information") returned -1 [0051.234] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1 [0051.234] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1 [0051.234] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs") returned 86 [0051.234] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.234] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" [0051.234] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" [0051.234] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.234] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.234] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.234] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.234] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.234] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.234] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.234] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.234] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.234] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.234] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.234] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.234] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.234] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.234] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.235] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.235] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.235] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\LOLKEK.txt") returned 97 [0051.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.235] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.235] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.236] CloseHandle (hObject=0x210) returned 1 [0051.236] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.236] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CTLs", cAlternateFileName="")) returned 1 [0051.236] lstrcmpiW (lpString1="CTLs", lpString2="Windows") returned -1 [0051.236] lstrcmpiW (lpString1="CTLs", lpString2="Program Files") returned -1 [0051.236] lstrcmpiW (lpString1="CTLs", lpString2="Program Files (x86)") returned -1 [0051.236] lstrcmpiW (lpString1="CTLs", lpString2="$Recycle.bin") returned 1 [0051.236] lstrcmpiW (lpString1="CTLs", lpString2="System Volume Information") returned -1 [0051.236] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1 [0051.236] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1 [0051.236] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs") returned 86 [0051.236] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.236] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" [0051.236] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" [0051.236] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.236] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.236] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.236] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.236] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.236] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.236] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.236] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.236] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.236] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.236] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.236] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.236] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.236] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.237] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.237] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.237] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.237] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\LOLKEK.txt") returned 97 [0051.237] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0051.237] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.237] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.238] CloseHandle (hObject=0x210) returned 1 [0051.238] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.238] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CTLs", cAlternateFileName="")) returned 0 [0051.238] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.238] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\LOLKEK.txt") returned 92 [0051.238] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.238] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.238] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.239] CloseHandle (hObject=0x280) returned 1 [0051.239] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.239] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="My", cAlternateFileName="")) returned 0 [0051.239] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.239] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\LOLKEK.txt") returned 89 [0051.239] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0051.239] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.239] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.240] CloseHandle (hObject=0x1e0) returned 1 [0051.240] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.240] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0051.240] lstrcmpiW (lpString1="Templates", lpString2="Windows") returned -1 [0051.240] lstrcmpiW (lpString1="Templates", lpString2="Program Files") returned 1 [0051.240] lstrcmpiW (lpString1="Templates", lpString2="Program Files (x86)") returned 1 [0051.240] lstrcmpiW (lpString1="Templates", lpString2="$Recycle.bin") returned 1 [0051.240] lstrcmpiW (lpString1="Templates", lpString2="System Volume Information") returned 1 [0051.240] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0051.240] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0051.240] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates") returned 69 [0051.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.240] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates" [0051.240] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*" [0051.240] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.246] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.246] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.246] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.246] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.246] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.246] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.246] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.246] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.246] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.246] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.246] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.246] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.246] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.246] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.246] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0051.246] lstrcmpiW (lpString1="Normal.dotm", lpString2="Windows") returned -1 [0051.247] lstrcmpiW (lpString1="Normal.dotm", lpString2="Program Files") returned -1 [0051.247] lstrcmpiW (lpString1="Normal.dotm", lpString2="Program Files (x86)") returned -1 [0051.247] lstrcmpiW (lpString1="Normal.dotm", lpString2="$Recycle.bin") returned 1 [0051.247] lstrcmpiW (lpString1="Normal.dotm", lpString2="System Volume Information") returned -1 [0051.247] lstrcmpiW (lpString1="Normal.dotm", lpString2=".") returned 1 [0051.247] lstrcmpiW (lpString1="Normal.dotm", lpString2="..") returned 1 [0051.247] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm") returned 81 [0051.247] StrStrIW (lpFirst="Normal.dotm", lpSrch=".lolkek") returned 0x0 [0051.247] lstrcmpW (lpString1="Normal.dotm", lpString2="LOLKEK.txt") returned 1 [0051.247] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm") returned 81 [0051.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cadd20 [0051.247] lstrcpyW (in: lpString1=0x3cadd20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" [0051.247] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.247] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.247] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 0 [0051.247] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.247] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\LOLKEK.txt") returned 80 [0051.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0051.248] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.248] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.248] CloseHandle (hObject=0x25c) returned 1 [0051.249] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.249] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UProof", cAlternateFileName="")) returned 1 [0051.249] lstrcmpiW (lpString1="UProof", lpString2="Windows") returned -1 [0051.249] lstrcmpiW (lpString1="UProof", lpString2="Program Files") returned 1 [0051.249] lstrcmpiW (lpString1="UProof", lpString2="Program Files (x86)") returned 1 [0051.249] lstrcmpiW (lpString1="UProof", lpString2="$Recycle.bin") returned 1 [0051.249] lstrcmpiW (lpString1="UProof", lpString2="System Volume Information") returned 1 [0051.249] lstrcmpiW (lpString1="UProof", lpString2=".") returned 1 [0051.249] lstrcmpiW (lpString1="UProof", lpString2="..") returned 1 [0051.249] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof") returned 66 [0051.249] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.249] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof" [0051.249] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*" [0051.249] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.250] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.250] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.250] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.250] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.250] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.250] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.250] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.250] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.250] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.250] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.250] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.250] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.250] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.250] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.250] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0051.250] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="Windows") returned -1 [0051.250] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="Program Files") returned -1 [0051.250] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="Program Files (x86)") returned -1 [0051.250] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="$Recycle.bin") returned 1 [0051.250] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="System Volume Information") returned -1 [0051.250] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2=".") returned 1 [0051.250] lstrcmpiW (lpString1="CUSTOM.DIC", lpString2="..") returned 1 [0051.250] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC") returned 77 [0051.250] StrStrIW (lpFirst="CUSTOM.DIC", lpSrch=".lolkek") returned 0x0 [0051.250] lstrcmpW (lpString1="CUSTOM.DIC", lpString2="LOLKEK.txt") returned -1 [0051.250] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC") returned 77 [0051.250] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x617148 [0051.250] lstrcpyW (in: lpString1=0x617148, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" [0051.250] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.250] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.250] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 0 [0051.250] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.250] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\LOLKEK.txt") returned 77 [0051.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0051.251] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.251] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.252] CloseHandle (hObject=0x25c) returned 1 [0051.252] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.252] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0051.252] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0051.252] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Word", cAlternateFileName="")) returned 1 [0051.252] lstrcmpiW (lpString1="Word", lpString2="Windows") returned 1 [0051.252] lstrcmpiW (lpString1="Word", lpString2="Program Files") returned 1 [0051.252] lstrcmpiW (lpString1="Word", lpString2="Program Files (x86)") returned 1 [0051.252] lstrcmpiW (lpString1="Word", lpString2="$Recycle.bin") returned 1 [0051.252] lstrcmpiW (lpString1="Word", lpString2="System Volume Information") returned 1 [0051.252] lstrcmpiW (lpString1="Word", lpString2=".") returned 1 [0051.252] lstrcmpiW (lpString1="Word", lpString2="..") returned 1 [0051.252] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word") returned 64 [0051.252] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.252] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word" [0051.252] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*" [0051.252] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.253] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.253] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.253] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.253] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.253] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.253] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.253] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.253] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.253] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.253] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.254] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.254] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.254] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.254] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.254] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0051.254] lstrcmpiW (lpString1="STARTUP", lpString2="Windows") returned -1 [0051.254] lstrcmpiW (lpString1="STARTUP", lpString2="Program Files") returned 1 [0051.254] lstrcmpiW (lpString1="STARTUP", lpString2="Program Files (x86)") returned 1 [0051.254] lstrcmpiW (lpString1="STARTUP", lpString2="$Recycle.bin") returned 1 [0051.254] lstrcmpiW (lpString1="STARTUP", lpString2="System Volume Information") returned -1 [0051.254] lstrcmpiW (lpString1="STARTUP", lpString2=".") returned 1 [0051.254] lstrcmpiW (lpString1="STARTUP", lpString2="..") returned 1 [0051.254] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP") returned 72 [0051.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.254] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP" [0051.254] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*" [0051.254] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.255] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.255] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.255] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.255] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.255] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.255] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.255] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.255] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.255] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.255] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.255] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.255] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.256] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.256] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.256] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.256] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.256] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\LOLKEK.txt") returned 83 [0051.256] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.256] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.256] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.257] CloseHandle (hObject=0x1b4) returned 1 [0051.257] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.257] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="STARTUP", cAlternateFileName="")) returned 0 [0051.257] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.257] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\LOLKEK.txt") returned 75 [0051.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0051.257] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.257] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.258] CloseHandle (hObject=0x2bc) returned 1 [0051.258] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.258] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Word", cAlternateFileName="")) returned 0 [0051.258] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0051.258] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\LOLKEK.txt") returned 70 [0051.258] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0051.259] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.259] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0051.259] CloseHandle (hObject=0x290) returned 1 [0051.259] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0051.260] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0051.260] lstrcmpiW (lpString1="Mozilla", lpString2="Windows") returned -1 [0051.260] lstrcmpiW (lpString1="Mozilla", lpString2="Program Files") returned -1 [0051.260] lstrcmpiW (lpString1="Mozilla", lpString2="Program Files (x86)") returned -1 [0051.260] lstrcmpiW (lpString1="Mozilla", lpString2="$Recycle.bin") returned 1 [0051.260] lstrcmpiW (lpString1="Mozilla", lpString2="System Volume Information") returned -1 [0051.260] lstrcmpiW (lpString1="Mozilla", lpString2=".") returned 1 [0051.260] lstrcmpiW (lpString1="Mozilla", lpString2="..") returned 1 [0051.260] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla") returned 57 [0051.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0051.260] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla" [0051.260] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*" [0051.260] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e1d8 [0051.260] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.260] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.260] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.260] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.260] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.260] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.260] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.260] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.260] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.261] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.261] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.261] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.261] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.261] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.261] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0051.261] lstrcmpiW (lpString1="Extensions", lpString2="Windows") returned -1 [0051.261] lstrcmpiW (lpString1="Extensions", lpString2="Program Files") returned -1 [0051.261] lstrcmpiW (lpString1="Extensions", lpString2="Program Files (x86)") returned -1 [0051.261] lstrcmpiW (lpString1="Extensions", lpString2="$Recycle.bin") returned 1 [0051.261] lstrcmpiW (lpString1="Extensions", lpString2="System Volume Information") returned -1 [0051.261] lstrcmpiW (lpString1="Extensions", lpString2=".") returned 1 [0051.261] lstrcmpiW (lpString1="Extensions", lpString2="..") returned 1 [0051.261] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions") returned 68 [0051.261] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.261] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions" [0051.261] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*" [0051.261] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.262] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.262] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.262] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.262] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.262] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.262] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.262] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.262] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.262] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.262] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.262] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.262] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.262] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.262] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.263] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.263] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.263] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\LOLKEK.txt") returned 79 [0051.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0051.263] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.263] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.264] CloseHandle (hObject=0x2bc) returned 1 [0051.264] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.265] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Firefox", cAlternateFileName="")) returned 1 [0051.266] lstrcmpiW (lpString1="Firefox", lpString2="Windows") returned -1 [0051.266] lstrcmpiW (lpString1="Firefox", lpString2="Program Files") returned -1 [0051.266] lstrcmpiW (lpString1="Firefox", lpString2="Program Files (x86)") returned -1 [0051.266] lstrcmpiW (lpString1="Firefox", lpString2="$Recycle.bin") returned 1 [0051.266] lstrcmpiW (lpString1="Firefox", lpString2="System Volume Information") returned -1 [0051.266] lstrcmpiW (lpString1="Firefox", lpString2=".") returned 1 [0051.266] lstrcmpiW (lpString1="Firefox", lpString2="..") returned 1 [0051.266] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox") returned 65 [0051.266] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0051.266] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox" [0051.266] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*" [0051.266] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e218 [0051.268] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.268] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.268] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.268] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.268] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.268] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.268] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.268] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.268] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.268] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.268] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.268] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.268] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.268] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.268] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0051.268] lstrcmpiW (lpString1="Crash Reports", lpString2="Windows") returned -1 [0051.268] lstrcmpiW (lpString1="Crash Reports", lpString2="Program Files") returned -1 [0051.268] lstrcmpiW (lpString1="Crash Reports", lpString2="Program Files (x86)") returned -1 [0051.268] lstrcmpiW (lpString1="Crash Reports", lpString2="$Recycle.bin") returned 1 [0051.268] lstrcmpiW (lpString1="Crash Reports", lpString2="System Volume Information") returned -1 [0051.268] lstrcmpiW (lpString1="Crash Reports", lpString2=".") returned 1 [0051.268] lstrcmpiW (lpString1="Crash Reports", lpString2="..") returned 1 [0051.268] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 79 [0051.268] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.268] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0051.268] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*" [0051.268] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.269] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.269] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.269] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.269] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.269] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.269] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.269] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.269] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.269] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.269] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.269] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.269] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.269] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.269] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.269] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 1 [0051.269] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="Windows") returned -1 [0051.269] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="Program Files") returned -1 [0051.269] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="Program Files (x86)") returned -1 [0051.269] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="$Recycle.bin") returned 1 [0051.269] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="System Volume Information") returned -1 [0051.269] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2=".") returned 1 [0051.269] lstrcmpiW (lpString1="InstallTime20131025151332", lpString2="..") returned 1 [0051.269] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332") returned 105 [0051.269] StrStrIW (lpFirst="InstallTime20131025151332", lpSrch=".lolkek") returned 0x0 [0051.269] lstrcmpW (lpString1="InstallTime20131025151332", lpString2="LOLKEK.txt") returned -1 [0051.269] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332") returned 105 [0051.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x6987c8 [0051.269] lstrcpyW (in: lpString1=0x6987c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" [0051.269] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.269] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.269] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 0 [0051.269] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.269] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LOLKEK.txt") returned 90 [0051.270] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.270] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.270] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.271] CloseHandle (hObject=0x224) returned 1 [0051.271] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.271] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 1 [0051.271] lstrcmpiW (lpString1="Profiles", lpString2="Windows") returned -1 [0051.271] lstrcmpiW (lpString1="Profiles", lpString2="Program Files") returned -1 [0051.271] lstrcmpiW (lpString1="Profiles", lpString2="Program Files (x86)") returned -1 [0051.271] lstrcmpiW (lpString1="Profiles", lpString2="$Recycle.bin") returned 1 [0051.271] lstrcmpiW (lpString1="Profiles", lpString2="System Volume Information") returned -1 [0051.271] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0051.271] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0051.271] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 74 [0051.271] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.271] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0051.271] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*" [0051.271] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.272] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.272] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.272] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.272] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.272] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.272] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.272] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.272] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.272] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.272] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.272] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.272] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.272] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.272] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.272] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0051.272] lstrcmpiW (lpString1="silmbjec.default", lpString2="Windows") returned -1 [0051.272] lstrcmpiW (lpString1="silmbjec.default", lpString2="Program Files") returned 1 [0051.272] lstrcmpiW (lpString1="silmbjec.default", lpString2="Program Files (x86)") returned 1 [0051.272] lstrcmpiW (lpString1="silmbjec.default", lpString2="$Recycle.bin") returned 1 [0051.272] lstrcmpiW (lpString1="silmbjec.default", lpString2="System Volume Information") returned -1 [0051.272] lstrcmpiW (lpString1="silmbjec.default", lpString2=".") returned 1 [0051.272] lstrcmpiW (lpString1="silmbjec.default", lpString2="..") returned 1 [0051.272] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 91 [0051.272] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.273] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0051.273] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*" [0051.273] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.274] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.274] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.274] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.274] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.274] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.274] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.274] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.276] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.276] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.276] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.276] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.276] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.277] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.277] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.277] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0051.277] lstrcmpiW (lpString1="addons.json", lpString2="Windows") returned -1 [0051.277] lstrcmpiW (lpString1="addons.json", lpString2="Program Files") returned -1 [0051.277] lstrcmpiW (lpString1="addons.json", lpString2="Program Files (x86)") returned -1 [0051.277] lstrcmpiW (lpString1="addons.json", lpString2="$Recycle.bin") returned 1 [0051.277] lstrcmpiW (lpString1="addons.json", lpString2="System Volume Information") returned -1 [0051.277] lstrcmpiW (lpString1="addons.json", lpString2=".") returned 1 [0051.277] lstrcmpiW (lpString1="addons.json", lpString2="..") returned 1 [0051.277] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned 103 [0051.277] StrStrIW (lpFirst="addons.json", lpSrch=".lolkek") returned 0x0 [0051.277] lstrcmpW (lpString1="addons.json", lpString2="LOLKEK.txt") returned -1 [0051.277] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned 103 [0051.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x698978 [0051.277] lstrcpyW (in: lpString1=0x698978, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" [0051.277] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.277] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.277] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0051.277] lstrcmpiW (lpString1="bookmarkbackups", lpString2="Windows") returned -1 [0051.277] lstrcmpiW (lpString1="bookmarkbackups", lpString2="Program Files") returned -1 [0051.277] lstrcmpiW (lpString1="bookmarkbackups", lpString2="Program Files (x86)") returned -1 [0051.277] lstrcmpiW (lpString1="bookmarkbackups", lpString2="$Recycle.bin") returned 1 [0051.277] lstrcmpiW (lpString1="bookmarkbackups", lpString2="System Volume Information") returned -1 [0051.277] lstrcmpiW (lpString1="bookmarkbackups", lpString2=".") returned 1 [0051.277] lstrcmpiW (lpString1="bookmarkbackups", lpString2="..") returned 1 [0051.277] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 107 [0051.277] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.277] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0051.277] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*" [0051.277] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.280] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.280] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.280] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.280] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.281] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.281] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.281] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.281] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.281] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.281] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.281] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.281] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.281] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.281] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.281] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="Windows") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="Program Files") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="Program Files (x86)") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="$Recycle.bin") returned 1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="System Volume Information") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2=".") returned 1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-05_5.json", lpString2="..") returned 1 [0051.281] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned 135 [0051.281] StrStrIW (lpFirst="bookmarks-2017-06-05_5.json", lpSrch=".lolkek") returned 0x0 [0051.281] lstrcmpW (lpString1="bookmarks-2017-06-05_5.json", lpString2="LOLKEK.txt") returned -1 [0051.281] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned 135 [0051.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c7aa8 [0051.281] lstrcpyW (in: lpString1=0x5c7aa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" [0051.281] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.281] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.281] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="Windows") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="Program Files") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="Program Files (x86)") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="$Recycle.bin") returned 1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="System Volume Information") returned -1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2=".") returned 1 [0051.281] lstrcmpiW (lpString1="bookmarks-2017-06-16_5.json", lpString2="..") returned 1 [0051.281] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned 135 [0051.281] StrStrIW (lpFirst="bookmarks-2017-06-16_5.json", lpSrch=".lolkek") returned 0x0 [0051.281] lstrcmpW (lpString1="bookmarks-2017-06-16_5.json", lpString2="LOLKEK.txt") returned -1 [0051.282] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned 135 [0051.282] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x220) returned 0x5c7880 [0051.282] lstrcpyW (in: lpString1=0x5c7880, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" [0051.282] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.282] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.282] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 0 [0051.282] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.282] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\LOLKEK.txt") returned 118 [0051.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0051.283] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.283] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.284] CloseHandle (hObject=0x1ec) returned 1 [0051.285] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.285] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0051.285] lstrcmpiW (lpString1="cert8.db", lpString2="Windows") returned -1 [0051.286] lstrcmpiW (lpString1="cert8.db", lpString2="Program Files") returned -1 [0051.286] lstrcmpiW (lpString1="cert8.db", lpString2="Program Files (x86)") returned -1 [0051.286] lstrcmpiW (lpString1="cert8.db", lpString2="$Recycle.bin") returned 1 [0051.286] lstrcmpiW (lpString1="cert8.db", lpString2="System Volume Information") returned -1 [0051.286] lstrcmpiW (lpString1="cert8.db", lpString2=".") returned 1 [0051.286] lstrcmpiW (lpString1="cert8.db", lpString2="..") returned 1 [0051.286] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned 100 [0051.286] StrStrIW (lpFirst="cert8.db", lpSrch=".lolkek") returned 0x0 [0051.286] lstrcmpW (lpString1="cert8.db", lpString2="LOLKEK.txt") returned -1 [0051.286] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned 100 [0051.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3dd7b20 [0051.286] lstrcpyW (in: lpString1=0x3dd7b20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" [0051.286] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.286] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.286] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0051.286] lstrcmpiW (lpString1="compatibility.ini", lpString2="Windows") returned -1 [0051.286] lstrcmpiW (lpString1="compatibility.ini", lpString2="Program Files") returned -1 [0051.286] lstrcmpiW (lpString1="compatibility.ini", lpString2="Program Files (x86)") returned -1 [0051.286] lstrcmpiW (lpString1="compatibility.ini", lpString2="$Recycle.bin") returned 1 [0051.286] lstrcmpiW (lpString1="compatibility.ini", lpString2="System Volume Information") returned -1 [0051.286] lstrcmpiW (lpString1="compatibility.ini", lpString2=".") returned 1 [0051.286] lstrcmpiW (lpString1="compatibility.ini", lpString2="..") returned 1 [0051.286] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned 109 [0051.286] StrStrIW (lpFirst="compatibility.ini", lpSrch=".lolkek") returned 0x0 [0051.286] lstrcmpW (lpString1="compatibility.ini", lpString2="LOLKEK.txt") returned -1 [0051.286] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned 109 [0051.286] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x60f448 [0051.286] lstrcpyW (in: lpString1=0x60f448, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" [0051.286] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.286] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.286] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0051.286] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="Windows") returned -1 [0051.286] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="Program Files") returned -1 [0051.286] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="Program Files (x86)") returned -1 [0051.286] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="$Recycle.bin") returned 1 [0051.286] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="System Volume Information") returned -1 [0051.286] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2=".") returned 1 [0051.287] lstrcmpiW (lpString1="content-prefs.sqlite", lpString2="..") returned 1 [0051.287] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned 112 [0051.287] StrStrIW (lpFirst="content-prefs.sqlite", lpSrch=".lolkek") returned 0x0 [0051.287] lstrcmpW (lpString1="content-prefs.sqlite", lpString2="LOLKEK.txt") returned -1 [0051.287] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned 112 [0051.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c4) returned 0x3e36530 [0051.287] lstrcpyW (in: lpString1=0x3e36530, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" [0051.287] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.287] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.287] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0051.287] lstrcmpiW (lpString1="cookies.sqlite", lpString2="Windows") returned -1 [0051.287] lstrcmpiW (lpString1="cookies.sqlite", lpString2="Program Files") returned -1 [0051.287] lstrcmpiW (lpString1="cookies.sqlite", lpString2="Program Files (x86)") returned -1 [0051.287] lstrcmpiW (lpString1="cookies.sqlite", lpString2="$Recycle.bin") returned 1 [0051.287] lstrcmpiW (lpString1="cookies.sqlite", lpString2="System Volume Information") returned -1 [0051.287] lstrcmpiW (lpString1="cookies.sqlite", lpString2=".") returned 1 [0051.287] lstrcmpiW (lpString1="cookies.sqlite", lpString2="..") returned 1 [0051.287] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned 106 [0051.287] StrStrIW (lpFirst="cookies.sqlite", lpSrch=".lolkek") returned 0x0 [0051.287] lstrcmpW (lpString1="cookies.sqlite", lpString2="LOLKEK.txt") returned -1 [0051.287] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned 106 [0051.287] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3ddaa68 [0051.287] lstrcpyW (in: lpString1=0x3ddaa68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" [0051.287] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.287] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.287] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0051.287] lstrcmpiW (lpString1="downloads.sqlite", lpString2="Windows") returned -1 [0051.287] lstrcmpiW (lpString1="downloads.sqlite", lpString2="Program Files") returned -1 [0051.287] lstrcmpiW (lpString1="downloads.sqlite", lpString2="Program Files (x86)") returned -1 [0051.287] lstrcmpiW (lpString1="downloads.sqlite", lpString2="$Recycle.bin") returned 1 [0051.287] lstrcmpiW (lpString1="downloads.sqlite", lpString2="System Volume Information") returned -1 [0051.287] lstrcmpiW (lpString1="downloads.sqlite", lpString2=".") returned 1 [0051.287] lstrcmpiW (lpString1="downloads.sqlite", lpString2="..") returned 1 [0051.287] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned 108 [0051.287] StrStrIW (lpFirst="downloads.sqlite", lpSrch=".lolkek") returned 0x0 [0051.287] lstrcmpW (lpString1="downloads.sqlite", lpString2="LOLKEK.txt") returned -1 [0051.288] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned 108 [0051.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60f610 [0051.288] lstrcpyW (in: lpString1=0x60f610, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" [0051.288] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.288] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.288] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0051.288] lstrcmpiW (lpString1="extensions.ini", lpString2="Windows") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.ini", lpString2="Program Files") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.ini", lpString2="Program Files (x86)") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.ini", lpString2="$Recycle.bin") returned 1 [0051.288] lstrcmpiW (lpString1="extensions.ini", lpString2="System Volume Information") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.ini", lpString2=".") returned 1 [0051.288] lstrcmpiW (lpString1="extensions.ini", lpString2="..") returned 1 [0051.288] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned 106 [0051.288] StrStrIW (lpFirst="extensions.ini", lpSrch=".lolkek") returned 0x0 [0051.288] lstrcmpW (lpString1="extensions.ini", lpString2="LOLKEK.txt") returned -1 [0051.288] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned 106 [0051.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3ca5bb8 [0051.288] lstrcpyW (in: lpString1=0x3ca5bb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" [0051.288] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.288] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.288] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0051.288] lstrcmpiW (lpString1="extensions.sqlite", lpString2="Windows") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.sqlite", lpString2="Program Files") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.sqlite", lpString2="Program Files (x86)") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.sqlite", lpString2="$Recycle.bin") returned 1 [0051.288] lstrcmpiW (lpString1="extensions.sqlite", lpString2="System Volume Information") returned -1 [0051.288] lstrcmpiW (lpString1="extensions.sqlite", lpString2=".") returned 1 [0051.288] lstrcmpiW (lpString1="extensions.sqlite", lpString2="..") returned 1 [0051.288] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned 109 [0051.288] StrStrIW (lpFirst="extensions.sqlite", lpSrch=".lolkek") returned 0x0 [0051.288] lstrcmpW (lpString1="extensions.sqlite", lpString2="LOLKEK.txt") returned -1 [0051.288] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned 109 [0051.288] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x60f7d8 [0051.288] lstrcpyW (in: lpString1=0x60f7d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" [0051.288] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.289] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.289] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0051.289] lstrcmpiW (lpString1="indexedDB", lpString2="Windows") returned -1 [0051.289] lstrcmpiW (lpString1="indexedDB", lpString2="Program Files") returned -1 [0051.289] lstrcmpiW (lpString1="indexedDB", lpString2="Program Files (x86)") returned -1 [0051.289] lstrcmpiW (lpString1="indexedDB", lpString2="$Recycle.bin") returned 1 [0051.289] lstrcmpiW (lpString1="indexedDB", lpString2="System Volume Information") returned -1 [0051.289] lstrcmpiW (lpString1="indexedDB", lpString2=".") returned 1 [0051.289] lstrcmpiW (lpString1="indexedDB", lpString2="..") returned 1 [0051.289] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 101 [0051.289] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.289] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0051.289] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*" [0051.289] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.290] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.290] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.290] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.290] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.290] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.290] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.290] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.290] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.290] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.290] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.290] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.290] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.290] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.290] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.290] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0051.290] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="Windows") returned -1 [0051.290] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="Program Files") returned -1 [0051.290] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="Program Files (x86)") returned -1 [0051.290] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="$Recycle.bin") returned 1 [0051.290] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="System Volume Information") returned -1 [0051.290] lstrcmpiW (lpString1="moz-safe-about+home", lpString2=".") returned 1 [0051.290] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="..") returned 1 [0051.290] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 121 [0051.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.290] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0051.290] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*" [0051.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0051.291] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.291] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.291] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.291] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.291] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.291] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.291] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.291] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.291] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.291] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.291] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.291] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.291] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.291] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.291] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0051.291] lstrcmpiW (lpString1=".metadata", lpString2="Windows") returned -1 [0051.291] lstrcmpiW (lpString1=".metadata", lpString2="Program Files") returned -1 [0051.291] lstrcmpiW (lpString1=".metadata", lpString2="Program Files (x86)") returned -1 [0051.291] lstrcmpiW (lpString1=".metadata", lpString2="$Recycle.bin") returned 1 [0051.291] lstrcmpiW (lpString1=".metadata", lpString2="System Volume Information") returned -1 [0051.291] lstrcmpiW (lpString1=".metadata", lpString2=".") returned 1 [0051.291] lstrcmpiW (lpString1=".metadata", lpString2="..") returned 1 [0051.291] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned 131 [0051.291] StrStrIW (lpFirst=".metadata", lpSrch=".lolkek") returned 0x0 [0051.291] lstrcmpW (lpString1=".metadata", lpString2="LOLKEK.txt") returned -1 [0051.291] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned 131 [0051.291] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x210) returned 0x3be01f8 [0051.291] lstrcpyW (in: lpString1=0x3be01f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" [0051.291] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.291] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.291] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="idb", cAlternateFileName="")) returned 1 [0051.291] lstrcmpiW (lpString1="idb", lpString2="Windows") returned -1 [0051.291] lstrcmpiW (lpString1="idb", lpString2="Program Files") returned -1 [0051.291] lstrcmpiW (lpString1="idb", lpString2="Program Files (x86)") returned -1 [0051.292] lstrcmpiW (lpString1="idb", lpString2="$Recycle.bin") returned 1 [0051.292] lstrcmpiW (lpString1="idb", lpString2="System Volume Information") returned -1 [0051.292] lstrcmpiW (lpString1="idb", lpString2=".") returned 1 [0051.292] lstrcmpiW (lpString1="idb", lpString2="..") returned 1 [0051.292] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 125 [0051.292] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.292] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0051.292] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*" [0051.292] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0051.294] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.294] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.294] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.294] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.294] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.294] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.294] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.294] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.294] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.294] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.294] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.294] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.294] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.294] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.294] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0051.294] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="Windows") returned -1 [0051.294] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="Program Files") returned -1 [0051.294] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="Program Files (x86)") returned -1 [0051.294] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="$Recycle.bin") returned 1 [0051.294] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="System Volume Information") returned -1 [0051.294] lstrcmpiW (lpString1="818200132aebmoouht", lpString2=".") returned 1 [0051.294] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="..") returned 1 [0051.294] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 144 [0051.294] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.295] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0051.295] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*" [0051.295] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dd58 [0051.295] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.295] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.295] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.295] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.295] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.295] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.295] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.295] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.296] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.296] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.296] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.296] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.296] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.296] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.296] FindNextFileW (in: hFindFile=0x62dd58, lpFindFileData=0x363da8c | out: lpFindFileData=0x363da8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.296] FindClose (in: hFindFile=0x62dd58 | out: hFindFile=0x62dd58) returned 1 [0051.296] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\LOLKEK.txt") returned 155 [0051.296] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0051.296] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.297] WriteFile (in: hFile=0x1b4, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363da84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363da84*=0x10, lpOverlapped=0x0) returned 1 [0051.297] CloseHandle (hObject=0x1b4) returned 1 [0051.297] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.297] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0051.297] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="Windows") returned -1 [0051.297] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="Program Files") returned -1 [0051.297] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="Program Files (x86)") returned -1 [0051.297] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="$Recycle.bin") returned 1 [0051.297] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="System Volume Information") returned -1 [0051.297] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2=".") returned 1 [0051.297] lstrcmpiW (lpString1="818200132aebmoouht.sqlite", lpString2="..") returned 1 [0051.297] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned 151 [0051.297] StrStrIW (lpFirst="818200132aebmoouht.sqlite", lpSrch=".lolkek") returned 0x0 [0051.298] lstrcmpW (lpString1="818200132aebmoouht.sqlite", lpString2="LOLKEK.txt") returned -1 [0051.298] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned 151 [0051.298] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x260) returned 0x3ec1780 [0051.298] lstrcpyW (in: lpString1=0x3ec1780, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" [0051.298] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.340] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.340] FindNextFileW (in: hFindFile=0x62e098, lpFindFileData=0x363dd0c | out: lpFindFileData=0x363dd0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 0 [0051.340] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0051.340] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\LOLKEK.txt") returned 136 [0051.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0051.341] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.341] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363dd04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363dd04*=0x10, lpOverlapped=0x0) returned 1 [0051.342] CloseHandle (hObject=0x27c) returned 1 [0051.342] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.342] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363df8c | out: lpFindFileData=0x363df8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="idb", cAlternateFileName="")) returned 0 [0051.342] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0051.342] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\LOLKEK.txt") returned 132 [0051.342] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0051.342] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.342] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363df84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363df84*=0x10, lpOverlapped=0x0) returned 1 [0051.343] CloseHandle (hObject=0x270) returned 1 [0051.343] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.343] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 0 [0051.343] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.343] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\LOLKEK.txt") returned 112 [0051.343] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0051.343] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.343] WriteFile (in: hFile=0x1ec, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.344] CloseHandle (hObject=0x1ec) returned 1 [0051.344] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.344] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="key3.db", cAlternateFileName="")) returned 1 [0051.344] lstrcmpiW (lpString1="key3.db", lpString2="Windows") returned -1 [0051.344] lstrcmpiW (lpString1="key3.db", lpString2="Program Files") returned -1 [0051.344] lstrcmpiW (lpString1="key3.db", lpString2="Program Files (x86)") returned -1 [0051.344] lstrcmpiW (lpString1="key3.db", lpString2="$Recycle.bin") returned 1 [0051.344] lstrcmpiW (lpString1="key3.db", lpString2="System Volume Information") returned -1 [0051.344] lstrcmpiW (lpString1="key3.db", lpString2=".") returned 1 [0051.344] lstrcmpiW (lpString1="key3.db", lpString2="..") returned 1 [0051.344] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned 99 [0051.344] StrStrIW (lpFirst="key3.db", lpSrch=".lolkek") returned 0x0 [0051.344] lstrcmpW (lpString1="key3.db", lpString2="LOLKEK.txt") returned -1 [0051.344] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned 99 [0051.344] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x3be0410 [0051.344] lstrcpyW (in: lpString1=0x3be0410, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" [0051.344] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.347] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.347] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0051.348] lstrcmpiW (lpString1="localstore.rdf", lpString2="Windows") returned -1 [0051.348] lstrcmpiW (lpString1="localstore.rdf", lpString2="Program Files") returned -1 [0051.348] lstrcmpiW (lpString1="localstore.rdf", lpString2="Program Files (x86)") returned -1 [0051.348] lstrcmpiW (lpString1="localstore.rdf", lpString2="$Recycle.bin") returned 1 [0051.348] lstrcmpiW (lpString1="localstore.rdf", lpString2="System Volume Information") returned -1 [0051.348] lstrcmpiW (lpString1="localstore.rdf", lpString2=".") returned 1 [0051.348] lstrcmpiW (lpString1="localstore.rdf", lpString2="..") returned 1 [0051.348] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned 106 [0051.348] StrStrIW (lpFirst="localstore.rdf", lpSrch=".lolkek") returned 0x0 [0051.348] lstrcmpW (lpString1="localstore.rdf", lpString2="LOLKEK.txt") returned -1 [0051.348] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned 106 [0051.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3dde258 [0051.348] lstrcpyW (in: lpString1=0x3dde258, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" [0051.348] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.349] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.349] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0051.349] lstrcmpiW (lpString1="marionette.log", lpString2="Windows") returned -1 [0051.349] lstrcmpiW (lpString1="marionette.log", lpString2="Program Files") returned -1 [0051.349] lstrcmpiW (lpString1="marionette.log", lpString2="Program Files (x86)") returned -1 [0051.349] lstrcmpiW (lpString1="marionette.log", lpString2="$Recycle.bin") returned 1 [0051.349] lstrcmpiW (lpString1="marionette.log", lpString2="System Volume Information") returned -1 [0051.349] lstrcmpiW (lpString1="marionette.log", lpString2=".") returned 1 [0051.349] lstrcmpiW (lpString1="marionette.log", lpString2="..") returned 1 [0051.349] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned 106 [0051.349] StrStrIW (lpFirst="marionette.log", lpSrch=".lolkek") returned 0x0 [0051.349] lstrcmpW (lpString1="marionette.log", lpString2="LOLKEK.txt") returned 1 [0051.349] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned 106 [0051.349] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3be05a8 [0051.349] lstrcpyW (in: lpString1=0x3be05a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" [0051.349] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.350] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.350] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0051.350] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="Windows") returned -1 [0051.350] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="Program Files") returned -1 [0051.350] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="Program Files (x86)") returned -1 [0051.350] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="$Recycle.bin") returned 1 [0051.350] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="System Volume Information") returned -1 [0051.350] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2=".") returned 1 [0051.350] lstrcmpiW (lpString1="mimeTypes.rdf", lpString2="..") returned 1 [0051.350] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned 105 [0051.350] StrStrIW (lpFirst="mimeTypes.rdf", lpSrch=".lolkek") returned 0x0 [0051.350] lstrcmpW (lpString1="mimeTypes.rdf", lpString2="LOLKEK.txt") returned 1 [0051.350] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned 105 [0051.350] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x3dde410 [0051.350] lstrcpyW (in: lpString1=0x3dde410, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" [0051.350] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.351] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.351] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0051.351] lstrcmpiW (lpString1="minidumps", lpString2="Windows") returned -1 [0051.351] lstrcmpiW (lpString1="minidumps", lpString2="Program Files") returned -1 [0051.351] lstrcmpiW (lpString1="minidumps", lpString2="Program Files (x86)") returned -1 [0051.351] lstrcmpiW (lpString1="minidumps", lpString2="$Recycle.bin") returned 1 [0051.351] lstrcmpiW (lpString1="minidumps", lpString2="System Volume Information") returned -1 [0051.351] lstrcmpiW (lpString1="minidumps", lpString2=".") returned 1 [0051.351] lstrcmpiW (lpString1="minidumps", lpString2="..") returned 1 [0051.351] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 101 [0051.351] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3db1dd0 [0051.351] lstrcpyW (in: lpString1=0x3db1dd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0051.351] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*" [0051.351] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.354] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.354] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.354] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.354] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.354] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.354] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.355] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.355] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.355] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.355] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.355] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.355] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.355] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.355] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.355] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0051.355] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.355] wsprintfW (in: param_1=0x3db1dd0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\LOLKEK.txt") returned 112 [0051.355] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.355] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.355] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.356] CloseHandle (hObject=0x280) returned 1 [0051.356] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3db1dd0 | out: hHeap=0x5a0000) returned 1 [0051.356] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0051.356] lstrcmpiW (lpString1="parent.lock", lpString2="Windows") returned -1 [0051.356] lstrcmpiW (lpString1="parent.lock", lpString2="Program Files") returned -1 [0051.357] lstrcmpiW (lpString1="parent.lock", lpString2="Program Files (x86)") returned -1 [0051.357] lstrcmpiW (lpString1="parent.lock", lpString2="$Recycle.bin") returned 1 [0051.357] lstrcmpiW (lpString1="parent.lock", lpString2="System Volume Information") returned -1 [0051.357] lstrcmpiW (lpString1="parent.lock", lpString2=".") returned 1 [0051.357] lstrcmpiW (lpString1="parent.lock", lpString2="..") returned 1 [0051.357] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned 103 [0051.357] StrStrIW (lpFirst="parent.lock", lpSrch=".lolkek") returned 0x0 [0051.357] lstrcmpW (lpString1="parent.lock", lpString2="LOLKEK.txt") returned 1 [0051.357] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned 103 [0051.357] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x3be08f0 [0051.357] lstrcpyW (in: lpString1=0x3be08f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" [0051.357] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.359] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.359] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0051.359] lstrcmpiW (lpString1="permissions.sqlite", lpString2="Windows") returned -1 [0051.359] lstrcmpiW (lpString1="permissions.sqlite", lpString2="Program Files") returned -1 [0051.359] lstrcmpiW (lpString1="permissions.sqlite", lpString2="Program Files (x86)") returned -1 [0051.359] lstrcmpiW (lpString1="permissions.sqlite", lpString2="$Recycle.bin") returned 1 [0051.359] lstrcmpiW (lpString1="permissions.sqlite", lpString2="System Volume Information") returned -1 [0051.359] lstrcmpiW (lpString1="permissions.sqlite", lpString2=".") returned 1 [0051.359] lstrcmpiW (lpString1="permissions.sqlite", lpString2="..") returned 1 [0051.359] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned 110 [0051.359] StrStrIW (lpFirst="permissions.sqlite", lpSrch=".lolkek") returned 0x0 [0051.359] lstrcmpW (lpString1="permissions.sqlite", lpString2="LOLKEK.txt") returned 1 [0051.359] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned 110 [0051.359] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x3be0a98 [0051.359] lstrcpyW (in: lpString1=0x3be0a98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" [0051.359] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.360] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.360] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0051.360] lstrcmpiW (lpString1="places.sqlite", lpString2="Windows") returned -1 [0051.360] lstrcmpiW (lpString1="places.sqlite", lpString2="Program Files") returned -1 [0051.360] lstrcmpiW (lpString1="places.sqlite", lpString2="Program Files (x86)") returned -1 [0051.360] lstrcmpiW (lpString1="places.sqlite", lpString2="$Recycle.bin") returned 1 [0051.360] lstrcmpiW (lpString1="places.sqlite", lpString2="System Volume Information") returned -1 [0051.360] lstrcmpiW (lpString1="places.sqlite", lpString2=".") returned 1 [0051.360] lstrcmpiW (lpString1="places.sqlite", lpString2="..") returned 1 [0051.360] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned 105 [0051.360] StrStrIW (lpFirst="places.sqlite", lpSrch=".lolkek") returned 0x0 [0051.360] lstrcmpW (lpString1="places.sqlite", lpString2="LOLKEK.txt") returned 1 [0051.360] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned 105 [0051.360] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x3dde5c0 [0051.360] lstrcpyW (in: lpString1=0x3dde5c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" [0051.360] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.361] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.361] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0051.361] lstrcmpiW (lpString1="pluginreg.dat", lpString2="Windows") returned -1 [0051.361] lstrcmpiW (lpString1="pluginreg.dat", lpString2="Program Files") returned -1 [0051.361] lstrcmpiW (lpString1="pluginreg.dat", lpString2="Program Files (x86)") returned -1 [0051.361] lstrcmpiW (lpString1="pluginreg.dat", lpString2="$Recycle.bin") returned 1 [0051.362] lstrcmpiW (lpString1="pluginreg.dat", lpString2="System Volume Information") returned -1 [0051.362] lstrcmpiW (lpString1="pluginreg.dat", lpString2=".") returned 1 [0051.362] lstrcmpiW (lpString1="pluginreg.dat", lpString2="..") returned 1 [0051.362] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned 105 [0051.362] StrStrIW (lpFirst="pluginreg.dat", lpSrch=".lolkek") returned 0x0 [0051.362] lstrcmpW (lpString1="pluginreg.dat", lpString2="LOLKEK.txt") returned 1 [0051.362] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned 105 [0051.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x3dde770 [0051.362] lstrcpyW (in: lpString1=0x3dde770, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" [0051.362] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.363] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.363] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0051.363] lstrcmpiW (lpString1="prefs.js", lpString2="Windows") returned -1 [0051.363] lstrcmpiW (lpString1="prefs.js", lpString2="Program Files") returned -1 [0051.363] lstrcmpiW (lpString1="prefs.js", lpString2="Program Files (x86)") returned -1 [0051.363] lstrcmpiW (lpString1="prefs.js", lpString2="$Recycle.bin") returned 1 [0051.363] lstrcmpiW (lpString1="prefs.js", lpString2="System Volume Information") returned -1 [0051.363] lstrcmpiW (lpString1="prefs.js", lpString2=".") returned 1 [0051.363] lstrcmpiW (lpString1="prefs.js", lpString2="..") returned 1 [0051.363] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned 100 [0051.363] StrStrIW (lpFirst="prefs.js", lpSrch=".lolkek") returned 0x0 [0051.363] lstrcmpW (lpString1="prefs.js", lpString2="LOLKEK.txt") returned 1 [0051.363] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned 100 [0051.363] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3dddd10 [0051.363] lstrcpyW (in: lpString1=0x3dddd10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" [0051.363] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.365] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.365] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0051.365] lstrcmpiW (lpString1="search.json", lpString2="Windows") returned -1 [0051.365] lstrcmpiW (lpString1="search.json", lpString2="Program Files") returned 1 [0051.365] lstrcmpiW (lpString1="search.json", lpString2="Program Files (x86)") returned 1 [0051.365] lstrcmpiW (lpString1="search.json", lpString2="$Recycle.bin") returned 1 [0051.365] lstrcmpiW (lpString1="search.json", lpString2="System Volume Information") returned -1 [0051.365] lstrcmpiW (lpString1="search.json", lpString2=".") returned 1 [0051.365] lstrcmpiW (lpString1="search.json", lpString2="..") returned 1 [0051.365] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned 103 [0051.365] StrStrIW (lpFirst="search.json", lpSrch=".lolkek") returned 0x0 [0051.366] lstrcmpW (lpString1="search.json", lpString2="LOLKEK.txt") returned 1 [0051.366] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned 103 [0051.366] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x3dde920 [0051.366] lstrcpyW (in: lpString1=0x3dde920, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" [0051.366] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.373] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.373] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0051.373] lstrcmpiW (lpString1="secmod.db", lpString2="Windows") returned -1 [0051.373] lstrcmpiW (lpString1="secmod.db", lpString2="Program Files") returned 1 [0051.373] lstrcmpiW (lpString1="secmod.db", lpString2="Program Files (x86)") returned 1 [0051.373] lstrcmpiW (lpString1="secmod.db", lpString2="$Recycle.bin") returned 1 [0051.373] lstrcmpiW (lpString1="secmod.db", lpString2="System Volume Information") returned -1 [0051.373] lstrcmpiW (lpString1="secmod.db", lpString2=".") returned 1 [0051.373] lstrcmpiW (lpString1="secmod.db", lpString2="..") returned 1 [0051.373] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned 101 [0051.373] StrStrIW (lpFirst="secmod.db", lpSrch=".lolkek") returned 0x0 [0051.373] lstrcmpW (lpString1="secmod.db", lpString2="LOLKEK.txt") returned 1 [0051.373] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned 101 [0051.373] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x198) returned 0x3ddeac8 [0051.373] lstrcpyW (in: lpString1=0x3ddeac8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" [0051.373] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.380] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.380] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.bak", lpString2="Windows") returned -1 [0051.380] lstrcmpiW (lpString1="sessionstore.bak", lpString2="Program Files") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.bak", lpString2="Program Files (x86)") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.bak", lpString2="$Recycle.bin") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.bak", lpString2="System Volume Information") returned -1 [0051.380] lstrcmpiW (lpString1="sessionstore.bak", lpString2=".") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.bak", lpString2="..") returned 1 [0051.380] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned 108 [0051.380] StrStrIW (lpFirst="sessionstore.bak", lpSrch=".lolkek") returned 0x0 [0051.380] lstrcmpW (lpString1="sessionstore.bak", lpString2="LOLKEK.txt") returned 1 [0051.380] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned 108 [0051.380] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60f9a0 [0051.380] lstrcpyW (in: lpString1=0x60f9a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" [0051.380] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.380] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.380] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.js", lpString2="Windows") returned -1 [0051.380] lstrcmpiW (lpString1="sessionstore.js", lpString2="Program Files") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.js", lpString2="Program Files (x86)") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.js", lpString2="$Recycle.bin") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.js", lpString2="System Volume Information") returned -1 [0051.380] lstrcmpiW (lpString1="sessionstore.js", lpString2=".") returned 1 [0051.380] lstrcmpiW (lpString1="sessionstore.js", lpString2="..") returned 1 [0051.380] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned 107 [0051.380] StrStrIW (lpFirst="sessionstore.js", lpSrch=".lolkek") returned 0x0 [0051.380] lstrcmpW (lpString1="sessionstore.js", lpString2="LOLKEK.txt") returned 1 [0051.380] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned 107 [0051.380] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x3ca5d70 [0051.380] lstrcpyW (in: lpString1=0x3ca5d70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" [0051.380] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.394] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.394] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0051.394] lstrcmpiW (lpString1="signons.sqlite", lpString2="Windows") returned -1 [0051.394] lstrcmpiW (lpString1="signons.sqlite", lpString2="Program Files") returned 1 [0051.394] lstrcmpiW (lpString1="signons.sqlite", lpString2="Program Files (x86)") returned 1 [0051.394] lstrcmpiW (lpString1="signons.sqlite", lpString2="$Recycle.bin") returned 1 [0051.394] lstrcmpiW (lpString1="signons.sqlite", lpString2="System Volume Information") returned -1 [0051.394] lstrcmpiW (lpString1="signons.sqlite", lpString2=".") returned 1 [0051.394] lstrcmpiW (lpString1="signons.sqlite", lpString2="..") returned 1 [0051.394] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned 106 [0051.394] StrStrIW (lpFirst="signons.sqlite", lpSrch=".lolkek") returned 0x0 [0051.394] lstrcmpW (lpString1="signons.sqlite", lpString2="LOLKEK.txt") returned 1 [0051.394] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned 106 [0051.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x657d80 [0051.394] lstrcpyW (in: lpString1=0x657d80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" [0051.394] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.401] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.401] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0051.401] lstrcmpiW (lpString1="times.json", lpString2="Windows") returned -1 [0051.401] lstrcmpiW (lpString1="times.json", lpString2="Program Files") returned 1 [0051.402] lstrcmpiW (lpString1="times.json", lpString2="Program Files (x86)") returned 1 [0051.402] lstrcmpiW (lpString1="times.json", lpString2="$Recycle.bin") returned 1 [0051.402] lstrcmpiW (lpString1="times.json", lpString2="System Volume Information") returned 1 [0051.402] lstrcmpiW (lpString1="times.json", lpString2=".") returned 1 [0051.402] lstrcmpiW (lpString1="times.json", lpString2="..") returned 1 [0051.402] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned 102 [0051.402] StrStrIW (lpFirst="times.json", lpSrch=".lolkek") returned 0x0 [0051.402] lstrcmpW (lpString1="times.json", lpString2="LOLKEK.txt") returned 1 [0051.402] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned 102 [0051.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3dd4e98 [0051.402] lstrcpyW (in: lpString1=0x3dd4e98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" [0051.402] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.402] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.402] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="webapps", cAlternateFileName="")) returned 1 [0051.402] lstrcmpiW (lpString1="webapps", lpString2="Windows") returned -1 [0051.402] lstrcmpiW (lpString1="webapps", lpString2="Program Files") returned 1 [0051.402] lstrcmpiW (lpString1="webapps", lpString2="Program Files (x86)") returned 1 [0051.402] lstrcmpiW (lpString1="webapps", lpString2="$Recycle.bin") returned 1 [0051.402] lstrcmpiW (lpString1="webapps", lpString2="System Volume Information") returned 1 [0051.402] lstrcmpiW (lpString1="webapps", lpString2=".") returned 1 [0051.402] lstrcmpiW (lpString1="webapps", lpString2="..") returned 1 [0051.402] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 99 [0051.402] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.402] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0051.402] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*" [0051.402] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.406] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.406] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.406] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.406] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.406] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.406] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.406] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.406] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.406] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.406] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.406] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.406] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.406] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.406] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.406] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0051.406] lstrcmpiW (lpString1="webapps.json", lpString2="Windows") returned -1 [0051.406] lstrcmpiW (lpString1="webapps.json", lpString2="Program Files") returned 1 [0051.406] lstrcmpiW (lpString1="webapps.json", lpString2="Program Files (x86)") returned 1 [0051.406] lstrcmpiW (lpString1="webapps.json", lpString2="$Recycle.bin") returned 1 [0051.406] lstrcmpiW (lpString1="webapps.json", lpString2="System Volume Information") returned 1 [0051.407] lstrcmpiW (lpString1="webapps.json", lpString2=".") returned 1 [0051.407] lstrcmpiW (lpString1="webapps.json", lpString2="..") returned 1 [0051.407] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned 112 [0051.407] StrStrIW (lpFirst="webapps.json", lpSrch=".lolkek") returned 0x0 [0051.407] lstrcmpW (lpString1="webapps.json", lpString2="LOLKEK.txt") returned 1 [0051.407] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned 112 [0051.407] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c4) returned 0x3e36708 [0051.407] lstrcpyW (in: lpString1=0x3e36708, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" [0051.407] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.414] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.414] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 0 [0051.414] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.414] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\LOLKEK.txt") returned 110 [0051.414] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.415] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.415] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0051.415] CloseHandle (hObject=0x280) returned 1 [0051.415] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.415] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0051.415] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="Windows") returned -1 [0051.415] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="Program Files") returned 1 [0051.415] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="Program Files (x86)") returned 1 [0051.416] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="$Recycle.bin") returned 1 [0051.416] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="System Volume Information") returned 1 [0051.416] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2=".") returned 1 [0051.416] lstrcmpiW (lpString1="webappsstore.sqlite", lpString2="..") returned 1 [0051.416] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned 111 [0051.416] StrStrIW (lpFirst="webappsstore.sqlite", lpSrch=".lolkek") returned 0x0 [0051.416] lstrcmpW (lpString1="webappsstore.sqlite", lpString2="LOLKEK.txt") returned 1 [0051.416] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned 111 [0051.416] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c0) returned 0x5eafc8 [0051.416] lstrcpyW (in: lpString1=0x5eafc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" [0051.416] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.416] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.416] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 0 [0051.416] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.416] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\LOLKEK.txt") returned 102 [0051.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0051.416] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.416] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.417] CloseHandle (hObject=0x2bc) returned 1 [0051.417] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.418] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0051.418] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.418] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\LOLKEK.txt") returned 85 [0051.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.419] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.419] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.420] CloseHandle (hObject=0x224) returned 1 [0051.420] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.420] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="profiles.ini", cAlternateFileName="")) returned 1 [0051.420] lstrcmpiW (lpString1="profiles.ini", lpString2="Windows") returned -1 [0051.420] lstrcmpiW (lpString1="profiles.ini", lpString2="Program Files") returned -1 [0051.420] lstrcmpiW (lpString1="profiles.ini", lpString2="Program Files (x86)") returned -1 [0051.420] lstrcmpiW (lpString1="profiles.ini", lpString2="$Recycle.bin") returned 1 [0051.420] lstrcmpiW (lpString1="profiles.ini", lpString2="System Volume Information") returned -1 [0051.420] lstrcmpiW (lpString1="profiles.ini", lpString2=".") returned 1 [0051.420] lstrcmpiW (lpString1="profiles.ini", lpString2="..") returned 1 [0051.420] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 78 [0051.420] StrStrIW (lpFirst="profiles.ini", lpSrch=".lolkek") returned 0x0 [0051.420] lstrcmpW (lpString1="profiles.ini", lpString2="LOLKEK.txt") returned 1 [0051.420] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 78 [0051.420] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616850 [0051.420] lstrcpyW (in: lpString1=0x616850, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0051.420] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.431] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.431] FindNextFileW (in: hFindFile=0x62e218, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="profiles.ini", cAlternateFileName="")) returned 0 [0051.431] FindClose (in: hFindFile=0x62e218 | out: hFindFile=0x62e218) returned 1 [0051.431] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\LOLKEK.txt") returned 76 [0051.431] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0051.432] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.432] WriteFile (in: hFile=0x25c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.432] CloseHandle (hObject=0x25c) returned 1 [0051.432] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0051.432] FindNextFileW (in: hFindFile=0x62e1d8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Firefox", cAlternateFileName="")) returned 0 [0051.433] FindClose (in: hFindFile=0x62e1d8 | out: hFindFile=0x62e1d8) returned 1 [0051.433] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\LOLKEK.txt") returned 68 [0051.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0051.433] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.433] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0051.434] CloseHandle (hObject=0x290) returned 1 [0051.434] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0051.434] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf3e29b00, ftCreationTime.dwHighDateTime=0x1d62ae5, ftLastAccessTime.dwLowDateTime=0x1ce40580, ftLastAccessTime.dwHighDateTime=0x1d626da, ftLastWriteTime.dwLowDateTime=0x1ce40580, ftLastWriteTime.dwHighDateTime=0x1d626da, nFileSizeHigh=0x0, nFileSizeLow=0x5121, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NYJnimr19MfoCT.jpg", cAlternateFileName="NYJNIM~1.JPG")) returned 1 [0051.434] lstrcmpiW (lpString1="NYJnimr19MfoCT.jpg", lpString2="Windows") returned -1 [0051.434] lstrcmpiW (lpString1="NYJnimr19MfoCT.jpg", lpString2="Program Files") returned -1 [0051.434] lstrcmpiW (lpString1="NYJnimr19MfoCT.jpg", lpString2="Program Files (x86)") returned -1 [0051.434] lstrcmpiW (lpString1="NYJnimr19MfoCT.jpg", lpString2="$Recycle.bin") returned 1 [0051.434] lstrcmpiW (lpString1="NYJnimr19MfoCT.jpg", lpString2="System Volume Information") returned -1 [0051.434] lstrcmpiW (lpString1="NYJnimr19MfoCT.jpg", lpString2=".") returned 1 [0051.434] lstrcmpiW (lpString1="NYJnimr19MfoCT.jpg", lpString2="..") returned 1 [0051.434] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg") returned 68 [0051.434] StrStrIW (lpFirst="NYJnimr19MfoCT.jpg", lpSrch=".lolkek") returned 0x0 [0051.434] lstrcmpW (lpString1="NYJnimr19MfoCT.jpg", lpString2="LOLKEK.txt") returned 1 [0051.434] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg") returned 68 [0051.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x3ca6300 [0051.434] lstrcpyW (in: lpString1=0x3ca6300, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\NYJnimr19MfoCT.jpg" [0051.434] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.434] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.434] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc1ff8c10, ftCreationTime.dwHighDateTime=0x1d625ef, ftLastAccessTime.dwLowDateTime=0x39cd4b80, ftLastAccessTime.dwHighDateTime=0x1d628dc, ftLastWriteTime.dwLowDateTime=0x39cd4b80, ftLastWriteTime.dwHighDateTime=0x1d628dc, nFileSizeHigh=0x0, nFileSizeLow=0x138a0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="quNGT.mp3", cAlternateFileName="")) returned 1 [0051.434] lstrcmpiW (lpString1="quNGT.mp3", lpString2="Windows") returned -1 [0051.434] lstrcmpiW (lpString1="quNGT.mp3", lpString2="Program Files") returned 1 [0051.434] lstrcmpiW (lpString1="quNGT.mp3", lpString2="Program Files (x86)") returned 1 [0051.434] lstrcmpiW (lpString1="quNGT.mp3", lpString2="$Recycle.bin") returned 1 [0051.434] lstrcmpiW (lpString1="quNGT.mp3", lpString2="System Volume Information") returned -1 [0051.434] lstrcmpiW (lpString1="quNGT.mp3", lpString2=".") returned 1 [0051.434] lstrcmpiW (lpString1="quNGT.mp3", lpString2="..") returned 1 [0051.434] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3") returned 59 [0051.434] StrStrIW (lpFirst="quNGT.mp3", lpSrch=".lolkek") returned 0x0 [0051.434] lstrcmpW (lpString1="quNGT.mp3", lpString2="LOLKEK.txt") returned 1 [0051.434] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3") returned 59 [0051.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca7950 [0051.434] lstrcpyW (in: lpString1=0x3ca7950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\quNGT.mp3" [0051.434] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.442] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.442] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a62a50, ftCreationTime.dwHighDateTime=0x1d62547, ftLastAccessTime.dwLowDateTime=0x3c234c00, ftLastAccessTime.dwHighDateTime=0x1d626c4, ftLastWriteTime.dwLowDateTime=0x3c234c00, ftLastWriteTime.dwHighDateTime=0x1d626c4, nFileSizeHigh=0x0, nFileSizeLow=0x2d56, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="tFO57SvpAD4k.jpg", cAlternateFileName="TFO57S~1.JPG")) returned 1 [0051.442] lstrcmpiW (lpString1="tFO57SvpAD4k.jpg", lpString2="Windows") returned -1 [0051.442] lstrcmpiW (lpString1="tFO57SvpAD4k.jpg", lpString2="Program Files") returned 1 [0051.442] lstrcmpiW (lpString1="tFO57SvpAD4k.jpg", lpString2="Program Files (x86)") returned 1 [0051.442] lstrcmpiW (lpString1="tFO57SvpAD4k.jpg", lpString2="$Recycle.bin") returned 1 [0051.442] lstrcmpiW (lpString1="tFO57SvpAD4k.jpg", lpString2="System Volume Information") returned 1 [0051.442] lstrcmpiW (lpString1="tFO57SvpAD4k.jpg", lpString2=".") returned 1 [0051.442] lstrcmpiW (lpString1="tFO57SvpAD4k.jpg", lpString2="..") returned 1 [0051.442] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg") returned 66 [0051.442] StrStrIW (lpFirst="tFO57SvpAD4k.jpg", lpSrch=".lolkek") returned 0x0 [0051.442] lstrcmpW (lpString1="tFO57SvpAD4k.jpg", lpString2="LOLKEK.txt") returned 1 [0051.442] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg") returned 66 [0051.442] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x3be0c60 [0051.442] lstrcpyW (in: lpString1=0x3be0c60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\tFO57SvpAD4k.jpg" [0051.442] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.452] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.452] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xef421940, ftCreationTime.dwHighDateTime=0x1d62c84, ftLastAccessTime.dwLowDateTime=0x36716d10, ftLastAccessTime.dwHighDateTime=0x1d6228b, ftLastWriteTime.dwLowDateTime=0x36716d10, ftLastWriteTime.dwHighDateTime=0x1d6228b, nFileSizeHigh=0x0, nFileSizeLow=0xae6a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="V2tWHyp-iB.png", cAlternateFileName="V2TWHY~1.PNG")) returned 1 [0051.452] lstrcmpiW (lpString1="V2tWHyp-iB.png", lpString2="Windows") returned -1 [0051.452] lstrcmpiW (lpString1="V2tWHyp-iB.png", lpString2="Program Files") returned 1 [0051.452] lstrcmpiW (lpString1="V2tWHyp-iB.png", lpString2="Program Files (x86)") returned 1 [0051.453] lstrcmpiW (lpString1="V2tWHyp-iB.png", lpString2="$Recycle.bin") returned 1 [0051.453] lstrcmpiW (lpString1="V2tWHyp-iB.png", lpString2="System Volume Information") returned 1 [0051.453] lstrcmpiW (lpString1="V2tWHyp-iB.png", lpString2=".") returned 1 [0051.453] lstrcmpiW (lpString1="V2tWHyp-iB.png", lpString2="..") returned 1 [0051.453] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png") returned 64 [0051.453] StrStrIW (lpFirst="V2tWHyp-iB.png", lpSrch=".lolkek") returned 0x0 [0051.453] lstrcmpW (lpString1="V2tWHyp-iB.png", lpString2="LOLKEK.txt") returned 1 [0051.453] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png") returned 64 [0051.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x611b88 [0051.453] lstrcpyW (in: lpString1=0x611b88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\V2tWHyp-iB.png" [0051.453] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.453] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.453] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad59e8d0, ftCreationTime.dwHighDateTime=0x1d62407, ftLastAccessTime.dwLowDateTime=0xafbc4730, ftLastAccessTime.dwHighDateTime=0x1d62b78, ftLastWriteTime.dwLowDateTime=0xafbc4730, ftLastWriteTime.dwHighDateTime=0x1d62b78, nFileSizeHigh=0x0, nFileSizeLow=0xfd0e, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="VQazDJEqMU.bmp", cAlternateFileName="VQAZDJ~1.BMP")) returned 1 [0051.453] lstrcmpiW (lpString1="VQazDJEqMU.bmp", lpString2="Windows") returned -1 [0051.453] lstrcmpiW (lpString1="VQazDJEqMU.bmp", lpString2="Program Files") returned 1 [0051.453] lstrcmpiW (lpString1="VQazDJEqMU.bmp", lpString2="Program Files (x86)") returned 1 [0051.453] lstrcmpiW (lpString1="VQazDJEqMU.bmp", lpString2="$Recycle.bin") returned 1 [0051.453] lstrcmpiW (lpString1="VQazDJEqMU.bmp", lpString2="System Volume Information") returned 1 [0051.453] lstrcmpiW (lpString1="VQazDJEqMU.bmp", lpString2=".") returned 1 [0051.453] lstrcmpiW (lpString1="VQazDJEqMU.bmp", lpString2="..") returned 1 [0051.453] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp") returned 64 [0051.453] StrStrIW (lpFirst="VQazDJEqMU.bmp", lpSrch=".lolkek") returned 0x0 [0051.453] lstrcmpW (lpString1="VQazDJEqMU.bmp", lpString2="LOLKEK.txt") returned 1 [0051.453] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp") returned 64 [0051.453] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x611ed0 [0051.453] lstrcpyW (in: lpString1=0x611ed0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\VQazDJEqMU.bmp" [0051.453] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.464] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.464] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b953170, ftCreationTime.dwHighDateTime=0x1d63090, ftLastAccessTime.dwLowDateTime=0x6eb66900, ftLastAccessTime.dwHighDateTime=0x1d62583, ftLastWriteTime.dwLowDateTime=0x6eb66900, ftLastWriteTime.dwHighDateTime=0x1d62583, nFileSizeHigh=0x0, nFileSizeLow=0x6d5d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="W1Nwo.jpg", cAlternateFileName="")) returned 1 [0051.464] lstrcmpiW (lpString1="W1Nwo.jpg", lpString2="Windows") returned -1 [0051.464] lstrcmpiW (lpString1="W1Nwo.jpg", lpString2="Program Files") returned 1 [0051.464] lstrcmpiW (lpString1="W1Nwo.jpg", lpString2="Program Files (x86)") returned 1 [0051.464] lstrcmpiW (lpString1="W1Nwo.jpg", lpString2="$Recycle.bin") returned 1 [0051.464] lstrcmpiW (lpString1="W1Nwo.jpg", lpString2="System Volume Information") returned 1 [0051.464] lstrcmpiW (lpString1="W1Nwo.jpg", lpString2=".") returned 1 [0051.464] lstrcmpiW (lpString1="W1Nwo.jpg", lpString2="..") returned 1 [0051.464] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg") returned 59 [0051.464] StrStrIW (lpFirst="W1Nwo.jpg", lpSrch=".lolkek") returned 0x0 [0051.464] lstrcmpW (lpString1="W1Nwo.jpg", lpString2="LOLKEK.txt") returned 1 [0051.464] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg") returned 59 [0051.464] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca7a48 [0051.464] lstrcpyW (in: lpString1=0x3ca7a48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\W1Nwo.jpg" [0051.464] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.464] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.464] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2620d5e0, ftCreationTime.dwHighDateTime=0x1d629d4, ftLastAccessTime.dwLowDateTime=0x6d604bf0, ftLastAccessTime.dwHighDateTime=0x1d62751, ftLastWriteTime.dwLowDateTime=0x6d604bf0, ftLastWriteTime.dwHighDateTime=0x1d62751, nFileSizeHigh=0x0, nFileSizeLow=0x108a1, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="w5dW.ppt", cAlternateFileName="")) returned 1 [0051.464] lstrcmpiW (lpString1="w5dW.ppt", lpString2="Windows") returned -1 [0051.464] lstrcmpiW (lpString1="w5dW.ppt", lpString2="Program Files") returned 1 [0051.464] lstrcmpiW (lpString1="w5dW.ppt", lpString2="Program Files (x86)") returned 1 [0051.464] lstrcmpiW (lpString1="w5dW.ppt", lpString2="$Recycle.bin") returned 1 [0051.464] lstrcmpiW (lpString1="w5dW.ppt", lpString2="System Volume Information") returned 1 [0051.464] lstrcmpiW (lpString1="w5dW.ppt", lpString2=".") returned 1 [0051.464] lstrcmpiW (lpString1="w5dW.ppt", lpString2="..") returned 1 [0051.464] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt") returned 58 [0051.464] StrStrIW (lpFirst="w5dW.ppt", lpSrch=".lolkek") returned 0x0 [0051.464] lstrcmpW (lpString1="w5dW.ppt", lpString2="LOLKEK.txt") returned 1 [0051.464] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt") returned 58 [0051.464] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7858 [0051.464] lstrcpyW (in: lpString1=0x3ca7858, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\w5dW.ppt" [0051.464] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.474] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.474] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x592a05e0, ftCreationTime.dwHighDateTime=0x1d62896, ftLastAccessTime.dwLowDateTime=0x6cfbc850, ftLastAccessTime.dwHighDateTime=0x1d62c34, ftLastWriteTime.dwLowDateTime=0x6cfbc850, ftLastWriteTime.dwHighDateTime=0x1d62c34, nFileSizeHigh=0x0, nFileSizeLow=0x4e56, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="WXLkYq4ZhewF hoXb.bmp", cAlternateFileName="WXLKYQ~1.BMP")) returned 1 [0051.474] lstrcmpiW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2="Windows") returned 1 [0051.475] lstrcmpiW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2="Program Files") returned 1 [0051.475] lstrcmpiW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2="Program Files (x86)") returned 1 [0051.475] lstrcmpiW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2="$Recycle.bin") returned 1 [0051.475] lstrcmpiW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2="System Volume Information") returned 1 [0051.475] lstrcmpiW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2=".") returned 1 [0051.475] lstrcmpiW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2="..") returned 1 [0051.475] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp") returned 71 [0051.475] StrStrIW (lpFirst="WXLkYq4ZhewF hoXb.bmp", lpSrch=".lolkek") returned 0x0 [0051.475] lstrcmpW (lpString1="WXLkYq4ZhewF hoXb.bmp", lpString2="LOLKEK.txt") returned 1 [0051.475] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp") returned 71 [0051.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3fb30 [0051.475] lstrcpyW (in: lpString1=0x3e3fb30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\WXLkYq4ZhewF hoXb.bmp" [0051.475] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.475] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.475] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c811320, ftCreationTime.dwHighDateTime=0x1d62973, ftLastAccessTime.dwLowDateTime=0x48d22f60, ftLastAccessTime.dwHighDateTime=0x1d63066, ftLastWriteTime.dwLowDateTime=0x48d22f60, ftLastWriteTime.dwHighDateTime=0x1d63066, nFileSizeHigh=0x0, nFileSizeLow=0x10bde, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xfvvXiyQKiuvBgN.gif", cAlternateFileName="XFVVXI~1.GIF")) returned 1 [0051.475] lstrcmpiW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2="Windows") returned 1 [0051.475] lstrcmpiW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2="Program Files") returned 1 [0051.475] lstrcmpiW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2="Program Files (x86)") returned 1 [0051.475] lstrcmpiW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2="$Recycle.bin") returned 1 [0051.475] lstrcmpiW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2="System Volume Information") returned 1 [0051.475] lstrcmpiW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2=".") returned 1 [0051.475] lstrcmpiW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2="..") returned 1 [0051.475] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif") returned 69 [0051.475] StrStrIW (lpFirst="xfvvXiyQKiuvBgN.gif", lpSrch=".lolkek") returned 0x0 [0051.475] lstrcmpW (lpString1="xfvvXiyQKiuvBgN.gif", lpString2="LOLKEK.txt") returned 1 [0051.475] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif") returned 69 [0051.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x3c94aa8 [0051.475] lstrcpyW (in: lpString1=0x3c94aa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xfvvXiyQKiuvBgN.gif" [0051.475] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.488] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.488] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc3d832e0, ftCreationTime.dwHighDateTime=0x1d62e22, ftLastAccessTime.dwLowDateTime=0xd89660a0, ftLastAccessTime.dwHighDateTime=0x1d62619, ftLastWriteTime.dwLowDateTime=0xd89660a0, ftLastWriteTime.dwHighDateTime=0x1d62619, nFileSizeHigh=0x0, nFileSizeLow=0x13bd5, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="XikzdFUd.bmp", cAlternateFileName="")) returned 1 [0051.488] lstrcmpiW (lpString1="XikzdFUd.bmp", lpString2="Windows") returned 1 [0051.488] lstrcmpiW (lpString1="XikzdFUd.bmp", lpString2="Program Files") returned 1 [0051.488] lstrcmpiW (lpString1="XikzdFUd.bmp", lpString2="Program Files (x86)") returned 1 [0051.488] lstrcmpiW (lpString1="XikzdFUd.bmp", lpString2="$Recycle.bin") returned 1 [0051.488] lstrcmpiW (lpString1="XikzdFUd.bmp", lpString2="System Volume Information") returned 1 [0051.488] lstrcmpiW (lpString1="XikzdFUd.bmp", lpString2=".") returned 1 [0051.488] lstrcmpiW (lpString1="XikzdFUd.bmp", lpString2="..") returned 1 [0051.488] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp") returned 62 [0051.488] StrStrIW (lpFirst="XikzdFUd.bmp", lpSrch=".lolkek") returned 0x0 [0051.488] lstrcmpW (lpString1="XikzdFUd.bmp", lpString2="LOLKEK.txt") returned 1 [0051.488] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp") returned 62 [0051.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3e3ecf0 [0051.488] lstrcpyW (in: lpString1=0x3e3ecf0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XikzdFUd.bmp" [0051.488] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.488] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.489] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2d001ee0, ftCreationTime.dwHighDateTime=0x1d62847, ftLastAccessTime.dwLowDateTime=0xf83a5e0, ftLastAccessTime.dwHighDateTime=0x1d62bb1, ftLastWriteTime.dwLowDateTime=0xf83a5e0, ftLastWriteTime.dwHighDateTime=0x1d62bb1, nFileSizeHigh=0x0, nFileSizeLow=0x63e5, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xpK6bU1j.m4a", cAlternateFileName="")) returned 1 [0051.489] lstrcmpiW (lpString1="xpK6bU1j.m4a", lpString2="Windows") returned 1 [0051.489] lstrcmpiW (lpString1="xpK6bU1j.m4a", lpString2="Program Files") returned 1 [0051.489] lstrcmpiW (lpString1="xpK6bU1j.m4a", lpString2="Program Files (x86)") returned 1 [0051.489] lstrcmpiW (lpString1="xpK6bU1j.m4a", lpString2="$Recycle.bin") returned 1 [0051.489] lstrcmpiW (lpString1="xpK6bU1j.m4a", lpString2="System Volume Information") returned 1 [0051.489] lstrcmpiW (lpString1="xpK6bU1j.m4a", lpString2=".") returned 1 [0051.489] lstrcmpiW (lpString1="xpK6bU1j.m4a", lpString2="..") returned 1 [0051.489] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a") returned 62 [0051.489] StrStrIW (lpFirst="xpK6bU1j.m4a", lpSrch=".lolkek") returned 0x0 [0051.489] lstrcmpW (lpString1="xpK6bU1j.m4a", lpString2="LOLKEK.txt") returned 1 [0051.489] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a") returned 62 [0051.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x61a030 [0051.489] lstrcpyW (in: lpString1=0x61a030, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\xpK6bU1j.m4a" [0051.489] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.497] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.497] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf6379bd0, ftCreationTime.dwHighDateTime=0x1d62635, ftLastAccessTime.dwLowDateTime=0x158fb470, ftLastAccessTime.dwHighDateTime=0x1d629e4, ftLastWriteTime.dwLowDateTime=0x158fb470, ftLastWriteTime.dwHighDateTime=0x1d629e4, nFileSizeHigh=0x0, nFileSizeLow=0x15498, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="XpPxy-83XDOuhjwNqSAy.flv", cAlternateFileName="XPPXY-~1.FLV")) returned 1 [0051.497] lstrcmpiW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2="Windows") returned 1 [0051.497] lstrcmpiW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2="Program Files") returned 1 [0051.497] lstrcmpiW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2="Program Files (x86)") returned 1 [0051.497] lstrcmpiW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2="$Recycle.bin") returned 1 [0051.497] lstrcmpiW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2="System Volume Information") returned 1 [0051.497] lstrcmpiW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2=".") returned 1 [0051.497] lstrcmpiW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2="..") returned 1 [0051.497] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv") returned 74 [0051.497] StrStrIW (lpFirst="XpPxy-83XDOuhjwNqSAy.flv", lpSrch=".lolkek") returned 0x0 [0051.497] lstrcmpW (lpString1="XpPxy-83XDOuhjwNqSAy.flv", lpString2="LOLKEK.txt") returned 1 [0051.497] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv") returned 74 [0051.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3cac028 [0051.497] lstrcpyW (in: lpString1=0x3cac028, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XpPxy-83XDOuhjwNqSAy.flv" [0051.497] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.497] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.497] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8c52e0, ftCreationTime.dwHighDateTime=0x1d62c8a, ftLastAccessTime.dwLowDateTime=0x8c38b70, ftLastAccessTime.dwHighDateTime=0x1d62c7f, ftLastWriteTime.dwLowDateTime=0x8c38b70, ftLastWriteTime.dwHighDateTime=0x1d62c7f, nFileSizeHigh=0x0, nFileSizeLow=0x155f3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="YuN8HXl IP.png", cAlternateFileName="YUN8HX~1.PNG")) returned 1 [0051.497] lstrcmpiW (lpString1="YuN8HXl IP.png", lpString2="Windows") returned 1 [0051.497] lstrcmpiW (lpString1="YuN8HXl IP.png", lpString2="Program Files") returned 1 [0051.497] lstrcmpiW (lpString1="YuN8HXl IP.png", lpString2="Program Files (x86)") returned 1 [0051.497] lstrcmpiW (lpString1="YuN8HXl IP.png", lpString2="$Recycle.bin") returned 1 [0051.497] lstrcmpiW (lpString1="YuN8HXl IP.png", lpString2="System Volume Information") returned 1 [0051.497] lstrcmpiW (lpString1="YuN8HXl IP.png", lpString2=".") returned 1 [0051.497] lstrcmpiW (lpString1="YuN8HXl IP.png", lpString2="..") returned 1 [0051.497] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png") returned 65 [0051.497] StrStrIW (lpFirst="YuN8HXl IP.png", lpSrch=".lolkek") returned 0x0 [0051.497] lstrcmpW (lpString1="YuN8HXl IP.png", lpString2="LOLKEK.txt") returned 1 [0051.497] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png") returned 65 [0051.497] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611db8 [0051.497] lstrcpyW (in: lpString1=0x611db8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YuN8HXl IP.png" [0051.497] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.591] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.591] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2aca09f0, ftCreationTime.dwHighDateTime=0x1d62db6, ftLastAccessTime.dwLowDateTime=0xd5b47eb0, ftLastAccessTime.dwHighDateTime=0x1d63093, ftLastWriteTime.dwLowDateTime=0xd5b47eb0, ftLastWriteTime.dwHighDateTime=0x1d63093, nFileSizeHigh=0x0, nFileSizeLow=0x8fe3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="YvpXR.odp", cAlternateFileName="")) returned 1 [0051.591] lstrcmpiW (lpString1="YvpXR.odp", lpString2="Windows") returned 1 [0051.592] lstrcmpiW (lpString1="YvpXR.odp", lpString2="Program Files") returned 1 [0051.592] lstrcmpiW (lpString1="YvpXR.odp", lpString2="Program Files (x86)") returned 1 [0051.592] lstrcmpiW (lpString1="YvpXR.odp", lpString2="$Recycle.bin") returned 1 [0051.592] lstrcmpiW (lpString1="YvpXR.odp", lpString2="System Volume Information") returned 1 [0051.592] lstrcmpiW (lpString1="YvpXR.odp", lpString2=".") returned 1 [0051.592] lstrcmpiW (lpString1="YvpXR.odp", lpString2="..") returned 1 [0051.592] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp") returned 59 [0051.592] StrStrIW (lpFirst="YvpXR.odp", lpSrch=".lolkek") returned 0x0 [0051.592] lstrcmpW (lpString1="YvpXR.odp", lpString2="LOLKEK.txt") returned 1 [0051.592] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp") returned 59 [0051.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca7b40 [0051.592] lstrcpyW (in: lpString1=0x3ca7b40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YvpXR.odp" [0051.592] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.595] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.595] FindNextFileW (in: hFindFile=0x62e198, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2aca09f0, ftCreationTime.dwHighDateTime=0x1d62db6, ftLastAccessTime.dwLowDateTime=0xd5b47eb0, ftLastAccessTime.dwHighDateTime=0x1d63093, ftLastWriteTime.dwLowDateTime=0xd5b47eb0, ftLastWriteTime.dwHighDateTime=0x1d63093, nFileSizeHigh=0x0, nFileSizeLow=0x8fe3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="YvpXR.odp", cAlternateFileName="")) returned 0 [0051.595] FindClose (in: hFindFile=0x62e198 | out: hFindFile=0x62e198) returned 1 [0051.595] wsprintfW (in: param_1=0x3be0f38, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LOLKEK.txt") returned 60 [0051.595] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0051.596] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.596] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0051.597] CloseHandle (hObject=0x2a0) returned 1 [0051.597] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0f38 | out: hHeap=0x5a0000) returned 1 [0051.597] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc9b560, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc9b560, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roaming", cAlternateFileName="")) returned 0 [0051.597] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0051.597] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LOLKEK.txt") returned 52 [0051.597] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0051.597] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.597] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0051.598] CloseHandle (hObject=0x294) returned 1 [0051.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0051.598] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0051.598] lstrcmpiW (lpString1="Application Data", lpString2="Windows") returned -1 [0051.598] lstrcmpiW (lpString1="Application Data", lpString2="Program Files") returned -1 [0051.598] lstrcmpiW (lpString1="Application Data", lpString2="Program Files (x86)") returned -1 [0051.598] lstrcmpiW (lpString1="Application Data", lpString2="$Recycle.bin") returned 1 [0051.598] lstrcmpiW (lpString1="Application Data", lpString2="System Volume Information") returned -1 [0051.598] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0051.598] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0051.598] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned 50 [0051.598] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.598] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0051.598] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*" [0051.598] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc9b560, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc9b560, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roaming", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0051.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.599] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Contacts", cAlternateFileName="")) returned 1 [0051.599] lstrcmpiW (lpString1="Contacts", lpString2="Windows") returned -1 [0051.599] lstrcmpiW (lpString1="Contacts", lpString2="Program Files") returned -1 [0051.599] lstrcmpiW (lpString1="Contacts", lpString2="Program Files (x86)") returned -1 [0051.599] lstrcmpiW (lpString1="Contacts", lpString2="$Recycle.bin") returned 1 [0051.599] lstrcmpiW (lpString1="Contacts", lpString2="System Volume Information") returned -1 [0051.599] lstrcmpiW (lpString1="Contacts", lpString2=".") returned 1 [0051.599] lstrcmpiW (lpString1="Contacts", lpString2="..") returned 1 [0051.599] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned 42 [0051.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.599] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0051.599] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*" [0051.599] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0051.599] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.599] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.599] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.599] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.599] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.599] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.599] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.599] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.599] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.599] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.599] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.599] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.599] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.599] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.599] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0051.599] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="Windows") returned -1 [0051.599] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="Program Files") returned -1 [0051.599] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="Program Files (x86)") returned -1 [0051.599] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="$Recycle.bin") returned 1 [0051.599] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="System Volume Information") returned -1 [0051.599] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2=".") returned 1 [0051.599] lstrcmpiW (lpString1="Aclviho ASldjfl.contact", lpString2="..") returned 1 [0051.599] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0051.599] StrStrIW (lpFirst="Aclviho ASldjfl.contact", lpSrch=".lolkek") returned 0x0 [0051.599] lstrcmpW (lpString1="Aclviho ASldjfl.contact", lpString2="LOLKEK.txt") returned -1 [0051.599] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0051.599] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x3cbb4d0 [0051.599] lstrcpyW (in: lpString1=0x3cbb4d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" [0051.600] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.602] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.602] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0051.602] lstrcmpiW (lpString1="Administrator.contact", lpString2="Windows") returned -1 [0051.602] lstrcmpiW (lpString1="Administrator.contact", lpString2="Program Files") returned -1 [0051.602] lstrcmpiW (lpString1="Administrator.contact", lpString2="Program Files (x86)") returned -1 [0051.603] lstrcmpiW (lpString1="Administrator.contact", lpString2="$Recycle.bin") returned 1 [0051.603] lstrcmpiW (lpString1="Administrator.contact", lpString2="System Volume Information") returned -1 [0051.603] lstrcmpiW (lpString1="Administrator.contact", lpString2=".") returned 1 [0051.603] lstrcmpiW (lpString1="Administrator.contact", lpString2="..") returned 1 [0051.603] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0051.603] StrStrIW (lpFirst="Administrator.contact", lpSrch=".lolkek") returned 0x0 [0051.603] lstrcmpW (lpString1="Administrator.contact", lpString2="LOLKEK.txt") returned -1 [0051.603] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0051.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x611ca0 [0051.603] lstrcpyW (in: lpString1=0x611ca0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" [0051.603] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.630] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.630] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0051.630] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="Windows") returned -1 [0051.630] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="Program Files") returned -1 [0051.630] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="Program Files (x86)") returned -1 [0051.630] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="$Recycle.bin") returned 1 [0051.630] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="System Volume Information") returned -1 [0051.630] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2=".") returned 1 [0051.630] lstrcmpiW (lpString1="asdlfk poopvy.contact", lpString2="..") returned 1 [0051.630] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0051.630] StrStrIW (lpFirst="asdlfk poopvy.contact", lpSrch=".lolkek") returned 0x0 [0051.630] lstrcmpW (lpString1="asdlfk poopvy.contact", lpString2="LOLKEK.txt") returned -1 [0051.630] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0051.630] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x611fe8 [0051.630] lstrcpyW (in: lpString1=0x611fe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" [0051.630] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.630] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.630] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0051.630] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="Windows") returned -1 [0051.630] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="Program Files") returned -1 [0051.631] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="Program Files (x86)") returned -1 [0051.631] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="$Recycle.bin") returned 1 [0051.631] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="System Volume Information") returned -1 [0051.631] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2=".") returned 1 [0051.631] lstrcmpiW (lpString1="chucu jadnvk.contact", lpString2="..") returned 1 [0051.631] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0051.631] StrStrIW (lpFirst="chucu jadnvk.contact", lpSrch=".lolkek") returned 0x0 [0051.631] lstrcmpW (lpString1="chucu jadnvk.contact", lpString2="LOLKEK.txt") returned -1 [0051.631] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0051.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3be0760 [0051.631] lstrcpyW (in: lpString1=0x3be0760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" [0051.631] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.631] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.631] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0051.631] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0051.631] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0051.631] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0051.631] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0051.631] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0051.631] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0051.631] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0051.631] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 54 [0051.631] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0051.631] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0051.631] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 54 [0051.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbb670 [0051.631] lstrcpyW (in: lpString1=0x3cbb670, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" [0051.631] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.631] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.631] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0051.631] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="Windows") returned -1 [0051.631] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="Program Files") returned -1 [0051.631] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="Program Files (x86)") returned -1 [0051.631] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="$Recycle.bin") returned 1 [0051.631] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="System Volume Information") returned -1 [0051.631] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2=".") returned 1 [0051.631] lstrcmpiW (lpString1="lulcit amkdfe.contact", lpString2="..") returned 1 [0051.631] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0051.631] StrStrIW (lpFirst="lulcit amkdfe.contact", lpSrch=".lolkek") returned 0x0 [0051.631] lstrcmpW (lpString1="lulcit amkdfe.contact", lpString2="LOLKEK.txt") returned 1 [0051.631] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0051.631] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x612100 [0051.631] lstrcpyW (in: lpString1=0x612100, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" [0051.631] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.631] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.632] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0051.632] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="Windows") returned -1 [0051.632] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="Program Files") returned 1 [0051.632] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="Program Files (x86)") returned 1 [0051.632] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="$Recycle.bin") returned 1 [0051.632] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="System Volume Information") returned -1 [0051.632] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2=".") returned 1 [0051.632] lstrcmpiW (lpString1="sikvnb huvuib.contact", lpString2="..") returned 1 [0051.632] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0051.632] StrStrIW (lpFirst="sikvnb huvuib.contact", lpSrch=".lolkek") returned 0x0 [0051.632] lstrcmpW (lpString1="sikvnb huvuib.contact", lpString2="LOLKEK.txt") returned 1 [0051.632] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0051.632] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x612218 [0051.632] lstrcpyW (in: lpString1=0x612218, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" [0051.632] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.632] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.632] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0051.632] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0051.632] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\LOLKEK.txt") returned 53 [0051.632] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0051.633] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.633] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0051.633] CloseHandle (hObject=0x294) returned 1 [0051.633] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.635] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0051.635] lstrcmpiW (lpString1="Cookies", lpString2="Windows") returned -1 [0051.635] lstrcmpiW (lpString1="Cookies", lpString2="Program Files") returned -1 [0051.635] lstrcmpiW (lpString1="Cookies", lpString2="Program Files (x86)") returned -1 [0051.635] lstrcmpiW (lpString1="Cookies", lpString2="$Recycle.bin") returned 1 [0051.635] lstrcmpiW (lpString1="Cookies", lpString2="System Volume Information") returned -1 [0051.635] lstrcmpiW (lpString1="Cookies", lpString2=".") returned 1 [0051.635] lstrcmpiW (lpString1="Cookies", lpString2="..") returned 1 [0051.635] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned 41 [0051.635] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.635] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0051.635] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*" [0051.635] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0051.635] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.635] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27b38860, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x27b38860, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0051.635] lstrcmpiW (lpString1="Desktop", lpString2="Windows") returned -1 [0051.635] lstrcmpiW (lpString1="Desktop", lpString2="Program Files") returned -1 [0051.635] lstrcmpiW (lpString1="Desktop", lpString2="Program Files (x86)") returned -1 [0051.635] lstrcmpiW (lpString1="Desktop", lpString2="$Recycle.bin") returned 1 [0051.635] lstrcmpiW (lpString1="Desktop", lpString2="System Volume Information") returned -1 [0051.635] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0051.635] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0051.635] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 41 [0051.636] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.636] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0051.636] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*" [0051.636] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27b38860, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x27b38860, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0051.636] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.636] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.636] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.636] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.636] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.636] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.636] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27b38860, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x27b38860, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.636] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.636] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.636] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.636] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.636] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.636] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.636] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.636] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x531b5bf0, ftCreationTime.dwHighDateTime=0x1d62494, ftLastAccessTime.dwLowDateTime=0x208c7a90, ftLastAccessTime.dwHighDateTime=0x1d622e9, ftLastWriteTime.dwLowDateTime=0x208c7a90, ftLastWriteTime.dwHighDateTime=0x1d622e9, nFileSizeHigh=0x0, nFileSizeLow=0xb871, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="-D9xF2.m4a", cAlternateFileName="")) returned 1 [0051.636] lstrcmpiW (lpString1="-D9xF2.m4a", lpString2="Windows") returned -1 [0051.636] lstrcmpiW (lpString1="-D9xF2.m4a", lpString2="Program Files") returned -1 [0051.636] lstrcmpiW (lpString1="-D9xF2.m4a", lpString2="Program Files (x86)") returned -1 [0051.636] lstrcmpiW (lpString1="-D9xF2.m4a", lpString2="$Recycle.bin") returned 1 [0051.636] lstrcmpiW (lpString1="-D9xF2.m4a", lpString2="System Volume Information") returned -1 [0051.636] lstrcmpiW (lpString1="-D9xF2.m4a", lpString2=".") returned 1 [0051.636] lstrcmpiW (lpString1="-D9xF2.m4a", lpString2="..") returned 1 [0051.636] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a") returned 52 [0051.636] StrStrIW (lpFirst="-D9xF2.m4a", lpSrch=".lolkek") returned 0x0 [0051.636] lstrcmpW (lpString1="-D9xF2.m4a", lpString2="LOLKEK.txt") returned -1 [0051.637] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a") returned 52 [0051.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cbfd70 [0051.637] lstrcpyW (in: lpString1=0x3cbfd70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-D9xF2.m4a" [0051.637] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.637] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.637] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad018200, ftCreationTime.dwHighDateTime=0x1d629cd, ftLastAccessTime.dwLowDateTime=0x6115d780, ftLastAccessTime.dwHighDateTime=0x1d62967, ftLastWriteTime.dwLowDateTime=0x6115d780, ftLastWriteTime.dwHighDateTime=0x1d62967, nFileSizeHigh=0x0, nFileSizeLow=0x943a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="-qUmNOW54v6v.doc", cAlternateFileName="-QUMNO~1.DOC")) returned 1 [0051.637] lstrcmpiW (lpString1="-qUmNOW54v6v.doc", lpString2="Windows") returned -1 [0051.637] lstrcmpiW (lpString1="-qUmNOW54v6v.doc", lpString2="Program Files") returned 1 [0051.637] lstrcmpiW (lpString1="-qUmNOW54v6v.doc", lpString2="Program Files (x86)") returned 1 [0051.637] lstrcmpiW (lpString1="-qUmNOW54v6v.doc", lpString2="$Recycle.bin") returned 1 [0051.637] lstrcmpiW (lpString1="-qUmNOW54v6v.doc", lpString2="System Volume Information") returned -1 [0051.637] lstrcmpiW (lpString1="-qUmNOW54v6v.doc", lpString2=".") returned 1 [0051.637] lstrcmpiW (lpString1="-qUmNOW54v6v.doc", lpString2="..") returned 1 [0051.637] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc") returned 58 [0051.637] StrStrIW (lpFirst="-qUmNOW54v6v.doc", lpSrch=".lolkek") returned 0x0 [0051.637] lstrcmpW (lpString1="-qUmNOW54v6v.doc", lpString2="LOLKEK.txt") returned 1 [0051.637] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc") returned 58 [0051.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7c38 [0051.637] lstrcpyW (in: lpString1=0x3ca7c38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\-qUmNOW54v6v.doc" [0051.637] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.648] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.648] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x231f4670, ftCreationTime.dwHighDateTime=0x1d62ffa, ftLastAccessTime.dwLowDateTime=0xf03d0630, ftLastAccessTime.dwHighDateTime=0x1d62701, ftLastWriteTime.dwLowDateTime=0xf03d0630, ftLastWriteTime.dwHighDateTime=0x1d62701, nFileSizeHigh=0x0, nFileSizeLow=0x188d7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1e881IE2eZH.bmp", cAlternateFileName="1E881I~1.BMP")) returned 1 [0051.648] lstrcmpiW (lpString1="1e881IE2eZH.bmp", lpString2="Windows") returned -1 [0051.648] lstrcmpiW (lpString1="1e881IE2eZH.bmp", lpString2="Program Files") returned -1 [0051.648] lstrcmpiW (lpString1="1e881IE2eZH.bmp", lpString2="Program Files (x86)") returned -1 [0051.648] lstrcmpiW (lpString1="1e881IE2eZH.bmp", lpString2="$Recycle.bin") returned 1 [0051.648] lstrcmpiW (lpString1="1e881IE2eZH.bmp", lpString2="System Volume Information") returned -1 [0051.648] lstrcmpiW (lpString1="1e881IE2eZH.bmp", lpString2=".") returned 1 [0051.648] lstrcmpiW (lpString1="1e881IE2eZH.bmp", lpString2="..") returned 1 [0051.648] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp") returned 57 [0051.648] StrStrIW (lpFirst="1e881IE2eZH.bmp", lpSrch=".lolkek") returned 0x0 [0051.648] lstrcmpW (lpString1="1e881IE2eZH.bmp", lpString2="LOLKEK.txt") returned -1 [0051.648] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp") returned 57 [0051.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x669690 [0051.648] lstrcpyW (in: lpString1=0x669690, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1e881IE2eZH.bmp" [0051.648] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.648] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.648] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x466ee5e0, ftCreationTime.dwHighDateTime=0x1d62ad2, ftLastAccessTime.dwLowDateTime=0xb4eec830, ftLastAccessTime.dwHighDateTime=0x1d624d5, ftLastWriteTime.dwLowDateTime=0xb4eec830, ftLastWriteTime.dwHighDateTime=0x1d624d5, nFileSizeHigh=0x0, nFileSizeLow=0x10d9b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1u8KfBiYQkMqZ.ppt", cAlternateFileName="1U8KFB~1.PPT")) returned 1 [0051.648] lstrcmpiW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2="Windows") returned -1 [0051.648] lstrcmpiW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2="Program Files") returned -1 [0051.648] lstrcmpiW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2="Program Files (x86)") returned -1 [0051.648] lstrcmpiW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2="$Recycle.bin") returned 1 [0051.648] lstrcmpiW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2="System Volume Information") returned -1 [0051.648] lstrcmpiW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2=".") returned 1 [0051.648] lstrcmpiW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2="..") returned 1 [0051.648] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt") returned 59 [0051.648] StrStrIW (lpFirst="1u8KfBiYQkMqZ.ppt", lpSrch=".lolkek") returned 0x0 [0051.648] lstrcmpW (lpString1="1u8KfBiYQkMqZ.ppt", lpString2="LOLKEK.txt") returned -1 [0051.648] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt") returned 59 [0051.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca7d30 [0051.648] lstrcpyW (in: lpString1=0x3ca7d30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1u8KfBiYQkMqZ.ppt" [0051.648] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.648] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.648] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec089e0, ftCreationTime.dwHighDateTime=0x1d62975, ftLastAccessTime.dwLowDateTime=0x31ef0d00, ftLastAccessTime.dwHighDateTime=0x1d6261f, ftLastWriteTime.dwLowDateTime=0x31ef0d00, ftLastWriteTime.dwHighDateTime=0x1d6261f, nFileSizeHigh=0x0, nFileSizeLow=0x4e74, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9U2R.mp3", cAlternateFileName="")) returned 1 [0051.648] lstrcmpiW (lpString1="9U2R.mp3", lpString2="Windows") returned -1 [0051.648] lstrcmpiW (lpString1="9U2R.mp3", lpString2="Program Files") returned -1 [0051.648] lstrcmpiW (lpString1="9U2R.mp3", lpString2="Program Files (x86)") returned -1 [0051.648] lstrcmpiW (lpString1="9U2R.mp3", lpString2="$Recycle.bin") returned 1 [0051.648] lstrcmpiW (lpString1="9U2R.mp3", lpString2="System Volume Information") returned -1 [0051.648] lstrcmpiW (lpString1="9U2R.mp3", lpString2=".") returned 1 [0051.648] lstrcmpiW (lpString1="9U2R.mp3", lpString2="..") returned 1 [0051.648] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3") returned 50 [0051.648] StrStrIW (lpFirst="9U2R.mp3", lpSrch=".lolkek") returned 0x0 [0051.649] lstrcmpW (lpString1="9U2R.mp3", lpString2="LOLKEK.txt") returned -1 [0051.649] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3") returned 50 [0051.649] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbd820 [0051.649] lstrcpyW (in: lpString1=0x3cbd820, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9U2R.mp3" [0051.649] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.657] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.657] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6821d1b0, ftCreationTime.dwHighDateTime=0x1d630e1, ftLastAccessTime.dwLowDateTime=0x290e8f60, ftLastAccessTime.dwHighDateTime=0x1d62d97, ftLastWriteTime.dwLowDateTime=0x290e8f60, ftLastWriteTime.dwHighDateTime=0x1d62d97, nFileSizeHigh=0x0, nFileSizeLow=0x12a12, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AIOGEtFoGOLcsvC0zt6g.m4a", cAlternateFileName="AIOGET~1.M4A")) returned 1 [0051.657] lstrcmpiW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2="Windows") returned -1 [0051.658] lstrcmpiW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2="Program Files") returned -1 [0051.658] lstrcmpiW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2="Program Files (x86)") returned -1 [0051.658] lstrcmpiW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2="$Recycle.bin") returned 1 [0051.658] lstrcmpiW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2="System Volume Information") returned -1 [0051.658] lstrcmpiW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2=".") returned 1 [0051.658] lstrcmpiW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2="..") returned 1 [0051.658] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a") returned 66 [0051.658] StrStrIW (lpFirst="AIOGEtFoGOLcsvC0zt6g.m4a", lpSrch=".lolkek") returned 0x0 [0051.658] lstrcmpW (lpString1="AIOGEtFoGOLcsvC0zt6g.m4a", lpString2="LOLKEK.txt") returned -1 [0051.658] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a") returned 66 [0051.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x669780 [0051.658] lstrcpyW (in: lpString1=0x669780, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AIOGEtFoGOLcsvC0zt6g.m4a" [0051.658] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.658] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.658] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41241f20, ftCreationTime.dwHighDateTime=0x1d62315, ftLastAccessTime.dwLowDateTime=0xca58f3a0, ftLastAccessTime.dwHighDateTime=0x1d62a91, ftLastWriteTime.dwLowDateTime=0xca58f3a0, ftLastWriteTime.dwHighDateTime=0x1d62a91, nFileSizeHigh=0x0, nFileSizeLow=0x106ce, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bNl_oo3wBa.avi", cAlternateFileName="BNL_OO~1.AVI")) returned 1 [0051.658] lstrcmpiW (lpString1="bNl_oo3wBa.avi", lpString2="Windows") returned -1 [0051.658] lstrcmpiW (lpString1="bNl_oo3wBa.avi", lpString2="Program Files") returned -1 [0051.658] lstrcmpiW (lpString1="bNl_oo3wBa.avi", lpString2="Program Files (x86)") returned -1 [0051.658] lstrcmpiW (lpString1="bNl_oo3wBa.avi", lpString2="$Recycle.bin") returned 1 [0051.658] lstrcmpiW (lpString1="bNl_oo3wBa.avi", lpString2="System Volume Information") returned -1 [0051.658] lstrcmpiW (lpString1="bNl_oo3wBa.avi", lpString2=".") returned 1 [0051.658] lstrcmpiW (lpString1="bNl_oo3wBa.avi", lpString2="..") returned 1 [0051.658] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi") returned 56 [0051.658] StrStrIW (lpFirst="bNl_oo3wBa.avi", lpSrch=".lolkek") returned 0x0 [0051.658] lstrcmpW (lpString1="bNl_oo3wBa.avi", lpString2="LOLKEK.txt") returned -1 [0051.658] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi") returned 56 [0051.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x3ddb970 [0051.658] lstrcpyW (in: lpString1=0x3ddb970, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bNl_oo3wBa.avi" [0051.658] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.665] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.665] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2047fe60, ftCreationTime.dwHighDateTime=0x1d632ca, ftLastAccessTime.dwLowDateTime=0xc6037ba0, ftLastAccessTime.dwHighDateTime=0x1d63175, ftLastWriteTime.dwLowDateTime=0xc6037ba0, ftLastWriteTime.dwHighDateTime=0x1d63175, nFileSizeHigh=0x0, nFileSizeLow=0xc2fe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CvVmxc.wav", cAlternateFileName="")) returned 1 [0051.665] lstrcmpiW (lpString1="CvVmxc.wav", lpString2="Windows") returned -1 [0051.665] lstrcmpiW (lpString1="CvVmxc.wav", lpString2="Program Files") returned -1 [0051.665] lstrcmpiW (lpString1="CvVmxc.wav", lpString2="Program Files (x86)") returned -1 [0051.665] lstrcmpiW (lpString1="CvVmxc.wav", lpString2="$Recycle.bin") returned 1 [0051.665] lstrcmpiW (lpString1="CvVmxc.wav", lpString2="System Volume Information") returned -1 [0051.665] lstrcmpiW (lpString1="CvVmxc.wav", lpString2=".") returned 1 [0051.665] lstrcmpiW (lpString1="CvVmxc.wav", lpString2="..") returned 1 [0051.666] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav") returned 52 [0051.666] StrStrIW (lpFirst="CvVmxc.wav", lpSrch=".lolkek") returned 0x0 [0051.666] lstrcmpW (lpString1="CvVmxc.wav", lpString2="LOLKEK.txt") returned -1 [0051.666] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav") returned 52 [0051.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cbfbb0 [0051.666] lstrcpyW (in: lpString1=0x3cbfbb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CvVmxc.wav" [0051.666] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.744] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x652c7f60, ftCreationTime.dwHighDateTime=0x1d62681, ftLastAccessTime.dwLowDateTime=0x38d548f0, ftLastAccessTime.dwHighDateTime=0x1d62705, ftLastWriteTime.dwLowDateTime=0x38d548f0, ftLastWriteTime.dwHighDateTime=0x1d62705, nFileSizeHigh=0x0, nFileSizeLow=0xe621, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="d6dHlEdVqoCP.ots", cAlternateFileName="D6DHLE~1.OTS")) returned 1 [0051.744] lstrcmpiW (lpString1="d6dHlEdVqoCP.ots", lpString2="Windows") returned -1 [0051.744] lstrcmpiW (lpString1="d6dHlEdVqoCP.ots", lpString2="Program Files") returned -1 [0051.744] lstrcmpiW (lpString1="d6dHlEdVqoCP.ots", lpString2="Program Files (x86)") returned -1 [0051.744] lstrcmpiW (lpString1="d6dHlEdVqoCP.ots", lpString2="$Recycle.bin") returned 1 [0051.744] lstrcmpiW (lpString1="d6dHlEdVqoCP.ots", lpString2="System Volume Information") returned -1 [0051.744] lstrcmpiW (lpString1="d6dHlEdVqoCP.ots", lpString2=".") returned 1 [0051.744] lstrcmpiW (lpString1="d6dHlEdVqoCP.ots", lpString2="..") returned 1 [0051.744] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots") returned 58 [0051.744] StrStrIW (lpFirst="d6dHlEdVqoCP.ots", lpSrch=".lolkek") returned 0x0 [0051.744] lstrcmpW (lpString1="d6dHlEdVqoCP.ots", lpString2="LOLKEK.txt") returned -1 [0051.744] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots") returned 58 [0051.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7e28 [0051.744] lstrcpyW (in: lpString1=0x3ca7e28, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\d6dHlEdVqoCP.ots" [0051.744] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.744] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4a50110, ftCreationTime.dwHighDateTime=0x1d629a8, ftLastAccessTime.dwLowDateTime=0x57c6b620, ftLastAccessTime.dwHighDateTime=0x1d62c98, ftLastWriteTime.dwLowDateTime=0x57c6b620, ftLastWriteTime.dwHighDateTime=0x1d62c98, nFileSizeHigh=0x0, nFileSizeLow=0x854e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D6g6H39JpP0SvtoeP.pps", cAlternateFileName="D6G6H3~1.PPS")) returned 1 [0051.744] lstrcmpiW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2="Windows") returned -1 [0051.744] lstrcmpiW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2="Program Files") returned -1 [0051.744] lstrcmpiW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2="Program Files (x86)") returned -1 [0051.744] lstrcmpiW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2="$Recycle.bin") returned 1 [0051.744] lstrcmpiW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2="System Volume Information") returned -1 [0051.744] lstrcmpiW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2=".") returned 1 [0051.744] lstrcmpiW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2="..") returned 1 [0051.745] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps") returned 63 [0051.745] StrStrIW (lpFirst="D6g6H39JpP0SvtoeP.pps", lpSrch=".lolkek") returned 0x0 [0051.745] lstrcmpW (lpString1="D6g6H39JpP0SvtoeP.pps", lpString2="LOLKEK.txt") returned -1 [0051.745] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps") returned 63 [0051.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x62e8c0 [0051.745] lstrcpyW (in: lpString1=0x62e8c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D6g6H39JpP0SvtoeP.pps" [0051.745] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.745] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0051.745] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0051.745] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0051.745] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0051.745] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0051.745] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0051.745] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0051.745] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0051.745] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 53 [0051.745] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0051.745] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0051.745] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 53 [0051.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbfc90 [0051.745] lstrcpyW (in: lpString1=0x3cbfc90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" [0051.745] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.745] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d23f950, ftCreationTime.dwHighDateTime=0x1d62436, ftLastAccessTime.dwLowDateTime=0x8bcaa1c0, ftLastAccessTime.dwHighDateTime=0x1d630a8, ftLastWriteTime.dwLowDateTime=0x8bcaa1c0, ftLastWriteTime.dwHighDateTime=0x1d630a8, nFileSizeHigh=0x0, nFileSizeLow=0x6664, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="dqA64vO.ppt", cAlternateFileName="")) returned 1 [0051.745] lstrcmpiW (lpString1="dqA64vO.ppt", lpString2="Windows") returned -1 [0051.745] lstrcmpiW (lpString1="dqA64vO.ppt", lpString2="Program Files") returned -1 [0051.745] lstrcmpiW (lpString1="dqA64vO.ppt", lpString2="Program Files (x86)") returned -1 [0051.745] lstrcmpiW (lpString1="dqA64vO.ppt", lpString2="$Recycle.bin") returned 1 [0051.745] lstrcmpiW (lpString1="dqA64vO.ppt", lpString2="System Volume Information") returned -1 [0051.745] lstrcmpiW (lpString1="dqA64vO.ppt", lpString2=".") returned 1 [0051.745] lstrcmpiW (lpString1="dqA64vO.ppt", lpString2="..") returned 1 [0051.745] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt") returned 53 [0051.745] StrStrIW (lpFirst="dqA64vO.ppt", lpSrch=".lolkek") returned 0x0 [0051.745] lstrcmpW (lpString1="dqA64vO.ppt", lpString2="LOLKEK.txt") returned -1 [0051.745] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt") returned 53 [0051.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbf830 [0051.745] lstrcpyW (in: lpString1=0x3cbf830, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\dqA64vO.ppt" [0051.745] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.745] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7f41a10, ftCreationTime.dwHighDateTime=0x1d63013, ftLastAccessTime.dwLowDateTime=0x162b9610, ftLastAccessTime.dwHighDateTime=0x1d623e0, ftLastWriteTime.dwLowDateTime=0x162b9610, ftLastWriteTime.dwHighDateTime=0x1d623e0, nFileSizeHigh=0x0, nFileSizeLow=0x597b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eajJREqEAHxo.xlsx", cAlternateFileName="EAJJRE~1.XLS")) returned 1 [0051.745] lstrcmpiW (lpString1="eajJREqEAHxo.xlsx", lpString2="Windows") returned -1 [0051.745] lstrcmpiW (lpString1="eajJREqEAHxo.xlsx", lpString2="Program Files") returned -1 [0051.745] lstrcmpiW (lpString1="eajJREqEAHxo.xlsx", lpString2="Program Files (x86)") returned -1 [0051.746] lstrcmpiW (lpString1="eajJREqEAHxo.xlsx", lpString2="$Recycle.bin") returned 1 [0051.746] lstrcmpiW (lpString1="eajJREqEAHxo.xlsx", lpString2="System Volume Information") returned -1 [0051.746] lstrcmpiW (lpString1="eajJREqEAHxo.xlsx", lpString2=".") returned 1 [0051.746] lstrcmpiW (lpString1="eajJREqEAHxo.xlsx", lpString2="..") returned 1 [0051.746] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx") returned 59 [0051.746] StrStrIW (lpFirst="eajJREqEAHxo.xlsx", lpSrch=".lolkek") returned 0x0 [0051.746] lstrcmpW (lpString1="eajJREqEAHxo.xlsx", lpString2="LOLKEK.txt") returned -1 [0051.746] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx") returned 59 [0051.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca7f20 [0051.746] lstrcpyW (in: lpString1=0x3ca7f20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eajJREqEAHxo.xlsx" [0051.746] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.746] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.746] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x777fe850, ftCreationTime.dwHighDateTime=0x1d62aa5, ftLastAccessTime.dwLowDateTime=0xa50c5950, ftLastAccessTime.dwHighDateTime=0x1d62782, ftLastWriteTime.dwLowDateTime=0xa50c5950, ftLastWriteTime.dwHighDateTime=0x1d62782, nFileSizeHigh=0x0, nFileSizeLow=0x2aed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="EzdTR1q3WBlQ2qRN4sH.swf", cAlternateFileName="EZDTR1~1.SWF")) returned 1 [0051.746] lstrcmpiW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2="Windows") returned -1 [0051.746] lstrcmpiW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2="Program Files") returned -1 [0051.746] lstrcmpiW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2="Program Files (x86)") returned -1 [0051.746] lstrcmpiW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2="$Recycle.bin") returned 1 [0051.746] lstrcmpiW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2="System Volume Information") returned -1 [0051.746] lstrcmpiW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2=".") returned 1 [0051.746] lstrcmpiW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2="..") returned 1 [0051.746] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf") returned 65 [0051.746] StrStrIW (lpFirst="EzdTR1q3WBlQ2qRN4sH.swf", lpSrch=".lolkek") returned 0x0 [0051.746] lstrcmpW (lpString1="EzdTR1q3WBlQ2qRN4sH.swf", lpString2="LOLKEK.txt") returned -1 [0051.746] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf") returned 65 [0051.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611610 [0051.746] lstrcpyW (in: lpString1=0x611610, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EzdTR1q3WBlQ2qRN4sH.swf" [0051.746] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.746] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.746] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe614e4a0, ftCreationTime.dwHighDateTime=0x1d62e3d, ftLastAccessTime.dwLowDateTime=0x1b5f9740, ftLastAccessTime.dwHighDateTime=0x1d62c9f, ftLastWriteTime.dwLowDateTime=0x1b5f9740, ftLastWriteTime.dwHighDateTime=0x1d62c9f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="F693W", cAlternateFileName="")) returned 1 [0051.746] lstrcmpiW (lpString1="F693W", lpString2="Windows") returned -1 [0051.746] lstrcmpiW (lpString1="F693W", lpString2="Program Files") returned -1 [0051.746] lstrcmpiW (lpString1="F693W", lpString2="Program Files (x86)") returned -1 [0051.746] lstrcmpiW (lpString1="F693W", lpString2="$Recycle.bin") returned 1 [0051.746] lstrcmpiW (lpString1="F693W", lpString2="System Volume Information") returned -1 [0051.746] lstrcmpiW (lpString1="F693W", lpString2=".") returned 1 [0051.746] lstrcmpiW (lpString1="F693W", lpString2="..") returned 1 [0051.746] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W") returned 47 [0051.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.747] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W" [0051.747] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\*" [0051.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe614e4a0, ftCreationTime.dwHighDateTime=0x1d62e3d, ftLastAccessTime.dwLowDateTime=0x1b5f9740, ftLastAccessTime.dwHighDateTime=0x1d62c9f, ftLastWriteTime.dwLowDateTime=0x1b5f9740, ftLastWriteTime.dwHighDateTime=0x1d62c9f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.747] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.747] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.747] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.747] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.747] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.747] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.747] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe614e4a0, ftCreationTime.dwHighDateTime=0x1d62e3d, ftLastAccessTime.dwLowDateTime=0x1b5f9740, ftLastAccessTime.dwHighDateTime=0x1d62c9f, ftLastWriteTime.dwLowDateTime=0x1b5f9740, ftLastWriteTime.dwHighDateTime=0x1d62c9f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.747] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.747] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.747] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.747] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.747] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.747] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.747] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.747] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19031260, ftCreationTime.dwHighDateTime=0x1d627f9, ftLastAccessTime.dwLowDateTime=0xbae964c0, ftLastAccessTime.dwHighDateTime=0x1d626f1, ftLastWriteTime.dwLowDateTime=0xbae964c0, ftLastWriteTime.dwHighDateTime=0x1d626f1, nFileSizeHigh=0x0, nFileSizeLow=0x8622, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BA9ED.mp4", cAlternateFileName="")) returned 1 [0051.747] lstrcmpiW (lpString1="BA9ED.mp4", lpString2="Windows") returned -1 [0051.747] lstrcmpiW (lpString1="BA9ED.mp4", lpString2="Program Files") returned -1 [0051.747] lstrcmpiW (lpString1="BA9ED.mp4", lpString2="Program Files (x86)") returned -1 [0051.747] lstrcmpiW (lpString1="BA9ED.mp4", lpString2="$Recycle.bin") returned 1 [0051.747] lstrcmpiW (lpString1="BA9ED.mp4", lpString2="System Volume Information") returned -1 [0051.747] lstrcmpiW (lpString1="BA9ED.mp4", lpString2=".") returned 1 [0051.747] lstrcmpiW (lpString1="BA9ED.mp4", lpString2="..") returned 1 [0051.747] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4") returned 57 [0051.747] StrStrIW (lpFirst="BA9ED.mp4", lpSrch=".lolkek") returned 0x0 [0051.747] lstrcmpW (lpString1="BA9ED.mp4", lpString2="LOLKEK.txt") returned -1 [0051.747] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4") returned 57 [0051.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x657f38 [0051.747] lstrcpyW (in: lpString1=0x657f38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\BA9ED.mp4" [0051.747] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.747] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.747] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f74a5f0, ftCreationTime.dwHighDateTime=0x1d6257c, ftLastAccessTime.dwLowDateTime=0x1e55e810, ftLastAccessTime.dwHighDateTime=0x1d62ad7, ftLastWriteTime.dwLowDateTime=0x1e55e810, ftLastWriteTime.dwHighDateTime=0x1d62ad7, nFileSizeHigh=0x0, nFileSizeLow=0xb5c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="clX1V jiszc.png", cAlternateFileName="CLX1VJ~1.PNG")) returned 1 [0051.748] lstrcmpiW (lpString1="clX1V jiszc.png", lpString2="Windows") returned -1 [0051.748] lstrcmpiW (lpString1="clX1V jiszc.png", lpString2="Program Files") returned -1 [0051.748] lstrcmpiW (lpString1="clX1V jiszc.png", lpString2="Program Files (x86)") returned -1 [0051.748] lstrcmpiW (lpString1="clX1V jiszc.png", lpString2="$Recycle.bin") returned 1 [0051.748] lstrcmpiW (lpString1="clX1V jiszc.png", lpString2="System Volume Information") returned -1 [0051.748] lstrcmpiW (lpString1="clX1V jiszc.png", lpString2=".") returned 1 [0051.748] lstrcmpiW (lpString1="clX1V jiszc.png", lpString2="..") returned 1 [0051.748] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png") returned 63 [0051.748] StrStrIW (lpFirst="clX1V jiszc.png", lpSrch=".lolkek") returned 0x0 [0051.748] lstrcmpW (lpString1="clX1V jiszc.png", lpString2="LOLKEK.txt") returned -1 [0051.748] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png") returned 63 [0051.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3c94bc8 [0051.748] lstrcpyW (in: lpString1=0x3c94bc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\clX1V jiszc.png" [0051.748] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.748] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.748] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae89f4e0, ftCreationTime.dwHighDateTime=0x1d6321f, ftLastAccessTime.dwLowDateTime=0x29adb7d0, ftLastAccessTime.dwHighDateTime=0x1d62a71, ftLastWriteTime.dwLowDateTime=0x29adb7d0, ftLastWriteTime.dwHighDateTime=0x1d62a71, nFileSizeHigh=0x0, nFileSizeLow=0xeb13, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JCEu6TwfdT75.pps", cAlternateFileName="JCEU6T~1.PPS")) returned 1 [0051.748] lstrcmpiW (lpString1="JCEu6TwfdT75.pps", lpString2="Windows") returned -1 [0051.748] lstrcmpiW (lpString1="JCEu6TwfdT75.pps", lpString2="Program Files") returned -1 [0051.748] lstrcmpiW (lpString1="JCEu6TwfdT75.pps", lpString2="Program Files (x86)") returned -1 [0051.748] lstrcmpiW (lpString1="JCEu6TwfdT75.pps", lpString2="$Recycle.bin") returned 1 [0051.748] lstrcmpiW (lpString1="JCEu6TwfdT75.pps", lpString2="System Volume Information") returned -1 [0051.748] lstrcmpiW (lpString1="JCEu6TwfdT75.pps", lpString2=".") returned 1 [0051.748] lstrcmpiW (lpString1="JCEu6TwfdT75.pps", lpString2="..") returned 1 [0051.748] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps") returned 64 [0051.748] StrStrIW (lpFirst="JCEu6TwfdT75.pps", lpSrch=".lolkek") returned 0x0 [0051.748] lstrcmpW (lpString1="JCEu6TwfdT75.pps", lpString2="LOLKEK.txt") returned -1 [0051.748] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps") returned 64 [0051.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x6114f8 [0051.748] lstrcpyW (in: lpString1=0x6114f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JCEu6TwfdT75.pps" [0051.748] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.748] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.748] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd466a680, ftCreationTime.dwHighDateTime=0x1d624a1, ftLastAccessTime.dwLowDateTime=0xddf7c240, ftLastAccessTime.dwHighDateTime=0x1d6322c, ftLastWriteTime.dwLowDateTime=0xddf7c240, ftLastWriteTime.dwHighDateTime=0x1d6322c, nFileSizeHigh=0x0, nFileSizeLow=0x772c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JFoHtcYNE_U.mkv", cAlternateFileName="JFOHTC~1.MKV")) returned 1 [0051.748] lstrcmpiW (lpString1="JFoHtcYNE_U.mkv", lpString2="Windows") returned -1 [0051.748] lstrcmpiW (lpString1="JFoHtcYNE_U.mkv", lpString2="Program Files") returned -1 [0051.748] lstrcmpiW (lpString1="JFoHtcYNE_U.mkv", lpString2="Program Files (x86)") returned -1 [0051.748] lstrcmpiW (lpString1="JFoHtcYNE_U.mkv", lpString2="$Recycle.bin") returned 1 [0051.748] lstrcmpiW (lpString1="JFoHtcYNE_U.mkv", lpString2="System Volume Information") returned -1 [0051.748] lstrcmpiW (lpString1="JFoHtcYNE_U.mkv", lpString2=".") returned 1 [0051.748] lstrcmpiW (lpString1="JFoHtcYNE_U.mkv", lpString2="..") returned 1 [0051.748] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv") returned 63 [0051.748] StrStrIW (lpFirst="JFoHtcYNE_U.mkv", lpSrch=".lolkek") returned 0x0 [0051.748] lstrcmpW (lpString1="JFoHtcYNE_U.mkv", lpString2="LOLKEK.txt") returned -1 [0051.748] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv") returned 63 [0051.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3e3dc70 [0051.748] lstrcpyW (in: lpString1=0x3e3dc70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\JFoHtcYNE_U.mkv" [0051.748] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.749] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.749] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd466a680, ftCreationTime.dwHighDateTime=0x1d624a1, ftLastAccessTime.dwLowDateTime=0xddf7c240, ftLastAccessTime.dwHighDateTime=0x1d6322c, ftLastWriteTime.dwLowDateTime=0xddf7c240, ftLastWriteTime.dwHighDateTime=0x1d6322c, nFileSizeHigh=0x0, nFileSizeLow=0x772c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JFoHtcYNE_U.mkv", cAlternateFileName="JFOHTC~1.MKV")) returned 0 [0051.749] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.749] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\LOLKEK.txt") returned 58 [0051.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F693W\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f693w\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0051.749] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.749] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0051.750] CloseHandle (hObject=0x2b8) returned 1 [0051.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.753] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb7d73330, ftCreationTime.dwHighDateTime=0x1d62c09, ftLastAccessTime.dwLowDateTime=0x9c478450, ftLastAccessTime.dwHighDateTime=0x1d62f9a, ftLastWriteTime.dwLowDateTime=0x9c478450, ftLastWriteTime.dwHighDateTime=0x1d62f9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="iOboZhE3gUORUai0fe", cAlternateFileName="IOBOZH~1")) returned 1 [0051.753] lstrcmpiW (lpString1="iOboZhE3gUORUai0fe", lpString2="Windows") returned -1 [0051.753] lstrcmpiW (lpString1="iOboZhE3gUORUai0fe", lpString2="Program Files") returned -1 [0051.753] lstrcmpiW (lpString1="iOboZhE3gUORUai0fe", lpString2="Program Files (x86)") returned -1 [0051.753] lstrcmpiW (lpString1="iOboZhE3gUORUai0fe", lpString2="$Recycle.bin") returned 1 [0051.753] lstrcmpiW (lpString1="iOboZhE3gUORUai0fe", lpString2="System Volume Information") returned -1 [0051.753] lstrcmpiW (lpString1="iOboZhE3gUORUai0fe", lpString2=".") returned 1 [0051.753] lstrcmpiW (lpString1="iOboZhE3gUORUai0fe", lpString2="..") returned 1 [0051.753] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe") returned 60 [0051.753] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.753] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe" [0051.753] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\*" [0051.753] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb7d73330, ftCreationTime.dwHighDateTime=0x1d62c09, ftLastAccessTime.dwLowDateTime=0x9c478450, ftLastAccessTime.dwHighDateTime=0x1d62f9a, ftLastWriteTime.dwLowDateTime=0x9c478450, ftLastWriteTime.dwHighDateTime=0x1d62f9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.754] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.754] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.754] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.754] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.754] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.754] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.754] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb7d73330, ftCreationTime.dwHighDateTime=0x1d62c09, ftLastAccessTime.dwLowDateTime=0x9c478450, ftLastAccessTime.dwHighDateTime=0x1d62f9a, ftLastWriteTime.dwLowDateTime=0x9c478450, ftLastWriteTime.dwHighDateTime=0x1d62f9a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.754] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.754] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.754] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.754] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.754] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.754] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.754] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.754] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e7335d0, ftCreationTime.dwHighDateTime=0x1d62c4a, ftLastAccessTime.dwLowDateTime=0xc100cc80, ftLastAccessTime.dwHighDateTime=0x1d62ebd, ftLastWriteTime.dwLowDateTime=0xc100cc80, ftLastWriteTime.dwHighDateTime=0x1d62ebd, nFileSizeHigh=0x0, nFileSizeLow=0x104f5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OCBNPwOW63hL8.gif", cAlternateFileName="OCBNPW~1.GIF")) returned 1 [0051.754] lstrcmpiW (lpString1="OCBNPwOW63hL8.gif", lpString2="Windows") returned -1 [0051.754] lstrcmpiW (lpString1="OCBNPwOW63hL8.gif", lpString2="Program Files") returned -1 [0051.754] lstrcmpiW (lpString1="OCBNPwOW63hL8.gif", lpString2="Program Files (x86)") returned -1 [0051.754] lstrcmpiW (lpString1="OCBNPwOW63hL8.gif", lpString2="$Recycle.bin") returned 1 [0051.754] lstrcmpiW (lpString1="OCBNPwOW63hL8.gif", lpString2="System Volume Information") returned -1 [0051.754] lstrcmpiW (lpString1="OCBNPwOW63hL8.gif", lpString2=".") returned 1 [0051.754] lstrcmpiW (lpString1="OCBNPwOW63hL8.gif", lpString2="..") returned 1 [0051.754] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif") returned 78 [0051.754] StrStrIW (lpFirst="OCBNPwOW63hL8.gif", lpSrch=".lolkek") returned 0x0 [0051.754] lstrcmpW (lpString1="OCBNPwOW63hL8.gif", lpString2="LOLKEK.txt") returned 1 [0051.754] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif") returned 78 [0051.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x617000 [0051.754] lstrcpyW (in: lpString1=0x617000, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\OCBNPwOW63hL8.gif" [0051.754] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.754] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.754] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffa4c400, ftCreationTime.dwHighDateTime=0x1d6297c, ftLastAccessTime.dwLowDateTime=0xfc3cd8c0, ftLastAccessTime.dwHighDateTime=0x1d6267a, ftLastWriteTime.dwLowDateTime=0xfc3cd8c0, ftLastWriteTime.dwHighDateTime=0x1d6267a, nFileSizeHigh=0x0, nFileSizeLow=0x2b2d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uxU-vEPbvDSaoUYAX1.jpg", cAlternateFileName="UXU-VE~1.JPG")) returned 1 [0051.754] lstrcmpiW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2="Windows") returned -1 [0051.754] lstrcmpiW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2="Program Files") returned 1 [0051.754] lstrcmpiW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2="Program Files (x86)") returned 1 [0051.754] lstrcmpiW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2="$Recycle.bin") returned 1 [0051.754] lstrcmpiW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2="System Volume Information") returned 1 [0051.754] lstrcmpiW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2=".") returned 1 [0051.754] lstrcmpiW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2="..") returned 1 [0051.754] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg") returned 83 [0051.754] StrStrIW (lpFirst="uxU-vEPbvDSaoUYAX1.jpg", lpSrch=".lolkek") returned 0x0 [0051.754] lstrcmpW (lpString1="uxU-vEPbvDSaoUYAX1.jpg", lpString2="LOLKEK.txt") returned 1 [0051.754] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg") returned 83 [0051.754] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cadfd0 [0051.755] lstrcpyW (in: lpString1=0x3cadfd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\uxU-vEPbvDSaoUYAX1.jpg" [0051.755] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.755] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.755] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93d26fb0, ftCreationTime.dwHighDateTime=0x1d6288d, ftLastAccessTime.dwLowDateTime=0x6ef60790, ftLastAccessTime.dwHighDateTime=0x1d62e2a, ftLastWriteTime.dwLowDateTime=0x6ef60790, ftLastWriteTime.dwHighDateTime=0x1d62e2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wcAefGzEm1PP727z", cAlternateFileName="WCAEFG~1")) returned 1 [0051.755] lstrcmpiW (lpString1="wcAefGzEm1PP727z", lpString2="Windows") returned -1 [0051.755] lstrcmpiW (lpString1="wcAefGzEm1PP727z", lpString2="Program Files") returned 1 [0051.755] lstrcmpiW (lpString1="wcAefGzEm1PP727z", lpString2="Program Files (x86)") returned 1 [0051.755] lstrcmpiW (lpString1="wcAefGzEm1PP727z", lpString2="$Recycle.bin") returned 1 [0051.755] lstrcmpiW (lpString1="wcAefGzEm1PP727z", lpString2="System Volume Information") returned 1 [0051.755] lstrcmpiW (lpString1="wcAefGzEm1PP727z", lpString2=".") returned 1 [0051.755] lstrcmpiW (lpString1="wcAefGzEm1PP727z", lpString2="..") returned 1 [0051.755] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z") returned 77 [0051.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.755] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z" [0051.755] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\*" [0051.755] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93d26fb0, ftCreationTime.dwHighDateTime=0x1d6288d, ftLastAccessTime.dwLowDateTime=0x6ef60790, ftLastAccessTime.dwHighDateTime=0x1d62e2a, ftLastWriteTime.dwLowDateTime=0x6ef60790, ftLastWriteTime.dwHighDateTime=0x1d62e2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.755] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.755] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.755] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.755] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.755] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.755] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.755] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93d26fb0, ftCreationTime.dwHighDateTime=0x1d6288d, ftLastAccessTime.dwLowDateTime=0x6ef60790, ftLastAccessTime.dwHighDateTime=0x1d62e2a, ftLastWriteTime.dwLowDateTime=0x6ef60790, ftLastWriteTime.dwHighDateTime=0x1d62e2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.755] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.755] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.755] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.755] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.755] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.755] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.755] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.755] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6cc3240, ftCreationTime.dwHighDateTime=0x1d6302f, ftLastAccessTime.dwLowDateTime=0x9cc53f60, ftLastAccessTime.dwHighDateTime=0x1d62650, ftLastWriteTime.dwLowDateTime=0x9cc53f60, ftLastWriteTime.dwHighDateTime=0x1d62650, nFileSizeHigh=0x0, nFileSizeLow=0xaad7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="-LFWfc09E9.jpg", cAlternateFileName="-LFWFC~1.JPG")) returned 1 [0051.755] lstrcmpiW (lpString1="-LFWfc09E9.jpg", lpString2="Windows") returned -1 [0051.756] lstrcmpiW (lpString1="-LFWfc09E9.jpg", lpString2="Program Files") returned -1 [0051.756] lstrcmpiW (lpString1="-LFWfc09E9.jpg", lpString2="Program Files (x86)") returned -1 [0051.756] lstrcmpiW (lpString1="-LFWfc09E9.jpg", lpString2="$Recycle.bin") returned 1 [0051.756] lstrcmpiW (lpString1="-LFWfc09E9.jpg", lpString2="System Volume Information") returned -1 [0051.756] lstrcmpiW (lpString1="-LFWfc09E9.jpg", lpString2=".") returned 1 [0051.756] lstrcmpiW (lpString1="-LFWfc09E9.jpg", lpString2="..") returned 1 [0051.756] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg") returned 92 [0051.756] StrStrIW (lpFirst="-LFWfc09E9.jpg", lpSrch=".lolkek") returned 0x0 [0051.756] lstrcmpW (lpString1="-LFWfc09E9.jpg", lpString2="LOLKEK.txt") returned -1 [0051.756] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg") returned 92 [0051.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x174) returned 0x3e3dd78 [0051.756] lstrcpyW (in: lpString1=0x3e3dd78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\-LFWfc09E9.jpg" [0051.756] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.756] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.756] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1ac6400, ftCreationTime.dwHighDateTime=0x1d625bd, ftLastAccessTime.dwLowDateTime=0x16255c20, ftLastAccessTime.dwHighDateTime=0x1d62d02, ftLastWriteTime.dwLowDateTime=0x16255c20, ftLastWriteTime.dwHighDateTime=0x1d62d02, nFileSizeHigh=0x0, nFileSizeLow=0x2561, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="iUyUv06qKUW1NACi.wav", cAlternateFileName="IUYUV0~1.WAV")) returned 1 [0051.756] lstrcmpiW (lpString1="iUyUv06qKUW1NACi.wav", lpString2="Windows") returned -1 [0051.756] lstrcmpiW (lpString1="iUyUv06qKUW1NACi.wav", lpString2="Program Files") returned -1 [0051.756] lstrcmpiW (lpString1="iUyUv06qKUW1NACi.wav", lpString2="Program Files (x86)") returned -1 [0051.756] lstrcmpiW (lpString1="iUyUv06qKUW1NACi.wav", lpString2="$Recycle.bin") returned 1 [0051.756] lstrcmpiW (lpString1="iUyUv06qKUW1NACi.wav", lpString2="System Volume Information") returned -1 [0051.756] lstrcmpiW (lpString1="iUyUv06qKUW1NACi.wav", lpString2=".") returned 1 [0051.756] lstrcmpiW (lpString1="iUyUv06qKUW1NACi.wav", lpString2="..") returned 1 [0051.756] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav") returned 98 [0051.756] StrStrIW (lpFirst="iUyUv06qKUW1NACi.wav", lpSrch=".lolkek") returned 0x0 [0051.756] lstrcmpW (lpString1="iUyUv06qKUW1NACi.wav", lpString2="LOLKEK.txt") returned -1 [0051.756] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav") returned 98 [0051.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3dd5040 [0051.756] lstrcpyW (in: lpString1=0x3dd5040, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\iUyUv06qKUW1NACi.wav" [0051.756] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.756] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.756] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d5ddd00, ftCreationTime.dwHighDateTime=0x1d62391, ftLastAccessTime.dwLowDateTime=0xc2712d90, ftLastAccessTime.dwHighDateTime=0x1d630fb, ftLastWriteTime.dwLowDateTime=0xc2712d90, ftLastWriteTime.dwHighDateTime=0x1d630fb, nFileSizeHigh=0x0, nFileSizeLow=0x111cd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jdkg1qRkK89.rtf", cAlternateFileName="JDKG1Q~1.RTF")) returned 1 [0051.756] lstrcmpiW (lpString1="jdkg1qRkK89.rtf", lpString2="Windows") returned -1 [0051.756] lstrcmpiW (lpString1="jdkg1qRkK89.rtf", lpString2="Program Files") returned -1 [0051.756] lstrcmpiW (lpString1="jdkg1qRkK89.rtf", lpString2="Program Files (x86)") returned -1 [0051.756] lstrcmpiW (lpString1="jdkg1qRkK89.rtf", lpString2="$Recycle.bin") returned 1 [0051.756] lstrcmpiW (lpString1="jdkg1qRkK89.rtf", lpString2="System Volume Information") returned -1 [0051.756] lstrcmpiW (lpString1="jdkg1qRkK89.rtf", lpString2=".") returned 1 [0051.756] lstrcmpiW (lpString1="jdkg1qRkK89.rtf", lpString2="..") returned 1 [0051.756] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf") returned 93 [0051.756] StrStrIW (lpFirst="jdkg1qRkK89.rtf", lpSrch=".lolkek") returned 0x0 [0051.756] lstrcmpW (lpString1="jdkg1qRkK89.rtf", lpString2="LOLKEK.txt") returned -1 [0051.756] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf") returned 93 [0051.756] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x178) returned 0x3dd51d8 [0051.756] lstrcpyW (in: lpString1=0x3dd51d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\jdkg1qRkK89.rtf" [0051.756] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.757] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.757] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20ceeb10, ftCreationTime.dwHighDateTime=0x1d62347, ftLastAccessTime.dwLowDateTime=0x278a4b50, ftLastAccessTime.dwHighDateTime=0x1d627ef, ftLastWriteTime.dwLowDateTime=0x278a4b50, ftLastWriteTime.dwHighDateTime=0x1d627ef, nFileSizeHigh=0x0, nFileSizeLow=0x100c4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rG-YVnFQfTOlx.bmp", cAlternateFileName="RG-YVN~1.BMP")) returned 1 [0051.757] lstrcmpiW (lpString1="rG-YVnFQfTOlx.bmp", lpString2="Windows") returned -1 [0051.757] lstrcmpiW (lpString1="rG-YVnFQfTOlx.bmp", lpString2="Program Files") returned 1 [0051.757] lstrcmpiW (lpString1="rG-YVnFQfTOlx.bmp", lpString2="Program Files (x86)") returned 1 [0051.757] lstrcmpiW (lpString1="rG-YVnFQfTOlx.bmp", lpString2="$Recycle.bin") returned 1 [0051.757] lstrcmpiW (lpString1="rG-YVnFQfTOlx.bmp", lpString2="System Volume Information") returned -1 [0051.757] lstrcmpiW (lpString1="rG-YVnFQfTOlx.bmp", lpString2=".") returned 1 [0051.757] lstrcmpiW (lpString1="rG-YVnFQfTOlx.bmp", lpString2="..") returned 1 [0051.757] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp") returned 95 [0051.757] StrStrIW (lpFirst="rG-YVnFQfTOlx.bmp", lpSrch=".lolkek") returned 0x0 [0051.757] lstrcmpW (lpString1="rG-YVnFQfTOlx.bmp", lpString2="LOLKEK.txt") returned 1 [0051.757] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp") returned 95 [0051.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x3dd5358 [0051.757] lstrcpyW (in: lpString1=0x3dd5358, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\rG-YVnFQfTOlx.bmp" [0051.757] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.757] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.757] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a8ea4a0, ftCreationTime.dwHighDateTime=0x1d62c01, ftLastAccessTime.dwLowDateTime=0x4fb02400, ftLastAccessTime.dwHighDateTime=0x1d630f6, ftLastWriteTime.dwLowDateTime=0x4fb02400, ftLastWriteTime.dwHighDateTime=0x1d630f6, nFileSizeHigh=0x0, nFileSizeLow=0x69b0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tkGY9-2jWZIKf.gif", cAlternateFileName="TKGY9-~1.GIF")) returned 1 [0051.757] lstrcmpiW (lpString1="tkGY9-2jWZIKf.gif", lpString2="Windows") returned -1 [0051.757] lstrcmpiW (lpString1="tkGY9-2jWZIKf.gif", lpString2="Program Files") returned 1 [0051.757] lstrcmpiW (lpString1="tkGY9-2jWZIKf.gif", lpString2="Program Files (x86)") returned 1 [0051.757] lstrcmpiW (lpString1="tkGY9-2jWZIKf.gif", lpString2="$Recycle.bin") returned 1 [0051.757] lstrcmpiW (lpString1="tkGY9-2jWZIKf.gif", lpString2="System Volume Information") returned 1 [0051.757] lstrcmpiW (lpString1="tkGY9-2jWZIKf.gif", lpString2=".") returned 1 [0051.757] lstrcmpiW (lpString1="tkGY9-2jWZIKf.gif", lpString2="..") returned 1 [0051.757] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif") returned 95 [0051.757] StrStrIW (lpFirst="tkGY9-2jWZIKf.gif", lpSrch=".lolkek") returned 0x0 [0051.757] lstrcmpW (lpString1="tkGY9-2jWZIKf.gif", lpString2="LOLKEK.txt") returned 1 [0051.757] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif") returned 95 [0051.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x3dd54e0 [0051.757] lstrcpyW (in: lpString1=0x3dd54e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\tkGY9-2jWZIKf.gif" [0051.757] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.757] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.757] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a8ea4a0, ftCreationTime.dwHighDateTime=0x1d62c01, ftLastAccessTime.dwLowDateTime=0x4fb02400, ftLastAccessTime.dwHighDateTime=0x1d630f6, ftLastWriteTime.dwLowDateTime=0x4fb02400, ftLastWriteTime.dwHighDateTime=0x1d630f6, nFileSizeHigh=0x0, nFileSizeLow=0x69b0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tkGY9-2jWZIKf.gif", cAlternateFileName="TKGY9-~1.GIF")) returned 0 [0051.757] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.757] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\LOLKEK.txt") returned 88 [0051.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\wcAefGzEm1PP727z\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\wcaefgzem1pp727z\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.758] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.758] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0051.758] CloseHandle (hObject=0x258) returned 1 [0051.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.759] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93d26fb0, ftCreationTime.dwHighDateTime=0x1d6288d, ftLastAccessTime.dwLowDateTime=0x6ef60790, ftLastAccessTime.dwHighDateTime=0x1d62e2a, ftLastWriteTime.dwLowDateTime=0x6ef60790, ftLastWriteTime.dwHighDateTime=0x1d62e2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wcAefGzEm1PP727z", cAlternateFileName="WCAEFG~1")) returned 0 [0051.759] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0051.759] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\LOLKEK.txt") returned 71 [0051.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iOboZhE3gUORUai0fe\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iobozhe3guoruai0fe\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0051.759] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.759] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0051.760] CloseHandle (hObject=0x2b8) returned 1 [0051.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0051.760] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x17a83b40, ftCreationTime.dwHighDateTime=0x1d63297, ftLastAccessTime.dwLowDateTime=0x3a850a30, ftLastAccessTime.dwHighDateTime=0x1d62f68, ftLastWriteTime.dwLowDateTime=0x3a850a30, ftLastWriteTime.dwHighDateTime=0x1d62f68, nFileSizeHigh=0x0, nFileSizeLow=0x69ff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="J0U7.bmp", cAlternateFileName="")) returned 1 [0051.760] lstrcmpiW (lpString1="J0U7.bmp", lpString2="Windows") returned -1 [0051.760] lstrcmpiW (lpString1="J0U7.bmp", lpString2="Program Files") returned -1 [0051.760] lstrcmpiW (lpString1="J0U7.bmp", lpString2="Program Files (x86)") returned -1 [0051.760] lstrcmpiW (lpString1="J0U7.bmp", lpString2="$Recycle.bin") returned 1 [0051.760] lstrcmpiW (lpString1="J0U7.bmp", lpString2="System Volume Information") returned -1 [0051.760] lstrcmpiW (lpString1="J0U7.bmp", lpString2=".") returned 1 [0051.760] lstrcmpiW (lpString1="J0U7.bmp", lpString2="..") returned 1 [0051.760] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp") returned 50 [0051.760] StrStrIW (lpFirst="J0U7.bmp", lpSrch=".lolkek") returned 0x0 [0051.760] lstrcmpW (lpString1="J0U7.bmp", lpString2="LOLKEK.txt") returned -1 [0051.760] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp") returned 50 [0051.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbd748 [0051.761] lstrcpyW (in: lpString1=0x3cbd748, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\J0U7.bmp" [0051.761] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.761] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.761] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2516460, ftCreationTime.dwHighDateTime=0x1d62a55, ftLastAccessTime.dwLowDateTime=0x37033ac0, ftLastAccessTime.dwHighDateTime=0x1d628f7, ftLastWriteTime.dwLowDateTime=0x37033ac0, ftLastWriteTime.dwHighDateTime=0x1d628f7, nFileSizeHigh=0x0, nFileSizeLow=0xd995, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mDpI.mp4", cAlternateFileName="")) returned 1 [0051.761] lstrcmpiW (lpString1="mDpI.mp4", lpString2="Windows") returned -1 [0051.761] lstrcmpiW (lpString1="mDpI.mp4", lpString2="Program Files") returned -1 [0051.761] lstrcmpiW (lpString1="mDpI.mp4", lpString2="Program Files (x86)") returned -1 [0051.761] lstrcmpiW (lpString1="mDpI.mp4", lpString2="$Recycle.bin") returned 1 [0051.761] lstrcmpiW (lpString1="mDpI.mp4", lpString2="System Volume Information") returned -1 [0051.761] lstrcmpiW (lpString1="mDpI.mp4", lpString2=".") returned 1 [0051.761] lstrcmpiW (lpString1="mDpI.mp4", lpString2="..") returned 1 [0051.761] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4") returned 50 [0051.761] StrStrIW (lpFirst="mDpI.mp4", lpSrch=".lolkek") returned 0x0 [0051.761] lstrcmpW (lpString1="mDpI.mp4", lpString2="LOLKEK.txt") returned 1 [0051.761] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4") returned 50 [0051.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbe168 [0051.761] lstrcpyW (in: lpString1=0x3cbe168, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mDpI.mp4" [0051.761] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.813] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.813] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc402cf50, ftCreationTime.dwHighDateTime=0x1d628d2, ftLastAccessTime.dwLowDateTime=0x8e64f2d0, ftLastAccessTime.dwHighDateTime=0x1d6234e, ftLastWriteTime.dwLowDateTime=0x8e64f2d0, ftLastWriteTime.dwHighDateTime=0x1d6234e, nFileSizeHigh=0x0, nFileSizeLow=0x157f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MMmSKjIiL4j4xki.avi", cAlternateFileName="MMMSKJ~1.AVI")) returned 1 [0051.813] lstrcmpiW (lpString1="MMmSKjIiL4j4xki.avi", lpString2="Windows") returned -1 [0051.813] lstrcmpiW (lpString1="MMmSKjIiL4j4xki.avi", lpString2="Program Files") returned -1 [0051.813] lstrcmpiW (lpString1="MMmSKjIiL4j4xki.avi", lpString2="Program Files (x86)") returned -1 [0051.813] lstrcmpiW (lpString1="MMmSKjIiL4j4xki.avi", lpString2="$Recycle.bin") returned 1 [0051.813] lstrcmpiW (lpString1="MMmSKjIiL4j4xki.avi", lpString2="System Volume Information") returned -1 [0051.813] lstrcmpiW (lpString1="MMmSKjIiL4j4xki.avi", lpString2=".") returned 1 [0051.813] lstrcmpiW (lpString1="MMmSKjIiL4j4xki.avi", lpString2="..") returned 1 [0051.813] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi") returned 61 [0051.813] StrStrIW (lpFirst="MMmSKjIiL4j4xki.avi", lpSrch=".lolkek") returned 0x0 [0051.813] lstrcmpW (lpString1="MMmSKjIiL4j4xki.avi", lpString2="LOLKEK.txt") returned 1 [0051.813] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi") returned 61 [0051.813] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0160 [0051.813] lstrcpyW (in: lpString1=0x3da0160, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MMmSKjIiL4j4xki.avi" [0051.813] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.813] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.813] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2731e50, ftCreationTime.dwHighDateTime=0x1d62f79, ftLastAccessTime.dwLowDateTime=0xac4c06f0, ftLastAccessTime.dwHighDateTime=0x1d62757, ftLastWriteTime.dwLowDateTime=0xac4c06f0, ftLastWriteTime.dwHighDateTime=0x1d62757, nFileSizeHigh=0x0, nFileSizeLow=0x128a0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NcEXE-7ShYDJis.avi", cAlternateFileName="NCEXE-~1.AVI")) returned 1 [0051.813] lstrcmpiW (lpString1="NcEXE-7ShYDJis.avi", lpString2="Windows") returned -1 [0051.813] lstrcmpiW (lpString1="NcEXE-7ShYDJis.avi", lpString2="Program Files") returned -1 [0051.813] lstrcmpiW (lpString1="NcEXE-7ShYDJis.avi", lpString2="Program Files (x86)") returned -1 [0051.813] lstrcmpiW (lpString1="NcEXE-7ShYDJis.avi", lpString2="$Recycle.bin") returned 1 [0051.813] lstrcmpiW (lpString1="NcEXE-7ShYDJis.avi", lpString2="System Volume Information") returned -1 [0051.813] lstrcmpiW (lpString1="NcEXE-7ShYDJis.avi", lpString2=".") returned 1 [0051.814] lstrcmpiW (lpString1="NcEXE-7ShYDJis.avi", lpString2="..") returned 1 [0051.814] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi") returned 60 [0051.814] StrStrIW (lpFirst="NcEXE-7ShYDJis.avi", lpSrch=".lolkek") returned 0x0 [0051.814] lstrcmpW (lpString1="NcEXE-7ShYDJis.avi", lpString2="LOLKEK.txt") returned 1 [0051.814] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi") returned 60 [0051.814] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0860 [0051.814] lstrcpyW (in: lpString1=0x3da0860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NcEXE-7ShYDJis.avi" [0051.814] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.814] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.814] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0e67e40, ftCreationTime.dwHighDateTime=0x1d62de1, ftLastAccessTime.dwLowDateTime=0x1d7b3c20, ftLastAccessTime.dwHighDateTime=0x1d625cc, ftLastWriteTime.dwLowDateTime=0x1d7b3c20, ftLastWriteTime.dwHighDateTime=0x1d625cc, nFileSizeHigh=0x0, nFileSizeLow=0x3b7f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nJI0qHa.m4a", cAlternateFileName="")) returned 1 [0051.814] lstrcmpiW (lpString1="nJI0qHa.m4a", lpString2="Windows") returned -1 [0051.814] lstrcmpiW (lpString1="nJI0qHa.m4a", lpString2="Program Files") returned -1 [0051.814] lstrcmpiW (lpString1="nJI0qHa.m4a", lpString2="Program Files (x86)") returned -1 [0051.814] lstrcmpiW (lpString1="nJI0qHa.m4a", lpString2="$Recycle.bin") returned 1 [0051.814] lstrcmpiW (lpString1="nJI0qHa.m4a", lpString2="System Volume Information") returned -1 [0051.814] lstrcmpiW (lpString1="nJI0qHa.m4a", lpString2=".") returned 1 [0051.814] lstrcmpiW (lpString1="nJI0qHa.m4a", lpString2="..") returned 1 [0051.814] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a") returned 53 [0051.814] StrStrIW (lpFirst="nJI0qHa.m4a", lpSrch=".lolkek") returned 0x0 [0051.814] lstrcmpW (lpString1="nJI0qHa.m4a", lpString2="LOLKEK.txt") returned 1 [0051.814] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a") returned 53 [0051.814] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbfad0 [0051.814] lstrcpyW (in: lpString1=0x3cbfad0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nJI0qHa.m4a" [0051.814] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.814] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.814] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda70cd20, ftCreationTime.dwHighDateTime=0x1d62d44, ftLastAccessTime.dwLowDateTime=0x53da7600, ftLastAccessTime.dwHighDateTime=0x1d62630, ftLastWriteTime.dwLowDateTime=0x53da7600, ftLastWriteTime.dwHighDateTime=0x1d62630, nFileSizeHigh=0x0, nFileSizeLow=0x17a2f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nugy9SHNqN0XlNZXD 1.wav", cAlternateFileName="NUGY9S~1.WAV")) returned 1 [0051.814] lstrcmpiW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2="Windows") returned -1 [0051.814] lstrcmpiW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2="Program Files") returned -1 [0051.814] lstrcmpiW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2="Program Files (x86)") returned -1 [0051.814] lstrcmpiW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2="$Recycle.bin") returned 1 [0051.814] lstrcmpiW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2="System Volume Information") returned -1 [0051.814] lstrcmpiW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2=".") returned 1 [0051.814] lstrcmpiW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2="..") returned 1 [0051.814] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav") returned 65 [0051.814] StrStrIW (lpFirst="nugy9SHNqN0XlNZXD 1.wav", lpSrch=".lolkek") returned 0x0 [0051.815] lstrcmpW (lpString1="nugy9SHNqN0XlNZXD 1.wav", lpString2="LOLKEK.txt") returned 1 [0051.815] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav") returned 65 [0051.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611728 [0051.815] lstrcpyW (in: lpString1=0x611728, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nugy9SHNqN0XlNZXD 1.wav" [0051.815] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.815] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.815] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d3bcbd0, ftCreationTime.dwHighDateTime=0x1d6227b, ftLastAccessTime.dwLowDateTime=0x82149b00, ftLastAccessTime.dwHighDateTime=0x1d62661, ftLastWriteTime.dwLowDateTime=0x82149b00, ftLastWriteTime.dwHighDateTime=0x1d62661, nFileSizeHigh=0x0, nFileSizeLow=0x58df, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OuV-4Si_aZ7.wav", cAlternateFileName="OUV-4S~1.WAV")) returned 1 [0051.815] lstrcmpiW (lpString1="OuV-4Si_aZ7.wav", lpString2="Windows") returned -1 [0051.815] lstrcmpiW (lpString1="OuV-4Si_aZ7.wav", lpString2="Program Files") returned -1 [0051.815] lstrcmpiW (lpString1="OuV-4Si_aZ7.wav", lpString2="Program Files (x86)") returned -1 [0051.815] lstrcmpiW (lpString1="OuV-4Si_aZ7.wav", lpString2="$Recycle.bin") returned 1 [0051.815] lstrcmpiW (lpString1="OuV-4Si_aZ7.wav", lpString2="System Volume Information") returned -1 [0051.815] lstrcmpiW (lpString1="OuV-4Si_aZ7.wav", lpString2=".") returned 1 [0051.815] lstrcmpiW (lpString1="OuV-4Si_aZ7.wav", lpString2="..") returned 1 [0051.815] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav") returned 57 [0051.815] StrStrIW (lpFirst="OuV-4Si_aZ7.wav", lpSrch=".lolkek") returned 0x0 [0051.815] lstrcmpW (lpString1="OuV-4Si_aZ7.wav", lpString2="LOLKEK.txt") returned 1 [0051.815] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav") returned 57 [0051.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x3dddeb0 [0051.815] lstrcpyW (in: lpString1=0x3dddeb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OuV-4Si_aZ7.wav" [0051.815] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.815] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.815] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbe9d6f0, ftCreationTime.dwHighDateTime=0x1d63015, ftLastAccessTime.dwLowDateTime=0x3875eb20, ftLastAccessTime.dwHighDateTime=0x1d623f5, ftLastWriteTime.dwLowDateTime=0x3875eb20, ftLastWriteTime.dwHighDateTime=0x1d623f5, nFileSizeHigh=0x0, nFileSizeLow=0xa5ec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="q21x-Ei-l UX.png", cAlternateFileName="Q21X-E~1.PNG")) returned 1 [0051.815] lstrcmpiW (lpString1="q21x-Ei-l UX.png", lpString2="Windows") returned -1 [0051.815] lstrcmpiW (lpString1="q21x-Ei-l UX.png", lpString2="Program Files") returned 1 [0051.815] lstrcmpiW (lpString1="q21x-Ei-l UX.png", lpString2="Program Files (x86)") returned 1 [0051.815] lstrcmpiW (lpString1="q21x-Ei-l UX.png", lpString2="$Recycle.bin") returned 1 [0051.815] lstrcmpiW (lpString1="q21x-Ei-l UX.png", lpString2="System Volume Information") returned -1 [0051.815] lstrcmpiW (lpString1="q21x-Ei-l UX.png", lpString2=".") returned 1 [0051.815] lstrcmpiW (lpString1="q21x-Ei-l UX.png", lpString2="..") returned 1 [0051.815] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png") returned 58 [0051.815] StrStrIW (lpFirst="q21x-Ei-l UX.png", lpSrch=".lolkek") returned 0x0 [0051.815] lstrcmpW (lpString1="q21x-Ei-l UX.png", lpString2="LOLKEK.txt") returned 1 [0051.815] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png") returned 58 [0051.815] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca8018 [0051.815] lstrcpyW (in: lpString1=0x3ca8018, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\q21x-Ei-l UX.png" [0051.816] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.816] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.816] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4b713c0, ftCreationTime.dwHighDateTime=0x1d625dc, ftLastAccessTime.dwLowDateTime=0xe653e570, ftLastAccessTime.dwHighDateTime=0x1d62987, ftLastWriteTime.dwLowDateTime=0xe653e570, ftLastWriteTime.dwHighDateTime=0x1d62987, nFileSizeHigh=0x0, nFileSizeLow=0x7a08, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RpWo.mp3", cAlternateFileName="")) returned 1 [0051.816] lstrcmpiW (lpString1="RpWo.mp3", lpString2="Windows") returned -1 [0051.816] lstrcmpiW (lpString1="RpWo.mp3", lpString2="Program Files") returned 1 [0051.816] lstrcmpiW (lpString1="RpWo.mp3", lpString2="Program Files (x86)") returned 1 [0051.816] lstrcmpiW (lpString1="RpWo.mp3", lpString2="$Recycle.bin") returned 1 [0051.816] lstrcmpiW (lpString1="RpWo.mp3", lpString2="System Volume Information") returned -1 [0051.816] lstrcmpiW (lpString1="RpWo.mp3", lpString2=".") returned 1 [0051.816] lstrcmpiW (lpString1="RpWo.mp3", lpString2="..") returned 1 [0051.816] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3") returned 50 [0051.816] StrStrIW (lpFirst="RpWo.mp3", lpSrch=".lolkek") returned 0x0 [0051.816] lstrcmpW (lpString1="RpWo.mp3", lpString2="LOLKEK.txt") returned 1 [0051.816] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3") returned 50 [0051.816] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbd8f8 [0051.816] lstrcpyW (in: lpString1=0x3cbd8f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RpWo.mp3" [0051.816] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.816] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.816] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfab25d00, ftCreationTime.dwHighDateTime=0x1d62e21, ftLastAccessTime.dwLowDateTime=0x817567f0, ftLastAccessTime.dwHighDateTime=0x1d6319d, ftLastWriteTime.dwLowDateTime=0x817567f0, ftLastWriteTime.dwHighDateTime=0x1d6319d, nFileSizeHigh=0x0, nFileSizeLow=0x1239d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sHTikJdVYz1k2vivH.ots", cAlternateFileName="SHTIKJ~1.OTS")) returned 1 [0051.816] lstrcmpiW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2="Windows") returned -1 [0051.816] lstrcmpiW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2="Program Files") returned 1 [0051.816] lstrcmpiW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2="Program Files (x86)") returned 1 [0051.816] lstrcmpiW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2="$Recycle.bin") returned 1 [0051.816] lstrcmpiW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2="System Volume Information") returned -1 [0051.816] lstrcmpiW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2=".") returned 1 [0051.816] lstrcmpiW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2="..") returned 1 [0051.816] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots") returned 63 [0051.816] StrStrIW (lpFirst="sHTikJdVYz1k2vivH.ots", lpSrch=".lolkek") returned 0x0 [0051.816] lstrcmpW (lpString1="sHTikJdVYz1k2vivH.ots", lpString2="LOLKEK.txt") returned 1 [0051.816] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots") returned 63 [0051.816] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec3d08 [0051.817] lstrcpyW (in: lpString1=0x3ec3d08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sHTikJdVYz1k2vivH.ots" [0051.817] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.817] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.817] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x633db640, ftCreationTime.dwHighDateTime=0x1d628c7, ftLastAccessTime.dwLowDateTime=0x53b82440, ftLastAccessTime.dwHighDateTime=0x1d630e1, ftLastWriteTime.dwLowDateTime=0x53b82440, ftLastWriteTime.dwHighDateTime=0x1d630e1, nFileSizeHigh=0x0, nFileSizeLow=0x6070, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sjrB7jSI.swf", cAlternateFileName="")) returned 1 [0051.817] lstrcmpiW (lpString1="sjrB7jSI.swf", lpString2="Windows") returned -1 [0051.817] lstrcmpiW (lpString1="sjrB7jSI.swf", lpString2="Program Files") returned 1 [0051.817] lstrcmpiW (lpString1="sjrB7jSI.swf", lpString2="Program Files (x86)") returned 1 [0051.817] lstrcmpiW (lpString1="sjrB7jSI.swf", lpString2="$Recycle.bin") returned 1 [0051.817] lstrcmpiW (lpString1="sjrB7jSI.swf", lpString2="System Volume Information") returned -1 [0051.817] lstrcmpiW (lpString1="sjrB7jSI.swf", lpString2=".") returned 1 [0051.817] lstrcmpiW (lpString1="sjrB7jSI.swf", lpString2="..") returned 1 [0051.817] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf") returned 54 [0051.817] StrStrIW (lpFirst="sjrB7jSI.swf", lpSrch=".lolkek") returned 0x0 [0051.817] lstrcmpW (lpString1="sjrB7jSI.swf", lpString2="LOLKEK.txt") returned 1 [0051.817] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf") returned 54 [0051.817] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbb928 [0051.817] lstrcpyW (in: lpString1=0x3cbb928, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sjrB7jSI.swf" [0051.817] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.817] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.817] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b98710, ftCreationTime.dwHighDateTime=0x1d62b99, ftLastAccessTime.dwLowDateTime=0x8422e6b0, ftLastAccessTime.dwHighDateTime=0x1d630d7, ftLastWriteTime.dwLowDateTime=0x8422e6b0, ftLastWriteTime.dwHighDateTime=0x1d630d7, nFileSizeHigh=0x0, nFileSizeLow=0x4cc9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tl-v.mkv", cAlternateFileName="")) returned 1 [0051.817] lstrcmpiW (lpString1="tl-v.mkv", lpString2="Windows") returned -1 [0051.817] lstrcmpiW (lpString1="tl-v.mkv", lpString2="Program Files") returned 1 [0051.817] lstrcmpiW (lpString1="tl-v.mkv", lpString2="Program Files (x86)") returned 1 [0051.817] lstrcmpiW (lpString1="tl-v.mkv", lpString2="$Recycle.bin") returned 1 [0051.817] lstrcmpiW (lpString1="tl-v.mkv", lpString2="System Volume Information") returned 1 [0051.817] lstrcmpiW (lpString1="tl-v.mkv", lpString2=".") returned 1 [0051.817] lstrcmpiW (lpString1="tl-v.mkv", lpString2="..") returned 1 [0051.817] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv") returned 50 [0051.817] StrStrIW (lpFirst="tl-v.mkv", lpSrch=".lolkek") returned 0x0 [0051.818] lstrcmpW (lpString1="tl-v.mkv", lpString2="LOLKEK.txt") returned 1 [0051.818] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv") returned 50 [0051.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbd670 [0051.818] lstrcpyW (in: lpString1=0x3cbd670, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tl-v.mkv" [0051.818] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.818] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.818] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcbd4fe30, ftCreationTime.dwHighDateTime=0x1d62a42, ftLastAccessTime.dwLowDateTime=0xd8234d40, ftLastAccessTime.dwHighDateTime=0x1d6296b, ftLastWriteTime.dwLowDateTime=0xd8234d40, ftLastWriteTime.dwHighDateTime=0x1d6296b, nFileSizeHigh=0x0, nFileSizeLow=0x13760, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ug-1oNEhBIc0Y12Aa_V.mp3", cAlternateFileName="UG-1ON~1.MP3")) returned 1 [0051.818] lstrcmpiW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2="Windows") returned -1 [0051.818] lstrcmpiW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2="Program Files") returned 1 [0051.818] lstrcmpiW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2="Program Files (x86)") returned 1 [0051.818] lstrcmpiW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2="$Recycle.bin") returned 1 [0051.818] lstrcmpiW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2="System Volume Information") returned 1 [0051.818] lstrcmpiW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2=".") returned 1 [0051.818] lstrcmpiW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2="..") returned 1 [0051.818] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3") returned 65 [0051.818] StrStrIW (lpFirst="ug-1oNEhBIc0Y12Aa_V.mp3", lpSrch=".lolkek") returned 0x0 [0051.818] lstrcmpW (lpString1="ug-1oNEhBIc0Y12Aa_V.mp3", lpString2="LOLKEK.txt") returned 1 [0051.818] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3") returned 65 [0051.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x6113e0 [0051.818] lstrcpyW (in: lpString1=0x6113e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ug-1oNEhBIc0Y12Aa_V.mp3" [0051.818] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.818] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.818] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xced456c0, ftCreationTime.dwHighDateTime=0x1d624f8, ftLastAccessTime.dwLowDateTime=0xf991c090, ftLastAccessTime.dwHighDateTime=0x1d62346, ftLastWriteTime.dwLowDateTime=0xf991c090, ftLastWriteTime.dwHighDateTime=0x1d62346, nFileSizeHigh=0x0, nFileSizeLow=0x5e58, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wrzxRkVdHkKbZ3Ib64N.rtf", cAlternateFileName="WRZXRK~1.RTF")) returned 1 [0051.818] lstrcmpiW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2="Windows") returned 1 [0051.818] lstrcmpiW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2="Program Files") returned 1 [0051.818] lstrcmpiW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2="Program Files (x86)") returned 1 [0051.818] lstrcmpiW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2="$Recycle.bin") returned 1 [0051.818] lstrcmpiW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2="System Volume Information") returned 1 [0051.818] lstrcmpiW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2=".") returned 1 [0051.818] lstrcmpiW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2="..") returned 1 [0051.818] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf") returned 65 [0051.818] StrStrIW (lpFirst="wrzxRkVdHkKbZ3Ib64N.rtf", lpSrch=".lolkek") returned 0x0 [0051.818] lstrcmpW (lpString1="wrzxRkVdHkKbZ3Ib64N.rtf", lpString2="LOLKEK.txt") returned 1 [0051.818] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf") returned 65 [0051.818] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x6112c8 [0051.818] lstrcpyW (in: lpString1=0x6112c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wrzxRkVdHkKbZ3Ib64N.rtf" [0051.819] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.819] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.819] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x467c22f0, ftCreationTime.dwHighDateTime=0x1d62398, ftLastAccessTime.dwLowDateTime=0x109c7180, ftLastAccessTime.dwHighDateTime=0x1d62893, ftLastWriteTime.dwLowDateTime=0x109c7180, ftLastWriteTime.dwHighDateTime=0x1d62893, nFileSizeHigh=0x0, nFileSizeLow=0x13fd7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x0w9tSN9XbaukRjuS.ods", cAlternateFileName="X0W9TS~1.ODS")) returned 1 [0051.819] lstrcmpiW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2="Windows") returned 1 [0051.819] lstrcmpiW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2="Program Files") returned 1 [0051.819] lstrcmpiW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2="Program Files (x86)") returned 1 [0051.819] lstrcmpiW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2="$Recycle.bin") returned 1 [0051.819] lstrcmpiW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2="System Volume Information") returned 1 [0051.819] lstrcmpiW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2=".") returned 1 [0051.819] lstrcmpiW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2="..") returned 1 [0051.819] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods") returned 63 [0051.819] StrStrIW (lpFirst="x0w9tSN9XbaukRjuS.ods", lpSrch=".lolkek") returned 0x0 [0051.819] lstrcmpW (lpString1="x0w9tSN9XbaukRjuS.ods", lpString2="LOLKEK.txt") returned 1 [0051.819] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods") returned 63 [0051.819] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec3e10 [0051.819] lstrcpyW (in: lpString1=0x3ec3e10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\x0w9tSN9XbaukRjuS.ods" [0051.819] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.874] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.874] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf020dc0, ftCreationTime.dwHighDateTime=0x1d62ea6, ftLastAccessTime.dwLowDateTime=0x9dd85760, ftLastAccessTime.dwHighDateTime=0x1d63164, ftLastWriteTime.dwLowDateTime=0x9dd85760, ftLastWriteTime.dwHighDateTime=0x1d63164, nFileSizeHigh=0x0, nFileSizeLow=0x23ca, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="X0XR.ots", cAlternateFileName="")) returned 1 [0051.874] lstrcmpiW (lpString1="X0XR.ots", lpString2="Windows") returned 1 [0051.874] lstrcmpiW (lpString1="X0XR.ots", lpString2="Program Files") returned 1 [0051.874] lstrcmpiW (lpString1="X0XR.ots", lpString2="Program Files (x86)") returned 1 [0051.874] lstrcmpiW (lpString1="X0XR.ots", lpString2="$Recycle.bin") returned 1 [0051.874] lstrcmpiW (lpString1="X0XR.ots", lpString2="System Volume Information") returned 1 [0051.874] lstrcmpiW (lpString1="X0XR.ots", lpString2=".") returned 1 [0051.874] lstrcmpiW (lpString1="X0XR.ots", lpString2="..") returned 1 [0051.874] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots") returned 50 [0051.874] StrStrIW (lpFirst="X0XR.ots", lpSrch=".lolkek") returned 0x0 [0051.874] lstrcmpW (lpString1="X0XR.ots", lpString2="LOLKEK.txt") returned 1 [0051.874] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots") returned 50 [0051.874] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbe090 [0051.874] lstrcpyW (in: lpString1=0x3cbe090, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\X0XR.ots" [0051.874] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.874] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.874] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d8f2880, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x1d8f2880, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0xb9b83000, ftLastWriteTime.dwHighDateTime=0x1d648d8, nFileSizeHigh=0x0, nFileSizeLow=0x1a000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ZFxQrq7MxhhEM2V2.exe", cAlternateFileName="ZFXQRQ~1.EXE")) returned 1 [0051.874] lstrcmpiW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2="Windows") returned 1 [0051.874] lstrcmpiW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2="Program Files") returned 1 [0051.874] lstrcmpiW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2="Program Files (x86)") returned 1 [0051.874] lstrcmpiW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2="$Recycle.bin") returned 1 [0051.874] lstrcmpiW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2="System Volume Information") returned 1 [0051.874] lstrcmpiW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2=".") returned 1 [0051.874] lstrcmpiW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2="..") returned 1 [0051.874] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe") returned 62 [0051.874] StrStrIW (lpFirst="ZFxQrq7MxhhEM2V2.exe", lpSrch=".lolkek") returned 0x0 [0051.874] lstrcmpW (lpString1="ZFxQrq7MxhhEM2V2.exe", lpString2="LOLKEK.txt") returned 1 [0051.875] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe") returned 62 [0051.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec3f18 [0051.875] lstrcpyW (in: lpString1=0x3ec3f18, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZFxQrq7MxhhEM2V2.exe" [0051.875] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.875] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.875] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9530b70, ftCreationTime.dwHighDateTime=0x1d6318d, ftLastAccessTime.dwLowDateTime=0xf4003a30, ftLastAccessTime.dwHighDateTime=0x1d6313d, ftLastWriteTime.dwLowDateTime=0xf4003a30, ftLastWriteTime.dwHighDateTime=0x1d6313d, nFileSizeHigh=0x0, nFileSizeLow=0x18e11, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zGZ KFanG84nKQ.png", cAlternateFileName="ZGZKFA~1.PNG")) returned 1 [0051.875] lstrcmpiW (lpString1="zGZ KFanG84nKQ.png", lpString2="Windows") returned 1 [0051.875] lstrcmpiW (lpString1="zGZ KFanG84nKQ.png", lpString2="Program Files") returned 1 [0051.875] lstrcmpiW (lpString1="zGZ KFanG84nKQ.png", lpString2="Program Files (x86)") returned 1 [0051.875] lstrcmpiW (lpString1="zGZ KFanG84nKQ.png", lpString2="$Recycle.bin") returned 1 [0051.875] lstrcmpiW (lpString1="zGZ KFanG84nKQ.png", lpString2="System Volume Information") returned 1 [0051.875] lstrcmpiW (lpString1="zGZ KFanG84nKQ.png", lpString2=".") returned 1 [0051.875] lstrcmpiW (lpString1="zGZ KFanG84nKQ.png", lpString2="..") returned 1 [0051.875] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png") returned 60 [0051.875] StrStrIW (lpFirst="zGZ KFanG84nKQ.png", lpSrch=".lolkek") returned 0x0 [0051.875] lstrcmpW (lpString1="zGZ KFanG84nKQ.png", lpString2="LOLKEK.txt") returned 1 [0051.875] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png") returned 60 [0051.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0360 [0051.875] lstrcpyW (in: lpString1=0x3da0360, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zGZ KFanG84nKQ.png" [0051.875] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.875] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.875] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57d75720, ftCreationTime.dwHighDateTime=0x1d62cc8, ftLastAccessTime.dwLowDateTime=0x79477720, ftLastAccessTime.dwHighDateTime=0x1d62e01, ftLastWriteTime.dwLowDateTime=0x79477720, ftLastWriteTime.dwHighDateTime=0x1d62e01, nFileSizeHigh=0x0, nFileSizeLow=0xc175, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zkUhkDM.pps", cAlternateFileName="")) returned 1 [0051.875] lstrcmpiW (lpString1="zkUhkDM.pps", lpString2="Windows") returned 1 [0051.875] lstrcmpiW (lpString1="zkUhkDM.pps", lpString2="Program Files") returned 1 [0051.875] lstrcmpiW (lpString1="zkUhkDM.pps", lpString2="Program Files (x86)") returned 1 [0051.875] lstrcmpiW (lpString1="zkUhkDM.pps", lpString2="$Recycle.bin") returned 1 [0051.875] lstrcmpiW (lpString1="zkUhkDM.pps", lpString2="System Volume Information") returned 1 [0051.875] lstrcmpiW (lpString1="zkUhkDM.pps", lpString2=".") returned 1 [0051.875] lstrcmpiW (lpString1="zkUhkDM.pps", lpString2="..") returned 1 [0051.875] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps") returned 53 [0051.875] StrStrIW (lpFirst="zkUhkDM.pps", lpSrch=".lolkek") returned 0x0 [0051.875] lstrcmpW (lpString1="zkUhkDM.pps", lpString2="LOLKEK.txt") returned 1 [0051.876] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps") returned 53 [0051.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbf670 [0051.876] lstrcpyW (in: lpString1=0x3cbf670, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkUhkDM.pps" [0051.876] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.876] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.876] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57d75720, ftCreationTime.dwHighDateTime=0x1d62cc8, ftLastAccessTime.dwLowDateTime=0x79477720, ftLastAccessTime.dwHighDateTime=0x1d62e01, ftLastWriteTime.dwLowDateTime=0x79477720, ftLastWriteTime.dwHighDateTime=0x1d62e01, nFileSizeHigh=0x0, nFileSizeLow=0xc175, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zkUhkDM.pps", cAlternateFileName="")) returned 0 [0051.876] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0051.876] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LOLKEK.txt") returned 52 [0051.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0051.877] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.877] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0051.878] CloseHandle (hObject=0x294) returned 1 [0051.878] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0051.878] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d955720, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7d955720, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0051.878] lstrcmpiW (lpString1="Documents", lpString2="Windows") returned -1 [0051.878] lstrcmpiW (lpString1="Documents", lpString2="Program Files") returned -1 [0051.878] lstrcmpiW (lpString1="Documents", lpString2="Program Files (x86)") returned -1 [0051.878] lstrcmpiW (lpString1="Documents", lpString2="$Recycle.bin") returned 1 [0051.878] lstrcmpiW (lpString1="Documents", lpString2="System Volume Information") returned -1 [0051.878] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0051.878] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0051.878] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 43 [0051.878] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0051.878] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0051.878] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*" [0051.878] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d955720, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7d955720, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0051.878] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.878] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.878] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.878] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.878] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.878] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.878] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d955720, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7d955720, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.878] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.878] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.878] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.878] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.878] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.878] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.878] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.878] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x61e273c0, ftCreationTime.dwHighDateTime=0x1d63061, ftLastAccessTime.dwLowDateTime=0xa6af8890, ftLastAccessTime.dwHighDateTime=0x1d6253e, ftLastWriteTime.dwLowDateTime=0xa6af8890, ftLastWriteTime.dwHighDateTime=0x1d6253e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="329 9fBv16B80POcAox", cAlternateFileName="3299FB~1")) returned 1 [0051.878] lstrcmpiW (lpString1="329 9fBv16B80POcAox", lpString2="Windows") returned -1 [0051.879] lstrcmpiW (lpString1="329 9fBv16B80POcAox", lpString2="Program Files") returned -1 [0051.879] lstrcmpiW (lpString1="329 9fBv16B80POcAox", lpString2="Program Files (x86)") returned -1 [0051.879] lstrcmpiW (lpString1="329 9fBv16B80POcAox", lpString2="$Recycle.bin") returned 1 [0051.879] lstrcmpiW (lpString1="329 9fBv16B80POcAox", lpString2="System Volume Information") returned -1 [0051.879] lstrcmpiW (lpString1="329 9fBv16B80POcAox", lpString2=".") returned 1 [0051.879] lstrcmpiW (lpString1="329 9fBv16B80POcAox", lpString2="..") returned 1 [0051.879] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox") returned 63 [0051.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0051.879] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox" [0051.879] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\*" [0051.879] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x61e273c0, ftCreationTime.dwHighDateTime=0x1d63061, ftLastAccessTime.dwLowDateTime=0xa6af8890, ftLastAccessTime.dwHighDateTime=0x1d6253e, ftLastWriteTime.dwLowDateTime=0xa6af8890, ftLastWriteTime.dwHighDateTime=0x1d6253e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0051.879] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.879] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.879] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.879] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.879] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.879] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.879] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x61e273c0, ftCreationTime.dwHighDateTime=0x1d63061, ftLastAccessTime.dwLowDateTime=0xa6af8890, ftLastAccessTime.dwHighDateTime=0x1d6253e, ftLastWriteTime.dwLowDateTime=0xa6af8890, ftLastWriteTime.dwHighDateTime=0x1d6253e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.879] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.879] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.879] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.879] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.879] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.879] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.879] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.879] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x206bf530, ftCreationTime.dwHighDateTime=0x1d623e4, ftLastAccessTime.dwLowDateTime=0x86ecfde0, ftLastAccessTime.dwHighDateTime=0x1d623cb, ftLastWriteTime.dwLowDateTime=0x86ecfde0, ftLastWriteTime.dwHighDateTime=0x1d623cb, nFileSizeHigh=0x0, nFileSizeLow=0x84d8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Aj0iIfJ0NQOvHdbuqPJ.csv", cAlternateFileName="AJ0IIF~1.CSV")) returned 1 [0051.879] lstrcmpiW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2="Windows") returned -1 [0051.879] lstrcmpiW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2="Program Files") returned -1 [0051.879] lstrcmpiW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2="Program Files (x86)") returned -1 [0051.879] lstrcmpiW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2="$Recycle.bin") returned 1 [0051.879] lstrcmpiW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2="System Volume Information") returned -1 [0051.879] lstrcmpiW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2=".") returned 1 [0051.879] lstrcmpiW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2="..") returned 1 [0051.879] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv") returned 87 [0051.879] StrStrIW (lpFirst="Aj0iIfJ0NQOvHdbuqPJ.csv", lpSrch=".lolkek") returned 0x0 [0051.879] lstrcmpW (lpString1="Aj0iIfJ0NQOvHdbuqPJ.csv", lpString2="LOLKEK.txt") returned -1 [0051.879] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv") returned 87 [0051.879] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb6978 [0051.879] lstrcpyW (in: lpString1=0x3eb6978, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Aj0iIfJ0NQOvHdbuqPJ.csv" [0051.879] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.879] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.879] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9a39140, ftCreationTime.dwHighDateTime=0x1d62b79, ftLastAccessTime.dwLowDateTime=0x8bcb3470, ftLastAccessTime.dwHighDateTime=0x1d62bba, ftLastWriteTime.dwLowDateTime=0x8bcb3470, ftLastWriteTime.dwHighDateTime=0x1d62bba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="akrZiwqtvfaZyOOsv", cAlternateFileName="AKRZIW~1")) returned 1 [0051.879] lstrcmpiW (lpString1="akrZiwqtvfaZyOOsv", lpString2="Windows") returned -1 [0051.879] lstrcmpiW (lpString1="akrZiwqtvfaZyOOsv", lpString2="Program Files") returned -1 [0051.880] lstrcmpiW (lpString1="akrZiwqtvfaZyOOsv", lpString2="Program Files (x86)") returned -1 [0051.880] lstrcmpiW (lpString1="akrZiwqtvfaZyOOsv", lpString2="$Recycle.bin") returned 1 [0051.880] lstrcmpiW (lpString1="akrZiwqtvfaZyOOsv", lpString2="System Volume Information") returned -1 [0051.880] lstrcmpiW (lpString1="akrZiwqtvfaZyOOsv", lpString2=".") returned 1 [0051.880] lstrcmpiW (lpString1="akrZiwqtvfaZyOOsv", lpString2="..") returned 1 [0051.880] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv") returned 81 [0051.880] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0051.880] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv" [0051.880] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\*" [0051.880] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9a39140, ftCreationTime.dwHighDateTime=0x1d62b79, ftLastAccessTime.dwLowDateTime=0x8bcb3470, ftLastAccessTime.dwHighDateTime=0x1d62bba, ftLastWriteTime.dwLowDateTime=0x8bcb3470, ftLastWriteTime.dwHighDateTime=0x1d62bba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0051.880] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.880] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.880] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.880] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.880] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.880] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.880] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9a39140, ftCreationTime.dwHighDateTime=0x1d62b79, ftLastAccessTime.dwLowDateTime=0x8bcb3470, ftLastAccessTime.dwHighDateTime=0x1d62bba, ftLastWriteTime.dwLowDateTime=0x8bcb3470, ftLastWriteTime.dwHighDateTime=0x1d62bba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.880] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.880] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.880] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.880] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.880] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.880] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.880] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.880] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd86ad9a0, ftCreationTime.dwHighDateTime=0x1d62db5, ftLastAccessTime.dwLowDateTime=0xd8f48bc0, ftLastAccessTime.dwHighDateTime=0x1d62b33, ftLastWriteTime.dwLowDateTime=0xd8f48bc0, ftLastWriteTime.dwHighDateTime=0x1d62b33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3AjsRUP1y6", cAlternateFileName="3AJSRU~1")) returned 1 [0051.880] lstrcmpiW (lpString1="3AjsRUP1y6", lpString2="Windows") returned -1 [0051.880] lstrcmpiW (lpString1="3AjsRUP1y6", lpString2="Program Files") returned -1 [0051.880] lstrcmpiW (lpString1="3AjsRUP1y6", lpString2="Program Files (x86)") returned -1 [0051.880] lstrcmpiW (lpString1="3AjsRUP1y6", lpString2="$Recycle.bin") returned 1 [0051.880] lstrcmpiW (lpString1="3AjsRUP1y6", lpString2="System Volume Information") returned -1 [0051.880] lstrcmpiW (lpString1="3AjsRUP1y6", lpString2=".") returned 1 [0051.880] lstrcmpiW (lpString1="3AjsRUP1y6", lpString2="..") returned 1 [0051.880] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6") returned 92 [0051.880] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.881] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6" [0051.881] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\*" [0051.881] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd86ad9a0, ftCreationTime.dwHighDateTime=0x1d62db5, ftLastAccessTime.dwLowDateTime=0xd8f48bc0, ftLastAccessTime.dwHighDateTime=0x1d62b33, ftLastWriteTime.dwLowDateTime=0xd8f48bc0, ftLastWriteTime.dwHighDateTime=0x1d62b33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.881] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.881] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.881] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.881] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.881] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.881] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.881] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd86ad9a0, ftCreationTime.dwHighDateTime=0x1d62db5, ftLastAccessTime.dwLowDateTime=0xd8f48bc0, ftLastAccessTime.dwHighDateTime=0x1d62b33, ftLastWriteTime.dwLowDateTime=0xd8f48bc0, ftLastWriteTime.dwHighDateTime=0x1d62b33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.881] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.881] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.881] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.881] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.881] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.881] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.881] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.881] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27005d50, ftCreationTime.dwHighDateTime=0x1d6290c, ftLastAccessTime.dwLowDateTime=0x353e4f00, ftLastAccessTime.dwHighDateTime=0x1d62c75, ftLastWriteTime.dwLowDateTime=0x353e4f00, ftLastWriteTime.dwHighDateTime=0x1d62c75, nFileSizeHigh=0x0, nFileSizeLow=0xa165, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DRr7rTa.pptx", cAlternateFileName="DRR7RT~1.PPT")) returned 1 [0051.881] lstrcmpiW (lpString1="DRr7rTa.pptx", lpString2="Windows") returned -1 [0051.881] lstrcmpiW (lpString1="DRr7rTa.pptx", lpString2="Program Files") returned -1 [0051.881] lstrcmpiW (lpString1="DRr7rTa.pptx", lpString2="Program Files (x86)") returned -1 [0051.881] lstrcmpiW (lpString1="DRr7rTa.pptx", lpString2="$Recycle.bin") returned 1 [0051.881] lstrcmpiW (lpString1="DRr7rTa.pptx", lpString2="System Volume Information") returned -1 [0051.881] lstrcmpiW (lpString1="DRr7rTa.pptx", lpString2=".") returned 1 [0051.881] lstrcmpiW (lpString1="DRr7rTa.pptx", lpString2="..") returned 1 [0051.881] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx") returned 105 [0051.881] StrStrIW (lpFirst="DRr7rTa.pptx", lpSrch=".lolkek") returned 0x0 [0051.881] lstrcmpW (lpString1="DRr7rTa.pptx", lpString2="LOLKEK.txt") returned -1 [0051.881] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx") returned 105 [0051.881] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x698400 [0051.881] lstrcpyW (in: lpString1=0x698400, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\DRr7rTa.pptx" [0051.881] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.881] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.881] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3f4d60, ftCreationTime.dwHighDateTime=0x1d62657, ftLastAccessTime.dwLowDateTime=0x452bcab0, ftLastAccessTime.dwHighDateTime=0x1d63179, ftLastWriteTime.dwLowDateTime=0x452bcab0, ftLastWriteTime.dwHighDateTime=0x1d63179, nFileSizeHigh=0x0, nFileSizeLow=0x254d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ETJ5Y.docx", cAlternateFileName="ETJ5Y~1.DOC")) returned 1 [0051.881] lstrcmpiW (lpString1="ETJ5Y.docx", lpString2="Windows") returned -1 [0051.881] lstrcmpiW (lpString1="ETJ5Y.docx", lpString2="Program Files") returned -1 [0051.881] lstrcmpiW (lpString1="ETJ5Y.docx", lpString2="Program Files (x86)") returned -1 [0051.881] lstrcmpiW (lpString1="ETJ5Y.docx", lpString2="$Recycle.bin") returned 1 [0051.881] lstrcmpiW (lpString1="ETJ5Y.docx", lpString2="System Volume Information") returned -1 [0051.882] lstrcmpiW (lpString1="ETJ5Y.docx", lpString2=".") returned 1 [0051.882] lstrcmpiW (lpString1="ETJ5Y.docx", lpString2="..") returned 1 [0051.882] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx") returned 103 [0051.882] StrStrIW (lpFirst="ETJ5Y.docx", lpSrch=".lolkek") returned 0x0 [0051.882] lstrcmpW (lpString1="ETJ5Y.docx", lpString2="LOLKEK.txt") returned -1 [0051.882] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx") returned 103 [0051.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x3de1b60 [0051.882] lstrcpyW (in: lpString1=0x3de1b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\ETJ5Y.docx" [0051.882] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.882] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.882] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442dec20, ftCreationTime.dwHighDateTime=0x1d62949, ftLastAccessTime.dwLowDateTime=0xa43696b0, ftLastAccessTime.dwHighDateTime=0x1d62338, ftLastWriteTime.dwLowDateTime=0xa43696b0, ftLastWriteTime.dwHighDateTime=0x1d62338, nFileSizeHigh=0x0, nFileSizeLow=0x491c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NviVc.csv", cAlternateFileName="")) returned 1 [0051.882] lstrcmpiW (lpString1="NviVc.csv", lpString2="Windows") returned -1 [0051.882] lstrcmpiW (lpString1="NviVc.csv", lpString2="Program Files") returned -1 [0051.882] lstrcmpiW (lpString1="NviVc.csv", lpString2="Program Files (x86)") returned -1 [0051.882] lstrcmpiW (lpString1="NviVc.csv", lpString2="$Recycle.bin") returned 1 [0051.882] lstrcmpiW (lpString1="NviVc.csv", lpString2="System Volume Information") returned -1 [0051.882] lstrcmpiW (lpString1="NviVc.csv", lpString2=".") returned 1 [0051.882] lstrcmpiW (lpString1="NviVc.csv", lpString2="..") returned 1 [0051.882] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv") returned 102 [0051.882] StrStrIW (lpFirst="NviVc.csv", lpSrch=".lolkek") returned 0x0 [0051.882] lstrcmpW (lpString1="NviVc.csv", lpString2="LOLKEK.txt") returned 1 [0051.882] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv") returned 102 [0051.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3de02e8 [0051.882] lstrcpyW (in: lpString1=0x3de02e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\NviVc.csv" [0051.882] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.882] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.882] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb090e6d0, ftCreationTime.dwHighDateTime=0x1d628bb, ftLastAccessTime.dwLowDateTime=0x7594e00, ftLastAccessTime.dwHighDateTime=0x1d62856, ftLastWriteTime.dwLowDateTime=0x7594e00, ftLastWriteTime.dwHighDateTime=0x1d62856, nFileSizeHigh=0x0, nFileSizeLow=0x12ccf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Qcw_UywZMw.ots", cAlternateFileName="QCW_UY~1.OTS")) returned 1 [0051.882] lstrcmpiW (lpString1="Qcw_UywZMw.ots", lpString2="Windows") returned -1 [0051.882] lstrcmpiW (lpString1="Qcw_UywZMw.ots", lpString2="Program Files") returned 1 [0051.882] lstrcmpiW (lpString1="Qcw_UywZMw.ots", lpString2="Program Files (x86)") returned 1 [0051.882] lstrcmpiW (lpString1="Qcw_UywZMw.ots", lpString2="$Recycle.bin") returned 1 [0051.882] lstrcmpiW (lpString1="Qcw_UywZMw.ots", lpString2="System Volume Information") returned -1 [0051.882] lstrcmpiW (lpString1="Qcw_UywZMw.ots", lpString2=".") returned 1 [0051.882] lstrcmpiW (lpString1="Qcw_UywZMw.ots", lpString2="..") returned 1 [0051.882] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots") returned 107 [0051.882] StrStrIW (lpFirst="Qcw_UywZMw.ots", lpSrch=".lolkek") returned 0x0 [0051.882] lstrcmpW (lpString1="Qcw_UywZMw.ots", lpString2="LOLKEK.txt") returned 1 [0051.882] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots") returned 107 [0051.882] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x657598 [0051.882] lstrcpyW (in: lpString1=0x657598, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\Qcw_UywZMw.ots" [0051.882] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.882] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.882] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb090e6d0, ftCreationTime.dwHighDateTime=0x1d628bb, ftLastAccessTime.dwLowDateTime=0x7594e00, ftLastAccessTime.dwHighDateTime=0x1d62856, ftLastWriteTime.dwLowDateTime=0x7594e00, ftLastWriteTime.dwHighDateTime=0x1d62856, nFileSizeHigh=0x0, nFileSizeLow=0x12ccf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Qcw_UywZMw.ots", cAlternateFileName="QCW_UY~1.OTS")) returned 0 [0051.883] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.883] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\LOLKEK.txt") returned 103 [0051.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\3AjsRUP1y6\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\3ajsrup1y6\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.883] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.883] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.884] CloseHandle (hObject=0x258) returned 1 [0051.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.884] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf1f3040, ftCreationTime.dwHighDateTime=0x1d62a7b, ftLastAccessTime.dwLowDateTime=0x50184790, ftLastAccessTime.dwHighDateTime=0x1d630e9, ftLastWriteTime.dwLowDateTime=0x50184790, ftLastWriteTime.dwHighDateTime=0x1d630e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="INml-", cAlternateFileName="")) returned 1 [0051.884] lstrcmpiW (lpString1="INml-", lpString2="Windows") returned -1 [0051.884] lstrcmpiW (lpString1="INml-", lpString2="Program Files") returned -1 [0051.884] lstrcmpiW (lpString1="INml-", lpString2="Program Files (x86)") returned -1 [0051.884] lstrcmpiW (lpString1="INml-", lpString2="$Recycle.bin") returned 1 [0051.884] lstrcmpiW (lpString1="INml-", lpString2="System Volume Information") returned -1 [0051.884] lstrcmpiW (lpString1="INml-", lpString2=".") returned 1 [0051.884] lstrcmpiW (lpString1="INml-", lpString2="..") returned 1 [0051.884] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-") returned 87 [0051.884] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0051.884] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-" [0051.884] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\*" [0051.884] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf1f3040, ftCreationTime.dwHighDateTime=0x1d62a7b, ftLastAccessTime.dwLowDateTime=0x50184790, ftLastAccessTime.dwHighDateTime=0x1d630e9, ftLastWriteTime.dwLowDateTime=0x50184790, ftLastWriteTime.dwHighDateTime=0x1d630e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.884] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.884] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.884] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.884] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.884] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.884] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.884] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf1f3040, ftCreationTime.dwHighDateTime=0x1d62a7b, ftLastAccessTime.dwLowDateTime=0x50184790, ftLastAccessTime.dwHighDateTime=0x1d630e9, ftLastWriteTime.dwLowDateTime=0x50184790, ftLastWriteTime.dwHighDateTime=0x1d630e9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.884] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.884] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.884] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.884] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.884] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.884] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.884] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.884] lstrcmpiW (lpString1="8JD_QLgS2ELWUPeznT", lpString2="Windows") returned -1 [0051.884] lstrcmpiW (lpString1="8JD_QLgS2ELWUPeznT", lpString2="Program Files") returned -1 [0051.884] lstrcmpiW (lpString1="8JD_QLgS2ELWUPeznT", lpString2="Program Files (x86)") returned -1 [0051.885] lstrcmpiW (lpString1="8JD_QLgS2ELWUPeznT", lpString2="$Recycle.bin") returned 1 [0051.885] lstrcmpiW (lpString1="8JD_QLgS2ELWUPeznT", lpString2="System Volume Information") returned -1 [0051.885] lstrcmpiW (lpString1="8JD_QLgS2ELWUPeznT", lpString2=".") returned 1 [0051.885] lstrcmpiW (lpString1="8JD_QLgS2ELWUPeznT", lpString2="..") returned 1 [0051.885] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT") returned 106 [0051.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0051.885] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT" [0051.885] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\*" [0051.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa297d320, ftCreationTime.dwHighDateTime=0x1d6270f, ftLastAccessTime.dwLowDateTime=0xfa108320, ftLastAccessTime.dwHighDateTime=0x1d63210, ftLastWriteTime.dwLowDateTime=0xfa108320, ftLastWriteTime.dwHighDateTime=0x1d63210, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0051.885] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.885] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.885] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.885] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.885] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.885] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.885] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.885] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.885] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.885] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.885] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.885] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.885] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.885] lstrcmpiW (lpString1="e7-BWu_RjAhtqQCE", lpString2="Windows") returned -1 [0051.885] lstrcmpiW (lpString1="e7-BWu_RjAhtqQCE", lpString2="Program Files") returned -1 [0051.886] lstrcmpiW (lpString1="e7-BWu_RjAhtqQCE", lpString2="Program Files (x86)") returned -1 [0051.886] lstrcmpiW (lpString1="e7-BWu_RjAhtqQCE", lpString2="$Recycle.bin") returned 1 [0051.886] lstrcmpiW (lpString1="e7-BWu_RjAhtqQCE", lpString2="System Volume Information") returned -1 [0051.886] lstrcmpiW (lpString1="e7-BWu_RjAhtqQCE", lpString2=".") returned 1 [0051.886] lstrcmpiW (lpString1="e7-BWu_RjAhtqQCE", lpString2="..") returned 1 [0051.886] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE") returned 123 [0051.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0051.886] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE" [0051.886] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\*" [0051.886] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd932ec0, ftCreationTime.dwHighDateTime=0x1d6312e, ftLastAccessTime.dwLowDateTime=0x8e9ccc0, ftLastAccessTime.dwHighDateTime=0x1d63190, ftLastWriteTime.dwLowDateTime=0x8e9ccc0, ftLastWriteTime.dwHighDateTime=0x1d63190, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e098 [0051.887] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.887] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.887] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.887] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.887] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.887] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.887] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.887] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.887] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.887] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.887] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.887] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.887] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.887] lstrcmpiW (lpString1="Cx5jW4.odp", lpString2="Windows") returned -1 [0051.887] lstrcmpiW (lpString1="Cx5jW4.odp", lpString2="Program Files") returned -1 [0051.887] lstrcmpiW (lpString1="Cx5jW4.odp", lpString2="Program Files (x86)") returned -1 [0051.887] lstrcmpiW (lpString1="Cx5jW4.odp", lpString2="$Recycle.bin") returned 1 [0051.887] lstrcmpiW (lpString1="Cx5jW4.odp", lpString2="System Volume Information") returned -1 [0051.887] lstrcmpiW (lpString1="Cx5jW4.odp", lpString2=".") returned 1 [0051.887] lstrcmpiW (lpString1="Cx5jW4.odp", lpString2="..") returned 1 [0051.887] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp") returned 134 [0051.887] StrStrIW (lpFirst="Cx5jW4.odp", lpSrch=".lolkek") returned 0x0 [0051.887] lstrcmpW (lpString1="Cx5jW4.odp", lpString2="LOLKEK.txt") returned -1 [0051.887] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp") returned 134 [0051.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x21c) returned 0x5c8120 [0051.887] lstrcpyW (in: lpString1=0x5c8120, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\Cx5jW4.odp" [0051.887] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.887] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.887] lstrcmpiW (lpString1="CxCRveKTczCBfc.xls", lpString2="Windows") returned -1 [0051.887] lstrcmpiW (lpString1="CxCRveKTczCBfc.xls", lpString2="Program Files") returned -1 [0051.887] lstrcmpiW (lpString1="CxCRveKTczCBfc.xls", lpString2="Program Files (x86)") returned -1 [0051.887] lstrcmpiW (lpString1="CxCRveKTczCBfc.xls", lpString2="$Recycle.bin") returned 1 [0051.887] lstrcmpiW (lpString1="CxCRveKTczCBfc.xls", lpString2="System Volume Information") returned -1 [0051.887] lstrcmpiW (lpString1="CxCRveKTczCBfc.xls", lpString2=".") returned 1 [0051.887] lstrcmpiW (lpString1="CxCRveKTczCBfc.xls", lpString2="..") returned 1 [0051.887] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls") returned 142 [0051.887] StrStrIW (lpFirst="CxCRveKTczCBfc.xls", lpSrch=".lolkek") returned 0x0 [0051.887] lstrcmpW (lpString1="CxCRveKTczCBfc.xls", lpString2="LOLKEK.txt") returned -1 [0051.887] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls") returned 142 [0051.887] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x23c) returned 0x698d80 [0051.888] lstrcpyW (in: lpString1=0x698d80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\CxCRveKTczCBfc.xls" [0051.888] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.888] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.888] lstrcmpiW (lpString1="D-L22sYTSP DK7K.doc", lpString2="Windows") returned -1 [0051.888] lstrcmpiW (lpString1="D-L22sYTSP DK7K.doc", lpString2="Program Files") returned -1 [0051.888] lstrcmpiW (lpString1="D-L22sYTSP DK7K.doc", lpString2="Program Files (x86)") returned -1 [0051.888] lstrcmpiW (lpString1="D-L22sYTSP DK7K.doc", lpString2="$Recycle.bin") returned 1 [0051.888] lstrcmpiW (lpString1="D-L22sYTSP DK7K.doc", lpString2="System Volume Information") returned -1 [0051.888] lstrcmpiW (lpString1="D-L22sYTSP DK7K.doc", lpString2=".") returned 1 [0051.888] lstrcmpiW (lpString1="D-L22sYTSP DK7K.doc", lpString2="..") returned 1 [0051.888] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc") returned 143 [0051.888] StrStrIW (lpFirst="D-L22sYTSP DK7K.doc", lpSrch=".lolkek") returned 0x0 [0051.888] lstrcmpW (lpString1="D-L22sYTSP DK7K.doc", lpString2="LOLKEK.txt") returned -1 [0051.888] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc") returned 143 [0051.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x240) returned 0x3dd5788 [0051.888] lstrcpyW (in: lpString1=0x3dd5788, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\D-L22sYTSP DK7K.doc" [0051.888] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.888] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.888] lstrcmpiW (lpString1="EVRx3o.xls", lpString2="Windows") returned -1 [0051.888] lstrcmpiW (lpString1="EVRx3o.xls", lpString2="Program Files") returned -1 [0051.888] lstrcmpiW (lpString1="EVRx3o.xls", lpString2="Program Files (x86)") returned -1 [0051.888] lstrcmpiW (lpString1="EVRx3o.xls", lpString2="$Recycle.bin") returned 1 [0051.888] lstrcmpiW (lpString1="EVRx3o.xls", lpString2="System Volume Information") returned -1 [0051.888] lstrcmpiW (lpString1="EVRx3o.xls", lpString2=".") returned 1 [0051.888] lstrcmpiW (lpString1="EVRx3o.xls", lpString2="..") returned 1 [0051.888] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls") returned 134 [0051.888] StrStrIW (lpFirst="EVRx3o.xls", lpSrch=".lolkek") returned 0x0 [0051.888] lstrcmpW (lpString1="EVRx3o.xls", lpString2="LOLKEK.txt") returned -1 [0051.888] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls") returned 134 [0051.888] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x21c) returned 0x5c7ef8 [0051.888] lstrcpyW (in: lpString1=0x5c7ef8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\EVRx3o.xls" [0051.888] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.888] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.888] lstrcmpiW (lpString1="MEEiu-.pdf", lpString2="Windows") returned -1 [0051.888] lstrcmpiW (lpString1="MEEiu-.pdf", lpString2="Program Files") returned -1 [0051.888] lstrcmpiW (lpString1="MEEiu-.pdf", lpString2="Program Files (x86)") returned -1 [0051.888] lstrcmpiW (lpString1="MEEiu-.pdf", lpString2="$Recycle.bin") returned 1 [0051.888] lstrcmpiW (lpString1="MEEiu-.pdf", lpString2="System Volume Information") returned -1 [0051.888] lstrcmpiW (lpString1="MEEiu-.pdf", lpString2=".") returned 1 [0051.888] lstrcmpiW (lpString1="MEEiu-.pdf", lpString2="..") returned 1 [0051.888] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf") returned 134 [0051.889] StrStrIW (lpFirst="MEEiu-.pdf", lpSrch=".lolkek") returned 0x0 [0051.889] lstrcmpW (lpString1="MEEiu-.pdf", lpString2="LOLKEK.txt") returned 1 [0051.889] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf") returned 134 [0051.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x21c) returned 0x5c7cd0 [0051.889] lstrcpyW (in: lpString1=0x5c7cd0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\MEEiu-.pdf" [0051.889] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.889] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.889] lstrcmpiW (lpString1="nDY0.ppt", lpString2="Windows") returned -1 [0051.889] lstrcmpiW (lpString1="nDY0.ppt", lpString2="Program Files") returned -1 [0051.889] lstrcmpiW (lpString1="nDY0.ppt", lpString2="Program Files (x86)") returned -1 [0051.889] lstrcmpiW (lpString1="nDY0.ppt", lpString2="$Recycle.bin") returned 1 [0051.889] lstrcmpiW (lpString1="nDY0.ppt", lpString2="System Volume Information") returned -1 [0051.889] lstrcmpiW (lpString1="nDY0.ppt", lpString2=".") returned 1 [0051.889] lstrcmpiW (lpString1="nDY0.ppt", lpString2="..") returned 1 [0051.889] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt") returned 132 [0051.889] StrStrIW (lpFirst="nDY0.ppt", lpSrch=".lolkek") returned 0x0 [0051.889] lstrcmpW (lpString1="nDY0.ppt", lpString2="LOLKEK.txt") returned 1 [0051.889] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt") returned 132 [0051.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x214) returned 0x3ec5cf0 [0051.889] lstrcpyW (in: lpString1=0x3ec5cf0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\nDY0.ppt" [0051.889] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.889] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.889] lstrcmpiW (lpString1="rmY_3DfP5g.xls", lpString2="Windows") returned -1 [0051.889] lstrcmpiW (lpString1="rmY_3DfP5g.xls", lpString2="Program Files") returned 1 [0051.889] lstrcmpiW (lpString1="rmY_3DfP5g.xls", lpString2="Program Files (x86)") returned 1 [0051.889] lstrcmpiW (lpString1="rmY_3DfP5g.xls", lpString2="$Recycle.bin") returned 1 [0051.889] lstrcmpiW (lpString1="rmY_3DfP5g.xls", lpString2="System Volume Information") returned -1 [0051.889] lstrcmpiW (lpString1="rmY_3DfP5g.xls", lpString2=".") returned 1 [0051.889] lstrcmpiW (lpString1="rmY_3DfP5g.xls", lpString2="..") returned 1 [0051.889] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls") returned 138 [0051.889] StrStrIW (lpFirst="rmY_3DfP5g.xls", lpSrch=".lolkek") returned 0x0 [0051.889] lstrcmpW (lpString1="rmY_3DfP5g.xls", lpString2="LOLKEK.txt") returned 1 [0051.889] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls") returned 138 [0051.889] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22c) returned 0x3bf0d80 [0051.889] lstrcpyW (in: lpString1=0x3bf0d80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\rmY_3DfP5g.xls" [0051.889] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.889] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.889] lstrcmpiW (lpString1="_5CTxYR2WC6U5.rtf", lpString2="Windows") returned -1 [0051.889] lstrcmpiW (lpString1="_5CTxYR2WC6U5.rtf", lpString2="Program Files") returned -1 [0051.889] lstrcmpiW (lpString1="_5CTxYR2WC6U5.rtf", lpString2="Program Files (x86)") returned -1 [0051.889] lstrcmpiW (lpString1="_5CTxYR2WC6U5.rtf", lpString2="$Recycle.bin") returned 1 [0051.889] lstrcmpiW (lpString1="_5CTxYR2WC6U5.rtf", lpString2="System Volume Information") returned -1 [0051.889] lstrcmpiW (lpString1="_5CTxYR2WC6U5.rtf", lpString2=".") returned 1 [0051.889] lstrcmpiW (lpString1="_5CTxYR2WC6U5.rtf", lpString2="..") returned 1 [0051.890] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf") returned 141 [0051.890] StrStrIW (lpFirst="_5CTxYR2WC6U5.rtf", lpSrch=".lolkek") returned 0x0 [0051.890] lstrcmpW (lpString1="_5CTxYR2WC6U5.rtf", lpString2="LOLKEK.txt") returned -1 [0051.890] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf") returned 141 [0051.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x238) returned 0x68dc48 [0051.890] lstrcpyW (in: lpString1=0x68dc48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\_5CTxYR2WC6U5.rtf" [0051.890] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.890] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.890] FindClose (in: hFindFile=0x62e098 | out: hFindFile=0x62e098) returned 1 [0051.890] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\LOLKEK.txt") returned 134 [0051.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\e7-BWu_RjAhtqQCE\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\e7-bwu_rjahtqqce\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0051.890] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.890] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0051.891] CloseHandle (hObject=0x224) returned 1 [0051.891] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0051.891] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc3e5e90, ftCreationTime.dwHighDateTime=0x1d6260e, ftLastAccessTime.dwLowDateTime=0xba847c60, ftLastAccessTime.dwHighDateTime=0x1d625c8, ftLastWriteTime.dwLowDateTime=0xba847c60, ftLastWriteTime.dwHighDateTime=0x1d625c8, nFileSizeHigh=0x0, nFileSizeLow=0x13ef2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eb_Oj3.pptx", cAlternateFileName="EB_OJ3~1.PPT")) returned 1 [0051.891] lstrcmpiW (lpString1="eb_Oj3.pptx", lpString2="Windows") returned -1 [0051.891] lstrcmpiW (lpString1="eb_Oj3.pptx", lpString2="Program Files") returned -1 [0051.891] lstrcmpiW (lpString1="eb_Oj3.pptx", lpString2="Program Files (x86)") returned -1 [0051.891] lstrcmpiW (lpString1="eb_Oj3.pptx", lpString2="$Recycle.bin") returned 1 [0051.891] lstrcmpiW (lpString1="eb_Oj3.pptx", lpString2="System Volume Information") returned -1 [0051.891] lstrcmpiW (lpString1="eb_Oj3.pptx", lpString2=".") returned 1 [0051.891] lstrcmpiW (lpString1="eb_Oj3.pptx", lpString2="..") returned 1 [0051.891] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx") returned 118 [0051.891] StrStrIW (lpFirst="eb_Oj3.pptx", lpSrch=".lolkek") returned 0x0 [0051.891] lstrcmpW (lpString1="eb_Oj3.pptx", lpString2="LOLKEK.txt") returned -1 [0051.891] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx") returned 118 [0051.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3bf0fb8 [0051.891] lstrcpyW (in: lpString1=0x3bf0fb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\eb_Oj3.pptx" [0051.891] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.898] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.898] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb777cd50, ftCreationTime.dwHighDateTime=0x1d622c2, ftLastAccessTime.dwLowDateTime=0x41b82250, ftLastAccessTime.dwHighDateTime=0x1d62866, ftLastWriteTime.dwLowDateTime=0x41b82250, ftLastWriteTime.dwHighDateTime=0x1d62866, nFileSizeHigh=0x0, nFileSizeLow=0xf2f8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JvUjF9DZdyA.odt", cAlternateFileName="JVUJF9~1.ODT")) returned 1 [0051.898] lstrcmpiW (lpString1="JvUjF9DZdyA.odt", lpString2="Windows") returned -1 [0051.899] lstrcmpiW (lpString1="JvUjF9DZdyA.odt", lpString2="Program Files") returned -1 [0051.899] lstrcmpiW (lpString1="JvUjF9DZdyA.odt", lpString2="Program Files (x86)") returned -1 [0051.899] lstrcmpiW (lpString1="JvUjF9DZdyA.odt", lpString2="$Recycle.bin") returned 1 [0051.899] lstrcmpiW (lpString1="JvUjF9DZdyA.odt", lpString2="System Volume Information") returned -1 [0051.899] lstrcmpiW (lpString1="JvUjF9DZdyA.odt", lpString2=".") returned 1 [0051.899] lstrcmpiW (lpString1="JvUjF9DZdyA.odt", lpString2="..") returned 1 [0051.899] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt") returned 122 [0051.899] StrStrIW (lpFirst="JvUjF9DZdyA.odt", lpSrch=".lolkek") returned 0x0 [0051.899] lstrcmpW (lpString1="JvUjF9DZdyA.odt", lpString2="LOLKEK.txt") returned -1 [0051.899] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt") returned 122 [0051.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x68de88 [0051.899] lstrcpyW (in: lpString1=0x68de88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\JvUjF9DZdyA.odt" [0051.899] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.914] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.914] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb777cd50, ftCreationTime.dwHighDateTime=0x1d622c2, ftLastAccessTime.dwLowDateTime=0x41b82250, ftLastAccessTime.dwHighDateTime=0x1d62866, ftLastWriteTime.dwLowDateTime=0x41b82250, ftLastWriteTime.dwHighDateTime=0x1d62866, nFileSizeHigh=0x0, nFileSizeLow=0xf2f8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JvUjF9DZdyA.odt", cAlternateFileName="JVUJF9~1.ODT")) returned 0 [0051.915] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0051.915] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\LOLKEK.txt") returned 117 [0051.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\8JD_QLgS2ELWUPeznT\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\8jd_qlgs2elwupeznt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.915] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.915] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.916] CloseHandle (hObject=0x280) returned 1 [0051.916] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0051.916] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9409cb0, ftCreationTime.dwHighDateTime=0x1d63185, ftLastAccessTime.dwLowDateTime=0x9b2e65f0, ftLastAccessTime.dwHighDateTime=0x1d62975, ftLastWriteTime.dwLowDateTime=0x9b2e65f0, ftLastWriteTime.dwHighDateTime=0x1d62975, nFileSizeHigh=0x0, nFileSizeLow=0x12297, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JVb6ml8yf6x UoWhAe.ods", cAlternateFileName="JVB6ML~1.ODS")) returned 1 [0051.916] lstrcmpiW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2="Windows") returned -1 [0051.916] lstrcmpiW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2="Program Files") returned -1 [0051.916] lstrcmpiW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2="Program Files (x86)") returned -1 [0051.916] lstrcmpiW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2="$Recycle.bin") returned 1 [0051.916] lstrcmpiW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2="System Volume Information") returned -1 [0051.916] lstrcmpiW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2=".") returned 1 [0051.916] lstrcmpiW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2="..") returned 1 [0051.916] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods") returned 110 [0051.917] StrStrIW (lpFirst="JVb6ml8yf6x UoWhAe.ods", lpSrch=".lolkek") returned 0x0 [0051.917] lstrcmpW (lpString1="JVb6ml8yf6x UoWhAe.ods", lpString2="LOLKEK.txt") returned -1 [0051.917] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods") returned 110 [0051.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x618490 [0051.917] lstrcpyW (in: lpString1=0x618490, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\JVb6ml8yf6x UoWhAe.ods" [0051.917] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.917] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.917] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54213480, ftCreationTime.dwHighDateTime=0x1d62597, ftLastAccessTime.dwLowDateTime=0x816aab40, ftLastAccessTime.dwHighDateTime=0x1d62765, ftLastWriteTime.dwLowDateTime=0x816aab40, ftLastWriteTime.dwHighDateTime=0x1d62765, nFileSizeHigh=0x0, nFileSizeLow=0x1fef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sA8t-Z uf-4.xls", cAlternateFileName="SA8T-Z~1.XLS")) returned 1 [0051.917] lstrcmpiW (lpString1="sA8t-Z uf-4.xls", lpString2="Windows") returned -1 [0051.917] lstrcmpiW (lpString1="sA8t-Z uf-4.xls", lpString2="Program Files") returned 1 [0051.917] lstrcmpiW (lpString1="sA8t-Z uf-4.xls", lpString2="Program Files (x86)") returned 1 [0051.917] lstrcmpiW (lpString1="sA8t-Z uf-4.xls", lpString2="$Recycle.bin") returned 1 [0051.917] lstrcmpiW (lpString1="sA8t-Z uf-4.xls", lpString2="System Volume Information") returned -1 [0051.917] lstrcmpiW (lpString1="sA8t-Z uf-4.xls", lpString2=".") returned 1 [0051.917] lstrcmpiW (lpString1="sA8t-Z uf-4.xls", lpString2="..") returned 1 [0051.917] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls") returned 103 [0051.917] StrStrIW (lpFirst="sA8t-Z uf-4.xls", lpSrch=".lolkek") returned 0x0 [0051.917] lstrcmpW (lpString1="sA8t-Z uf-4.xls", lpString2="LOLKEK.txt") returned 1 [0051.917] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls") returned 103 [0051.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x62f580 [0051.917] lstrcpyW (in: lpString1=0x62f580, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\sA8t-Z uf-4.xls" [0051.917] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.917] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.917] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ee4f30, ftCreationTime.dwHighDateTime=0x1d628d7, ftLastAccessTime.dwLowDateTime=0xb25db7e0, ftLastAccessTime.dwHighDateTime=0x1d624e7, ftLastWriteTime.dwLowDateTime=0xb25db7e0, ftLastWriteTime.dwHighDateTime=0x1d624e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="xQ0aeTKH0e", cAlternateFileName="XQ0AET~1")) returned 1 [0051.917] lstrcmpiW (lpString1="xQ0aeTKH0e", lpString2="Windows") returned 1 [0051.917] lstrcmpiW (lpString1="xQ0aeTKH0e", lpString2="Program Files") returned 1 [0051.917] lstrcmpiW (lpString1="xQ0aeTKH0e", lpString2="Program Files (x86)") returned 1 [0051.917] lstrcmpiW (lpString1="xQ0aeTKH0e", lpString2="$Recycle.bin") returned 1 [0051.917] lstrcmpiW (lpString1="xQ0aeTKH0e", lpString2="System Volume Information") returned 1 [0051.917] lstrcmpiW (lpString1="xQ0aeTKH0e", lpString2=".") returned 1 [0051.917] lstrcmpiW (lpString1="xQ0aeTKH0e", lpString2="..") returned 1 [0051.917] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e") returned 98 [0051.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0051.917] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e" [0051.917] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\*" [0051.917] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ee4f30, ftCreationTime.dwHighDateTime=0x1d628d7, ftLastAccessTime.dwLowDateTime=0xb25db7e0, ftLastAccessTime.dwHighDateTime=0x1d624e7, ftLastWriteTime.dwLowDateTime=0xb25db7e0, ftLastWriteTime.dwHighDateTime=0x1d624e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0051.918] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.918] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.918] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.918] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.918] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.918] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.918] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ee4f30, ftCreationTime.dwHighDateTime=0x1d628d7, ftLastAccessTime.dwLowDateTime=0xb25db7e0, ftLastAccessTime.dwHighDateTime=0x1d624e7, ftLastWriteTime.dwLowDateTime=0xb25db7e0, ftLastWriteTime.dwHighDateTime=0x1d624e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.918] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.918] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.918] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.918] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.918] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.918] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7528b90, ftCreationTime.dwHighDateTime=0x1d63077, ftLastAccessTime.dwLowDateTime=0xe0bbf2e0, ftLastAccessTime.dwHighDateTime=0x1d62619, ftLastWriteTime.dwLowDateTime=0xe0bbf2e0, ftLastWriteTime.dwHighDateTime=0x1d62619, nFileSizeHigh=0x0, nFileSizeLow=0x186f0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NkZCqyAYZC.pptx", cAlternateFileName="NKZCQY~1.PPT")) returned 1 [0051.918] lstrcmpiW (lpString1="NkZCqyAYZC.pptx", lpString2="Windows") returned -1 [0051.918] lstrcmpiW (lpString1="NkZCqyAYZC.pptx", lpString2="Program Files") returned -1 [0051.918] lstrcmpiW (lpString1="NkZCqyAYZC.pptx", lpString2="Program Files (x86)") returned -1 [0051.918] lstrcmpiW (lpString1="NkZCqyAYZC.pptx", lpString2="$Recycle.bin") returned 1 [0051.918] lstrcmpiW (lpString1="NkZCqyAYZC.pptx", lpString2="System Volume Information") returned -1 [0051.918] lstrcmpiW (lpString1="NkZCqyAYZC.pptx", lpString2=".") returned 1 [0051.918] lstrcmpiW (lpString1="NkZCqyAYZC.pptx", lpString2="..") returned 1 [0051.918] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx") returned 114 [0051.918] StrStrIW (lpFirst="NkZCqyAYZC.pptx", lpSrch=".lolkek") returned 0x0 [0051.918] lstrcmpW (lpString1="NkZCqyAYZC.pptx", lpString2="LOLKEK.txt") returned 1 [0051.918] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx") returned 114 [0051.918] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1cc) returned 0x3e36180 [0051.918] lstrcpyW (in: lpString1=0x3e36180, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\NkZCqyAYZC.pptx" [0051.918] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.918] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.918] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7528b90, ftCreationTime.dwHighDateTime=0x1d63077, ftLastAccessTime.dwLowDateTime=0xe0bbf2e0, ftLastAccessTime.dwHighDateTime=0x1d62619, ftLastWriteTime.dwLowDateTime=0xe0bbf2e0, ftLastWriteTime.dwHighDateTime=0x1d62619, nFileSizeHigh=0x0, nFileSizeLow=0x186f0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NkZCqyAYZC.pptx", cAlternateFileName="NKZCQY~1.PPT")) returned 0 [0051.919] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0051.919] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\LOLKEK.txt") returned 109 [0051.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\xQ0aeTKH0e\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\xq0aetkh0e\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0051.919] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.919] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0051.920] CloseHandle (hObject=0x280) returned 1 [0051.920] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0051.920] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87ee4f30, ftCreationTime.dwHighDateTime=0x1d628d7, ftLastAccessTime.dwLowDateTime=0xb25db7e0, ftLastAccessTime.dwHighDateTime=0x1d624e7, ftLastWriteTime.dwLowDateTime=0xb25db7e0, ftLastWriteTime.dwHighDateTime=0x1d624e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="xQ0aeTKH0e", cAlternateFileName="XQ0AET~1")) returned 0 [0051.920] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.920] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\LOLKEK.txt") returned 98 [0051.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\INml-\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\inml-\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0051.921] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.921] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.922] CloseHandle (hObject=0x258) returned 1 [0051.922] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0051.924] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c5c54e0, ftCreationTime.dwHighDateTime=0x1d632ba, ftLastAccessTime.dwLowDateTime=0x598e3350, ftLastAccessTime.dwHighDateTime=0x1d629b1, ftLastWriteTime.dwLowDateTime=0x598e3350, ftLastWriteTime.dwHighDateTime=0x1d629b1, nFileSizeHigh=0x0, nFileSizeLow=0x250b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kK4Q-_s_djF0TIq9YXN3.csv", cAlternateFileName="KK4Q-_~1.CSV")) returned 1 [0051.924] lstrcmpiW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2="Windows") returned -1 [0051.924] lstrcmpiW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2="Program Files") returned -1 [0051.924] lstrcmpiW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2="Program Files (x86)") returned -1 [0051.924] lstrcmpiW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2="$Recycle.bin") returned 1 [0051.924] lstrcmpiW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2="System Volume Information") returned -1 [0051.924] lstrcmpiW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2=".") returned 1 [0051.924] lstrcmpiW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2="..") returned 1 [0051.924] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv") returned 106 [0051.924] StrStrIW (lpFirst="kK4Q-_s_djF0TIq9YXN3.csv", lpSrch=".lolkek") returned 0x0 [0051.924] lstrcmpW (lpString1="kK4Q-_s_djF0TIq9YXN3.csv", lpString2="LOLKEK.txt") returned -1 [0051.924] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv") returned 106 [0051.924] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x657750 [0051.924] lstrcpyW (in: lpString1=0x657750, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\kK4Q-_s_djF0TIq9YXN3.csv" [0051.924] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.924] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.924] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14b88070, ftCreationTime.dwHighDateTime=0x1d62414, ftLastAccessTime.dwLowDateTime=0xb15fd620, ftLastAccessTime.dwHighDateTime=0x1d62677, ftLastWriteTime.dwLowDateTime=0xb15fd620, ftLastWriteTime.dwHighDateTime=0x1d62677, nFileSizeHigh=0x0, nFileSizeLow=0xd0c9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tY85BCgJeuxpXUiYff.ots", cAlternateFileName="TY85BC~1.OTS")) returned 1 [0051.924] lstrcmpiW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2="Windows") returned -1 [0051.924] lstrcmpiW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2="Program Files") returned 1 [0051.924] lstrcmpiW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2="Program Files (x86)") returned 1 [0051.924] lstrcmpiW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2="$Recycle.bin") returned 1 [0051.924] lstrcmpiW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2="System Volume Information") returned 1 [0051.924] lstrcmpiW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2=".") returned 1 [0051.924] lstrcmpiW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2="..") returned 1 [0051.924] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots") returned 104 [0051.924] StrStrIW (lpFirst="tY85BCgJeuxpXUiYff.ots", lpSrch=".lolkek") returned 0x0 [0051.924] lstrcmpW (lpString1="tY85BCgJeuxpXUiYff.ots", lpString2="LOLKEK.txt") returned 1 [0051.924] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots") returned 104 [0051.924] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3ec5f10 [0051.924] lstrcpyW (in: lpString1=0x3ec5f10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\tY85BCgJeuxpXUiYff.ots" [0051.924] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.928] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.928] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e38a20, ftCreationTime.dwHighDateTime=0x1d62e0d, ftLastAccessTime.dwLowDateTime=0x1b4d1450, ftLastAccessTime.dwHighDateTime=0x1d62cd9, ftLastWriteTime.dwLowDateTime=0x1b4d1450, ftLastWriteTime.dwHighDateTime=0x1d62cd9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="yl2KRKt", cAlternateFileName="")) returned 1 [0051.928] lstrcmpiW (lpString1="yl2KRKt", lpString2="Windows") returned 1 [0051.928] lstrcmpiW (lpString1="yl2KRKt", lpString2="Program Files") returned 1 [0051.928] lstrcmpiW (lpString1="yl2KRKt", lpString2="Program Files (x86)") returned 1 [0051.928] lstrcmpiW (lpString1="yl2KRKt", lpString2="$Recycle.bin") returned 1 [0051.928] lstrcmpiW (lpString1="yl2KRKt", lpString2="System Volume Information") returned 1 [0051.928] lstrcmpiW (lpString1="yl2KRKt", lpString2=".") returned 1 [0051.928] lstrcmpiW (lpString1="yl2KRKt", lpString2="..") returned 1 [0051.928] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt") returned 89 [0051.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0051.928] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt" [0051.928] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\*" [0051.928] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e38a20, ftCreationTime.dwHighDateTime=0x1d62e0d, ftLastAccessTime.dwLowDateTime=0x1b4d1450, ftLastAccessTime.dwHighDateTime=0x1d62cd9, ftLastWriteTime.dwLowDateTime=0x1b4d1450, ftLastWriteTime.dwHighDateTime=0x1d62cd9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0051.928] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0051.928] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0051.928] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0051.928] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0051.928] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0051.928] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0051.928] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e38a20, ftCreationTime.dwHighDateTime=0x1d62e0d, ftLastAccessTime.dwLowDateTime=0x1b4d1450, ftLastAccessTime.dwHighDateTime=0x1d62cd9, ftLastWriteTime.dwLowDateTime=0x1b4d1450, ftLastWriteTime.dwHighDateTime=0x1d62cd9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0051.928] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0051.928] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0051.928] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0051.928] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0051.928] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0051.928] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0051.928] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0051.928] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9859af0, ftCreationTime.dwHighDateTime=0x1d62eab, ftLastAccessTime.dwLowDateTime=0xb04e5340, ftLastAccessTime.dwHighDateTime=0x1d631f5, ftLastWriteTime.dwLowDateTime=0xb04e5340, ftLastWriteTime.dwHighDateTime=0x1d631f5, nFileSizeHigh=0x0, nFileSizeLow=0x10860, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4NJle-3d4FGbo-.ppt", cAlternateFileName="4NJLE-~1.PPT")) returned 1 [0051.928] lstrcmpiW (lpString1="4NJle-3d4FGbo-.ppt", lpString2="Windows") returned -1 [0051.928] lstrcmpiW (lpString1="4NJle-3d4FGbo-.ppt", lpString2="Program Files") returned -1 [0051.928] lstrcmpiW (lpString1="4NJle-3d4FGbo-.ppt", lpString2="Program Files (x86)") returned -1 [0051.928] lstrcmpiW (lpString1="4NJle-3d4FGbo-.ppt", lpString2="$Recycle.bin") returned 1 [0051.928] lstrcmpiW (lpString1="4NJle-3d4FGbo-.ppt", lpString2="System Volume Information") returned -1 [0051.928] lstrcmpiW (lpString1="4NJle-3d4FGbo-.ppt", lpString2=".") returned 1 [0051.928] lstrcmpiW (lpString1="4NJle-3d4FGbo-.ppt", lpString2="..") returned 1 [0051.928] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt") returned 108 [0051.928] StrStrIW (lpFirst="4NJle-3d4FGbo-.ppt", lpSrch=".lolkek") returned 0x0 [0051.928] lstrcmpW (lpString1="4NJle-3d4FGbo-.ppt", lpString2="LOLKEK.txt") returned -1 [0051.928] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt") returned 108 [0051.928] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60eef0 [0051.928] lstrcpyW (in: lpString1=0x60eef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\4NJle-3d4FGbo-.ppt" [0051.929] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.942] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.942] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7cb2e20, ftCreationTime.dwHighDateTime=0x1d625b4, ftLastAccessTime.dwLowDateTime=0x8ada7f30, ftLastAccessTime.dwHighDateTime=0x1d62651, ftLastWriteTime.dwLowDateTime=0x8ada7f30, ftLastWriteTime.dwHighDateTime=0x1d62651, nFileSizeHigh=0x0, nFileSizeLow=0x94c3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9vXArWqEr.ods", cAlternateFileName="9VXARW~1.ODS")) returned 1 [0051.942] lstrcmpiW (lpString1="9vXArWqEr.ods", lpString2="Windows") returned -1 [0051.942] lstrcmpiW (lpString1="9vXArWqEr.ods", lpString2="Program Files") returned -1 [0051.942] lstrcmpiW (lpString1="9vXArWqEr.ods", lpString2="Program Files (x86)") returned -1 [0051.942] lstrcmpiW (lpString1="9vXArWqEr.ods", lpString2="$Recycle.bin") returned 1 [0051.942] lstrcmpiW (lpString1="9vXArWqEr.ods", lpString2="System Volume Information") returned -1 [0051.942] lstrcmpiW (lpString1="9vXArWqEr.ods", lpString2=".") returned 1 [0051.942] lstrcmpiW (lpString1="9vXArWqEr.ods", lpString2="..") returned 1 [0051.942] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods") returned 103 [0051.942] StrStrIW (lpFirst="9vXArWqEr.ods", lpSrch=".lolkek") returned 0x0 [0051.942] lstrcmpW (lpString1="9vXArWqEr.ods", lpString2="LOLKEK.txt") returned -1 [0051.942] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods") returned 103 [0051.942] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x68e080 [0051.942] lstrcpyW (in: lpString1=0x68e080, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\9vXArWqEr.ods" [0051.942] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.942] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.942] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb16b0590, ftCreationTime.dwHighDateTime=0x1d62ece, ftLastAccessTime.dwLowDateTime=0xdd848580, ftLastAccessTime.dwHighDateTime=0x1d62851, ftLastWriteTime.dwLowDateTime=0xdd848580, ftLastWriteTime.dwHighDateTime=0x1d62851, nFileSizeHigh=0x0, nFileSizeLow=0x13597, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="K2J_yUCc.rtf", cAlternateFileName="")) returned 1 [0051.942] lstrcmpiW (lpString1="K2J_yUCc.rtf", lpString2="Windows") returned -1 [0051.942] lstrcmpiW (lpString1="K2J_yUCc.rtf", lpString2="Program Files") returned -1 [0051.942] lstrcmpiW (lpString1="K2J_yUCc.rtf", lpString2="Program Files (x86)") returned -1 [0051.942] lstrcmpiW (lpString1="K2J_yUCc.rtf", lpString2="$Recycle.bin") returned 1 [0051.942] lstrcmpiW (lpString1="K2J_yUCc.rtf", lpString2="System Volume Information") returned -1 [0051.942] lstrcmpiW (lpString1="K2J_yUCc.rtf", lpString2=".") returned 1 [0051.942] lstrcmpiW (lpString1="K2J_yUCc.rtf", lpString2="..") returned 1 [0051.942] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf") returned 102 [0051.942] StrStrIW (lpFirst="K2J_yUCc.rtf", lpSrch=".lolkek") returned 0x0 [0051.942] lstrcmpW (lpString1="K2J_yUCc.rtf", lpString2="LOLKEK.txt") returned -1 [0051.942] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf") returned 102 [0051.942] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x657908 [0051.942] lstrcpyW (in: lpString1=0x657908, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\K2J_yUCc.rtf" [0051.942] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.990] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.990] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7172c5e0, ftCreationTime.dwHighDateTime=0x1d631e4, ftLastAccessTime.dwLowDateTime=0x550da740, ftLastAccessTime.dwHighDateTime=0x1d62a40, ftLastWriteTime.dwLowDateTime=0x550da740, ftLastWriteTime.dwHighDateTime=0x1d62a40, nFileSizeHigh=0x0, nFileSizeLow=0x6cef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nVgB6Q UFApOoRNCs.xls", cAlternateFileName="NVGB6Q~1.XLS")) returned 1 [0051.990] lstrcmpiW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2="Windows") returned -1 [0051.990] lstrcmpiW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2="Program Files") returned -1 [0051.990] lstrcmpiW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2="Program Files (x86)") returned -1 [0051.990] lstrcmpiW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2="$Recycle.bin") returned 1 [0051.990] lstrcmpiW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2="System Volume Information") returned -1 [0051.991] lstrcmpiW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2=".") returned 1 [0051.991] lstrcmpiW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2="..") returned 1 [0051.991] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls") returned 111 [0051.991] StrStrIW (lpFirst="nVgB6Q UFApOoRNCs.xls", lpSrch=".lolkek") returned 0x0 [0051.991] lstrcmpW (lpString1="nVgB6Q UFApOoRNCs.xls", lpString2="LOLKEK.txt") returned 1 [0051.991] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls") returned 111 [0051.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c0) returned 0x657ab0 [0051.991] lstrcpyW (in: lpString1=0x657ab0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\nVgB6Q UFApOoRNCs.xls" [0051.991] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.991] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.991] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7172c5e0, ftCreationTime.dwHighDateTime=0x1d631e4, ftLastAccessTime.dwLowDateTime=0x550da740, ftLastAccessTime.dwHighDateTime=0x1d62a40, ftLastWriteTime.dwLowDateTime=0x550da740, ftLastWriteTime.dwHighDateTime=0x1d62a40, nFileSizeHigh=0x0, nFileSizeLow=0x6cef, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nVgB6Q UFApOoRNCs.xls", cAlternateFileName="NVGB6Q~1.XLS")) returned 0 [0051.991] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0051.991] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\LOLKEK.txt") returned 100 [0051.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yl2KRKt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\yl2krkt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0051.991] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.991] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0051.992] CloseHandle (hObject=0x2bc) returned 1 [0051.992] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0051.992] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32a29f0, ftCreationTime.dwHighDateTime=0x1d62dff, ftLastAccessTime.dwLowDateTime=0x57e2ee40, ftLastAccessTime.dwHighDateTime=0x1d6320a, ftLastWriteTime.dwLowDateTime=0x57e2ee40, ftLastWriteTime.dwHighDateTime=0x1d6320a, nFileSizeHigh=0x0, nFileSizeLow=0x13f1b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="yor8 En-Hf8GqRBir.doc", cAlternateFileName="YOR8EN~1.DOC")) returned 1 [0051.992] lstrcmpiW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2="Windows") returned 1 [0051.992] lstrcmpiW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2="Program Files") returned 1 [0051.992] lstrcmpiW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2="Program Files (x86)") returned 1 [0051.992] lstrcmpiW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2="$Recycle.bin") returned 1 [0051.992] lstrcmpiW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2="System Volume Information") returned 1 [0051.992] lstrcmpiW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2=".") returned 1 [0051.992] lstrcmpiW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2="..") returned 1 [0051.992] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc") returned 103 [0051.992] StrStrIW (lpFirst="yor8 En-Hf8GqRBir.doc", lpSrch=".lolkek") returned 0x0 [0051.992] lstrcmpW (lpString1="yor8 En-Hf8GqRBir.doc", lpString2="LOLKEK.txt") returned 1 [0051.992] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc") returned 103 [0051.992] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x3dd7dc0 [0051.992] lstrcpyW (in: lpString1=0x3dd7dc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\yor8 En-Hf8GqRBir.doc" [0051.992] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0051.996] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.996] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32a29f0, ftCreationTime.dwHighDateTime=0x1d62dff, ftLastAccessTime.dwLowDateTime=0x57e2ee40, ftLastAccessTime.dwHighDateTime=0x1d6320a, ftLastWriteTime.dwLowDateTime=0x57e2ee40, ftLastWriteTime.dwHighDateTime=0x1d6320a, nFileSizeHigh=0x0, nFileSizeLow=0x13f1b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="yor8 En-Hf8GqRBir.doc", cAlternateFileName="YOR8EN~1.DOC")) returned 0 [0051.996] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0051.997] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\LOLKEK.txt") returned 92 [0051.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\akrZiwqtvfaZyOOsv\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\akrziwqtvfazyoosv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0051.997] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0051.997] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0051.998] CloseHandle (hObject=0x2b8) returned 1 [0051.998] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0051.998] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc424e820, ftCreationTime.dwHighDateTime=0x1d630e7, ftLastAccessTime.dwLowDateTime=0xa8584e30, ftLastAccessTime.dwHighDateTime=0x1d62c9f, ftLastWriteTime.dwLowDateTime=0xa8584e30, ftLastWriteTime.dwHighDateTime=0x1d62c9f, nFileSizeHigh=0x0, nFileSizeLow=0x128db, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ddUUJHe7CSXKJ2a4K we.pps", cAlternateFileName="DDUUJH~1.PPS")) returned 1 [0051.998] lstrcmpiW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2="Windows") returned -1 [0051.998] lstrcmpiW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2="Program Files") returned -1 [0051.998] lstrcmpiW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2="Program Files (x86)") returned -1 [0051.998] lstrcmpiW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2="$Recycle.bin") returned 1 [0051.998] lstrcmpiW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2="System Volume Information") returned -1 [0051.998] lstrcmpiW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2=".") returned 1 [0051.998] lstrcmpiW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2="..") returned 1 [0051.998] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps") returned 88 [0051.998] StrStrIW (lpFirst="ddUUJHe7CSXKJ2a4K we.pps", lpSrch=".lolkek") returned 0x0 [0051.998] lstrcmpW (lpString1="ddUUJHe7CSXKJ2a4K we.pps", lpString2="LOLKEK.txt") returned -1 [0051.998] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps") returned 88 [0051.998] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x164) returned 0x669898 [0051.998] lstrcpyW (in: lpString1=0x669898, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\ddUUJHe7CSXKJ2a4K we.pps" [0051.998] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.033] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.033] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14513950, ftCreationTime.dwHighDateTime=0x1d62dbb, ftLastAccessTime.dwLowDateTime=0x576caf90, ftLastAccessTime.dwHighDateTime=0x1d62da6, ftLastWriteTime.dwLowDateTime=0x576caf90, ftLastWriteTime.dwHighDateTime=0x1d62da6, nFileSizeHigh=0x0, nFileSizeLow=0x4840, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HZoXeWo.ppt", cAlternateFileName="")) returned 1 [0052.033] lstrcmpiW (lpString1="HZoXeWo.ppt", lpString2="Windows") returned -1 [0052.033] lstrcmpiW (lpString1="HZoXeWo.ppt", lpString2="Program Files") returned -1 [0052.033] lstrcmpiW (lpString1="HZoXeWo.ppt", lpString2="Program Files (x86)") returned -1 [0052.033] lstrcmpiW (lpString1="HZoXeWo.ppt", lpString2="$Recycle.bin") returned 1 [0052.033] lstrcmpiW (lpString1="HZoXeWo.ppt", lpString2="System Volume Information") returned -1 [0052.033] lstrcmpiW (lpString1="HZoXeWo.ppt", lpString2=".") returned 1 [0052.033] lstrcmpiW (lpString1="HZoXeWo.ppt", lpString2="..") returned 1 [0052.033] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt") returned 75 [0052.033] StrStrIW (lpFirst="HZoXeWo.ppt", lpSrch=".lolkek") returned 0x0 [0052.033] lstrcmpW (lpString1="HZoXeWo.ppt", lpString2="LOLKEK.txt") returned -1 [0052.033] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt") returned 75 [0052.033] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3ca6b48 [0052.033] lstrcpyW (in: lpString1=0x3ca6b48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\HZoXeWo.ppt" [0052.033] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.034] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.034] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x324d3510, ftCreationTime.dwHighDateTime=0x1d629ad, ftLastAccessTime.dwLowDateTime=0x67a90d0, ftLastAccessTime.dwHighDateTime=0x1d62995, ftLastWriteTime.dwLowDateTime=0x67a90d0, ftLastWriteTime.dwHighDateTime=0x1d62995, nFileSizeHigh=0x0, nFileSizeLow=0xdaf4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qHs3.xlsx", cAlternateFileName="QHS3~1.XLS")) returned 1 [0052.034] lstrcmpiW (lpString1="qHs3.xlsx", lpString2="Windows") returned -1 [0052.034] lstrcmpiW (lpString1="qHs3.xlsx", lpString2="Program Files") returned 1 [0052.034] lstrcmpiW (lpString1="qHs3.xlsx", lpString2="Program Files (x86)") returned 1 [0052.034] lstrcmpiW (lpString1="qHs3.xlsx", lpString2="$Recycle.bin") returned 1 [0052.034] lstrcmpiW (lpString1="qHs3.xlsx", lpString2="System Volume Information") returned -1 [0052.035] lstrcmpiW (lpString1="qHs3.xlsx", lpString2=".") returned 1 [0052.035] lstrcmpiW (lpString1="qHs3.xlsx", lpString2="..") returned 1 [0052.035] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx") returned 73 [0052.035] StrStrIW (lpFirst="qHs3.xlsx", lpSrch=".lolkek") returned 0x0 [0052.035] lstrcmpW (lpString1="qHs3.xlsx", lpString2="LOLKEK.txt") returned 1 [0052.035] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx") returned 73 [0052.035] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca68d8 [0052.035] lstrcpyW (in: lpString1=0x3ca68d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\qHs3.xlsx" [0052.035] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.035] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.035] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50e30bf0, ftCreationTime.dwHighDateTime=0x1d63239, ftLastAccessTime.dwLowDateTime=0xda3b2c60, ftLastAccessTime.dwHighDateTime=0x1d626dc, ftLastWriteTime.dwLowDateTime=0xda3b2c60, ftLastWriteTime.dwHighDateTime=0x1d626dc, nFileSizeHigh=0x0, nFileSizeLow=0x6ecd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="rAiy2DSxBaH LXT5KZYs.pptx", cAlternateFileName="RAIY2D~1.PPT")) returned 1 [0052.035] lstrcmpiW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2="Windows") returned -1 [0052.035] lstrcmpiW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2="Program Files") returned 1 [0052.035] lstrcmpiW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2="Program Files (x86)") returned 1 [0052.035] lstrcmpiW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2="$Recycle.bin") returned 1 [0052.035] lstrcmpiW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2="System Volume Information") returned -1 [0052.035] lstrcmpiW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2=".") returned 1 [0052.036] lstrcmpiW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2="..") returned 1 [0052.036] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx") returned 89 [0052.036] StrStrIW (lpFirst="rAiy2DSxBaH LXT5KZYs.pptx", lpSrch=".lolkek") returned 0x0 [0052.036] lstrcmpW (lpString1="rAiy2DSxBaH LXT5KZYs.pptx", lpString2="LOLKEK.txt") returned 1 [0052.036] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx") returned 89 [0052.036] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x61a138 [0052.036] lstrcpyW (in: lpString1=0x61a138, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\rAiy2DSxBaH LXT5KZYs.pptx" [0052.036] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.039] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.039] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94d2ceb0, ftCreationTime.dwHighDateTime=0x1d62abc, ftLastAccessTime.dwLowDateTime=0x5136a710, ftLastAccessTime.dwHighDateTime=0x1d622cb, ftLastWriteTime.dwLowDateTime=0x5136a710, ftLastWriteTime.dwHighDateTime=0x1d622cb, nFileSizeHigh=0x0, nFileSizeLow=0xf9dd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="s7bSQJPB_SrPHS.xls", cAlternateFileName="S7BSQJ~1.XLS")) returned 1 [0052.039] lstrcmpiW (lpString1="s7bSQJPB_SrPHS.xls", lpString2="Windows") returned -1 [0052.039] lstrcmpiW (lpString1="s7bSQJPB_SrPHS.xls", lpString2="Program Files") returned 1 [0052.039] lstrcmpiW (lpString1="s7bSQJPB_SrPHS.xls", lpString2="Program Files (x86)") returned 1 [0052.039] lstrcmpiW (lpString1="s7bSQJPB_SrPHS.xls", lpString2="$Recycle.bin") returned 1 [0052.039] lstrcmpiW (lpString1="s7bSQJPB_SrPHS.xls", lpString2="System Volume Information") returned -1 [0052.039] lstrcmpiW (lpString1="s7bSQJPB_SrPHS.xls", lpString2=".") returned 1 [0052.039] lstrcmpiW (lpString1="s7bSQJPB_SrPHS.xls", lpString2="..") returned 1 [0052.039] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls") returned 82 [0052.039] StrStrIW (lpFirst="s7bSQJPB_SrPHS.xls", lpSrch=".lolkek") returned 0x0 [0052.039] lstrcmpW (lpString1="s7bSQJPB_SrPHS.xls", lpString2="LOLKEK.txt") returned 1 [0052.039] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls") returned 82 [0052.039] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3caeff0 [0052.039] lstrcpyW (in: lpString1=0x3caeff0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\s7bSQJPB_SrPHS.xls" [0052.039] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.042] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.042] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26819fa0, ftCreationTime.dwHighDateTime=0x1d6318c, ftLastAccessTime.dwLowDateTime=0xaa39b140, ftLastAccessTime.dwHighDateTime=0x1d62992, ftLastWriteTime.dwLowDateTime=0xaa39b140, ftLastWriteTime.dwHighDateTime=0x1d62992, nFileSizeHigh=0x0, nFileSizeLow=0x97e6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Wr7TTrYgDNDalC5qcAs.odp", cAlternateFileName="WR7TTR~1.ODP")) returned 1 [0052.042] lstrcmpiW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2="Windows") returned 1 [0052.042] lstrcmpiW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2="Program Files") returned 1 [0052.042] lstrcmpiW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2="Program Files (x86)") returned 1 [0052.042] lstrcmpiW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2="$Recycle.bin") returned 1 [0052.042] lstrcmpiW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2="System Volume Information") returned 1 [0052.042] lstrcmpiW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2=".") returned 1 [0052.042] lstrcmpiW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2="..") returned 1 [0052.042] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp") returned 87 [0052.042] StrStrIW (lpFirst="Wr7TTrYgDNDalC5qcAs.odp", lpSrch=".lolkek") returned 0x0 [0052.042] lstrcmpW (lpString1="Wr7TTrYgDNDalC5qcAs.odp", lpString2="LOLKEK.txt") returned 1 [0052.042] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp") returned 87 [0052.042] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb6ae0 [0052.042] lstrcpyW (in: lpString1=0x3eb6ae0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\Wr7TTrYgDNDalC5qcAs.odp" [0052.042] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.044] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.045] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe833ec00, ftCreationTime.dwHighDateTime=0x1d62ce8, ftLastAccessTime.dwLowDateTime=0xcc6d38b0, ftLastAccessTime.dwHighDateTime=0x1d62e36, ftLastWriteTime.dwLowDateTime=0xcc6d38b0, ftLastWriteTime.dwHighDateTime=0x1d62e36, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wRmfZxcllJ0A", cAlternateFileName="WRMFZX~1")) returned 1 [0052.045] lstrcmpiW (lpString1="wRmfZxcllJ0A", lpString2="Windows") returned 1 [0052.045] lstrcmpiW (lpString1="wRmfZxcllJ0A", lpString2="Program Files") returned 1 [0052.045] lstrcmpiW (lpString1="wRmfZxcllJ0A", lpString2="Program Files (x86)") returned 1 [0052.045] lstrcmpiW (lpString1="wRmfZxcllJ0A", lpString2="$Recycle.bin") returned 1 [0052.045] lstrcmpiW (lpString1="wRmfZxcllJ0A", lpString2="System Volume Information") returned 1 [0052.045] lstrcmpiW (lpString1="wRmfZxcllJ0A", lpString2=".") returned 1 [0052.045] lstrcmpiW (lpString1="wRmfZxcllJ0A", lpString2="..") returned 1 [0052.045] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A") returned 76 [0052.045] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.045] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A" [0052.045] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\*" [0052.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe833ec00, ftCreationTime.dwHighDateTime=0x1d62ce8, ftLastAccessTime.dwLowDateTime=0xcc6d38b0, ftLastAccessTime.dwHighDateTime=0x1d62e36, ftLastWriteTime.dwLowDateTime=0xcc6d38b0, ftLastWriteTime.dwHighDateTime=0x1d62e36, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0052.045] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.045] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.045] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.045] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.045] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.045] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.045] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe833ec00, ftCreationTime.dwHighDateTime=0x1d62ce8, ftLastAccessTime.dwLowDateTime=0xcc6d38b0, ftLastAccessTime.dwHighDateTime=0x1d62e36, ftLastWriteTime.dwLowDateTime=0xcc6d38b0, ftLastWriteTime.dwHighDateTime=0x1d62e36, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.045] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.045] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.045] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.046] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.046] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.046] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.046] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.046] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f941b00, ftCreationTime.dwHighDateTime=0x1d62ed5, ftLastAccessTime.dwLowDateTime=0x5ecb2cd0, ftLastAccessTime.dwHighDateTime=0x1d628ba, ftLastWriteTime.dwLowDateTime=0x5ecb2cd0, ftLastWriteTime.dwHighDateTime=0x1d628ba, nFileSizeHigh=0x0, nFileSizeLow=0xdcd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E7k0iR.rtf", cAlternateFileName="")) returned 1 [0052.046] lstrcmpiW (lpString1="E7k0iR.rtf", lpString2="Windows") returned -1 [0052.046] lstrcmpiW (lpString1="E7k0iR.rtf", lpString2="Program Files") returned -1 [0052.046] lstrcmpiW (lpString1="E7k0iR.rtf", lpString2="Program Files (x86)") returned -1 [0052.046] lstrcmpiW (lpString1="E7k0iR.rtf", lpString2="$Recycle.bin") returned 1 [0052.046] lstrcmpiW (lpString1="E7k0iR.rtf", lpString2="System Volume Information") returned -1 [0052.046] lstrcmpiW (lpString1="E7k0iR.rtf", lpString2=".") returned 1 [0052.046] lstrcmpiW (lpString1="E7k0iR.rtf", lpString2="..") returned 1 [0052.046] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf") returned 87 [0052.046] StrStrIW (lpFirst="E7k0iR.rtf", lpSrch=".lolkek") returned 0x0 [0052.046] lstrcmpW (lpString1="E7k0iR.rtf", lpString2="LOLKEK.txt") returned -1 [0052.046] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf") returned 87 [0052.046] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb6c48 [0052.046] lstrcpyW (in: lpString1=0x3eb6c48, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\E7k0iR.rtf" [0052.046] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.048] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.048] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f941b00, ftCreationTime.dwHighDateTime=0x1d62ed5, ftLastAccessTime.dwLowDateTime=0x5ecb2cd0, ftLastAccessTime.dwHighDateTime=0x1d628ba, ftLastWriteTime.dwLowDateTime=0x5ecb2cd0, ftLastWriteTime.dwHighDateTime=0x1d628ba, nFileSizeHigh=0x0, nFileSizeLow=0xdcd9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E7k0iR.rtf", cAlternateFileName="")) returned 0 [0052.048] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0052.048] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\LOLKEK.txt") returned 87 [0052.048] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\wRmfZxcllJ0A\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\wrmfzxcllj0a\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0052.048] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.049] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0052.049] CloseHandle (hObject=0x224) returned 1 [0052.049] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.049] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e01220, ftCreationTime.dwHighDateTime=0x1d63128, ftLastAccessTime.dwLowDateTime=0x4e9df6b0, ftLastAccessTime.dwHighDateTime=0x1d630b4, ftLastWriteTime.dwLowDateTime=0x4e9df6b0, ftLastWriteTime.dwHighDateTime=0x1d630b4, nFileSizeHigh=0x0, nFileSizeLow=0x9776, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XL5Qcw8icRlbI4q4Rk1.csv", cAlternateFileName="XL5QCW~1.CSV")) returned 1 [0052.049] lstrcmpiW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2="Windows") returned 1 [0052.049] lstrcmpiW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2="Program Files") returned 1 [0052.049] lstrcmpiW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2="Program Files (x86)") returned 1 [0052.049] lstrcmpiW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2="$Recycle.bin") returned 1 [0052.049] lstrcmpiW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2="System Volume Information") returned 1 [0052.049] lstrcmpiW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2=".") returned 1 [0052.049] lstrcmpiW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2="..") returned 1 [0052.049] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv") returned 87 [0052.049] StrStrIW (lpFirst="XL5Qcw8icRlbI4q4Rk1.csv", lpSrch=".lolkek") returned 0x0 [0052.049] lstrcmpW (lpString1="XL5Qcw8icRlbI4q4Rk1.csv", lpString2="LOLKEK.txt") returned 1 [0052.049] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv") returned 87 [0052.050] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3eb6810 [0052.050] lstrcpyW (in: lpString1=0x3eb6810, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\XL5Qcw8icRlbI4q4Rk1.csv" [0052.050] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.051] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.051] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e01220, ftCreationTime.dwHighDateTime=0x1d63128, ftLastAccessTime.dwLowDateTime=0x4e9df6b0, ftLastAccessTime.dwHighDateTime=0x1d630b4, ftLastWriteTime.dwLowDateTime=0x4e9df6b0, ftLastWriteTime.dwHighDateTime=0x1d630b4, nFileSizeHigh=0x0, nFileSizeLow=0x9776, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XL5Qcw8icRlbI4q4Rk1.csv", cAlternateFileName="XL5QCW~1.CSV")) returned 0 [0052.051] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.051] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\LOLKEK.txt") returned 74 [0052.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\329 9fBv16B80POcAox\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\329 9fbv16b80pocaox\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0052.052] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.052] WriteFile (in: hFile=0x290, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.053] CloseHandle (hObject=0x290) returned 1 [0052.053] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.054] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc875300, ftCreationTime.dwHighDateTime=0x1d5f815, ftLastAccessTime.dwLowDateTime=0xa1f73900, ftLastAccessTime.dwHighDateTime=0x1d62530, ftLastWriteTime.dwLowDateTime=0xa1f73900, ftLastWriteTime.dwHighDateTime=0x1d62530, nFileSizeHigh=0x0, nFileSizeLow=0xfd24, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5xwCXJ.xlsx", cAlternateFileName="5XWCXJ~1.XLS")) returned 1 [0052.054] lstrcmpiW (lpString1="5xwCXJ.xlsx", lpString2="Windows") returned -1 [0052.054] lstrcmpiW (lpString1="5xwCXJ.xlsx", lpString2="Program Files") returned -1 [0052.054] lstrcmpiW (lpString1="5xwCXJ.xlsx", lpString2="Program Files (x86)") returned -1 [0052.054] lstrcmpiW (lpString1="5xwCXJ.xlsx", lpString2="$Recycle.bin") returned 1 [0052.054] lstrcmpiW (lpString1="5xwCXJ.xlsx", lpString2="System Volume Information") returned -1 [0052.054] lstrcmpiW (lpString1="5xwCXJ.xlsx", lpString2=".") returned 1 [0052.054] lstrcmpiW (lpString1="5xwCXJ.xlsx", lpString2="..") returned 1 [0052.054] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx") returned 55 [0052.054] StrStrIW (lpFirst="5xwCXJ.xlsx", lpSrch=".lolkek") returned 0x0 [0052.054] lstrcmpW (lpString1="5xwCXJ.xlsx", lpString2="LOLKEK.txt") returned -1 [0052.054] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx") returned 55 [0052.054] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbb840 [0052.054] lstrcpyW (in: lpString1=0x3cbb840, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5xwCXJ.xlsx" [0052.054] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.055] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.055] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf92f4b0, ftCreationTime.dwHighDateTime=0x1d619e8, ftLastAccessTime.dwLowDateTime=0xaca54130, ftLastAccessTime.dwHighDateTime=0x1d62dff, ftLastWriteTime.dwLowDateTime=0xaca54130, ftLastWriteTime.dwHighDateTime=0x1d62dff, nFileSizeHigh=0x0, nFileSizeLow=0x15a4e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9 __N.pptx", cAlternateFileName="9__N~1.PPT")) returned 1 [0052.055] lstrcmpiW (lpString1="9 __N.pptx", lpString2="Windows") returned -1 [0052.055] lstrcmpiW (lpString1="9 __N.pptx", lpString2="Program Files") returned -1 [0052.055] lstrcmpiW (lpString1="9 __N.pptx", lpString2="Program Files (x86)") returned -1 [0052.055] lstrcmpiW (lpString1="9 __N.pptx", lpString2="$Recycle.bin") returned 1 [0052.055] lstrcmpiW (lpString1="9 __N.pptx", lpString2="System Volume Information") returned -1 [0052.055] lstrcmpiW (lpString1="9 __N.pptx", lpString2=".") returned 1 [0052.055] lstrcmpiW (lpString1="9 __N.pptx", lpString2="..") returned 1 [0052.055] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx") returned 54 [0052.055] StrStrIW (lpFirst="9 __N.pptx", lpSrch=".lolkek") returned 0x0 [0052.056] lstrcmpW (lpString1="9 __N.pptx", lpString2="LOLKEK.txt") returned -1 [0052.056] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx") returned 54 [0052.056] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbb758 [0052.056] lstrcpyW (in: lpString1=0x3cbb758, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9 __N.pptx" [0052.056] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.057] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.057] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x217c2000, ftCreationTime.dwHighDateTime=0x1d611f9, ftLastAccessTime.dwLowDateTime=0xf999ef00, ftLastAccessTime.dwHighDateTime=0x1d5e3ad, ftLastWriteTime.dwLowDateTime=0xf999ef00, ftLastWriteTime.dwHighDateTime=0x1d5e3ad, nFileSizeHigh=0x0, nFileSizeLow=0x12f2c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9uL1IWyicJQ1hAzgqyU.pptx", cAlternateFileName="9UL1IW~1.PPT")) returned 1 [0052.057] lstrcmpiW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2="Windows") returned -1 [0052.057] lstrcmpiW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2="Program Files") returned -1 [0052.057] lstrcmpiW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2="Program Files (x86)") returned -1 [0052.057] lstrcmpiW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2="$Recycle.bin") returned 1 [0052.057] lstrcmpiW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2="System Volume Information") returned -1 [0052.057] lstrcmpiW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2=".") returned 1 [0052.057] lstrcmpiW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2="..") returned 1 [0052.057] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx") returned 68 [0052.057] StrStrIW (lpFirst="9uL1IWyicJQ1hAzgqyU.pptx", lpSrch=".lolkek") returned 0x0 [0052.057] lstrcmpW (lpString1="9uL1IWyicJQ1hAzgqyU.pptx", lpString2="LOLKEK.txt") returned -1 [0052.057] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx") returned 68 [0052.057] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x5fc230 [0052.057] lstrcpyW (in: lpString1=0x5fc230, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9uL1IWyicJQ1hAzgqyU.pptx" [0052.057] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.064] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.064] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x210e8b90, ftCreationTime.dwHighDateTime=0x1d5ef93, ftLastAccessTime.dwLowDateTime=0x27e3e710, ftLastAccessTime.dwHighDateTime=0x1d60700, ftLastWriteTime.dwLowDateTime=0x27e3e710, ftLastWriteTime.dwHighDateTime=0x1d60700, nFileSizeHigh=0x0, nFileSizeLow=0x8b5f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CIIcJkpNhoqDGt.docx", cAlternateFileName="CIICJK~1.DOC")) returned 1 [0052.064] lstrcmpiW (lpString1="CIIcJkpNhoqDGt.docx", lpString2="Windows") returned -1 [0052.064] lstrcmpiW (lpString1="CIIcJkpNhoqDGt.docx", lpString2="Program Files") returned -1 [0052.064] lstrcmpiW (lpString1="CIIcJkpNhoqDGt.docx", lpString2="Program Files (x86)") returned -1 [0052.064] lstrcmpiW (lpString1="CIIcJkpNhoqDGt.docx", lpString2="$Recycle.bin") returned 1 [0052.064] lstrcmpiW (lpString1="CIIcJkpNhoqDGt.docx", lpString2="System Volume Information") returned -1 [0052.064] lstrcmpiW (lpString1="CIIcJkpNhoqDGt.docx", lpString2=".") returned 1 [0052.064] lstrcmpiW (lpString1="CIIcJkpNhoqDGt.docx", lpString2="..") returned 1 [0052.064] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx") returned 63 [0052.064] StrStrIW (lpFirst="CIIcJkpNhoqDGt.docx", lpSrch=".lolkek") returned 0x0 [0052.064] lstrcmpW (lpString1="CIIcJkpNhoqDGt.docx", lpString2="LOLKEK.txt") returned -1 [0052.064] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx") returned 63 [0052.064] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4020 [0052.064] lstrcpyW (in: lpString1=0x3ec4020, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CIIcJkpNhoqDGt.docx" [0052.064] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.101] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.101] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e4ebb20, ftCreationTime.dwHighDateTime=0x1d6238f, ftLastAccessTime.dwLowDateTime=0x99d88c60, ftLastAccessTime.dwHighDateTime=0x1d60767, ftLastWriteTime.dwLowDateTime=0x99d88c60, ftLastWriteTime.dwHighDateTime=0x1d60767, nFileSizeHigh=0x0, nFileSizeLow=0x107b0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CU_RJxQED965D.docx", cAlternateFileName="CU_RJX~1.DOC")) returned 1 [0052.101] lstrcmpiW (lpString1="CU_RJxQED965D.docx", lpString2="Windows") returned -1 [0052.101] lstrcmpiW (lpString1="CU_RJxQED965D.docx", lpString2="Program Files") returned -1 [0052.101] lstrcmpiW (lpString1="CU_RJxQED965D.docx", lpString2="Program Files (x86)") returned -1 [0052.101] lstrcmpiW (lpString1="CU_RJxQED965D.docx", lpString2="$Recycle.bin") returned 1 [0052.101] lstrcmpiW (lpString1="CU_RJxQED965D.docx", lpString2="System Volume Information") returned -1 [0052.101] lstrcmpiW (lpString1="CU_RJxQED965D.docx", lpString2=".") returned 1 [0052.101] lstrcmpiW (lpString1="CU_RJxQED965D.docx", lpString2="..") returned 1 [0052.101] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx") returned 62 [0052.101] StrStrIW (lpFirst="CU_RJxQED965D.docx", lpSrch=".lolkek") returned 0x0 [0052.101] lstrcmpW (lpString1="CU_RJxQED965D.docx", lpString2="LOLKEK.txt") returned -1 [0052.101] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx") returned 62 [0052.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4338 [0052.101] lstrcpyW (in: lpString1=0x3ec4338, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CU_RJxQED965D.docx" [0052.101] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.103] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.103] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.103] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.103] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.103] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.103] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.103] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.103] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.103] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.103] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 55 [0052.103] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.103] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.103] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 55 [0052.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbba10 [0052.103] lstrcpyW (in: lpString1=0x3cbba10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" [0052.103] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.105] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.105] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9efef40, ftCreationTime.dwHighDateTime=0x1d623cc, ftLastAccessTime.dwLowDateTime=0x527be00, ftLastAccessTime.dwHighDateTime=0x1d63288, ftLastWriteTime.dwLowDateTime=0x527be00, ftLastWriteTime.dwHighDateTime=0x1d63288, nFileSizeHigh=0x0, nFileSizeLow=0x10951, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Dkd4jqjy2HF39xxZMya.xls", cAlternateFileName="DKD4JQ~1.XLS")) returned 1 [0052.105] lstrcmpiW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2="Windows") returned -1 [0052.105] lstrcmpiW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2="Program Files") returned -1 [0052.105] lstrcmpiW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2="Program Files (x86)") returned -1 [0052.105] lstrcmpiW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2="$Recycle.bin") returned 1 [0052.105] lstrcmpiW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2="System Volume Information") returned -1 [0052.105] lstrcmpiW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2=".") returned 1 [0052.105] lstrcmpiW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2="..") returned 1 [0052.105] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls") returned 67 [0052.105] StrStrIW (lpFirst="Dkd4jqjy2HF39xxZMya.xls", lpSrch=".lolkek") returned 0x0 [0052.105] lstrcmpW (lpString1="Dkd4jqjy2HF39xxZMya.xls", lpString2="LOLKEK.txt") returned -1 [0052.105] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls") returned 67 [0052.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x3dd5668 [0052.105] lstrcpyW (in: lpString1=0x3dd5668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dkd4jqjy2HF39xxZMya.xls" [0052.105] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.106] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.106] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x806de6a0, ftCreationTime.dwHighDateTime=0x1d63127, ftLastAccessTime.dwLowDateTime=0x941520d0, ftLastAccessTime.dwHighDateTime=0x1d6320b, ftLastWriteTime.dwLowDateTime=0x941520d0, ftLastWriteTime.dwHighDateTime=0x1d6320b, nFileSizeHigh=0x0, nFileSizeLow=0x328b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="E6hhK.csv", cAlternateFileName="")) returned 1 [0052.106] lstrcmpiW (lpString1="E6hhK.csv", lpString2="Windows") returned -1 [0052.106] lstrcmpiW (lpString1="E6hhK.csv", lpString2="Program Files") returned -1 [0052.106] lstrcmpiW (lpString1="E6hhK.csv", lpString2="Program Files (x86)") returned -1 [0052.106] lstrcmpiW (lpString1="E6hhK.csv", lpString2="$Recycle.bin") returned 1 [0052.106] lstrcmpiW (lpString1="E6hhK.csv", lpString2="System Volume Information") returned -1 [0052.106] lstrcmpiW (lpString1="E6hhK.csv", lpString2=".") returned 1 [0052.106] lstrcmpiW (lpString1="E6hhK.csv", lpString2="..") returned 1 [0052.106] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv") returned 53 [0052.106] StrStrIW (lpFirst="E6hhK.csv", lpSrch=".lolkek") returned 0x0 [0052.106] lstrcmpW (lpString1="E6hhK.csv", lpString2="LOLKEK.txt") returned -1 [0052.106] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv") returned 53 [0052.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbf750 [0052.106] lstrcpyW (in: lpString1=0x3cbf750, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E6hhK.csv" [0052.106] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.109] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.109] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c2086e0, ftCreationTime.dwHighDateTime=0x1d5dd7a, ftLastAccessTime.dwLowDateTime=0x1e83c190, ftLastAccessTime.dwHighDateTime=0x1d5e3d8, ftLastWriteTime.dwLowDateTime=0x1e83c190, ftLastWriteTime.dwHighDateTime=0x1d5e3d8, nFileSizeHigh=0x0, nFileSizeLow=0x7d27, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eESHJ5BldNFhUmsN.pptx", cAlternateFileName="EESHJ5~1.PPT")) returned 1 [0052.109] lstrcmpiW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2="Windows") returned -1 [0052.109] lstrcmpiW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2="Program Files") returned -1 [0052.109] lstrcmpiW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2="Program Files (x86)") returned -1 [0052.109] lstrcmpiW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2="$Recycle.bin") returned 1 [0052.109] lstrcmpiW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2="System Volume Information") returned -1 [0052.109] lstrcmpiW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2=".") returned 1 [0052.109] lstrcmpiW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2="..") returned 1 [0052.109] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx") returned 65 [0052.109] StrStrIW (lpFirst="eESHJ5BldNFhUmsN.pptx", lpSrch=".lolkek") returned 0x0 [0052.110] lstrcmpW (lpString1="eESHJ5BldNFhUmsN.pptx", lpString2="LOLKEK.txt") returned -1 [0052.110] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx") returned 65 [0052.110] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611840 [0052.110] lstrcpyW (in: lpString1=0x611840, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eESHJ5BldNFhUmsN.pptx" [0052.110] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.112] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.112] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf1d8690, ftCreationTime.dwHighDateTime=0x1d5ef69, ftLastAccessTime.dwLowDateTime=0xef39e2c0, ftLastAccessTime.dwHighDateTime=0x1d5c4c4, ftLastWriteTime.dwLowDateTime=0xef39e2c0, ftLastWriteTime.dwHighDateTime=0x1d5c4c4, nFileSizeHigh=0x0, nFileSizeLow=0xe6b7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eQ3TA2K5.xlsx", cAlternateFileName="EQ3TA2~1.XLS")) returned 1 [0052.112] lstrcmpiW (lpString1="eQ3TA2K5.xlsx", lpString2="Windows") returned -1 [0052.112] lstrcmpiW (lpString1="eQ3TA2K5.xlsx", lpString2="Program Files") returned -1 [0052.112] lstrcmpiW (lpString1="eQ3TA2K5.xlsx", lpString2="Program Files (x86)") returned -1 [0052.112] lstrcmpiW (lpString1="eQ3TA2K5.xlsx", lpString2="$Recycle.bin") returned 1 [0052.112] lstrcmpiW (lpString1="eQ3TA2K5.xlsx", lpString2="System Volume Information") returned -1 [0052.112] lstrcmpiW (lpString1="eQ3TA2K5.xlsx", lpString2=".") returned 1 [0052.112] lstrcmpiW (lpString1="eQ3TA2K5.xlsx", lpString2="..") returned 1 [0052.112] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx") returned 57 [0052.112] StrStrIW (lpFirst="eQ3TA2K5.xlsx", lpSrch=".lolkek") returned 0x0 [0052.112] lstrcmpW (lpString1="eQ3TA2K5.xlsx", lpString2="LOLKEK.txt") returned -1 [0052.112] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx") returned 57 [0052.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x657c78 [0052.112] lstrcpyW (in: lpString1=0x657c78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eQ3TA2K5.xlsx" [0052.112] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.113] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.113] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf202bb40, ftCreationTime.dwHighDateTime=0x1d5a6be, ftLastAccessTime.dwLowDateTime=0xee1034d0, ftLastAccessTime.dwHighDateTime=0x1d5a741, ftLastWriteTime.dwLowDateTime=0xee1034d0, ftLastWriteTime.dwHighDateTime=0x1d5a741, nFileSizeHigh=0x0, nFileSizeLow=0xeda3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GVw-WR_OkLC9VO6P.docx", cAlternateFileName="GVW-WR~1.DOC")) returned 1 [0052.113] lstrcmpiW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2="Windows") returned -1 [0052.113] lstrcmpiW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2="Program Files") returned -1 [0052.113] lstrcmpiW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2="Program Files (x86)") returned -1 [0052.113] lstrcmpiW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2="$Recycle.bin") returned 1 [0052.113] lstrcmpiW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2="System Volume Information") returned -1 [0052.113] lstrcmpiW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2=".") returned 1 [0052.113] lstrcmpiW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2="..") returned 1 [0052.113] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx") returned 65 [0052.113] StrStrIW (lpFirst="GVw-WR_OkLC9VO6P.docx", lpSrch=".lolkek") returned 0x0 [0052.113] lstrcmpW (lpString1="GVw-WR_OkLC9VO6P.docx", lpString2="LOLKEK.txt") returned -1 [0052.113] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx") returned 65 [0052.113] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x6111b0 [0052.113] lstrcpyW (in: lpString1=0x6111b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GVw-WR_OkLC9VO6P.docx" [0052.113] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.115] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.115] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fb6e360, ftCreationTime.dwHighDateTime=0x1d629b9, ftLastAccessTime.dwLowDateTime=0x36bed430, ftLastAccessTime.dwHighDateTime=0x1d62685, ftLastWriteTime.dwLowDateTime=0x36bed430, ftLastWriteTime.dwHighDateTime=0x1d62685, nFileSizeHigh=0x0, nFileSizeLow=0xa674, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="h1kpOvRWGU9qi6eXx7g.odp", cAlternateFileName="H1KPOV~1.ODP")) returned 1 [0052.115] lstrcmpiW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2="Windows") returned -1 [0052.115] lstrcmpiW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2="Program Files") returned -1 [0052.115] lstrcmpiW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2="Program Files (x86)") returned -1 [0052.115] lstrcmpiW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2="$Recycle.bin") returned 1 [0052.115] lstrcmpiW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2="System Volume Information") returned -1 [0052.115] lstrcmpiW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2=".") returned 1 [0052.115] lstrcmpiW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2="..") returned 1 [0052.115] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp") returned 67 [0052.115] StrStrIW (lpFirst="h1kpOvRWGU9qi6eXx7g.odp", lpSrch=".lolkek") returned 0x0 [0052.115] lstrcmpW (lpString1="h1kpOvRWGU9qi6eXx7g.odp", lpString2="LOLKEK.txt") returned -1 [0052.115] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp") returned 67 [0052.116] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x61be60 [0052.116] lstrcpyW (in: lpString1=0x61be60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h1kpOvRWGU9qi6eXx7g.odp" [0052.116] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.117] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.117] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86dc1e70, ftCreationTime.dwHighDateTime=0x1d5c9f9, ftLastAccessTime.dwLowDateTime=0xad06a900, ftLastAccessTime.dwHighDateTime=0x1d5fd55, ftLastWriteTime.dwLowDateTime=0xad06a900, ftLastWriteTime.dwHighDateTime=0x1d5fd55, nFileSizeHigh=0x0, nFileSizeLow=0x18577, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Ht66Glp9W-yIHjwSbz.xlsx", cAlternateFileName="HT66GL~1.XLS")) returned 1 [0052.117] lstrcmpiW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2="Windows") returned -1 [0052.117] lstrcmpiW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2="Program Files") returned -1 [0052.117] lstrcmpiW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2="Program Files (x86)") returned -1 [0052.117] lstrcmpiW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2="$Recycle.bin") returned 1 [0052.117] lstrcmpiW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2="System Volume Information") returned -1 [0052.117] lstrcmpiW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2=".") returned 1 [0052.117] lstrcmpiW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2="..") returned 1 [0052.117] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx") returned 67 [0052.117] StrStrIW (lpFirst="Ht66Glp9W-yIHjwSbz.xlsx", lpSrch=".lolkek") returned 0x0 [0052.117] lstrcmpW (lpString1="Ht66Glp9W-yIHjwSbz.xlsx", lpString2="LOLKEK.txt") returned -1 [0052.117] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx") returned 67 [0052.117] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x66b510 [0052.117] lstrcpyW (in: lpString1=0x66b510, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ht66Glp9W-yIHjwSbz.xlsx" [0052.117] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.125] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.125] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8af2fc40, ftCreationTime.dwHighDateTime=0x1d5ec95, ftLastAccessTime.dwLowDateTime=0xff1077a0, ftLastAccessTime.dwHighDateTime=0x1d5ef02, ftLastWriteTime.dwLowDateTime=0xff1077a0, ftLastWriteTime.dwHighDateTime=0x1d5ef02, nFileSizeHigh=0x0, nFileSizeLow=0xd6ed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kp0KWws934DTN.docx", cAlternateFileName="KP0KWW~1.DOC")) returned 1 [0052.125] lstrcmpiW (lpString1="kp0KWws934DTN.docx", lpString2="Windows") returned -1 [0052.125] lstrcmpiW (lpString1="kp0KWws934DTN.docx", lpString2="Program Files") returned -1 [0052.125] lstrcmpiW (lpString1="kp0KWws934DTN.docx", lpString2="Program Files (x86)") returned -1 [0052.125] lstrcmpiW (lpString1="kp0KWws934DTN.docx", lpString2="$Recycle.bin") returned 1 [0052.125] lstrcmpiW (lpString1="kp0KWws934DTN.docx", lpString2="System Volume Information") returned -1 [0052.125] lstrcmpiW (lpString1="kp0KWws934DTN.docx", lpString2=".") returned 1 [0052.125] lstrcmpiW (lpString1="kp0KWws934DTN.docx", lpString2="..") returned 1 [0052.125] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx") returned 62 [0052.125] StrStrIW (lpFirst="kp0KWws934DTN.docx", lpSrch=".lolkek") returned 0x0 [0052.125] lstrcmpW (lpString1="kp0KWws934DTN.docx", lpString2="LOLKEK.txt") returned -1 [0052.125] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx") returned 62 [0052.125] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4128 [0052.125] lstrcpyW (in: lpString1=0x3ec4128, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\kp0KWws934DTN.docx" [0052.125] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.152] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.152] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0052.152] lstrcmpiW (lpString1="My Music", lpString2="Windows") returned -1 [0052.152] lstrcmpiW (lpString1="My Music", lpString2="Program Files") returned -1 [0052.152] lstrcmpiW (lpString1="My Music", lpString2="Program Files (x86)") returned -1 [0052.152] lstrcmpiW (lpString1="My Music", lpString2="$Recycle.bin") returned 1 [0052.152] lstrcmpiW (lpString1="My Music", lpString2="System Volume Information") returned -1 [0052.152] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0052.152] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0052.152] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned 52 [0052.152] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.152] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0052.152] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*" [0052.152] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e01220, ftCreationTime.dwHighDateTime=0x1d63128, ftLastAccessTime.dwLowDateTime=0x4e9df6b0, ftLastAccessTime.dwHighDateTime=0x1d630b4, ftLastWriteTime.dwLowDateTime=0x4e9df6b0, ftLastWriteTime.dwHighDateTime=0x1d630b4, nFileSizeHigh=0x0, nFileSizeLow=0x9776, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XL5Qcw8icRlbI4q4Rk1.csv", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨㻘Ϣ纈0ͣͣ㨭䚗㻘Ϣͣ热/㻘Ϣ徰c읈a헍皮")) returned 0xffffffff [0052.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.152] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0052.152] lstrcmpiW (lpString1="My Pictures", lpString2="Windows") returned -1 [0052.152] lstrcmpiW (lpString1="My Pictures", lpString2="Program Files") returned -1 [0052.152] lstrcmpiW (lpString1="My Pictures", lpString2="Program Files (x86)") returned -1 [0052.153] lstrcmpiW (lpString1="My Pictures", lpString2="$Recycle.bin") returned 1 [0052.153] lstrcmpiW (lpString1="My Pictures", lpString2="System Volume Information") returned -1 [0052.153] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0052.153] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0052.153] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned 55 [0052.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.153] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0052.153] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*" [0052.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8e01220, ftCreationTime.dwHighDateTime=0x1d63128, ftLastAccessTime.dwLowDateTime=0x4e9df6b0, ftLastAccessTime.dwHighDateTime=0x1d630b4, ftLastWriteTime.dwLowDateTime=0x4e9df6b0, ftLastWriteTime.dwHighDateTime=0x1d630b4, nFileSizeHigh=0x0, nFileSizeLow=0x9776, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XL5Qcw8icRlbI4q4Rk1.csv", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨㻘Ϣ纈0ͣͣ㨭䚗㻘Ϣͣ热/㻘Ϣ徰c읈a헍皮")) returned 0xffffffff [0052.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.153] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0052.153] lstrcmpiW (lpString1="My Shapes", lpString2="Windows") returned -1 [0052.153] lstrcmpiW (lpString1="My Shapes", lpString2="Program Files") returned -1 [0052.153] lstrcmpiW (lpString1="My Shapes", lpString2="Program Files (x86)") returned -1 [0052.153] lstrcmpiW (lpString1="My Shapes", lpString2="$Recycle.bin") returned 1 [0052.153] lstrcmpiW (lpString1="My Shapes", lpString2="System Volume Information") returned -1 [0052.153] lstrcmpiW (lpString1="My Shapes", lpString2=".") returned 1 [0052.153] lstrcmpiW (lpString1="My Shapes", lpString2="..") returned 1 [0052.153] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned 53 [0052.153] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.153] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0052.153] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*" [0052.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.153] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.153] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.153] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.153] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.153] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.153] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.153] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.153] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.154] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.154] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.154] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.154] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.154] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.154] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.154] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.154] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.154] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.154] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.154] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.154] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.154] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.154] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.154] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned 65 [0052.154] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.154] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.154] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned 65 [0052.154] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x612330 [0052.154] lstrcpyW (in: lpString1=0x612330, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" [0052.154] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.156] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.156] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0052.156] lstrcmpiW (lpString1="Favorites.vss", lpString2="Windows") returned -1 [0052.156] lstrcmpiW (lpString1="Favorites.vss", lpString2="Program Files") returned -1 [0052.156] lstrcmpiW (lpString1="Favorites.vss", lpString2="Program Files (x86)") returned -1 [0052.156] lstrcmpiW (lpString1="Favorites.vss", lpString2="$Recycle.bin") returned 1 [0052.156] lstrcmpiW (lpString1="Favorites.vss", lpString2="System Volume Information") returned -1 [0052.156] lstrcmpiW (lpString1="Favorites.vss", lpString2=".") returned 1 [0052.156] lstrcmpiW (lpString1="Favorites.vss", lpString2="..") returned 1 [0052.156] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0052.156] StrStrIW (lpFirst="Favorites.vss", lpSrch=".lolkek") returned 0x0 [0052.156] lstrcmpW (lpString1="Favorites.vss", lpString2="LOLKEK.txt") returned -1 [0052.156] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned 67 [0052.156] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x612448 [0052.156] lstrcpyW (in: lpString1=0x612448, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" [0052.156] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.159] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.159] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_private", cAlternateFileName="")) returned 1 [0052.159] lstrcmpiW (lpString1="_private", lpString2="Windows") returned -1 [0052.159] lstrcmpiW (lpString1="_private", lpString2="Program Files") returned -1 [0052.159] lstrcmpiW (lpString1="_private", lpString2="Program Files (x86)") returned -1 [0052.159] lstrcmpiW (lpString1="_private", lpString2="$Recycle.bin") returned 1 [0052.159] lstrcmpiW (lpString1="_private", lpString2="System Volume Information") returned -1 [0052.159] lstrcmpiW (lpString1="_private", lpString2=".") returned 1 [0052.159] lstrcmpiW (lpString1="_private", lpString2="..") returned 1 [0052.159] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned 62 [0052.159] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0052.159] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0052.159] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*" [0052.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0052.160] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.160] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.160] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.160] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.160] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.160] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.160] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.160] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.160] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.160] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.160] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.160] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.160] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.160] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.160] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0052.161] lstrcmpiW (lpString1="folder.ico", lpString2="Windows") returned -1 [0052.161] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files") returned -1 [0052.161] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files (x86)") returned -1 [0052.161] lstrcmpiW (lpString1="folder.ico", lpString2="$Recycle.bin") returned 1 [0052.161] lstrcmpiW (lpString1="folder.ico", lpString2="System Volume Information") returned -1 [0052.161] lstrcmpiW (lpString1="folder.ico", lpString2=".") returned 1 [0052.161] lstrcmpiW (lpString1="folder.ico", lpString2="..") returned 1 [0052.161] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0052.161] StrStrIW (lpFirst="folder.ico", lpSrch=".lolkek") returned 0x0 [0052.161] lstrcmpW (lpString1="folder.ico", lpString2="LOLKEK.txt") returned -1 [0052.161] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0052.161] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca6ef0 [0052.161] lstrcpyW (in: lpString1=0x3ca6ef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" [0052.161] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.161] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.161] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0052.161] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0052.161] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\LOLKEK.txt") returned 73 [0052.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.162] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.162] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0052.162] CloseHandle (hObject=0x23c) returned 1 [0052.162] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0052.162] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_private", cAlternateFileName="")) returned 0 [0052.162] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.162] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\LOLKEK.txt") returned 64 [0052.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0052.163] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.163] WriteFile (in: hFile=0x228, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.163] CloseHandle (hObject=0x228) returned 1 [0052.163] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.163] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0052.163] lstrcmpiW (lpString1="My Videos", lpString2="Windows") returned -1 [0052.163] lstrcmpiW (lpString1="My Videos", lpString2="Program Files") returned -1 [0052.163] lstrcmpiW (lpString1="My Videos", lpString2="Program Files (x86)") returned -1 [0052.164] lstrcmpiW (lpString1="My Videos", lpString2="$Recycle.bin") returned 1 [0052.164] lstrcmpiW (lpString1="My Videos", lpString2="System Volume Information") returned -1 [0052.164] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0052.164] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0052.164] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned 53 [0052.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0052.164] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0052.164] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*" [0052.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_private", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨㻘Ϣ纈0ͣͣ㨭䚗㻘Ϣͣ热/㻘Ϣ徰c읈a헍皮")) returned 0xffffffff [0052.164] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0052.164] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55145120, ftCreationTime.dwHighDateTime=0x1d5fd55, ftLastAccessTime.dwLowDateTime=0x74823460, ftLastAccessTime.dwHighDateTime=0x1d5b975, ftLastWriteTime.dwLowDateTime=0x74823460, ftLastWriteTime.dwHighDateTime=0x1d5b975, nFileSizeHigh=0x0, nFileSizeLow=0x14321, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="oGy6GMruDqR.docx", cAlternateFileName="OGY6GM~1.DOC")) returned 1 [0052.164] lstrcmpiW (lpString1="oGy6GMruDqR.docx", lpString2="Windows") returned -1 [0052.164] lstrcmpiW (lpString1="oGy6GMruDqR.docx", lpString2="Program Files") returned -1 [0052.164] lstrcmpiW (lpString1="oGy6GMruDqR.docx", lpString2="Program Files (x86)") returned -1 [0052.164] lstrcmpiW (lpString1="oGy6GMruDqR.docx", lpString2="$Recycle.bin") returned 1 [0052.164] lstrcmpiW (lpString1="oGy6GMruDqR.docx", lpString2="System Volume Information") returned -1 [0052.164] lstrcmpiW (lpString1="oGy6GMruDqR.docx", lpString2=".") returned 1 [0052.164] lstrcmpiW (lpString1="oGy6GMruDqR.docx", lpString2="..") returned 1 [0052.164] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx") returned 60 [0052.164] StrStrIW (lpFirst="oGy6GMruDqR.docx", lpSrch=".lolkek") returned 0x0 [0052.164] lstrcmpW (lpString1="oGy6GMruDqR.docx", lpString2="LOLKEK.txt") returned 1 [0052.164] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx") returned 60 [0052.164] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0260 [0052.164] lstrcpyW (in: lpString1=0x3da0260, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oGy6GMruDqR.docx" [0052.164] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.167] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.167] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0052.167] lstrcmpiW (lpString1="Outlook Files", lpString2="Windows") returned -1 [0052.167] lstrcmpiW (lpString1="Outlook Files", lpString2="Program Files") returned -1 [0052.167] lstrcmpiW (lpString1="Outlook Files", lpString2="Program Files (x86)") returned -1 [0052.167] lstrcmpiW (lpString1="Outlook Files", lpString2="$Recycle.bin") returned 1 [0052.167] lstrcmpiW (lpString1="Outlook Files", lpString2="System Volume Information") returned -1 [0052.167] lstrcmpiW (lpString1="Outlook Files", lpString2=".") returned 1 [0052.167] lstrcmpiW (lpString1="Outlook Files", lpString2="..") returned 1 [0052.167] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned 57 [0052.167] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.167] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0052.167] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*" [0052.167] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.168] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.168] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.168] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.168] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.168] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.168] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.168] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.168] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.168] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.168] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.168] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.168] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.168] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.168] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.168] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0052.168] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="Windows") returned -1 [0052.168] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="Program Files") returned 1 [0052.168] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="Program Files (x86)") returned 1 [0052.168] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="$Recycle.bin") returned 1 [0052.168] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="System Volume Information") returned 1 [0052.168] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2=".") returned 1 [0052.168] lstrcmpiW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="..") returned 1 [0052.168] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 80 [0052.168] StrStrIW (lpFirst="voeimd@djhreuu.uhd.pst", lpSrch=".lolkek") returned 0x0 [0052.168] lstrcmpW (lpString1="voeimd@djhreuu.uhd.pst", lpString2="LOLKEK.txt") returned 1 [0052.168] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 80 [0052.168] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3caee98 [0052.168] lstrcpyW (in: lpString1=0x3caee98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" [0052.168] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.171] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.171] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0052.171] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.171] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\LOLKEK.txt") returned 68 [0052.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0052.171] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.171] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.172] CloseHandle (hObject=0x210) returned 1 [0052.172] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.172] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33f9f120, ftCreationTime.dwHighDateTime=0x1d5d42e, ftLastAccessTime.dwLowDateTime=0x24d2c700, ftLastAccessTime.dwHighDateTime=0x1d623be, ftLastWriteTime.dwLowDateTime=0x24d2c700, ftLastWriteTime.dwHighDateTime=0x1d623be, nFileSizeHigh=0x0, nFileSizeLow=0x16116, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="OYuWUKlHU3vT8ENS.xlsx", cAlternateFileName="OYUWUK~1.XLS")) returned 1 [0052.172] lstrcmpiW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2="Windows") returned -1 [0052.172] lstrcmpiW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2="Program Files") returned -1 [0052.172] lstrcmpiW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2="Program Files (x86)") returned -1 [0052.172] lstrcmpiW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2="$Recycle.bin") returned 1 [0052.172] lstrcmpiW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2="System Volume Information") returned -1 [0052.172] lstrcmpiW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2=".") returned 1 [0052.172] lstrcmpiW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2="..") returned 1 [0052.172] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx") returned 65 [0052.172] StrStrIW (lpFirst="OYuWUKlHU3vT8ENS.xlsx", lpSrch=".lolkek") returned 0x0 [0052.172] lstrcmpW (lpString1="OYuWUKlHU3vT8ENS.xlsx", lpString2="LOLKEK.txt") returned 1 [0052.172] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx") returned 65 [0052.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x612560 [0052.172] lstrcpyW (in: lpString1=0x612560, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OYuWUKlHU3vT8ENS.xlsx" [0052.172] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.173] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.173] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda93c7f0, ftCreationTime.dwHighDateTime=0x1d62450, ftLastAccessTime.dwLowDateTime=0xe2e9ec70, ftLastAccessTime.dwHighDateTime=0x1d62687, ftLastWriteTime.dwLowDateTime=0xe2e9ec70, ftLastWriteTime.dwHighDateTime=0x1d62687, nFileSizeHigh=0x0, nFileSizeLow=0x18668, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="pxNMOB.odp", cAlternateFileName="")) returned 1 [0052.173] lstrcmpiW (lpString1="pxNMOB.odp", lpString2="Windows") returned -1 [0052.173] lstrcmpiW (lpString1="pxNMOB.odp", lpString2="Program Files") returned 1 [0052.173] lstrcmpiW (lpString1="pxNMOB.odp", lpString2="Program Files (x86)") returned 1 [0052.173] lstrcmpiW (lpString1="pxNMOB.odp", lpString2="$Recycle.bin") returned 1 [0052.173] lstrcmpiW (lpString1="pxNMOB.odp", lpString2="System Volume Information") returned -1 [0052.173] lstrcmpiW (lpString1="pxNMOB.odp", lpString2=".") returned 1 [0052.173] lstrcmpiW (lpString1="pxNMOB.odp", lpString2="..") returned 1 [0052.173] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp") returned 54 [0052.174] StrStrIW (lpFirst="pxNMOB.odp", lpSrch=".lolkek") returned 0x0 [0052.174] lstrcmpW (lpString1="pxNMOB.odp", lpString2="LOLKEK.txt") returned 1 [0052.174] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp") returned 54 [0052.174] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbbaf8 [0052.174] lstrcpyW (in: lpString1=0x3cbbaf8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\pxNMOB.odp" [0052.174] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.176] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.176] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x965f46b0, ftCreationTime.dwHighDateTime=0x1d5b72f, ftLastAccessTime.dwLowDateTime=0xc95cf640, ftLastAccessTime.dwHighDateTime=0x1d5c22c, ftLastWriteTime.dwLowDateTime=0xc95cf640, ftLastWriteTime.dwHighDateTime=0x1d5c22c, nFileSizeHigh=0x0, nFileSizeLow=0x1808d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="R9r3QJbl gWWr.pptx", cAlternateFileName="R9R3QJ~1.PPT")) returned 1 [0052.176] lstrcmpiW (lpString1="R9r3QJbl gWWr.pptx", lpString2="Windows") returned -1 [0052.176] lstrcmpiW (lpString1="R9r3QJbl gWWr.pptx", lpString2="Program Files") returned 1 [0052.176] lstrcmpiW (lpString1="R9r3QJbl gWWr.pptx", lpString2="Program Files (x86)") returned 1 [0052.176] lstrcmpiW (lpString1="R9r3QJbl gWWr.pptx", lpString2="$Recycle.bin") returned 1 [0052.176] lstrcmpiW (lpString1="R9r3QJbl gWWr.pptx", lpString2="System Volume Information") returned -1 [0052.176] lstrcmpiW (lpString1="R9r3QJbl gWWr.pptx", lpString2=".") returned 1 [0052.177] lstrcmpiW (lpString1="R9r3QJbl gWWr.pptx", lpString2="..") returned 1 [0052.177] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx") returned 62 [0052.177] StrStrIW (lpFirst="R9r3QJbl gWWr.pptx", lpSrch=".lolkek") returned 0x0 [0052.177] lstrcmpW (lpString1="R9r3QJbl gWWr.pptx", lpString2="LOLKEK.txt") returned 1 [0052.177] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx") returned 62 [0052.177] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4230 [0052.177] lstrcpyW (in: lpString1=0x3ec4230, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\R9r3QJbl gWWr.pptx" [0052.177] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.178] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.178] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ef831c0, ftCreationTime.dwHighDateTime=0x1d5bca1, ftLastAccessTime.dwLowDateTime=0x3f7a4710, ftLastAccessTime.dwHighDateTime=0x1d627f4, ftLastWriteTime.dwLowDateTime=0x3f7a4710, ftLastWriteTime.dwHighDateTime=0x1d627f4, nFileSizeHigh=0x0, nFileSizeLow=0xd65f, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="sFNCNwBQM_pep8QgPB.xlsx", cAlternateFileName="SFNCNW~1.XLS")) returned 1 [0052.178] lstrcmpiW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2="Windows") returned -1 [0052.178] lstrcmpiW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2="Program Files") returned 1 [0052.178] lstrcmpiW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2="Program Files (x86)") returned 1 [0052.178] lstrcmpiW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2="$Recycle.bin") returned 1 [0052.178] lstrcmpiW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2="System Volume Information") returned -1 [0052.178] lstrcmpiW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2=".") returned 1 [0052.178] lstrcmpiW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2="..") returned 1 [0052.178] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx") returned 67 [0052.178] StrStrIW (lpFirst="sFNCNwBQM_pep8QgPB.xlsx", lpSrch=".lolkek") returned 0x0 [0052.178] lstrcmpW (lpString1="sFNCNwBQM_pep8QgPB.xlsx", lpString2="LOLKEK.txt") returned 1 [0052.178] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx") returned 67 [0052.178] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x612678 [0052.178] lstrcpyW (in: lpString1=0x612678, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\sFNCNwBQM_pep8QgPB.xlsx" [0052.178] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.185] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.185] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64e15ce0, ftCreationTime.dwHighDateTime=0x1d632c7, ftLastAccessTime.dwLowDateTime=0x9bf6e2e0, ftLastAccessTime.dwHighDateTime=0x1d62971, ftLastWriteTime.dwLowDateTime=0x9bf6e2e0, ftLastWriteTime.dwHighDateTime=0x1d62971, nFileSizeHigh=0x0, nFileSizeLow=0x119f1, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="wDeST5F SPVOp089.odt", cAlternateFileName="WDEST5~1.ODT")) returned 1 [0052.185] lstrcmpiW (lpString1="wDeST5F SPVOp089.odt", lpString2="Windows") returned -1 [0052.185] lstrcmpiW (lpString1="wDeST5F SPVOp089.odt", lpString2="Program Files") returned 1 [0052.185] lstrcmpiW (lpString1="wDeST5F SPVOp089.odt", lpString2="Program Files (x86)") returned 1 [0052.185] lstrcmpiW (lpString1="wDeST5F SPVOp089.odt", lpString2="$Recycle.bin") returned 1 [0052.185] lstrcmpiW (lpString1="wDeST5F SPVOp089.odt", lpString2="System Volume Information") returned 1 [0052.185] lstrcmpiW (lpString1="wDeST5F SPVOp089.odt", lpString2=".") returned 1 [0052.185] lstrcmpiW (lpString1="wDeST5F SPVOp089.odt", lpString2="..") returned 1 [0052.185] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt") returned 64 [0052.185] StrStrIW (lpFirst="wDeST5F SPVOp089.odt", lpSrch=".lolkek") returned 0x0 [0052.185] lstrcmpW (lpString1="wDeST5F SPVOp089.odt", lpString2="LOLKEK.txt") returned 1 [0052.185] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt") returned 64 [0052.185] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x612790 [0052.185] lstrcpyW (in: lpString1=0x612790, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wDeST5F SPVOp089.odt" [0052.185] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.215] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.215] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f449140, ftCreationTime.dwHighDateTime=0x1d5e8ed, ftLastAccessTime.dwLowDateTime=0xaf358600, ftLastAccessTime.dwHighDateTime=0x1d5b8f0, ftLastWriteTime.dwLowDateTime=0xaf358600, ftLastWriteTime.dwHighDateTime=0x1d5b8f0, nFileSizeHigh=0x0, nFileSizeLow=0x16cb2, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="yZtL4ETpvj8 C.pptx", cAlternateFileName="YZTL4E~1.PPT")) returned 1 [0052.215] lstrcmpiW (lpString1="yZtL4ETpvj8 C.pptx", lpString2="Windows") returned 1 [0052.215] lstrcmpiW (lpString1="yZtL4ETpvj8 C.pptx", lpString2="Program Files") returned 1 [0052.215] lstrcmpiW (lpString1="yZtL4ETpvj8 C.pptx", lpString2="Program Files (x86)") returned 1 [0052.215] lstrcmpiW (lpString1="yZtL4ETpvj8 C.pptx", lpString2="$Recycle.bin") returned 1 [0052.215] lstrcmpiW (lpString1="yZtL4ETpvj8 C.pptx", lpString2="System Volume Information") returned 1 [0052.215] lstrcmpiW (lpString1="yZtL4ETpvj8 C.pptx", lpString2=".") returned 1 [0052.215] lstrcmpiW (lpString1="yZtL4ETpvj8 C.pptx", lpString2="..") returned 1 [0052.215] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx") returned 62 [0052.215] StrStrIW (lpFirst="yZtL4ETpvj8 C.pptx", lpSrch=".lolkek") returned 0x0 [0052.216] lstrcmpW (lpString1="yZtL4ETpvj8 C.pptx", lpString2="LOLKEK.txt") returned 1 [0052.216] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx") returned 62 [0052.216] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4548 [0052.216] lstrcpyW (in: lpString1=0x3ec4548, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yZtL4ETpvj8 C.pptx" [0052.216] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.217] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.217] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf1aeaf0, ftCreationTime.dwHighDateTime=0x1d629da, ftLastAccessTime.dwLowDateTime=0x3980a630, ftLastAccessTime.dwHighDateTime=0x1d62fef, ftLastWriteTime.dwLowDateTime=0x3980a630, ftLastWriteTime.dwHighDateTime=0x1d62fef, nFileSizeHigh=0x0, nFileSizeLow=0x16217, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Z5YrP_9-kOP6k73dLnXT.ots", cAlternateFileName="Z5YRP_~1.OTS")) returned 1 [0052.217] lstrcmpiW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2="Windows") returned 1 [0052.217] lstrcmpiW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2="Program Files") returned 1 [0052.217] lstrcmpiW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2="Program Files (x86)") returned 1 [0052.217] lstrcmpiW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2="$Recycle.bin") returned 1 [0052.217] lstrcmpiW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2="System Volume Information") returned 1 [0052.217] lstrcmpiW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2=".") returned 1 [0052.217] lstrcmpiW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2="..") returned 1 [0052.217] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots") returned 68 [0052.217] StrStrIW (lpFirst="Z5YrP_9-kOP6k73dLnXT.ots", lpSrch=".lolkek") returned 0x0 [0052.217] lstrcmpW (lpString1="Z5YrP_9-kOP6k73dLnXT.ots", lpString2="LOLKEK.txt") returned 1 [0052.217] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots") returned 68 [0052.217] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x5fc018 [0052.217] lstrcpyW (in: lpString1=0x5fc018, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Z5YrP_9-kOP6k73dLnXT.ots" [0052.217] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.220] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.220] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf1aeaf0, ftCreationTime.dwHighDateTime=0x1d629da, ftLastAccessTime.dwLowDateTime=0x3980a630, ftLastAccessTime.dwHighDateTime=0x1d62fef, ftLastWriteTime.dwLowDateTime=0x3980a630, ftLastWriteTime.dwHighDateTime=0x1d62fef, nFileSizeHigh=0x0, nFileSizeLow=0x16217, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Z5YrP_9-kOP6k73dLnXT.ots", cAlternateFileName="Z5YRP_~1.OTS")) returned 0 [0052.220] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.220] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LOLKEK.txt") returned 54 [0052.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.221] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.221] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.221] CloseHandle (hObject=0x294) returned 1 [0052.221] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.222] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0052.223] lstrcmpiW (lpString1="Downloads", lpString2="Windows") returned -1 [0052.223] lstrcmpiW (lpString1="Downloads", lpString2="Program Files") returned -1 [0052.223] lstrcmpiW (lpString1="Downloads", lpString2="Program Files (x86)") returned -1 [0052.223] lstrcmpiW (lpString1="Downloads", lpString2="$Recycle.bin") returned 1 [0052.223] lstrcmpiW (lpString1="Downloads", lpString2="System Volume Information") returned -1 [0052.223] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0052.223] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0052.223] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned 43 [0052.223] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.223] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0052.223] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*" [0052.223] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.223] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.223] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.223] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.223] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.223] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.223] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.223] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.223] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.223] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.223] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.223] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.223] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.223] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.223] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.223] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.224] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.224] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.224] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.224] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.224] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.224] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.224] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.224] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned 55 [0052.224] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.224] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.224] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned 55 [0052.224] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbbbe0 [0052.224] lstrcpyW (in: lpString1=0x3cbbbe0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" [0052.224] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.226] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.226] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0052.226] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.226] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\LOLKEK.txt") returned 54 [0052.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.226] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.226] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.227] CloseHandle (hObject=0x294) returned 1 [0052.227] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.227] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0052.227] lstrcmpiW (lpString1="Favorites", lpString2="Windows") returned -1 [0052.227] lstrcmpiW (lpString1="Favorites", lpString2="Program Files") returned -1 [0052.227] lstrcmpiW (lpString1="Favorites", lpString2="Program Files (x86)") returned -1 [0052.227] lstrcmpiW (lpString1="Favorites", lpString2="$Recycle.bin") returned 1 [0052.227] lstrcmpiW (lpString1="Favorites", lpString2="System Volume Information") returned -1 [0052.227] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0052.227] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0052.227] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned 43 [0052.227] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.227] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0052.227] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*" [0052.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.228] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.228] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.228] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.228] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.228] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.228] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.228] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.228] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.228] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.228] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.228] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.228] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.228] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.228] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.228] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.228] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.228] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.228] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.228] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.228] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.228] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.228] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.228] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned 55 [0052.228] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.228] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.228] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned 55 [0052.228] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbbcc8 [0052.228] lstrcpyW (in: lpString1=0x3cbbcc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" [0052.228] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.229] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.229] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0052.229] lstrcmpiW (lpString1="Links", lpString2="Windows") returned -1 [0052.229] lstrcmpiW (lpString1="Links", lpString2="Program Files") returned -1 [0052.229] lstrcmpiW (lpString1="Links", lpString2="Program Files (x86)") returned -1 [0052.230] lstrcmpiW (lpString1="Links", lpString2="$Recycle.bin") returned 1 [0052.230] lstrcmpiW (lpString1="Links", lpString2="System Volume Information") returned -1 [0052.230] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0052.230] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0052.230] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned 49 [0052.230] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.230] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0052.230] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*" [0052.230] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.230] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.230] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.230] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.230] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.230] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.230] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.230] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.230] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.230] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.230] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.230] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.230] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.230] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.230] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.230] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.230] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.230] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.230] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.230] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.230] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.230] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.230] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.230] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned 61 [0052.230] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.230] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.231] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned 61 [0052.231] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0760 [0052.231] lstrcpyW (in: lpString1=0x3da0760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" [0052.231] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.233] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.233] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0052.233] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="Windows") returned -1 [0052.233] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="Program Files") returned 1 [0052.233] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="Program Files (x86)") returned 1 [0052.233] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="$Recycle.bin") returned 1 [0052.233] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="System Volume Information") returned -1 [0052.233] lstrcmpiW (lpString1="Suggested Sites.url", lpString2=".") returned 1 [0052.233] lstrcmpiW (lpString1="Suggested Sites.url", lpString2="..") returned 1 [0052.233] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 69 [0052.233] StrStrIW (lpFirst="Suggested Sites.url", lpSrch=".lolkek") returned 0x0 [0052.233] lstrcmpW (lpString1="Suggested Sites.url", lpString2="LOLKEK.txt") returned 1 [0052.233] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 69 [0052.233] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x618658 [0052.233] lstrcpyW (in: lpString1=0x618658, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" [0052.233] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.234] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.234] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0052.234] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="Windows") returned -1 [0052.234] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="Program Files") returned 1 [0052.234] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="Program Files (x86)") returned 1 [0052.234] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="$Recycle.bin") returned 1 [0052.234] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="System Volume Information") returned 1 [0052.234] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2=".") returned 1 [0052.234] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="..") returned 1 [0052.234] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0052.234] StrStrIW (lpFirst="Web Slice Gallery.url", lpSrch=".lolkek") returned 0x0 [0052.234] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2="LOLKEK.txt") returned 1 [0052.234] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0052.234] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f0c8 [0052.234] lstrcpyW (in: lpString1=0x3e3f0c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" [0052.234] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.236] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.236] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0052.236] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.236] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\LOLKEK.txt") returned 60 [0052.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.237] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.237] WriteFile (in: hFile=0x214, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.237] CloseHandle (hObject=0x214) returned 1 [0052.237] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.238] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0052.238] lstrcmpiW (lpString1="Microsoft Websites", lpString2="Windows") returned -1 [0052.238] lstrcmpiW (lpString1="Microsoft Websites", lpString2="Program Files") returned -1 [0052.238] lstrcmpiW (lpString1="Microsoft Websites", lpString2="Program Files (x86)") returned -1 [0052.238] lstrcmpiW (lpString1="Microsoft Websites", lpString2="$Recycle.bin") returned 1 [0052.238] lstrcmpiW (lpString1="Microsoft Websites", lpString2="System Volume Information") returned -1 [0052.238] lstrcmpiW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0052.238] lstrcmpiW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0052.238] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned 62 [0052.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.238] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0052.238] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*" [0052.238] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.239] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.239] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.239] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.239] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.239] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.239] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.239] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.239] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.239] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.239] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.239] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.239] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.239] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.239] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.239] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0052.239] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="Windows") returned -1 [0052.239] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="Program Files") returned -1 [0052.239] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="Program Files (x86)") returned -1 [0052.239] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="$Recycle.bin") returned 1 [0052.239] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="System Volume Information") returned -1 [0052.239] lstrcmpiW (lpString1="IE Add-on site.url", lpString2=".") returned 1 [0052.239] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="..") returned 1 [0052.239] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0052.240] StrStrIW (lpFirst="IE Add-on site.url", lpSrch=".lolkek") returned 0x0 [0052.240] lstrcmpW (lpString1="IE Add-on site.url", lpString2="LOLKEK.txt") returned -1 [0052.240] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0052.240] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cadbc8 [0052.240] lstrcpyW (in: lpString1=0x3cadbc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" [0052.240] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.240] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.240] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0052.240] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="Windows") returned -1 [0052.240] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="Program Files") returned -1 [0052.240] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="Program Files (x86)") returned -1 [0052.240] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="$Recycle.bin") returned 1 [0052.240] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="System Volume Information") returned -1 [0052.240] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2=".") returned 1 [0052.240] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="..") returned 1 [0052.240] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0052.240] StrStrIW (lpFirst="IE site on Microsoft.com.url", lpSrch=".lolkek") returned 0x0 [0052.241] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2="LOLKEK.txt") returned -1 [0052.241] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0052.241] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x170) returned 0x618778 [0052.241] lstrcpyW (in: lpString1=0x618778, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" [0052.241] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.247] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.247] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0052.247] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="Windows") returned -1 [0052.247] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="Program Files") returned -1 [0052.247] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="Program Files (x86)") returned -1 [0052.247] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="$Recycle.bin") returned 1 [0052.247] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="System Volume Information") returned -1 [0052.247] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2=".") returned 1 [0052.247] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="..") returned 1 [0052.247] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0052.247] StrStrIW (lpFirst="Microsoft At Home.url", lpSrch=".lolkek") returned 0x0 [0052.247] lstrcmpW (lpString1="Microsoft At Home.url", lpString2="LOLKEK.txt") returned 1 [0052.247] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0052.247] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb5e38 [0052.247] lstrcpyW (in: lpString1=0x3eb5e38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" [0052.247] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.281] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.281] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0052.281] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="Windows") returned -1 [0052.281] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="Program Files") returned -1 [0052.281] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="Program Files (x86)") returned -1 [0052.281] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="$Recycle.bin") returned 1 [0052.281] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="System Volume Information") returned -1 [0052.281] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2=".") returned 1 [0052.281] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="..") returned 1 [0052.281] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0052.281] StrStrIW (lpFirst="Microsoft At Work.url", lpSrch=".lolkek") returned 0x0 [0052.281] lstrcmpW (lpString1="Microsoft At Work.url", lpString2="LOLKEK.txt") returned 1 [0052.281] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0052.281] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb66a8 [0052.281] lstrcpyW (in: lpString1=0x3eb66a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" [0052.281] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.283] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.283] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0052.283] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="Windows") returned -1 [0052.283] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="Program Files") returned -1 [0052.283] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="Program Files (x86)") returned -1 [0052.283] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="$Recycle.bin") returned 1 [0052.283] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="System Volume Information") returned -1 [0052.283] lstrcmpiW (lpString1="Microsoft Store.url", lpString2=".") returned 1 [0052.283] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="..") returned 1 [0052.283] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0052.283] StrStrIW (lpFirst="Microsoft Store.url", lpSrch=".lolkek") returned 0x0 [0052.283] lstrcmpW (lpString1="Microsoft Store.url", lpString2="LOLKEK.txt") returned 1 [0052.283] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0052.283] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3caed40 [0052.283] lstrcpyW (in: lpString1=0x3caed40, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" [0052.283] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.286] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.286] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0052.286] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.286] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\LOLKEK.txt") returned 73 [0052.286] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.287] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.287] WriteFile (in: hFile=0x214, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.288] CloseHandle (hObject=0x214) returned 1 [0052.288] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.289] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0052.289] lstrcmpiW (lpString1="MSN Websites", lpString2="Windows") returned -1 [0052.289] lstrcmpiW (lpString1="MSN Websites", lpString2="Program Files") returned -1 [0052.289] lstrcmpiW (lpString1="MSN Websites", lpString2="Program Files (x86)") returned -1 [0052.290] lstrcmpiW (lpString1="MSN Websites", lpString2="$Recycle.bin") returned 1 [0052.290] lstrcmpiW (lpString1="MSN Websites", lpString2="System Volume Information") returned -1 [0052.290] lstrcmpiW (lpString1="MSN Websites", lpString2=".") returned 1 [0052.290] lstrcmpiW (lpString1="MSN Websites", lpString2="..") returned 1 [0052.290] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned 56 [0052.290] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.290] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0052.290] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*" [0052.290] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.297] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.297] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.297] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.298] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.298] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.298] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.298] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.298] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.298] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.298] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.298] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.298] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.298] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.298] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.298] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0052.298] lstrcmpiW (lpString1="MSN Autos.url", lpString2="Windows") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Autos.url", lpString2="Program Files") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Autos.url", lpString2="Program Files (x86)") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Autos.url", lpString2="$Recycle.bin") returned 1 [0052.298] lstrcmpiW (lpString1="MSN Autos.url", lpString2="System Volume Information") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Autos.url", lpString2=".") returned 1 [0052.298] lstrcmpiW (lpString1="MSN Autos.url", lpString2="..") returned 1 [0052.298] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0052.298] StrStrIW (lpFirst="MSN Autos.url", lpSrch=".lolkek") returned 0x0 [0052.298] lstrcmpW (lpString1="MSN Autos.url", lpString2="LOLKEK.txt") returned 1 [0052.298] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0052.298] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3e3ee78 [0052.298] lstrcpyW (in: lpString1=0x3e3ee78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" [0052.298] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.298] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.298] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0052.298] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="Windows") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="Program Files") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="Program Files (x86)") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="$Recycle.bin") returned 1 [0052.298] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="System Volume Information") returned -1 [0052.298] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2=".") returned 1 [0052.298] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="..") returned 1 [0052.298] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0052.299] StrStrIW (lpFirst="MSN Entertainment.url", lpSrch=".lolkek") returned 0x0 [0052.299] lstrcmpW (lpString1="MSN Entertainment.url", lpString2="LOLKEK.txt") returned 1 [0052.299] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0052.299] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x615f58 [0052.299] lstrcpyW (in: lpString1=0x615f58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" [0052.299] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.300] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.300] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0052.300] lstrcmpiW (lpString1="MSN Money.url", lpString2="Windows") returned -1 [0052.300] lstrcmpiW (lpString1="MSN Money.url", lpString2="Program Files") returned -1 [0052.300] lstrcmpiW (lpString1="MSN Money.url", lpString2="Program Files (x86)") returned -1 [0052.300] lstrcmpiW (lpString1="MSN Money.url", lpString2="$Recycle.bin") returned 1 [0052.300] lstrcmpiW (lpString1="MSN Money.url", lpString2="System Volume Information") returned -1 [0052.300] lstrcmpiW (lpString1="MSN Money.url", lpString2=".") returned 1 [0052.301] lstrcmpiW (lpString1="MSN Money.url", lpString2="..") returned 1 [0052.301] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0052.301] StrStrIW (lpFirst="MSN Money.url", lpSrch=".lolkek") returned 0x0 [0052.301] lstrcmpW (lpString1="MSN Money.url", lpString2="LOLKEK.txt") returned 1 [0052.301] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0052.301] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3e3efa0 [0052.301] lstrcpyW (in: lpString1=0x3e3efa0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" [0052.301] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.305] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.305] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0052.305] lstrcmpiW (lpString1="MSN Sports.url", lpString2="Windows") returned -1 [0052.305] lstrcmpiW (lpString1="MSN Sports.url", lpString2="Program Files") returned -1 [0052.305] lstrcmpiW (lpString1="MSN Sports.url", lpString2="Program Files (x86)") returned -1 [0052.305] lstrcmpiW (lpString1="MSN Sports.url", lpString2="$Recycle.bin") returned 1 [0052.305] lstrcmpiW (lpString1="MSN Sports.url", lpString2="System Volume Information") returned -1 [0052.305] lstrcmpiW (lpString1="MSN Sports.url", lpString2=".") returned 1 [0052.305] lstrcmpiW (lpString1="MSN Sports.url", lpString2="..") returned 1 [0052.305] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0052.305] StrStrIW (lpFirst="MSN Sports.url", lpSrch=".lolkek") returned 0x0 [0052.305] lstrcmpW (lpString1="MSN Sports.url", lpString2="LOLKEK.txt") returned 1 [0052.305] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0052.305] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3fa08 [0052.305] lstrcpyW (in: lpString1=0x3e3fa08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" [0052.305] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.325] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.325] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0052.326] lstrcmpiW (lpString1="MSN.url", lpString2="Windows") returned -1 [0052.326] lstrcmpiW (lpString1="MSN.url", lpString2="Program Files") returned -1 [0052.326] lstrcmpiW (lpString1="MSN.url", lpString2="Program Files (x86)") returned -1 [0052.326] lstrcmpiW (lpString1="MSN.url", lpString2="$Recycle.bin") returned 1 [0052.326] lstrcmpiW (lpString1="MSN.url", lpString2="System Volume Information") returned -1 [0052.326] lstrcmpiW (lpString1="MSN.url", lpString2=".") returned 1 [0052.326] lstrcmpiW (lpString1="MSN.url", lpString2="..") returned 1 [0052.326] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0052.326] StrStrIW (lpFirst="MSN.url", lpSrch=".lolkek") returned 0x0 [0052.326] lstrcmpW (lpString1="MSN.url", lpString2="LOLKEK.txt") returned 1 [0052.326] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0052.326] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x6129c0 [0052.326] lstrcpyW (in: lpString1=0x6129c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" [0052.326] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.326] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.326] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0052.326] lstrcmpiW (lpString1="MSNBC News.url", lpString2="Windows") returned -1 [0052.326] lstrcmpiW (lpString1="MSNBC News.url", lpString2="Program Files") returned -1 [0052.326] lstrcmpiW (lpString1="MSNBC News.url", lpString2="Program Files (x86)") returned -1 [0052.326] lstrcmpiW (lpString1="MSNBC News.url", lpString2="$Recycle.bin") returned 1 [0052.326] lstrcmpiW (lpString1="MSNBC News.url", lpString2="System Volume Information") returned -1 [0052.326] lstrcmpiW (lpString1="MSNBC News.url", lpString2=".") returned 1 [0052.326] lstrcmpiW (lpString1="MSNBC News.url", lpString2="..") returned 1 [0052.326] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0052.326] StrStrIW (lpFirst="MSNBC News.url", lpSrch=".lolkek") returned 0x0 [0052.326] lstrcmpW (lpString1="MSNBC News.url", lpString2="LOLKEK.txt") returned 1 [0052.327] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0052.327] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3fc58 [0052.327] lstrcpyW (in: lpString1=0x3e3fc58, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" [0052.327] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.327] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.327] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0052.327] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.327] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\LOLKEK.txt") returned 67 [0052.327] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.329] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.329] WriteFile (in: hFile=0x214, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.330] CloseHandle (hObject=0x214) returned 1 [0052.330] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.330] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0052.330] lstrcmpiW (lpString1="Windows Live", lpString2="Windows") returned 1 [0052.330] lstrcmpiW (lpString1="Windows Live", lpString2="Program Files") returned 1 [0052.330] lstrcmpiW (lpString1="Windows Live", lpString2="Program Files (x86)") returned 1 [0052.330] lstrcmpiW (lpString1="Windows Live", lpString2="$Recycle.bin") returned 1 [0052.330] lstrcmpiW (lpString1="Windows Live", lpString2="System Volume Information") returned 1 [0052.330] lstrcmpiW (lpString1="Windows Live", lpString2=".") returned 1 [0052.330] lstrcmpiW (lpString1="Windows Live", lpString2="..") returned 1 [0052.330] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned 56 [0052.330] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.330] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" [0052.330] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*" [0052.330] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.341] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.341] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.341] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.341] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.341] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.341] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.341] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.341] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.341] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.341] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.341] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.341] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.341] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.341] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.341] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0052.342] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="Windows") returned -1 [0052.342] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="Program Files") returned -1 [0052.342] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="Program Files (x86)") returned -1 [0052.342] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="$Recycle.bin") returned 1 [0052.342] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="System Volume Information") returned -1 [0052.342] lstrcmpiW (lpString1="Get Windows Live.url", lpString2=".") returned 1 [0052.342] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="..") returned 1 [0052.342] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned 77 [0052.342] StrStrIW (lpFirst="Get Windows Live.url", lpSrch=".lolkek") returned 0x0 [0052.342] lstrcmpW (lpString1="Get Windows Live.url", lpString2="LOLKEK.txt") returned -1 [0052.342] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned 77 [0052.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x615cc8 [0052.342] lstrcpyW (in: lpString1=0x615cc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" [0052.342] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.342] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.342] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="Windows") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="Program Files") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="Program Files (x86)") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="$Recycle.bin") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="System Volume Information") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2=".") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="..") returned 1 [0052.342] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 81 [0052.342] StrStrIW (lpFirst="Windows Live Gallery.url", lpSrch=".lolkek") returned 0x0 [0052.342] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2="LOLKEK.txt") returned 1 [0052.342] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 81 [0052.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae938 [0052.342] lstrcpyW (in: lpString1=0x3cae938, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" [0052.342] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.342] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.342] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="Windows") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="Program Files") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="Program Files (x86)") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="$Recycle.bin") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="System Volume Information") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2=".") returned 1 [0052.342] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="..") returned 1 [0052.342] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned 78 [0052.342] StrStrIW (lpFirst="Windows Live Mail.url", lpSrch=".lolkek") returned 0x0 [0052.342] lstrcmpW (lpString1="Windows Live Mail.url", lpString2="LOLKEK.txt") returned 1 [0052.342] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned 78 [0052.342] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x615b80 [0052.343] lstrcpyW (in: lpString1=0x615b80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" [0052.343] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.343] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.343] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0052.343] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="Windows") returned 1 [0052.343] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="Program Files") returned 1 [0052.343] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="Program Files (x86)") returned 1 [0052.343] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="$Recycle.bin") returned 1 [0052.343] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="System Volume Information") returned 1 [0052.343] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2=".") returned 1 [0052.343] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="..") returned 1 [0052.343] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 80 [0052.343] StrStrIW (lpFirst="Windows Live Spaces.url", lpSrch=".lolkek") returned 0x0 [0052.343] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2="LOLKEK.txt") returned 1 [0052.343] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 80 [0052.343] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3cad918 [0052.343] lstrcpyW (in: lpString1=0x3cad918, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" [0052.343] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.343] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.343] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0052.343] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.343] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\LOLKEK.txt") returned 67 [0052.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0052.345] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.345] WriteFile (in: hFile=0x214, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.345] CloseHandle (hObject=0x214) returned 1 [0052.345] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.345] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0052.345] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.345] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\LOLKEK.txt") returned 54 [0052.345] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.346] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.346] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.347] CloseHandle (hObject=0x294) returned 1 [0052.347] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.347] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0052.347] lstrcmpiW (lpString1="Links", lpString2="Windows") returned -1 [0052.347] lstrcmpiW (lpString1="Links", lpString2="Program Files") returned -1 [0052.347] lstrcmpiW (lpString1="Links", lpString2="Program Files (x86)") returned -1 [0052.347] lstrcmpiW (lpString1="Links", lpString2="$Recycle.bin") returned 1 [0052.347] lstrcmpiW (lpString1="Links", lpString2="System Volume Information") returned -1 [0052.347] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0052.347] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0052.347] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned 39 [0052.347] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.347] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0052.347] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*" [0052.347] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.347] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.347] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.347] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.347] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.347] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.347] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.347] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.347] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.347] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.347] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.347] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.347] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.347] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.347] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.347] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.347] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.347] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.347] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.347] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.347] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.347] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.347] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.347] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned 51 [0052.348] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.348] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.348] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned 51 [0052.348] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbdaa8 [0052.348] lstrcpyW (in: lpString1=0x3cbdaa8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" [0052.348] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.352] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.352] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0052.352] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Windows") returned -1 [0052.352] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Program Files") returned -1 [0052.352] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Program Files (x86)") returned -1 [0052.352] lstrcmpiW (lpString1="Desktop.lnk", lpString2="$Recycle.bin") returned 1 [0052.352] lstrcmpiW (lpString1="Desktop.lnk", lpString2="System Volume Information") returned -1 [0052.352] lstrcmpiW (lpString1="Desktop.lnk", lpString2=".") returned 1 [0052.352] lstrcmpiW (lpString1="Desktop.lnk", lpString2="..") returned 1 [0052.352] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned 51 [0052.352] StrStrIW (lpFirst="Desktop.lnk", lpSrch=".lolkek") returned 0x0 [0052.352] lstrcmpW (lpString1="Desktop.lnk", lpString2="LOLKEK.txt") returned -1 [0052.352] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned 51 [0052.352] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbd9d0 [0052.352] lstrcpyW (in: lpString1=0x3cbd9d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" [0052.352] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.355] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.355] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0052.355] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Windows") returned -1 [0052.355] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Program Files") returned -1 [0052.355] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Program Files (x86)") returned -1 [0052.355] lstrcmpiW (lpString1="Downloads.lnk", lpString2="$Recycle.bin") returned 1 [0052.355] lstrcmpiW (lpString1="Downloads.lnk", lpString2="System Volume Information") returned -1 [0052.355] lstrcmpiW (lpString1="Downloads.lnk", lpString2=".") returned 1 [0052.355] lstrcmpiW (lpString1="Downloads.lnk", lpString2="..") returned 1 [0052.355] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned 53 [0052.355] StrStrIW (lpFirst="Downloads.lnk", lpSrch=".lolkek") returned 0x0 [0052.355] lstrcmpW (lpString1="Downloads.lnk", lpString2="LOLKEK.txt") returned -1 [0052.355] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned 53 [0052.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbfe50 [0052.355] lstrcpyW (in: lpString1=0x3cbfe50, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" [0052.355] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.355] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.355] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0052.355] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Windows") returned -1 [0052.355] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Program Files") returned 1 [0052.355] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Program Files (x86)") returned 1 [0052.355] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="$Recycle.bin") returned 1 [0052.355] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="System Volume Information") returned -1 [0052.355] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2=".") returned 1 [0052.355] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="..") returned 1 [0052.355] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned 56 [0052.355] StrStrIW (lpFirst="RecentPlaces.lnk", lpSrch=".lolkek") returned 0x0 [0052.355] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2="LOLKEK.txt") returned 1 [0052.355] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned 56 [0052.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x645fb8 [0052.355] lstrcpyW (in: lpString1=0x645fb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" [0052.355] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.359] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.359] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0052.359] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.359] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\LOLKEK.txt") returned 50 [0052.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.359] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.359] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.360] CloseHandle (hObject=0x294) returned 1 [0052.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.360] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0052.360] lstrcmpiW (lpString1="Local Settings", lpString2="Windows") returned -1 [0052.360] lstrcmpiW (lpString1="Local Settings", lpString2="Program Files") returned -1 [0052.360] lstrcmpiW (lpString1="Local Settings", lpString2="Program Files (x86)") returned -1 [0052.360] lstrcmpiW (lpString1="Local Settings", lpString2="$Recycle.bin") returned 1 [0052.360] lstrcmpiW (lpString1="Local Settings", lpString2="System Volume Information") returned -1 [0052.360] lstrcmpiW (lpString1="Local Settings", lpString2=".") returned 1 [0052.360] lstrcmpiW (lpString1="Local Settings", lpString2="..") returned 1 [0052.360] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned 48 [0052.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.361] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0052.361] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*" [0052.361] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.361] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.361] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d9a19e0, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7d9a19e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Music", cAlternateFileName="")) returned 1 [0052.361] lstrcmpiW (lpString1="Music", lpString2="Windows") returned -1 [0052.361] lstrcmpiW (lpString1="Music", lpString2="Program Files") returned -1 [0052.361] lstrcmpiW (lpString1="Music", lpString2="Program Files (x86)") returned -1 [0052.361] lstrcmpiW (lpString1="Music", lpString2="$Recycle.bin") returned 1 [0052.361] lstrcmpiW (lpString1="Music", lpString2="System Volume Information") returned -1 [0052.361] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0052.361] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0052.361] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned 39 [0052.361] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.361] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0052.361] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*" [0052.361] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d9a19e0, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7d9a19e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.361] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.361] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.361] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.361] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.361] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.361] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.361] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7d9a19e0, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7d9a19e0, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.361] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.361] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.361] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.361] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.361] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.361] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.361] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.361] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef6e2670, ftCreationTime.dwHighDateTime=0x1d6290f, ftLastAccessTime.dwLowDateTime=0x7c98e930, ftLastAccessTime.dwHighDateTime=0x1d62c9a, ftLastWriteTime.dwLowDateTime=0x7c98e930, ftLastWriteTime.dwHighDateTime=0x1d62c9a, nFileSizeHigh=0x0, nFileSizeLow=0x11682, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="0nW1bw0hALvAFD.m4a", cAlternateFileName="0NW1BW~1.M4A")) returned 1 [0052.361] lstrcmpiW (lpString1="0nW1bw0hALvAFD.m4a", lpString2="Windows") returned -1 [0052.361] lstrcmpiW (lpString1="0nW1bw0hALvAFD.m4a", lpString2="Program Files") returned -1 [0052.361] lstrcmpiW (lpString1="0nW1bw0hALvAFD.m4a", lpString2="Program Files (x86)") returned -1 [0052.361] lstrcmpiW (lpString1="0nW1bw0hALvAFD.m4a", lpString2="$Recycle.bin") returned 1 [0052.361] lstrcmpiW (lpString1="0nW1bw0hALvAFD.m4a", lpString2="System Volume Information") returned -1 [0052.362] lstrcmpiW (lpString1="0nW1bw0hALvAFD.m4a", lpString2=".") returned 1 [0052.362] lstrcmpiW (lpString1="0nW1bw0hALvAFD.m4a", lpString2="..") returned 1 [0052.362] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a") returned 58 [0052.362] StrStrIW (lpFirst="0nW1bw0hALvAFD.m4a", lpSrch=".lolkek") returned 0x0 [0052.362] lstrcmpW (lpString1="0nW1bw0hALvAFD.m4a", lpString2="LOLKEK.txt") returned -1 [0052.362] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a") returned 58 [0052.362] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca8110 [0052.362] lstrcpyW (in: lpString1=0x3ca8110, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0nW1bw0hALvAFD.m4a" [0052.362] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.365] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.365] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8468c220, ftCreationTime.dwHighDateTime=0x1d62c1d, ftLastAccessTime.dwLowDateTime=0xe5f28c10, ftLastAccessTime.dwHighDateTime=0x1d6320d, ftLastWriteTime.dwLowDateTime=0xe5f28c10, ftLastWriteTime.dwHighDateTime=0x1d6320d, nFileSizeHigh=0x0, nFileSizeLow=0x6646, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="4G9Zny2VA_aDY-hQOu.wav", cAlternateFileName="4G9ZNY~1.WAV")) returned 1 [0052.365] lstrcmpiW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2="Windows") returned -1 [0052.365] lstrcmpiW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2="Program Files") returned -1 [0052.365] lstrcmpiW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2="Program Files (x86)") returned -1 [0052.365] lstrcmpiW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2="$Recycle.bin") returned 1 [0052.365] lstrcmpiW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2="System Volume Information") returned -1 [0052.365] lstrcmpiW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2=".") returned 1 [0052.365] lstrcmpiW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2="..") returned 1 [0052.365] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav") returned 62 [0052.365] StrStrIW (lpFirst="4G9Zny2VA_aDY-hQOu.wav", lpSrch=".lolkek") returned 0x0 [0052.365] lstrcmpW (lpString1="4G9Zny2VA_aDY-hQOu.wav", lpString2="LOLKEK.txt") returned -1 [0052.365] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav") returned 62 [0052.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4650 [0052.365] lstrcpyW (in: lpString1=0x3ec4650, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4G9Zny2VA_aDY-hQOu.wav" [0052.365] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.367] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.367] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbffa0e70, ftCreationTime.dwHighDateTime=0x1d62547, ftLastAccessTime.dwLowDateTime=0xc1e39e90, ftLastAccessTime.dwHighDateTime=0x1d62ba0, ftLastWriteTime.dwLowDateTime=0xc1e39e90, ftLastWriteTime.dwHighDateTime=0x1d62ba0, nFileSizeHigh=0x0, nFileSizeLow=0x11b88, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="8hMnDN.wav", cAlternateFileName="")) returned 1 [0052.367] lstrcmpiW (lpString1="8hMnDN.wav", lpString2="Windows") returned -1 [0052.367] lstrcmpiW (lpString1="8hMnDN.wav", lpString2="Program Files") returned -1 [0052.367] lstrcmpiW (lpString1="8hMnDN.wav", lpString2="Program Files (x86)") returned -1 [0052.367] lstrcmpiW (lpString1="8hMnDN.wav", lpString2="$Recycle.bin") returned 1 [0052.367] lstrcmpiW (lpString1="8hMnDN.wav", lpString2="System Volume Information") returned -1 [0052.367] lstrcmpiW (lpString1="8hMnDN.wav", lpString2=".") returned 1 [0052.367] lstrcmpiW (lpString1="8hMnDN.wav", lpString2="..") returned 1 [0052.367] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav") returned 50 [0052.367] StrStrIW (lpFirst="8hMnDN.wav", lpSrch=".lolkek") returned 0x0 [0052.367] lstrcmpW (lpString1="8hMnDN.wav", lpString2="LOLKEK.txt") returned -1 [0052.367] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav") returned 50 [0052.367] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbe240 [0052.367] lstrcpyW (in: lpString1=0x3cbe240, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8hMnDN.wav" [0052.367] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.369] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.369] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0af5350, ftCreationTime.dwHighDateTime=0x1d62f41, ftLastAccessTime.dwLowDateTime=0x1e3b8c50, ftLastAccessTime.dwHighDateTime=0x1d62e87, ftLastWriteTime.dwLowDateTime=0x1e3b8c50, ftLastWriteTime.dwHighDateTime=0x1d62e87, nFileSizeHigh=0x0, nFileSizeLow=0xc0ca, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ADNvNH-O_VVGNut.m4a", cAlternateFileName="ADNVNH~1.M4A")) returned 1 [0052.369] lstrcmpiW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2="Windows") returned -1 [0052.369] lstrcmpiW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2="Program Files") returned -1 [0052.369] lstrcmpiW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2="Program Files (x86)") returned -1 [0052.369] lstrcmpiW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2="$Recycle.bin") returned 1 [0052.369] lstrcmpiW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2="System Volume Information") returned -1 [0052.369] lstrcmpiW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2=".") returned 1 [0052.369] lstrcmpiW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2="..") returned 1 [0052.369] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a") returned 59 [0052.369] StrStrIW (lpFirst="ADNvNH-O_VVGNut.m4a", lpSrch=".lolkek") returned 0x0 [0052.369] lstrcmpW (lpString1="ADNvNH-O_VVGNut.m4a", lpString2="LOLKEK.txt") returned -1 [0052.369] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a") returned 59 [0052.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca84f0 [0052.369] lstrcpyW (in: lpString1=0x3ca84f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ADNvNH-O_VVGNut.m4a" [0052.369] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.375] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.375] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8cba8c0, ftCreationTime.dwHighDateTime=0x1d62701, ftLastAccessTime.dwLowDateTime=0x4d604920, ftLastAccessTime.dwHighDateTime=0x1d62c2b, ftLastWriteTime.dwLowDateTime=0x4d604920, ftLastWriteTime.dwHighDateTime=0x1d62c2b, nFileSizeHigh=0x0, nFileSizeLow=0x3da2, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ap3P9oGG.mp3", cAlternateFileName="")) returned 1 [0052.375] lstrcmpiW (lpString1="ap3P9oGG.mp3", lpString2="Windows") returned -1 [0052.375] lstrcmpiW (lpString1="ap3P9oGG.mp3", lpString2="Program Files") returned -1 [0052.375] lstrcmpiW (lpString1="ap3P9oGG.mp3", lpString2="Program Files (x86)") returned -1 [0052.375] lstrcmpiW (lpString1="ap3P9oGG.mp3", lpString2="$Recycle.bin") returned 1 [0052.375] lstrcmpiW (lpString1="ap3P9oGG.mp3", lpString2="System Volume Information") returned -1 [0052.375] lstrcmpiW (lpString1="ap3P9oGG.mp3", lpString2=".") returned 1 [0052.375] lstrcmpiW (lpString1="ap3P9oGG.mp3", lpString2="..") returned 1 [0052.375] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3") returned 52 [0052.375] StrStrIW (lpFirst="ap3P9oGG.mp3", lpSrch=".lolkek") returned 0x0 [0052.375] lstrcmpW (lpString1="ap3P9oGG.mp3", lpString2="LOLKEK.txt") returned -1 [0052.375] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3") returned 52 [0052.375] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cbf9f0 [0052.375] lstrcpyW (in: lpString1=0x3cbf9f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ap3P9oGG.mp3" [0052.375] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.375] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.376] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4cd21320, ftCreationTime.dwHighDateTime=0x1d62b8c, ftLastAccessTime.dwLowDateTime=0x41472410, ftLastAccessTime.dwHighDateTime=0x1d62bb3, ftLastWriteTime.dwLowDateTime=0x41472410, ftLastWriteTime.dwHighDateTime=0x1d62bb3, nFileSizeHigh=0x0, nFileSizeLow=0x17bfd, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="AtlwenV40G1.m4a", cAlternateFileName="ATLWEN~1.M4A")) returned 1 [0052.376] lstrcmpiW (lpString1="AtlwenV40G1.m4a", lpString2="Windows") returned -1 [0052.376] lstrcmpiW (lpString1="AtlwenV40G1.m4a", lpString2="Program Files") returned -1 [0052.376] lstrcmpiW (lpString1="AtlwenV40G1.m4a", lpString2="Program Files (x86)") returned -1 [0052.376] lstrcmpiW (lpString1="AtlwenV40G1.m4a", lpString2="$Recycle.bin") returned 1 [0052.376] lstrcmpiW (lpString1="AtlwenV40G1.m4a", lpString2="System Volume Information") returned -1 [0052.376] lstrcmpiW (lpString1="AtlwenV40G1.m4a", lpString2=".") returned 1 [0052.376] lstrcmpiW (lpString1="AtlwenV40G1.m4a", lpString2="..") returned 1 [0052.376] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a") returned 55 [0052.376] StrStrIW (lpFirst="AtlwenV40G1.m4a", lpSrch=".lolkek") returned 0x0 [0052.376] lstrcmpW (lpString1="AtlwenV40G1.m4a", lpString2="LOLKEK.txt") returned -1 [0052.376] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a") returned 55 [0052.376] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbbdb0 [0052.376] lstrcpyW (in: lpString1=0x3cbbdb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\AtlwenV40G1.m4a" [0052.376] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.385] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.385] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4509eb00, ftCreationTime.dwHighDateTime=0x1d62a4b, ftLastAccessTime.dwLowDateTime=0xa520d0f0, ftLastAccessTime.dwHighDateTime=0x1d62b8e, ftLastWriteTime.dwLowDateTime=0xa520d0f0, ftLastWriteTime.dwHighDateTime=0x1d62b8e, nFileSizeHigh=0x0, nFileSizeLow=0xaa13, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="aW2F321.wav", cAlternateFileName="")) returned 1 [0052.385] lstrcmpiW (lpString1="aW2F321.wav", lpString2="Windows") returned -1 [0052.385] lstrcmpiW (lpString1="aW2F321.wav", lpString2="Program Files") returned -1 [0052.385] lstrcmpiW (lpString1="aW2F321.wav", lpString2="Program Files (x86)") returned -1 [0052.385] lstrcmpiW (lpString1="aW2F321.wav", lpString2="$Recycle.bin") returned 1 [0052.385] lstrcmpiW (lpString1="aW2F321.wav", lpString2="System Volume Information") returned -1 [0052.385] lstrcmpiW (lpString1="aW2F321.wav", lpString2=".") returned 1 [0052.385] lstrcmpiW (lpString1="aW2F321.wav", lpString2="..") returned 1 [0052.385] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav") returned 51 [0052.385] StrStrIW (lpFirst="aW2F321.wav", lpSrch=".lolkek") returned 0x0 [0052.385] lstrcmpW (lpString1="aW2F321.wav", lpString2="LOLKEK.txt") returned -1 [0052.385] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav") returned 51 [0052.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbe318 [0052.385] lstrcpyW (in: lpString1=0x3cbe318, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aW2F321.wav" [0052.385] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.385] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.385] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b6cc5f0, ftCreationTime.dwHighDateTime=0x1d625b5, ftLastAccessTime.dwLowDateTime=0xec84e190, ftLastAccessTime.dwHighDateTime=0x1d62740, ftLastWriteTime.dwLowDateTime=0xec84e190, ftLastWriteTime.dwHighDateTime=0x1d62740, nFileSizeHigh=0x0, nFileSizeLow=0x1838c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="B40UewA43ffFNW.wav", cAlternateFileName="B40UEW~1.WAV")) returned 1 [0052.385] lstrcmpiW (lpString1="B40UewA43ffFNW.wav", lpString2="Windows") returned -1 [0052.385] lstrcmpiW (lpString1="B40UewA43ffFNW.wav", lpString2="Program Files") returned -1 [0052.385] lstrcmpiW (lpString1="B40UewA43ffFNW.wav", lpString2="Program Files (x86)") returned -1 [0052.385] lstrcmpiW (lpString1="B40UewA43ffFNW.wav", lpString2="$Recycle.bin") returned 1 [0052.385] lstrcmpiW (lpString1="B40UewA43ffFNW.wav", lpString2="System Volume Information") returned -1 [0052.385] lstrcmpiW (lpString1="B40UewA43ffFNW.wav", lpString2=".") returned 1 [0052.385] lstrcmpiW (lpString1="B40UewA43ffFNW.wav", lpString2="..") returned 1 [0052.385] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav") returned 58 [0052.385] StrStrIW (lpFirst="B40UewA43ffFNW.wav", lpSrch=".lolkek") returned 0x0 [0052.385] lstrcmpW (lpString1="B40UewA43ffFNW.wav", lpString2="LOLKEK.txt") returned -1 [0052.385] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav") returned 58 [0052.385] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca83f8 [0052.385] lstrcpyW (in: lpString1=0x3ca83f8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B40UewA43ffFNW.wav" [0052.385] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.395] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.395] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92d23ab0, ftCreationTime.dwHighDateTime=0x1d62701, ftLastAccessTime.dwLowDateTime=0x4a666a80, ftLastAccessTime.dwHighDateTime=0x1d6245e, ftLastWriteTime.dwLowDateTime=0x4a666a80, ftLastWriteTime.dwHighDateTime=0x1d6245e, nFileSizeHigh=0x0, nFileSizeLow=0x1bef, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="B6-rwZB7t.wav", cAlternateFileName="B6-RWZ~1.WAV")) returned 1 [0052.395] lstrcmpiW (lpString1="B6-rwZB7t.wav", lpString2="Windows") returned -1 [0052.395] lstrcmpiW (lpString1="B6-rwZB7t.wav", lpString2="Program Files") returned -1 [0052.395] lstrcmpiW (lpString1="B6-rwZB7t.wav", lpString2="Program Files (x86)") returned -1 [0052.395] lstrcmpiW (lpString1="B6-rwZB7t.wav", lpString2="$Recycle.bin") returned 1 [0052.395] lstrcmpiW (lpString1="B6-rwZB7t.wav", lpString2="System Volume Information") returned -1 [0052.395] lstrcmpiW (lpString1="B6-rwZB7t.wav", lpString2=".") returned 1 [0052.395] lstrcmpiW (lpString1="B6-rwZB7t.wav", lpString2="..") returned 1 [0052.395] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav") returned 53 [0052.395] StrStrIW (lpFirst="B6-rwZB7t.wav", lpSrch=".lolkek") returned 0x0 [0052.395] lstrcmpW (lpString1="B6-rwZB7t.wav", lpString2="LOLKEK.txt") returned -1 [0052.395] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav") returned 53 [0052.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbf910 [0052.395] lstrcpyW (in: lpString1=0x3cbf910, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B6-rwZB7t.wav" [0052.395] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.408] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.408] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb5fc4e0, ftCreationTime.dwHighDateTime=0x1d62970, ftLastAccessTime.dwLowDateTime=0x92d6c800, ftLastAccessTime.dwHighDateTime=0x1d62945, ftLastWriteTime.dwLowDateTime=0x92d6c800, ftLastWriteTime.dwHighDateTime=0x1d62945, nFileSizeHigh=0x0, nFileSizeLow=0x494d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="CemnP.mp3", cAlternateFileName="")) returned 1 [0052.408] lstrcmpiW (lpString1="CemnP.mp3", lpString2="Windows") returned -1 [0052.408] lstrcmpiW (lpString1="CemnP.mp3", lpString2="Program Files") returned -1 [0052.408] lstrcmpiW (lpString1="CemnP.mp3", lpString2="Program Files (x86)") returned -1 [0052.408] lstrcmpiW (lpString1="CemnP.mp3", lpString2="$Recycle.bin") returned 1 [0052.408] lstrcmpiW (lpString1="CemnP.mp3", lpString2="System Volume Information") returned -1 [0052.408] lstrcmpiW (lpString1="CemnP.mp3", lpString2=".") returned 1 [0052.408] lstrcmpiW (lpString1="CemnP.mp3", lpString2="..") returned 1 [0052.408] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3") returned 49 [0052.408] StrStrIW (lpFirst="CemnP.mp3", lpSrch=".lolkek") returned 0x0 [0052.408] lstrcmpW (lpString1="CemnP.mp3", lpString2="LOLKEK.txt") returned -1 [0052.408] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3") returned 49 [0052.408] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc8) returned 0x3e3c238 [0052.408] lstrcpyW (in: lpString1=0x3e3c238, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CemnP.mp3" [0052.408] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.410] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.410] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.410] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.410] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.410] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.410] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.410] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.410] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.410] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.410] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned 51 [0052.410] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.410] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.410] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned 51 [0052.410] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbe3f0 [0052.410] lstrcpyW (in: lpString1=0x3cbe3f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" [0052.410] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.427] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.427] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1b66540, ftCreationTime.dwHighDateTime=0x1d627af, ftLastAccessTime.dwLowDateTime=0x8bfb7e60, ftLastAccessTime.dwHighDateTime=0x1d62ffb, ftLastWriteTime.dwLowDateTime=0x8bfb7e60, ftLastWriteTime.dwHighDateTime=0x1d62ffb, nFileSizeHigh=0x0, nFileSizeLow=0x7b37, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="eUF6 czXLtu.m4a", cAlternateFileName="EUF6CZ~1.M4A")) returned 1 [0052.427] lstrcmpiW (lpString1="eUF6 czXLtu.m4a", lpString2="Windows") returned -1 [0052.427] lstrcmpiW (lpString1="eUF6 czXLtu.m4a", lpString2="Program Files") returned -1 [0052.427] lstrcmpiW (lpString1="eUF6 czXLtu.m4a", lpString2="Program Files (x86)") returned -1 [0052.427] lstrcmpiW (lpString1="eUF6 czXLtu.m4a", lpString2="$Recycle.bin") returned 1 [0052.427] lstrcmpiW (lpString1="eUF6 czXLtu.m4a", lpString2="System Volume Information") returned -1 [0052.427] lstrcmpiW (lpString1="eUF6 czXLtu.m4a", lpString2=".") returned 1 [0052.427] lstrcmpiW (lpString1="eUF6 czXLtu.m4a", lpString2="..") returned 1 [0052.427] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a") returned 55 [0052.427] StrStrIW (lpFirst="eUF6 czXLtu.m4a", lpSrch=".lolkek") returned 0x0 [0052.427] lstrcmpW (lpString1="eUF6 czXLtu.m4a", lpString2="LOLKEK.txt") returned -1 [0052.427] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a") returned 55 [0052.427] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbbe98 [0052.427] lstrcpyW (in: lpString1=0x3cbbe98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eUF6 czXLtu.m4a" [0052.427] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.428] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.428] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b916bd0, ftCreationTime.dwHighDateTime=0x1d62bd2, ftLastAccessTime.dwLowDateTime=0x47915300, ftLastAccessTime.dwHighDateTime=0x1d631bb, ftLastWriteTime.dwLowDateTime=0x47915300, ftLastWriteTime.dwHighDateTime=0x1d631bb, nFileSizeHigh=0x0, nFileSizeLow=0x990f, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="G-e_sPya.mp3", cAlternateFileName="")) returned 1 [0052.428] lstrcmpiW (lpString1="G-e_sPya.mp3", lpString2="Windows") returned -1 [0052.428] lstrcmpiW (lpString1="G-e_sPya.mp3", lpString2="Program Files") returned -1 [0052.428] lstrcmpiW (lpString1="G-e_sPya.mp3", lpString2="Program Files (x86)") returned -1 [0052.429] lstrcmpiW (lpString1="G-e_sPya.mp3", lpString2="$Recycle.bin") returned 1 [0052.429] lstrcmpiW (lpString1="G-e_sPya.mp3", lpString2="System Volume Information") returned -1 [0052.429] lstrcmpiW (lpString1="G-e_sPya.mp3", lpString2=".") returned 1 [0052.429] lstrcmpiW (lpString1="G-e_sPya.mp3", lpString2="..") returned 1 [0052.429] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3") returned 52 [0052.429] StrStrIW (lpFirst="G-e_sPya.mp3", lpSrch=".lolkek") returned 0x0 [0052.429] lstrcmpW (lpString1="G-e_sPya.mp3", lpString2="LOLKEK.txt") returned -1 [0052.429] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3") returned 52 [0052.429] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cbff30 [0052.429] lstrcpyW (in: lpString1=0x3cbff30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\G-e_sPya.mp3" [0052.429] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.430] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.430] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf269aab0, ftCreationTime.dwHighDateTime=0x1d62834, ftLastAccessTime.dwLowDateTime=0x565f4230, ftLastAccessTime.dwHighDateTime=0x1d625da, ftLastWriteTime.dwLowDateTime=0x565f4230, ftLastWriteTime.dwHighDateTime=0x1d625da, nFileSizeHigh=0x0, nFileSizeLow=0x7fae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="HkC00OVY2t.wav", cAlternateFileName="HKC00O~1.WAV")) returned 1 [0052.430] lstrcmpiW (lpString1="HkC00OVY2t.wav", lpString2="Windows") returned -1 [0052.430] lstrcmpiW (lpString1="HkC00OVY2t.wav", lpString2="Program Files") returned -1 [0052.430] lstrcmpiW (lpString1="HkC00OVY2t.wav", lpString2="Program Files (x86)") returned -1 [0052.430] lstrcmpiW (lpString1="HkC00OVY2t.wav", lpString2="$Recycle.bin") returned 1 [0052.430] lstrcmpiW (lpString1="HkC00OVY2t.wav", lpString2="System Volume Information") returned -1 [0052.430] lstrcmpiW (lpString1="HkC00OVY2t.wav", lpString2=".") returned 1 [0052.430] lstrcmpiW (lpString1="HkC00OVY2t.wav", lpString2="..") returned 1 [0052.430] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav") returned 54 [0052.430] StrStrIW (lpFirst="HkC00OVY2t.wav", lpSrch=".lolkek") returned 0x0 [0052.430] lstrcmpW (lpString1="HkC00OVY2t.wav", lpString2="LOLKEK.txt") returned -1 [0052.430] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav") returned 54 [0052.430] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbbf80 [0052.430] lstrcpyW (in: lpString1=0x3cbbf80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\HkC00OVY2t.wav" [0052.430] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.433] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.433] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f358790, ftCreationTime.dwHighDateTime=0x1d63080, ftLastAccessTime.dwLowDateTime=0x1ef1a470, ftLastAccessTime.dwHighDateTime=0x1d62498, ftLastWriteTime.dwLowDateTime=0x1ef1a470, ftLastWriteTime.dwHighDateTime=0x1d62498, nFileSizeHigh=0x0, nFileSizeLow=0xf2b9, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="iV5uSI5E5Q.m4a", cAlternateFileName="IV5USI~1.M4A")) returned 1 [0052.433] lstrcmpiW (lpString1="iV5uSI5E5Q.m4a", lpString2="Windows") returned -1 [0052.433] lstrcmpiW (lpString1="iV5uSI5E5Q.m4a", lpString2="Program Files") returned -1 [0052.433] lstrcmpiW (lpString1="iV5uSI5E5Q.m4a", lpString2="Program Files (x86)") returned -1 [0052.433] lstrcmpiW (lpString1="iV5uSI5E5Q.m4a", lpString2="$Recycle.bin") returned 1 [0052.433] lstrcmpiW (lpString1="iV5uSI5E5Q.m4a", lpString2="System Volume Information") returned -1 [0052.433] lstrcmpiW (lpString1="iV5uSI5E5Q.m4a", lpString2=".") returned 1 [0052.433] lstrcmpiW (lpString1="iV5uSI5E5Q.m4a", lpString2="..") returned 1 [0052.433] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a") returned 54 [0052.433] StrStrIW (lpFirst="iV5uSI5E5Q.m4a", lpSrch=".lolkek") returned 0x0 [0052.434] lstrcmpW (lpString1="iV5uSI5E5Q.m4a", lpString2="LOLKEK.txt") returned -1 [0052.434] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a") returned 54 [0052.434] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbc068 [0052.434] lstrcpyW (in: lpString1=0x3cbc068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\iV5uSI5E5Q.m4a" [0052.434] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.435] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.435] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75d744e0, ftCreationTime.dwHighDateTime=0x1d62e28, ftLastAccessTime.dwLowDateTime=0x588583a0, ftLastAccessTime.dwHighDateTime=0x1d629b6, ftLastWriteTime.dwLowDateTime=0x588583a0, ftLastWriteTime.dwHighDateTime=0x1d629b6, nFileSizeHigh=0x0, nFileSizeLow=0x10af3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="l1x0jeHxJkDGqB3HNP.m4a", cAlternateFileName="L1X0JE~1.M4A")) returned 1 [0052.435] lstrcmpiW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2="Windows") returned -1 [0052.435] lstrcmpiW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2="Program Files") returned -1 [0052.435] lstrcmpiW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2="Program Files (x86)") returned -1 [0052.435] lstrcmpiW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2="$Recycle.bin") returned 1 [0052.435] lstrcmpiW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2="System Volume Information") returned -1 [0052.435] lstrcmpiW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2=".") returned 1 [0052.435] lstrcmpiW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2="..") returned 1 [0052.435] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a") returned 62 [0052.436] StrStrIW (lpFirst="l1x0jeHxJkDGqB3HNP.m4a", lpSrch=".lolkek") returned 0x0 [0052.436] lstrcmpW (lpString1="l1x0jeHxJkDGqB3HNP.m4a", lpString2="LOLKEK.txt") returned -1 [0052.436] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a") returned 62 [0052.436] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4440 [0052.436] lstrcpyW (in: lpString1=0x3ec4440, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\l1x0jeHxJkDGqB3HNP.m4a" [0052.436] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.436] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.437] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7a97760, ftCreationTime.dwHighDateTime=0x1d62a0a, ftLastAccessTime.dwLowDateTime=0xf2e351d0, ftLastAccessTime.dwHighDateTime=0x1d63027, ftLastWriteTime.dwLowDateTime=0xf2e351d0, ftLastWriteTime.dwHighDateTime=0x1d63027, nFileSizeHigh=0x0, nFileSizeLow=0x13550, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="M5RDN.mp3", cAlternateFileName="")) returned 1 [0052.437] lstrcmpiW (lpString1="M5RDN.mp3", lpString2="Windows") returned -1 [0052.437] lstrcmpiW (lpString1="M5RDN.mp3", lpString2="Program Files") returned -1 [0052.437] lstrcmpiW (lpString1="M5RDN.mp3", lpString2="Program Files (x86)") returned -1 [0052.437] lstrcmpiW (lpString1="M5RDN.mp3", lpString2="$Recycle.bin") returned 1 [0052.437] lstrcmpiW (lpString1="M5RDN.mp3", lpString2="System Volume Information") returned -1 [0052.437] lstrcmpiW (lpString1="M5RDN.mp3", lpString2=".") returned 1 [0052.437] lstrcmpiW (lpString1="M5RDN.mp3", lpString2="..") returned 1 [0052.437] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3") returned 49 [0052.437] StrStrIW (lpFirst="M5RDN.mp3", lpSrch=".lolkek") returned 0x0 [0052.437] lstrcmpW (lpString1="M5RDN.mp3", lpString2="LOLKEK.txt") returned 1 [0052.437] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3") returned 49 [0052.437] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc8) returned 0x3e3bc88 [0052.437] lstrcpyW (in: lpString1=0x3e3bc88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M5RDN.mp3" [0052.437] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.439] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.440] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f295a70, ftCreationTime.dwHighDateTime=0x1d625c9, ftLastAccessTime.dwLowDateTime=0x34a61000, ftLastAccessTime.dwHighDateTime=0x1d6277a, ftLastWriteTime.dwLowDateTime=0x34a61000, ftLastWriteTime.dwHighDateTime=0x1d6277a, nFileSizeHigh=0x0, nFileSizeLow=0x169db, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ng2xrZQesrdMBJwG4.wav", cAlternateFileName="NG2XRZ~1.WAV")) returned 1 [0052.440] lstrcmpiW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2="Windows") returned -1 [0052.440] lstrcmpiW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2="Program Files") returned -1 [0052.440] lstrcmpiW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2="Program Files (x86)") returned -1 [0052.440] lstrcmpiW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2="$Recycle.bin") returned 1 [0052.440] lstrcmpiW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2="System Volume Information") returned -1 [0052.440] lstrcmpiW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2=".") returned 1 [0052.440] lstrcmpiW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2="..") returned 1 [0052.440] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav") returned 61 [0052.440] StrStrIW (lpFirst="ng2xrZQesrdMBJwG4.wav", lpSrch=".lolkek") returned 0x0 [0052.440] lstrcmpW (lpString1="ng2xrZQesrdMBJwG4.wav", lpString2="LOLKEK.txt") returned 1 [0052.440] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav") returned 61 [0052.440] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0960 [0052.440] lstrcpyW (in: lpString1=0x3da0960, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ng2xrZQesrdMBJwG4.wav" [0052.440] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.448] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.448] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefe6d780, ftCreationTime.dwHighDateTime=0x1d6265f, ftLastAccessTime.dwLowDateTime=0x52e424d0, ftLastAccessTime.dwHighDateTime=0x1d62f54, ftLastWriteTime.dwLowDateTime=0x52e424d0, ftLastWriteTime.dwHighDateTime=0x1d62f54, nFileSizeHigh=0x0, nFileSizeLow=0x3d14, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ONU YEaHbB.m4a", cAlternateFileName="ONUYEA~1.M4A")) returned 1 [0052.448] lstrcmpiW (lpString1="ONU YEaHbB.m4a", lpString2="Windows") returned -1 [0052.448] lstrcmpiW (lpString1="ONU YEaHbB.m4a", lpString2="Program Files") returned -1 [0052.448] lstrcmpiW (lpString1="ONU YEaHbB.m4a", lpString2="Program Files (x86)") returned -1 [0052.448] lstrcmpiW (lpString1="ONU YEaHbB.m4a", lpString2="$Recycle.bin") returned 1 [0052.448] lstrcmpiW (lpString1="ONU YEaHbB.m4a", lpString2="System Volume Information") returned -1 [0052.448] lstrcmpiW (lpString1="ONU YEaHbB.m4a", lpString2=".") returned 1 [0052.448] lstrcmpiW (lpString1="ONU YEaHbB.m4a", lpString2="..") returned 1 [0052.448] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a") returned 54 [0052.448] StrStrIW (lpFirst="ONU YEaHbB.m4a", lpSrch=".lolkek") returned 0x0 [0052.448] lstrcmpW (lpString1="ONU YEaHbB.m4a", lpString2="LOLKEK.txt") returned 1 [0052.448] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a") returned 54 [0052.448] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbc150 [0052.448] lstrcpyW (in: lpString1=0x3cbc150, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ONU YEaHbB.m4a" [0052.448] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.459] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.459] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7373cca0, ftCreationTime.dwHighDateTime=0x1d62edc, ftLastAccessTime.dwLowDateTime=0xfedbb160, ftLastAccessTime.dwHighDateTime=0x1d6273c, ftLastWriteTime.dwLowDateTime=0xfedbb160, ftLastWriteTime.dwHighDateTime=0x1d6273c, nFileSizeHigh=0x0, nFileSizeLow=0x7bbe, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="PoO7hAog1.wav", cAlternateFileName="POO7HA~1.WAV")) returned 1 [0052.459] lstrcmpiW (lpString1="PoO7hAog1.wav", lpString2="Windows") returned -1 [0052.459] lstrcmpiW (lpString1="PoO7hAog1.wav", lpString2="Program Files") returned -1 [0052.459] lstrcmpiW (lpString1="PoO7hAog1.wav", lpString2="Program Files (x86)") returned -1 [0052.459] lstrcmpiW (lpString1="PoO7hAog1.wav", lpString2="$Recycle.bin") returned 1 [0052.459] lstrcmpiW (lpString1="PoO7hAog1.wav", lpString2="System Volume Information") returned -1 [0052.459] lstrcmpiW (lpString1="PoO7hAog1.wav", lpString2=".") returned 1 [0052.459] lstrcmpiW (lpString1="PoO7hAog1.wav", lpString2="..") returned 1 [0052.459] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav") returned 53 [0052.459] StrStrIW (lpFirst="PoO7hAog1.wav", lpSrch=".lolkek") returned 0x0 [0052.459] lstrcmpW (lpString1="PoO7hAog1.wav", lpString2="LOLKEK.txt") returned 1 [0052.459] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav") returned 53 [0052.459] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cc0010 [0052.459] lstrcpyW (in: lpString1=0x3cc0010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PoO7hAog1.wav" [0052.459] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.461] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.461] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x451fa300, ftCreationTime.dwHighDateTime=0x1d62834, ftLastAccessTime.dwLowDateTime=0xb8cfd120, ftLastAccessTime.dwHighDateTime=0x1d629f2, ftLastWriteTime.dwLowDateTime=0xb8cfd120, ftLastWriteTime.dwHighDateTime=0x1d629f2, nFileSizeHigh=0x0, nFileSizeLow=0x18294, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="QmeSdHPQvX7DoCu-G7c.wav", cAlternateFileName="QMESDH~1.WAV")) returned 1 [0052.461] lstrcmpiW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2="Windows") returned -1 [0052.461] lstrcmpiW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2="Program Files") returned 1 [0052.461] lstrcmpiW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2="Program Files (x86)") returned 1 [0052.461] lstrcmpiW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2="$Recycle.bin") returned 1 [0052.461] lstrcmpiW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2="System Volume Information") returned -1 [0052.461] lstrcmpiW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2=".") returned 1 [0052.461] lstrcmpiW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2="..") returned 1 [0052.461] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav") returned 63 [0052.461] StrStrIW (lpFirst="QmeSdHPQvX7DoCu-G7c.wav", lpSrch=".lolkek") returned 0x0 [0052.461] lstrcmpW (lpString1="QmeSdHPQvX7DoCu-G7c.wav", lpString2="LOLKEK.txt") returned 1 [0052.461] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav") returned 63 [0052.461] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4758 [0052.461] lstrcpyW (in: lpString1=0x3ec4758, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QmeSdHPQvX7DoCu-G7c.wav" [0052.461] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.476] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.476] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6279d50, ftCreationTime.dwHighDateTime=0x1d62ec1, ftLastAccessTime.dwLowDateTime=0xad060310, ftLastAccessTime.dwHighDateTime=0x1d62ac3, ftLastWriteTime.dwLowDateTime=0xad060310, ftLastWriteTime.dwHighDateTime=0x1d62ac3, nFileSizeHigh=0x0, nFileSizeLow=0xc5b1, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="t3a_Cl7 4W0XAHGgy.wav", cAlternateFileName="T3A_CL~1.WAV")) returned 1 [0052.476] lstrcmpiW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2="Windows") returned -1 [0052.476] lstrcmpiW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2="Program Files") returned 1 [0052.476] lstrcmpiW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2="Program Files (x86)") returned 1 [0052.476] lstrcmpiW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2="$Recycle.bin") returned 1 [0052.476] lstrcmpiW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2="System Volume Information") returned 1 [0052.476] lstrcmpiW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2=".") returned 1 [0052.476] lstrcmpiW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2="..") returned 1 [0052.476] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav") returned 61 [0052.476] StrStrIW (lpFirst="t3a_Cl7 4W0XAHGgy.wav", lpSrch=".lolkek") returned 0x0 [0052.476] lstrcmpW (lpString1="t3a_Cl7 4W0XAHGgy.wav", lpString2="LOLKEK.txt") returned 1 [0052.476] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav") returned 61 [0052.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0a60 [0052.476] lstrcpyW (in: lpString1=0x3da0a60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\t3a_Cl7 4W0XAHGgy.wav" [0052.476] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.478] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.478] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83ae2a10, ftCreationTime.dwHighDateTime=0x1d62ea1, ftLastAccessTime.dwLowDateTime=0x2f216cc0, ftLastAccessTime.dwHighDateTime=0x1d6251c, ftLastWriteTime.dwLowDateTime=0x2f216cc0, ftLastWriteTime.dwHighDateTime=0x1d6251c, nFileSizeHigh=0x0, nFileSizeLow=0x13de2, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="tP7-bspBeplAee mzu7.mp3", cAlternateFileName="TP7-BS~1.MP3")) returned 1 [0052.478] lstrcmpiW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2="Windows") returned -1 [0052.478] lstrcmpiW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2="Program Files") returned 1 [0052.478] lstrcmpiW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2="Program Files (x86)") returned 1 [0052.478] lstrcmpiW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2="$Recycle.bin") returned 1 [0052.478] lstrcmpiW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2="System Volume Information") returned 1 [0052.478] lstrcmpiW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2=".") returned 1 [0052.478] lstrcmpiW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2="..") returned 1 [0052.478] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3") returned 63 [0052.478] StrStrIW (lpFirst="tP7-bspBeplAee mzu7.mp3", lpSrch=".lolkek") returned 0x0 [0052.478] lstrcmpW (lpString1="tP7-bspBeplAee mzu7.mp3", lpString2="LOLKEK.txt") returned 1 [0052.478] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3") returned 63 [0052.478] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4860 [0052.478] lstrcpyW (in: lpString1=0x3ec4860, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tP7-bspBeplAee mzu7.mp3" [0052.478] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.479] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.479] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x322b37c0, ftCreationTime.dwHighDateTime=0x1d62b66, ftLastAccessTime.dwLowDateTime=0x28b51dd0, ftLastAccessTime.dwHighDateTime=0x1d62f91, ftLastWriteTime.dwLowDateTime=0x28b51dd0, ftLastWriteTime.dwHighDateTime=0x1d62f91, nFileSizeHigh=0x0, nFileSizeLow=0x131cd, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Uw 08K- mYRVK.m4a", cAlternateFileName="UW08K-~1.M4A")) returned 1 [0052.479] lstrcmpiW (lpString1="Uw 08K- mYRVK.m4a", lpString2="Windows") returned -1 [0052.480] lstrcmpiW (lpString1="Uw 08K- mYRVK.m4a", lpString2="Program Files") returned 1 [0052.480] lstrcmpiW (lpString1="Uw 08K- mYRVK.m4a", lpString2="Program Files (x86)") returned 1 [0052.480] lstrcmpiW (lpString1="Uw 08K- mYRVK.m4a", lpString2="$Recycle.bin") returned 1 [0052.480] lstrcmpiW (lpString1="Uw 08K- mYRVK.m4a", lpString2="System Volume Information") returned 1 [0052.480] lstrcmpiW (lpString1="Uw 08K- mYRVK.m4a", lpString2=".") returned 1 [0052.480] lstrcmpiW (lpString1="Uw 08K- mYRVK.m4a", lpString2="..") returned 1 [0052.480] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a") returned 57 [0052.480] StrStrIW (lpFirst="Uw 08K- mYRVK.m4a", lpSrch=".lolkek") returned 0x0 [0052.480] lstrcmpW (lpString1="Uw 08K- mYRVK.m4a", lpString2="LOLKEK.txt") returned 1 [0052.480] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a") returned 57 [0052.480] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x6460a8 [0052.480] lstrcpyW (in: lpString1=0x6460a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Uw 08K- mYRVK.m4a" [0052.480] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.483] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.483] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7c11c00, ftCreationTime.dwHighDateTime=0x1d62f78, ftLastAccessTime.dwLowDateTime=0x4b1ba020, ftLastAccessTime.dwHighDateTime=0x1d627d4, ftLastWriteTime.dwLowDateTime=0x4b1ba020, ftLastWriteTime.dwHighDateTime=0x1d627d4, nFileSizeHigh=0x0, nFileSizeLow=0x83c2, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="XN-SCP4NXTxfiQTpI.wav", cAlternateFileName="XN-SCP~1.WAV")) returned 1 [0052.483] lstrcmpiW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2="Windows") returned 1 [0052.483] lstrcmpiW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2="Program Files") returned 1 [0052.483] lstrcmpiW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2="Program Files (x86)") returned 1 [0052.483] lstrcmpiW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2="$Recycle.bin") returned 1 [0052.483] lstrcmpiW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2="System Volume Information") returned 1 [0052.483] lstrcmpiW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2=".") returned 1 [0052.483] lstrcmpiW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2="..") returned 1 [0052.483] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav") returned 61 [0052.483] StrStrIW (lpFirst="XN-SCP4NXTxfiQTpI.wav", lpSrch=".lolkek") returned 0x0 [0052.483] lstrcmpW (lpString1="XN-SCP4NXTxfiQTpI.wav", lpString2="LOLKEK.txt") returned 1 [0052.483] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav") returned 61 [0052.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0b60 [0052.483] lstrcpyW (in: lpString1=0x3da0b60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XN-SCP4NXTxfiQTpI.wav" [0052.483] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.484] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.484] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedadce10, ftCreationTime.dwHighDateTime=0x1d632ad, ftLastAccessTime.dwLowDateTime=0x872ce4c0, ftLastAccessTime.dwHighDateTime=0x1d62cd9, ftLastWriteTime.dwLowDateTime=0x872ce4c0, ftLastWriteTime.dwHighDateTime=0x1d62cd9, nFileSizeHigh=0x0, nFileSizeLow=0x11142, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xNcdyPkcLgpD.wav", cAlternateFileName="XNCDYP~1.WAV")) returned 1 [0052.484] lstrcmpiW (lpString1="xNcdyPkcLgpD.wav", lpString2="Windows") returned 1 [0052.484] lstrcmpiW (lpString1="xNcdyPkcLgpD.wav", lpString2="Program Files") returned 1 [0052.484] lstrcmpiW (lpString1="xNcdyPkcLgpD.wav", lpString2="Program Files (x86)") returned 1 [0052.484] lstrcmpiW (lpString1="xNcdyPkcLgpD.wav", lpString2="$Recycle.bin") returned 1 [0052.484] lstrcmpiW (lpString1="xNcdyPkcLgpD.wav", lpString2="System Volume Information") returned 1 [0052.484] lstrcmpiW (lpString1="xNcdyPkcLgpD.wav", lpString2=".") returned 1 [0052.484] lstrcmpiW (lpString1="xNcdyPkcLgpD.wav", lpString2="..") returned 1 [0052.484] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav") returned 56 [0052.484] StrStrIW (lpFirst="xNcdyPkcLgpD.wav", lpSrch=".lolkek") returned 0x0 [0052.484] lstrcmpW (lpString1="xNcdyPkcLgpD.wav", lpString2="LOLKEK.txt") returned 1 [0052.484] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav") returned 56 [0052.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x3cc9da0 [0052.484] lstrcpyW (in: lpString1=0x3cc9da0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xNcdyPkcLgpD.wav" [0052.484] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.486] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.486] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9419a70, ftCreationTime.dwHighDateTime=0x1d62bce, ftLastAccessTime.dwLowDateTime=0xaff997f0, ftLastAccessTime.dwHighDateTime=0x1d6241d, ftLastWriteTime.dwLowDateTime=0xaff997f0, ftLastWriteTime.dwHighDateTime=0x1d6241d, nFileSizeHigh=0x0, nFileSizeLow=0xe74b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xWYL1PnX43JxxH9I.m4a", cAlternateFileName="XWYL1P~1.M4A")) returned 1 [0052.486] lstrcmpiW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2="Windows") returned 1 [0052.486] lstrcmpiW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2="Program Files") returned 1 [0052.486] lstrcmpiW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2="Program Files (x86)") returned 1 [0052.486] lstrcmpiW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2="$Recycle.bin") returned 1 [0052.486] lstrcmpiW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2="System Volume Information") returned 1 [0052.486] lstrcmpiW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2=".") returned 1 [0052.486] lstrcmpiW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2="..") returned 1 [0052.486] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a") returned 60 [0052.486] StrStrIW (lpFirst="xWYL1PnX43JxxH9I.m4a", lpSrch=".lolkek") returned 0x0 [0052.486] lstrcmpW (lpString1="xWYL1PnX43JxxH9I.m4a", lpString2="LOLKEK.txt") returned 1 [0052.486] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a") returned 60 [0052.486] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0c60 [0052.486] lstrcpyW (in: lpString1=0x3da0c60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xWYL1PnX43JxxH9I.m4a" [0052.486] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.489] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.489] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5707b160, ftCreationTime.dwHighDateTime=0x1d62641, ftLastAccessTime.dwLowDateTime=0x5dfc82c0, ftLastAccessTime.dwHighDateTime=0x1d62286, ftLastWriteTime.dwLowDateTime=0x5dfc82c0, ftLastWriteTime.dwHighDateTime=0x1d62286, nFileSizeHigh=0x0, nFileSizeLow=0x12645, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ytJHp00V4yO.m4a", cAlternateFileName="YTJHP0~1.M4A")) returned 1 [0052.489] lstrcmpiW (lpString1="ytJHp00V4yO.m4a", lpString2="Windows") returned 1 [0052.489] lstrcmpiW (lpString1="ytJHp00V4yO.m4a", lpString2="Program Files") returned 1 [0052.489] lstrcmpiW (lpString1="ytJHp00V4yO.m4a", lpString2="Program Files (x86)") returned 1 [0052.489] lstrcmpiW (lpString1="ytJHp00V4yO.m4a", lpString2="$Recycle.bin") returned 1 [0052.489] lstrcmpiW (lpString1="ytJHp00V4yO.m4a", lpString2="System Volume Information") returned 1 [0052.489] lstrcmpiW (lpString1="ytJHp00V4yO.m4a", lpString2=".") returned 1 [0052.489] lstrcmpiW (lpString1="ytJHp00V4yO.m4a", lpString2="..") returned 1 [0052.489] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a") returned 55 [0052.489] StrStrIW (lpFirst="ytJHp00V4yO.m4a", lpSrch=".lolkek") returned 0x0 [0052.489] lstrcmpW (lpString1="ytJHp00V4yO.m4a", lpString2="LOLKEK.txt") returned 1 [0052.489] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a") returned 55 [0052.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbc238 [0052.489] lstrcpyW (in: lpString1=0x3cbc238, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ytJHp00V4yO.m4a" [0052.490] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.498] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.498] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb81f9040, ftCreationTime.dwHighDateTime=0x1d6327f, ftLastAccessTime.dwLowDateTime=0x190eec80, ftLastAccessTime.dwHighDateTime=0x1d631ad, ftLastWriteTime.dwLowDateTime=0x190eec80, ftLastWriteTime.dwHighDateTime=0x1d631ad, nFileSizeHigh=0x0, nFileSizeLow=0x2b01, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="zHRvk6cFY2.mp3", cAlternateFileName="ZHRVK6~1.MP3")) returned 1 [0052.498] lstrcmpiW (lpString1="zHRvk6cFY2.mp3", lpString2="Windows") returned 1 [0052.498] lstrcmpiW (lpString1="zHRvk6cFY2.mp3", lpString2="Program Files") returned 1 [0052.498] lstrcmpiW (lpString1="zHRvk6cFY2.mp3", lpString2="Program Files (x86)") returned 1 [0052.498] lstrcmpiW (lpString1="zHRvk6cFY2.mp3", lpString2="$Recycle.bin") returned 1 [0052.498] lstrcmpiW (lpString1="zHRvk6cFY2.mp3", lpString2="System Volume Information") returned 1 [0052.498] lstrcmpiW (lpString1="zHRvk6cFY2.mp3", lpString2=".") returned 1 [0052.498] lstrcmpiW (lpString1="zHRvk6cFY2.mp3", lpString2="..") returned 1 [0052.498] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3") returned 54 [0052.498] StrStrIW (lpFirst="zHRvk6cFY2.mp3", lpSrch=".lolkek") returned 0x0 [0052.498] lstrcmpW (lpString1="zHRvk6cFY2.mp3", lpString2="LOLKEK.txt") returned 1 [0052.498] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3") returned 54 [0052.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbc320 [0052.498] lstrcpyW (in: lpString1=0x3cbc320, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\zHRvk6cFY2.mp3" [0052.498] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.512] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.512] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dc72db0, ftCreationTime.dwHighDateTime=0x1d62e61, ftLastAccessTime.dwLowDateTime=0x6d5c960, ftLastAccessTime.dwHighDateTime=0x1d62ee9, ftLastWriteTime.dwLowDateTime=0x6d5c960, ftLastWriteTime.dwHighDateTime=0x1d62ee9, nFileSizeHigh=0x0, nFileSizeLow=0x141b1, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_WfpN7.wav", cAlternateFileName="")) returned 1 [0052.512] lstrcmpiW (lpString1="_WfpN7.wav", lpString2="Windows") returned -1 [0052.512] lstrcmpiW (lpString1="_WfpN7.wav", lpString2="Program Files") returned -1 [0052.512] lstrcmpiW (lpString1="_WfpN7.wav", lpString2="Program Files (x86)") returned -1 [0052.512] lstrcmpiW (lpString1="_WfpN7.wav", lpString2="$Recycle.bin") returned 1 [0052.512] lstrcmpiW (lpString1="_WfpN7.wav", lpString2="System Volume Information") returned -1 [0052.512] lstrcmpiW (lpString1="_WfpN7.wav", lpString2=".") returned 1 [0052.512] lstrcmpiW (lpString1="_WfpN7.wav", lpString2="..") returned 1 [0052.512] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav") returned 50 [0052.512] StrStrIW (lpFirst="_WfpN7.wav", lpSrch=".lolkek") returned 0x0 [0052.512] lstrcmpW (lpString1="_WfpN7.wav", lpString2="LOLKEK.txt") returned -1 [0052.512] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav") returned 50 [0052.512] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbe4c8 [0052.512] lstrcpyW (in: lpString1=0x3cbe4c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_WfpN7.wav" [0052.512] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.515] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.515] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1861b830, ftCreationTime.dwHighDateTime=0x1d6255a, ftLastAccessTime.dwLowDateTime=0x67fb2a40, ftLastAccessTime.dwHighDateTime=0x1d631ba, ftLastWriteTime.dwLowDateTime=0x67fb2a40, ftLastWriteTime.dwHighDateTime=0x1d631ba, nFileSizeHigh=0x0, nFileSizeLow=0x13a6c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_wmunbqWFMh.mp3", cAlternateFileName="_WMUNB~1.MP3")) returned 1 [0052.515] lstrcmpiW (lpString1="_wmunbqWFMh.mp3", lpString2="Windows") returned -1 [0052.515] lstrcmpiW (lpString1="_wmunbqWFMh.mp3", lpString2="Program Files") returned -1 [0052.515] lstrcmpiW (lpString1="_wmunbqWFMh.mp3", lpString2="Program Files (x86)") returned -1 [0052.515] lstrcmpiW (lpString1="_wmunbqWFMh.mp3", lpString2="$Recycle.bin") returned 1 [0052.515] lstrcmpiW (lpString1="_wmunbqWFMh.mp3", lpString2="System Volume Information") returned -1 [0052.515] lstrcmpiW (lpString1="_wmunbqWFMh.mp3", lpString2=".") returned 1 [0052.515] lstrcmpiW (lpString1="_wmunbqWFMh.mp3", lpString2="..") returned 1 [0052.515] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3") returned 55 [0052.516] StrStrIW (lpFirst="_wmunbqWFMh.mp3", lpSrch=".lolkek") returned 0x0 [0052.516] lstrcmpW (lpString1="_wmunbqWFMh.mp3", lpString2="LOLKEK.txt") returned -1 [0052.516] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3") returned 55 [0052.516] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbc408 [0052.516] lstrcpyW (in: lpString1=0x3cbc408, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_wmunbqWFMh.mp3" [0052.516] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.532] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.532] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1861b830, ftCreationTime.dwHighDateTime=0x1d6255a, ftLastAccessTime.dwLowDateTime=0x67fb2a40, ftLastAccessTime.dwHighDateTime=0x1d631ba, ftLastWriteTime.dwLowDateTime=0x67fb2a40, ftLastWriteTime.dwHighDateTime=0x1d631ba, nFileSizeHigh=0x0, nFileSizeLow=0x13a6c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_wmunbqWFMh.mp3", cAlternateFileName="_WMUNB~1.MP3")) returned 0 [0052.533] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.533] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\LOLKEK.txt") returned 50 [0052.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.533] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.533] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.534] CloseHandle (hObject=0x294) returned 1 [0052.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.534] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0052.534] lstrcmpiW (lpString1="My Documents", lpString2="Windows") returned -1 [0052.534] lstrcmpiW (lpString1="My Documents", lpString2="Program Files") returned -1 [0052.534] lstrcmpiW (lpString1="My Documents", lpString2="Program Files (x86)") returned -1 [0052.534] lstrcmpiW (lpString1="My Documents", lpString2="$Recycle.bin") returned 1 [0052.534] lstrcmpiW (lpString1="My Documents", lpString2="System Volume Information") returned -1 [0052.534] lstrcmpiW (lpString1="My Documents", lpString2=".") returned 1 [0052.534] lstrcmpiW (lpString1="My Documents", lpString2="..") returned 1 [0052.534] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned 46 [0052.534] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.534] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0052.534] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*" [0052.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1861b830, ftCreationTime.dwHighDateTime=0x1d6255a, ftLastAccessTime.dwLowDateTime=0x67fb2a40, ftLastAccessTime.dwHighDateTime=0x1d631ba, ftLastWriteTime.dwLowDateTime=0x67fb2a40, ftLastWriteTime.dwHighDateTime=0x1d631ba, nFileSizeHigh=0x0, nFileSizeLow=0x13a6c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_wmunbqWFMh.mp3", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.534] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NetHood", cAlternateFileName="")) returned 1 [0052.534] lstrcmpiW (lpString1="NetHood", lpString2="Windows") returned -1 [0052.534] lstrcmpiW (lpString1="NetHood", lpString2="Program Files") returned -1 [0052.534] lstrcmpiW (lpString1="NetHood", lpString2="Program Files (x86)") returned -1 [0052.534] lstrcmpiW (lpString1="NetHood", lpString2="$Recycle.bin") returned 1 [0052.534] lstrcmpiW (lpString1="NetHood", lpString2="System Volume Information") returned -1 [0052.534] lstrcmpiW (lpString1="NetHood", lpString2=".") returned 1 [0052.534] lstrcmpiW (lpString1="NetHood", lpString2="..") returned 1 [0052.534] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned 41 [0052.534] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.534] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0052.534] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*" [0052.534] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1861b830, ftCreationTime.dwHighDateTime=0x1d6255a, ftLastAccessTime.dwLowDateTime=0x67fb2a40, ftLastAccessTime.dwHighDateTime=0x1d631ba, ftLastWriteTime.dwLowDateTime=0x67fb2a40, ftLastWriteTime.dwHighDateTime=0x1d631ba, nFileSizeHigh=0x0, nFileSizeLow=0x13a6c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_wmunbqWFMh.mp3", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.534] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0052.534] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="Windows") returned -1 [0052.534] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="Program Files") returned -1 [0052.534] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="Program Files (x86)") returned -1 [0052.535] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="$Recycle.bin") returned 1 [0052.535] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="System Volume Information") returned -1 [0052.535] lstrcmpiW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0052.535] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0052.535] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0052.535] StrStrIW (lpFirst="NTUSER.DAT", lpSrch=".lolkek") returned 0x0 [0052.535] lstrcmpW (lpString1="NTUSER.DAT", lpString2="LOLKEK.txt") returned 1 [0052.535] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0052.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb4) returned 0x3cb90d8 [0052.535] lstrcpyW (in: lpString1=0x3cb90d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" [0052.535] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.535] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.535] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0052.535] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="Windows") returned -1 [0052.535] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="Program Files") returned -1 [0052.535] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="Program Files (x86)") returned -1 [0052.535] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="$Recycle.bin") returned 1 [0052.535] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="System Volume Information") returned -1 [0052.535] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2=".") returned 1 [0052.535] lstrcmpiW (lpString1="ntuser.dat.LOG1", lpString2="..") returned 1 [0052.535] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0052.535] StrStrIW (lpFirst="ntuser.dat.LOG1", lpSrch=".lolkek") returned 0x0 [0052.535] lstrcmpW (lpString1="ntuser.dat.LOG1", lpString2="LOLKEK.txt") returned 1 [0052.535] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0052.535] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc8) returned 0x3e3bfc8 [0052.535] lstrcpyW (in: lpString1=0x3e3bfc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" [0052.536] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.538] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.538] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0052.538] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="Windows") returned -1 [0052.538] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="Program Files") returned -1 [0052.538] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="Program Files (x86)") returned -1 [0052.538] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="$Recycle.bin") returned 1 [0052.538] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="System Volume Information") returned -1 [0052.538] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2=".") returned 1 [0052.538] lstrcmpiW (lpString1="ntuser.dat.LOG2", lpString2="..") returned 1 [0052.538] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0052.538] StrStrIW (lpFirst="ntuser.dat.LOG2", lpSrch=".lolkek") returned 0x0 [0052.538] lstrcmpW (lpString1="ntuser.dat.LOG2", lpString2="LOLKEK.txt") returned 1 [0052.538] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0052.538] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc8) returned 0x3e3bef8 [0052.538] lstrcpyW (in: lpString1=0x3e3bef8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" [0052.538] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.540] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.540] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0052.540] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Windows") returned -1 [0052.540] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Program Files") returned -1 [0052.540] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Program Files (x86)") returned -1 [0052.540] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="$Recycle.bin") returned 1 [0052.540] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="System Volume Information") returned -1 [0052.540] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0052.541] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0052.541] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0052.541] StrStrIW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch=".lolkek") returned 0x0 [0052.541] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="LOLKEK.txt") returned 1 [0052.541] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0052.541] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x3e34ee0 [0052.541] lstrcpyW (in: lpString1=0x3e34ee0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0052.541] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.542] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.542] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0052.542] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Windows") returned -1 [0052.542] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Program Files") returned -1 [0052.542] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Program Files (x86)") returned -1 [0052.542] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="$Recycle.bin") returned 1 [0052.542] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="System Volume Information") returned -1 [0052.542] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0052.542] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0052.542] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0052.542] StrStrIW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch=".lolkek") returned 0x0 [0052.542] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="LOLKEK.txt") returned 1 [0052.542] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0052.542] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x67ca98 [0052.542] lstrcpyW (in: lpString1=0x67ca98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0052.542] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.548] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.548] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0052.548] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Windows") returned -1 [0052.548] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Program Files") returned -1 [0052.548] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Program Files (x86)") returned -1 [0052.548] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="$Recycle.bin") returned 1 [0052.548] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="System Volume Information") returned -1 [0052.548] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0052.548] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0052.548] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0052.548] StrStrIW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch=".lolkek") returned 0x0 [0052.548] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="LOLKEK.txt") returned 1 [0052.548] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0052.548] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1fc) returned 0x618c88 [0052.548] lstrcpyW (in: lpString1=0x618c88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0052.548] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.549] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.549] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0052.549] lstrcmpiW (lpString1="ntuser.ini", lpString2="Windows") returned -1 [0052.549] lstrcmpiW (lpString1="ntuser.ini", lpString2="Program Files") returned -1 [0052.549] lstrcmpiW (lpString1="ntuser.ini", lpString2="Program Files (x86)") returned -1 [0052.549] lstrcmpiW (lpString1="ntuser.ini", lpString2="$Recycle.bin") returned 1 [0052.549] lstrcmpiW (lpString1="ntuser.ini", lpString2="System Volume Information") returned -1 [0052.549] lstrcmpiW (lpString1="ntuser.ini", lpString2=".") returned 1 [0052.549] lstrcmpiW (lpString1="ntuser.ini", lpString2="..") returned 1 [0052.549] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 44 [0052.549] StrStrIW (lpFirst="ntuser.ini", lpSrch=".lolkek") returned 0x0 [0052.549] lstrcmpW (lpString1="ntuser.ini", lpString2="LOLKEK.txt") returned 1 [0052.550] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 44 [0052.550] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb4) returned 0x3cb9258 [0052.550] lstrcpyW (in: lpString1=0x3cb9258, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" [0052.550] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.555] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.555] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc29140, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc29140, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0052.555] lstrcmpiW (lpString1="Pictures", lpString2="Windows") returned -1 [0052.555] lstrcmpiW (lpString1="Pictures", lpString2="Program Files") returned -1 [0052.555] lstrcmpiW (lpString1="Pictures", lpString2="Program Files (x86)") returned -1 [0052.555] lstrcmpiW (lpString1="Pictures", lpString2="$Recycle.bin") returned 1 [0052.555] lstrcmpiW (lpString1="Pictures", lpString2="System Volume Information") returned -1 [0052.555] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0052.555] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0052.555] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 42 [0052.555] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.555] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0052.555] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*" [0052.556] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc29140, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc29140, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.556] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.556] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.556] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.556] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.556] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.556] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.556] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7dc29140, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7dc29140, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.556] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.556] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.556] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.556] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.556] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.556] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.556] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.556] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecc9f5a0, ftCreationTime.dwHighDateTime=0x1d6321c, ftLastAccessTime.dwLowDateTime=0x853d7510, ftLastAccessTime.dwHighDateTime=0x1d6299d, ftLastWriteTime.dwLowDateTime=0x853d7510, ftLastWriteTime.dwHighDateTime=0x1d6299d, nFileSizeHigh=0x0, nFileSizeLow=0x4fd4, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="-wEiJ.jpg", cAlternateFileName="")) returned 1 [0052.556] lstrcmpiW (lpString1="-wEiJ.jpg", lpString2="Windows") returned -1 [0052.556] lstrcmpiW (lpString1="-wEiJ.jpg", lpString2="Program Files") returned 1 [0052.556] lstrcmpiW (lpString1="-wEiJ.jpg", lpString2="Program Files (x86)") returned 1 [0052.556] lstrcmpiW (lpString1="-wEiJ.jpg", lpString2="$Recycle.bin") returned 1 [0052.556] lstrcmpiW (lpString1="-wEiJ.jpg", lpString2="System Volume Information") returned 1 [0052.556] lstrcmpiW (lpString1="-wEiJ.jpg", lpString2=".") returned 1 [0052.556] lstrcmpiW (lpString1="-wEiJ.jpg", lpString2="..") returned 1 [0052.556] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg") returned 52 [0052.556] StrStrIW (lpFirst="-wEiJ.jpg", lpSrch=".lolkek") returned 0x0 [0052.556] lstrcmpW (lpString1="-wEiJ.jpg", lpString2="LOLKEK.txt") returned 1 [0052.556] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg") returned 52 [0052.556] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cc00f0 [0052.556] lstrcpyW (in: lpString1=0x3cc00f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\-wEiJ.jpg" [0052.556] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.568] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.568] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x451f4c80, ftCreationTime.dwHighDateTime=0x1d62f95, ftLastAccessTime.dwLowDateTime=0x777a2f80, ftLastAccessTime.dwHighDateTime=0x1d62a43, ftLastWriteTime.dwLowDateTime=0x777a2f80, ftLastWriteTime.dwHighDateTime=0x1d62a43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="4xjt", cAlternateFileName="")) returned 1 [0052.568] lstrcmpiW (lpString1="4xjt", lpString2="Windows") returned -1 [0052.568] lstrcmpiW (lpString1="4xjt", lpString2="Program Files") returned -1 [0052.568] lstrcmpiW (lpString1="4xjt", lpString2="Program Files (x86)") returned -1 [0052.568] lstrcmpiW (lpString1="4xjt", lpString2="$Recycle.bin") returned 1 [0052.568] lstrcmpiW (lpString1="4xjt", lpString2="System Volume Information") returned -1 [0052.568] lstrcmpiW (lpString1="4xjt", lpString2=".") returned 1 [0052.568] lstrcmpiW (lpString1="4xjt", lpString2="..") returned 1 [0052.568] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt") returned 47 [0052.568] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.568] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt" [0052.568] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\*" [0052.568] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x451f4c80, ftCreationTime.dwHighDateTime=0x1d62f95, ftLastAccessTime.dwLowDateTime=0x777a2f80, ftLastAccessTime.dwHighDateTime=0x1d62a43, ftLastWriteTime.dwLowDateTime=0x777a2f80, ftLastWriteTime.dwHighDateTime=0x1d62a43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.568] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.569] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.569] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.569] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.569] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.569] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.569] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x451f4c80, ftCreationTime.dwHighDateTime=0x1d62f95, ftLastAccessTime.dwLowDateTime=0x777a2f80, ftLastAccessTime.dwHighDateTime=0x1d62a43, ftLastWriteTime.dwLowDateTime=0x777a2f80, ftLastWriteTime.dwHighDateTime=0x1d62a43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.569] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.569] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.569] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.569] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.569] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.569] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.569] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.569] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53015b00, ftCreationTime.dwHighDateTime=0x1d626a7, ftLastAccessTime.dwLowDateTime=0x4705fc30, ftLastAccessTime.dwHighDateTime=0x1d62c87, ftLastWriteTime.dwLowDateTime=0x4705fc30, ftLastWriteTime.dwHighDateTime=0x1d62c87, nFileSizeHigh=0x0, nFileSizeLow=0x7dea, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="djmmnmLV.jpg", cAlternateFileName="")) returned 1 [0052.569] lstrcmpiW (lpString1="djmmnmLV.jpg", lpString2="Windows") returned -1 [0052.569] lstrcmpiW (lpString1="djmmnmLV.jpg", lpString2="Program Files") returned -1 [0052.569] lstrcmpiW (lpString1="djmmnmLV.jpg", lpString2="Program Files (x86)") returned -1 [0052.569] lstrcmpiW (lpString1="djmmnmLV.jpg", lpString2="$Recycle.bin") returned 1 [0052.569] lstrcmpiW (lpString1="djmmnmLV.jpg", lpString2="System Volume Information") returned -1 [0052.569] lstrcmpiW (lpString1="djmmnmLV.jpg", lpString2=".") returned 1 [0052.569] lstrcmpiW (lpString1="djmmnmLV.jpg", lpString2="..") returned 1 [0052.569] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg") returned 60 [0052.569] StrStrIW (lpFirst="djmmnmLV.jpg", lpSrch=".lolkek") returned 0x0 [0052.569] lstrcmpW (lpString1="djmmnmLV.jpg", lpString2="LOLKEK.txt") returned -1 [0052.569] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg") returned 60 [0052.569] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0d60 [0052.569] lstrcpyW (in: lpString1=0x3da0d60, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\djmmnmLV.jpg" [0052.569] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.572] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.572] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff27c70, ftCreationTime.dwHighDateTime=0x1d62da2, ftLastAccessTime.dwLowDateTime=0x6f80790, ftLastAccessTime.dwHighDateTime=0x1d6270b, ftLastWriteTime.dwLowDateTime=0x6f80790, ftLastWriteTime.dwHighDateTime=0x1d6270b, nFileSizeHigh=0x0, nFileSizeLow=0xce7e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FdxXRehGAJzNwHkfJ.gif", cAlternateFileName="FDXXRE~1.GIF")) returned 1 [0052.572] lstrcmpiW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2="Windows") returned -1 [0052.572] lstrcmpiW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2="Program Files") returned -1 [0052.572] lstrcmpiW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2="Program Files (x86)") returned -1 [0052.572] lstrcmpiW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2="$Recycle.bin") returned 1 [0052.572] lstrcmpiW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2="System Volume Information") returned -1 [0052.573] lstrcmpiW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2=".") returned 1 [0052.573] lstrcmpiW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2="..") returned 1 [0052.573] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif") returned 69 [0052.573] StrStrIW (lpFirst="FdxXRehGAJzNwHkfJ.gif", lpSrch=".lolkek") returned 0x0 [0052.573] lstrcmpW (lpString1="FdxXRehGAJzNwHkfJ.gif", lpString2="LOLKEK.txt") returned -1 [0052.573] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif") returned 69 [0052.573] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x3cc9e90 [0052.573] lstrcpyW (in: lpString1=0x3cc9e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\FdxXRehGAJzNwHkfJ.gif" [0052.573] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.586] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.586] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf66d0d50, ftCreationTime.dwHighDateTime=0x1d62a5f, ftLastAccessTime.dwLowDateTime=0x19577fd0, ftLastAccessTime.dwHighDateTime=0x1d6241b, ftLastWriteTime.dwLowDateTime=0x19577fd0, ftLastWriteTime.dwHighDateTime=0x1d6241b, nFileSizeHigh=0x0, nFileSizeLow=0x9a62, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GzcoOnWlfdAJYPcH.gif", cAlternateFileName="GZCOON~1.GIF")) returned 1 [0052.586] lstrcmpiW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2="Windows") returned -1 [0052.586] lstrcmpiW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2="Program Files") returned -1 [0052.586] lstrcmpiW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2="Program Files (x86)") returned -1 [0052.586] lstrcmpiW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2="$Recycle.bin") returned 1 [0052.586] lstrcmpiW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2="System Volume Information") returned -1 [0052.586] lstrcmpiW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2=".") returned 1 [0052.586] lstrcmpiW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2="..") returned 1 [0052.586] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif") returned 68 [0052.586] StrStrIW (lpFirst="GzcoOnWlfdAJYPcH.gif", lpSrch=".lolkek") returned 0x0 [0052.586] lstrcmpW (lpString1="GzcoOnWlfdAJYPcH.gif", lpString2="LOLKEK.txt") returned -1 [0052.586] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif") returned 68 [0052.586] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x3de0490 [0052.586] lstrcpyW (in: lpString1=0x3de0490, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\GzcoOnWlfdAJYPcH.gif" [0052.586] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.593] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.593] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10065380, ftCreationTime.dwHighDateTime=0x1d630cc, ftLastAccessTime.dwLowDateTime=0xcef0be40, ftLastAccessTime.dwHighDateTime=0x1d628af, ftLastWriteTime.dwLowDateTime=0xcef0be40, ftLastWriteTime.dwHighDateTime=0x1d628af, nFileSizeHigh=0x0, nFileSizeLow=0x3afb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Hl3k4sFy5WW5IYxPQ-We.gif", cAlternateFileName="HL3K4S~1.GIF")) returned 1 [0052.593] lstrcmpiW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2="Windows") returned -1 [0052.593] lstrcmpiW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2="Program Files") returned -1 [0052.593] lstrcmpiW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2="Program Files (x86)") returned -1 [0052.593] lstrcmpiW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2="$Recycle.bin") returned 1 [0052.593] lstrcmpiW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2="System Volume Information") returned -1 [0052.593] lstrcmpiW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2=".") returned 1 [0052.593] lstrcmpiW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2="..") returned 1 [0052.593] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif") returned 72 [0052.593] StrStrIW (lpFirst="Hl3k4sFy5WW5IYxPQ-We.gif", lpSrch=".lolkek") returned 0x0 [0052.593] lstrcmpW (lpString1="Hl3k4sFy5WW5IYxPQ-We.gif", lpString2="LOLKEK.txt") returned -1 [0052.593] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif") returned 72 [0052.593] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca7160 [0052.593] lstrcpyW (in: lpString1=0x3ca7160, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\Hl3k4sFy5WW5IYxPQ-We.gif" [0052.593] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.593] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.593] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132f1c20, ftCreationTime.dwHighDateTime=0x1d6305b, ftLastAccessTime.dwLowDateTime=0x9e9eb050, ftLastAccessTime.dwHighDateTime=0x1d63082, ftLastWriteTime.dwLowDateTime=0x9e9eb050, ftLastWriteTime.dwHighDateTime=0x1d63082, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jOZGi", cAlternateFileName="")) returned 1 [0052.593] lstrcmpiW (lpString1="jOZGi", lpString2="Windows") returned -1 [0052.593] lstrcmpiW (lpString1="jOZGi", lpString2="Program Files") returned -1 [0052.593] lstrcmpiW (lpString1="jOZGi", lpString2="Program Files (x86)") returned -1 [0052.594] lstrcmpiW (lpString1="jOZGi", lpString2="$Recycle.bin") returned 1 [0052.594] lstrcmpiW (lpString1="jOZGi", lpString2="System Volume Information") returned -1 [0052.594] lstrcmpiW (lpString1="jOZGi", lpString2=".") returned 1 [0052.594] lstrcmpiW (lpString1="jOZGi", lpString2="..") returned 1 [0052.594] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi") returned 53 [0052.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.594] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi" [0052.594] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\*" [0052.594] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132f1c20, ftCreationTime.dwHighDateTime=0x1d6305b, ftLastAccessTime.dwLowDateTime=0x9e9eb050, ftLastAccessTime.dwHighDateTime=0x1d63082, ftLastWriteTime.dwLowDateTime=0x9e9eb050, ftLastWriteTime.dwHighDateTime=0x1d63082, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0052.594] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.594] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.594] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.594] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.594] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.594] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.594] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x132f1c20, ftCreationTime.dwHighDateTime=0x1d6305b, ftLastAccessTime.dwLowDateTime=0x9e9eb050, ftLastAccessTime.dwHighDateTime=0x1d63082, ftLastWriteTime.dwLowDateTime=0x9e9eb050, ftLastWriteTime.dwHighDateTime=0x1d63082, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.594] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.594] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.594] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.594] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.594] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.594] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.594] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.594] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad94d0e0, ftCreationTime.dwHighDateTime=0x1d624b5, ftLastAccessTime.dwLowDateTime=0xbcbc53b0, ftLastAccessTime.dwHighDateTime=0x1d62828, ftLastWriteTime.dwLowDateTime=0xbcbc53b0, ftLastWriteTime.dwHighDateTime=0x1d62828, nFileSizeHigh=0x0, nFileSizeLow=0xfe60, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7UEON3-rkOI.gif", cAlternateFileName="7UEON3~1.GIF")) returned 1 [0052.594] lstrcmpiW (lpString1="7UEON3-rkOI.gif", lpString2="Windows") returned -1 [0052.594] lstrcmpiW (lpString1="7UEON3-rkOI.gif", lpString2="Program Files") returned -1 [0052.594] lstrcmpiW (lpString1="7UEON3-rkOI.gif", lpString2="Program Files (x86)") returned -1 [0052.594] lstrcmpiW (lpString1="7UEON3-rkOI.gif", lpString2="$Recycle.bin") returned 1 [0052.594] lstrcmpiW (lpString1="7UEON3-rkOI.gif", lpString2="System Volume Information") returned -1 [0052.594] lstrcmpiW (lpString1="7UEON3-rkOI.gif", lpString2=".") returned 1 [0052.594] lstrcmpiW (lpString1="7UEON3-rkOI.gif", lpString2="..") returned 1 [0052.594] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif") returned 69 [0052.594] StrStrIW (lpFirst="7UEON3-rkOI.gif", lpSrch=".lolkek") returned 0x0 [0052.594] lstrcmpW (lpString1="7UEON3-rkOI.gif", lpString2="LOLKEK.txt") returned -1 [0052.594] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif") returned 69 [0052.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x5c2078 [0052.594] lstrcpyW (in: lpString1=0x5c2078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\7UEON3-rkOI.gif" [0052.594] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.602] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.602] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9166b40, ftCreationTime.dwHighDateTime=0x1d62ce5, ftLastAccessTime.dwLowDateTime=0x7a93c930, ftLastAccessTime.dwHighDateTime=0x1d6252d, ftLastWriteTime.dwLowDateTime=0x7a93c930, ftLastWriteTime.dwHighDateTime=0x1d6252d, nFileSizeHigh=0x0, nFileSizeLow=0x11b8a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bdg-4oVxo3lUlr5SQ.gif", cAlternateFileName="BDG-4O~1.GIF")) returned 1 [0052.602] lstrcmpiW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2="Windows") returned -1 [0052.602] lstrcmpiW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2="Program Files") returned -1 [0052.602] lstrcmpiW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2="Program Files (x86)") returned -1 [0052.602] lstrcmpiW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2="$Recycle.bin") returned 1 [0052.602] lstrcmpiW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2="System Volume Information") returned -1 [0052.602] lstrcmpiW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2=".") returned 1 [0052.602] lstrcmpiW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2="..") returned 1 [0052.602] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif") returned 75 [0052.602] StrStrIW (lpFirst="bdg-4oVxo3lUlr5SQ.gif", lpSrch=".lolkek") returned 0x0 [0052.602] lstrcmpW (lpString1="bdg-4oVxo3lUlr5SQ.gif", lpString2="LOLKEK.txt") returned -1 [0052.602] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif") returned 75 [0052.602] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3ca6668 [0052.602] lstrcpyW (in: lpString1=0x3ca6668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\bdg-4oVxo3lUlr5SQ.gif" [0052.602] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.603] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.603] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7391170, ftCreationTime.dwHighDateTime=0x1d62370, ftLastAccessTime.dwLowDateTime=0xeb1ece40, ftLastAccessTime.dwHighDateTime=0x1d62977, ftLastWriteTime.dwLowDateTime=0xeb1ece40, ftLastWriteTime.dwHighDateTime=0x1d62977, nFileSizeHigh=0x0, nFileSizeLow=0x10fbc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="hjVZzEzQRb8Yo1rr.gif", cAlternateFileName="HJVZZE~1.GIF")) returned 1 [0052.603] lstrcmpiW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2="Windows") returned -1 [0052.603] lstrcmpiW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2="Program Files") returned -1 [0052.603] lstrcmpiW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2="Program Files (x86)") returned -1 [0052.603] lstrcmpiW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2="$Recycle.bin") returned 1 [0052.603] lstrcmpiW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2="System Volume Information") returned -1 [0052.603] lstrcmpiW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2=".") returned 1 [0052.603] lstrcmpiW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2="..") returned 1 [0052.603] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif") returned 74 [0052.603] StrStrIW (lpFirst="hjVZzEzQRb8Yo1rr.gif", lpSrch=".lolkek") returned 0x0 [0052.603] lstrcmpW (lpString1="hjVZzEzQRb8Yo1rr.gif", lpString2="LOLKEK.txt") returned -1 [0052.603] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif") returned 74 [0052.603] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3ca6c80 [0052.603] lstrcpyW (in: lpString1=0x3ca6c80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\hjVZzEzQRb8Yo1rr.gif" [0052.603] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.608] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.608] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x290f45d0, ftCreationTime.dwHighDateTime=0x1d6254b, ftLastAccessTime.dwLowDateTime=0x2da19c90, ftLastAccessTime.dwHighDateTime=0x1d62f7a, ftLastWriteTime.dwLowDateTime=0x2da19c90, ftLastWriteTime.dwHighDateTime=0x1d62f7a, nFileSizeHigh=0x0, nFileSizeLow=0x78d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Nbb_.jpg", cAlternateFileName="")) returned 1 [0052.608] lstrcmpiW (lpString1="Nbb_.jpg", lpString2="Windows") returned -1 [0052.608] lstrcmpiW (lpString1="Nbb_.jpg", lpString2="Program Files") returned -1 [0052.608] lstrcmpiW (lpString1="Nbb_.jpg", lpString2="Program Files (x86)") returned -1 [0052.608] lstrcmpiW (lpString1="Nbb_.jpg", lpString2="$Recycle.bin") returned 1 [0052.608] lstrcmpiW (lpString1="Nbb_.jpg", lpString2="System Volume Information") returned -1 [0052.608] lstrcmpiW (lpString1="Nbb_.jpg", lpString2=".") returned 1 [0052.608] lstrcmpiW (lpString1="Nbb_.jpg", lpString2="..") returned 1 [0052.608] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg") returned 62 [0052.608] StrStrIW (lpFirst="Nbb_.jpg", lpSrch=".lolkek") returned 0x0 [0052.608] lstrcmpW (lpString1="Nbb_.jpg", lpString2="LOLKEK.txt") returned 1 [0052.608] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg") returned 62 [0052.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4a70 [0052.608] lstrcpyW (in: lpString1=0x3ec4a70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Nbb_.jpg" [0052.608] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.615] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.615] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1355470, ftCreationTime.dwHighDateTime=0x1d62dfc, ftLastAccessTime.dwLowDateTime=0xa2d3c870, ftLastAccessTime.dwHighDateTime=0x1d63188, ftLastWriteTime.dwLowDateTime=0xa2d3c870, ftLastWriteTime.dwHighDateTime=0x1d63188, nFileSizeHigh=0x0, nFileSizeLow=0x13594, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="snf_BJ.bmp", cAlternateFileName="")) returned 1 [0052.615] lstrcmpiW (lpString1="snf_BJ.bmp", lpString2="Windows") returned -1 [0052.615] lstrcmpiW (lpString1="snf_BJ.bmp", lpString2="Program Files") returned 1 [0052.615] lstrcmpiW (lpString1="snf_BJ.bmp", lpString2="Program Files (x86)") returned 1 [0052.615] lstrcmpiW (lpString1="snf_BJ.bmp", lpString2="$Recycle.bin") returned 1 [0052.615] lstrcmpiW (lpString1="snf_BJ.bmp", lpString2="System Volume Information") returned -1 [0052.615] lstrcmpiW (lpString1="snf_BJ.bmp", lpString2=".") returned 1 [0052.615] lstrcmpiW (lpString1="snf_BJ.bmp", lpString2="..") returned 1 [0052.615] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp") returned 64 [0052.615] StrStrIW (lpFirst="snf_BJ.bmp", lpSrch=".lolkek") returned 0x0 [0052.615] lstrcmpW (lpString1="snf_BJ.bmp", lpString2="LOLKEK.txt") returned 1 [0052.615] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp") returned 64 [0052.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x612ad8 [0052.615] lstrcpyW (in: lpString1=0x612ad8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\snf_BJ.bmp" [0052.615] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.621] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.621] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x816c4f00, ftCreationTime.dwHighDateTime=0x1d62bf1, ftLastAccessTime.dwLowDateTime=0x9eae6600, ftLastAccessTime.dwHighDateTime=0x1d62b17, ftLastWriteTime.dwLowDateTime=0x9eae6600, ftLastWriteTime.dwHighDateTime=0x1d62b17, nFileSizeHigh=0x0, nFileSizeLow=0xfafe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uPsckdvEfEFKv3i.gif", cAlternateFileName="UPSCKD~1.GIF")) returned 1 [0052.621] lstrcmpiW (lpString1="uPsckdvEfEFKv3i.gif", lpString2="Windows") returned -1 [0052.621] lstrcmpiW (lpString1="uPsckdvEfEFKv3i.gif", lpString2="Program Files") returned 1 [0052.621] lstrcmpiW (lpString1="uPsckdvEfEFKv3i.gif", lpString2="Program Files (x86)") returned 1 [0052.621] lstrcmpiW (lpString1="uPsckdvEfEFKv3i.gif", lpString2="$Recycle.bin") returned 1 [0052.621] lstrcmpiW (lpString1="uPsckdvEfEFKv3i.gif", lpString2="System Volume Information") returned 1 [0052.621] lstrcmpiW (lpString1="uPsckdvEfEFKv3i.gif", lpString2=".") returned 1 [0052.621] lstrcmpiW (lpString1="uPsckdvEfEFKv3i.gif", lpString2="..") returned 1 [0052.621] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif") returned 73 [0052.621] StrStrIW (lpFirst="uPsckdvEfEFKv3i.gif", lpSrch=".lolkek") returned 0x0 [0052.621] lstrcmpW (lpString1="uPsckdvEfEFKv3i.gif", lpString2="LOLKEK.txt") returned 1 [0052.621] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif") returned 73 [0052.621] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca7028 [0052.621] lstrcpyW (in: lpString1=0x3ca7028, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\uPsckdvEfEFKv3i.gif" [0052.622] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.622] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.622] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf189f840, ftCreationTime.dwHighDateTime=0x1d63228, ftLastAccessTime.dwLowDateTime=0xe3c426e0, ftLastAccessTime.dwHighDateTime=0x1d62a58, ftLastWriteTime.dwLowDateTime=0xe3c426e0, ftLastWriteTime.dwHighDateTime=0x1d62a58, nFileSizeHigh=0x0, nFileSizeLow=0x11b71, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wKiQEKzQaW.gif", cAlternateFileName="WKIQEK~1.GIF")) returned 1 [0052.622] lstrcmpiW (lpString1="wKiQEKzQaW.gif", lpString2="Windows") returned 1 [0052.622] lstrcmpiW (lpString1="wKiQEKzQaW.gif", lpString2="Program Files") returned 1 [0052.622] lstrcmpiW (lpString1="wKiQEKzQaW.gif", lpString2="Program Files (x86)") returned 1 [0052.622] lstrcmpiW (lpString1="wKiQEKzQaW.gif", lpString2="$Recycle.bin") returned 1 [0052.622] lstrcmpiW (lpString1="wKiQEKzQaW.gif", lpString2="System Volume Information") returned 1 [0052.622] lstrcmpiW (lpString1="wKiQEKzQaW.gif", lpString2=".") returned 1 [0052.622] lstrcmpiW (lpString1="wKiQEKzQaW.gif", lpString2="..") returned 1 [0052.622] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif") returned 68 [0052.622] StrStrIW (lpFirst="wKiQEKzQaW.gif", lpSrch=".lolkek") returned 0x0 [0052.622] lstrcmpW (lpString1="wKiQEKzQaW.gif", lpString2="LOLKEK.txt") returned 1 [0052.622] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif") returned 68 [0052.622] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x62f460 [0052.622] lstrcpyW (in: lpString1=0x62f460, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\wKiQEKzQaW.gif" [0052.622] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.624] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.624] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a8de80, ftCreationTime.dwHighDateTime=0x1d6259b, ftLastAccessTime.dwLowDateTime=0xf20758e0, ftLastAccessTime.dwHighDateTime=0x1d63218, ftLastWriteTime.dwLowDateTime=0xf20758e0, ftLastWriteTime.dwHighDateTime=0x1d63218, nFileSizeHigh=0x0, nFileSizeLow=0x8e4f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XN AywDD.png", cAlternateFileName="XNAYWD~1.PNG")) returned 1 [0052.624] lstrcmpiW (lpString1="XN AywDD.png", lpString2="Windows") returned 1 [0052.624] lstrcmpiW (lpString1="XN AywDD.png", lpString2="Program Files") returned 1 [0052.624] lstrcmpiW (lpString1="XN AywDD.png", lpString2="Program Files (x86)") returned 1 [0052.624] lstrcmpiW (lpString1="XN AywDD.png", lpString2="$Recycle.bin") returned 1 [0052.625] lstrcmpiW (lpString1="XN AywDD.png", lpString2="System Volume Information") returned 1 [0052.625] lstrcmpiW (lpString1="XN AywDD.png", lpString2=".") returned 1 [0052.625] lstrcmpiW (lpString1="XN AywDD.png", lpString2="..") returned 1 [0052.625] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png") returned 66 [0052.625] StrStrIW (lpFirst="XN AywDD.png", lpSrch=".lolkek") returned 0x0 [0052.625] lstrcmpW (lpString1="XN AywDD.png", lpString2="LOLKEK.txt") returned 1 [0052.625] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png") returned 66 [0052.625] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x612bf0 [0052.625] lstrcpyW (in: lpString1=0x612bf0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\XN AywDD.png" [0052.625] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.660] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.660] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6036f5a0, ftCreationTime.dwHighDateTime=0x1d62ada, ftLastAccessTime.dwLowDateTime=0xfca284b0, ftLastAccessTime.dwHighDateTime=0x1d62be6, ftLastWriteTime.dwLowDateTime=0xfca284b0, ftLastWriteTime.dwHighDateTime=0x1d62be6, nFileSizeHigh=0x0, nFileSizeLow=0x6f6b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="xxGQ5eMP5Zs56vglmX.png", cAlternateFileName="XXGQ5E~1.PNG")) returned 1 [0052.660] lstrcmpiW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2="Windows") returned 1 [0052.660] lstrcmpiW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2="Program Files") returned 1 [0052.660] lstrcmpiW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2="Program Files (x86)") returned 1 [0052.660] lstrcmpiW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2="$Recycle.bin") returned 1 [0052.660] lstrcmpiW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2="System Volume Information") returned 1 [0052.660] lstrcmpiW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2=".") returned 1 [0052.660] lstrcmpiW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2="..") returned 1 [0052.660] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png") returned 76 [0052.660] StrStrIW (lpFirst="xxGQ5eMP5Zs56vglmX.png", lpSrch=".lolkek") returned 0x0 [0052.660] lstrcmpW (lpString1="xxGQ5eMP5Zs56vglmX.png", lpString2="LOLKEK.txt") returned 1 [0052.660] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png") returned 76 [0052.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6173d8 [0052.660] lstrcpyW (in: lpString1=0x6173d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\xxGQ5eMP5Zs56vglmX.png" [0052.660] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.660] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.660] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x968419a0, ftCreationTime.dwHighDateTime=0x1d62605, ftLastAccessTime.dwLowDateTime=0x1fd90a60, ftLastAccessTime.dwHighDateTime=0x1d62b3f, ftLastWriteTime.dwLowDateTime=0x1fd90a60, ftLastWriteTime.dwHighDateTime=0x1d62b3f, nFileSizeHigh=0x0, nFileSizeLow=0xc9eb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Z0T3E.png", cAlternateFileName="")) returned 1 [0052.660] lstrcmpiW (lpString1="Z0T3E.png", lpString2="Windows") returned 1 [0052.660] lstrcmpiW (lpString1="Z0T3E.png", lpString2="Program Files") returned 1 [0052.660] lstrcmpiW (lpString1="Z0T3E.png", lpString2="Program Files (x86)") returned 1 [0052.660] lstrcmpiW (lpString1="Z0T3E.png", lpString2="$Recycle.bin") returned 1 [0052.660] lstrcmpiW (lpString1="Z0T3E.png", lpString2="System Volume Information") returned 1 [0052.660] lstrcmpiW (lpString1="Z0T3E.png", lpString2=".") returned 1 [0052.660] lstrcmpiW (lpString1="Z0T3E.png", lpString2="..") returned 1 [0052.660] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png") returned 63 [0052.660] StrStrIW (lpFirst="Z0T3E.png", lpSrch=".lolkek") returned 0x0 [0052.660] lstrcmpW (lpString1="Z0T3E.png", lpString2="LOLKEK.txt") returned 1 [0052.660] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png") returned 63 [0052.660] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4b78 [0052.660] lstrcpyW (in: lpString1=0x3ec4b78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\Z0T3E.png" [0052.660] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.660] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.660] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c344c20, ftCreationTime.dwHighDateTime=0x1d626fc, ftLastAccessTime.dwLowDateTime=0x12fb51c0, ftLastAccessTime.dwHighDateTime=0x1d62993, ftLastWriteTime.dwLowDateTime=0x12fb51c0, ftLastWriteTime.dwHighDateTime=0x1d62993, nFileSizeHigh=0x0, nFileSizeLow=0xa42c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ZzY04jQy6450bdXao.png", cAlternateFileName="ZZY04J~1.PNG")) returned 1 [0052.660] lstrcmpiW (lpString1="ZzY04jQy6450bdXao.png", lpString2="Windows") returned 1 [0052.660] lstrcmpiW (lpString1="ZzY04jQy6450bdXao.png", lpString2="Program Files") returned 1 [0052.660] lstrcmpiW (lpString1="ZzY04jQy6450bdXao.png", lpString2="Program Files (x86)") returned 1 [0052.660] lstrcmpiW (lpString1="ZzY04jQy6450bdXao.png", lpString2="$Recycle.bin") returned 1 [0052.660] lstrcmpiW (lpString1="ZzY04jQy6450bdXao.png", lpString2="System Volume Information") returned 1 [0052.660] lstrcmpiW (lpString1="ZzY04jQy6450bdXao.png", lpString2=".") returned 1 [0052.661] lstrcmpiW (lpString1="ZzY04jQy6450bdXao.png", lpString2="..") returned 1 [0052.661] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png") returned 75 [0052.661] StrStrIW (lpFirst="ZzY04jQy6450bdXao.png", lpSrch=".lolkek") returned 0x0 [0052.661] lstrcmpW (lpString1="ZzY04jQy6450bdXao.png", lpString2="LOLKEK.txt") returned 1 [0052.661] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png") returned 75 [0052.661] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3ca7508 [0052.661] lstrcpyW (in: lpString1=0x3ca7508, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\ZzY04jQy6450bdXao.png" [0052.661] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.661] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.661] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c344c20, ftCreationTime.dwHighDateTime=0x1d626fc, ftLastAccessTime.dwLowDateTime=0x12fb51c0, ftLastAccessTime.dwHighDateTime=0x1d62993, ftLastWriteTime.dwLowDateTime=0x12fb51c0, ftLastWriteTime.dwHighDateTime=0x1d62993, nFileSizeHigh=0x0, nFileSizeLow=0xa42c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ZzY04jQy6450bdXao.png", cAlternateFileName="ZZY04J~1.PNG")) returned 0 [0052.661] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0052.661] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\LOLKEK.txt") returned 64 [0052.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\jOZGi\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\jozgi\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.661] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.661] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0052.662] CloseHandle (hObject=0x2a0) returned 1 [0052.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.662] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84306520, ftCreationTime.dwHighDateTime=0x1d62bfe, ftLastAccessTime.dwLowDateTime=0x6069d100, ftLastAccessTime.dwHighDateTime=0x1d625ee, ftLastWriteTime.dwLowDateTime=0x6069d100, ftLastWriteTime.dwHighDateTime=0x1d625ee, nFileSizeHigh=0x0, nFileSizeLow=0x18dae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kMLyG0N1rdf.bmp", cAlternateFileName="KMLYG0~1.BMP")) returned 1 [0052.662] lstrcmpiW (lpString1="kMLyG0N1rdf.bmp", lpString2="Windows") returned -1 [0052.662] lstrcmpiW (lpString1="kMLyG0N1rdf.bmp", lpString2="Program Files") returned -1 [0052.662] lstrcmpiW (lpString1="kMLyG0N1rdf.bmp", lpString2="Program Files (x86)") returned -1 [0052.662] lstrcmpiW (lpString1="kMLyG0N1rdf.bmp", lpString2="$Recycle.bin") returned 1 [0052.662] lstrcmpiW (lpString1="kMLyG0N1rdf.bmp", lpString2="System Volume Information") returned -1 [0052.662] lstrcmpiW (lpString1="kMLyG0N1rdf.bmp", lpString2=".") returned 1 [0052.662] lstrcmpiW (lpString1="kMLyG0N1rdf.bmp", lpString2="..") returned 1 [0052.662] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp") returned 63 [0052.662] StrStrIW (lpFirst="kMLyG0N1rdf.bmp", lpSrch=".lolkek") returned 0x0 [0052.662] lstrcmpW (lpString1="kMLyG0N1rdf.bmp", lpString2="LOLKEK.txt") returned -1 [0052.662] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp") returned 63 [0052.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4c80 [0052.662] lstrcpyW (in: lpString1=0x3ec4c80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\kMLyG0N1rdf.bmp" [0052.662] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.662] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.662] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeaa85f0, ftCreationTime.dwHighDateTime=0x1d6235d, ftLastAccessTime.dwLowDateTime=0x9c828030, ftLastAccessTime.dwHighDateTime=0x1d62a65, ftLastWriteTime.dwLowDateTime=0x9c828030, ftLastWriteTime.dwHighDateTime=0x1d62a65, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LT5kFx", cAlternateFileName="")) returned 1 [0052.662] lstrcmpiW (lpString1="LT5kFx", lpString2="Windows") returned -1 [0052.662] lstrcmpiW (lpString1="LT5kFx", lpString2="Program Files") returned -1 [0052.662] lstrcmpiW (lpString1="LT5kFx", lpString2="Program Files (x86)") returned -1 [0052.662] lstrcmpiW (lpString1="LT5kFx", lpString2="$Recycle.bin") returned 1 [0052.662] lstrcmpiW (lpString1="LT5kFx", lpString2="System Volume Information") returned -1 [0052.662] lstrcmpiW (lpString1="LT5kFx", lpString2=".") returned 1 [0052.663] lstrcmpiW (lpString1="LT5kFx", lpString2="..") returned 1 [0052.663] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx") returned 54 [0052.663] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0052.663] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx" [0052.663] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\*" [0052.663] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeaa85f0, ftCreationTime.dwHighDateTime=0x1d6235d, ftLastAccessTime.dwLowDateTime=0x9c828030, ftLastAccessTime.dwHighDateTime=0x1d62a65, ftLastWriteTime.dwLowDateTime=0x9c828030, ftLastWriteTime.dwHighDateTime=0x1d62a65, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0052.663] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.663] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.663] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.663] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.663] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.663] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.663] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeaa85f0, ftCreationTime.dwHighDateTime=0x1d6235d, ftLastAccessTime.dwLowDateTime=0x9c828030, ftLastAccessTime.dwHighDateTime=0x1d62a65, ftLastWriteTime.dwLowDateTime=0x9c828030, ftLastWriteTime.dwHighDateTime=0x1d62a65, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.663] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.663] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.663] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.663] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.663] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.663] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.663] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.663] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x372ec980, ftCreationTime.dwHighDateTime=0x1d632b9, ftLastAccessTime.dwLowDateTime=0xaf0590e0, ftLastAccessTime.dwHighDateTime=0x1d62af5, ftLastWriteTime.dwLowDateTime=0xaf0590e0, ftLastWriteTime.dwHighDateTime=0x1d62af5, nFileSizeHigh=0x0, nFileSizeLow=0x13c20, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A5FtGGp wIJ7t.bmp", cAlternateFileName="A5FTGG~1.BMP")) returned 1 [0052.663] lstrcmpiW (lpString1="A5FtGGp wIJ7t.bmp", lpString2="Windows") returned -1 [0052.663] lstrcmpiW (lpString1="A5FtGGp wIJ7t.bmp", lpString2="Program Files") returned -1 [0052.663] lstrcmpiW (lpString1="A5FtGGp wIJ7t.bmp", lpString2="Program Files (x86)") returned -1 [0052.663] lstrcmpiW (lpString1="A5FtGGp wIJ7t.bmp", lpString2="$Recycle.bin") returned 1 [0052.663] lstrcmpiW (lpString1="A5FtGGp wIJ7t.bmp", lpString2="System Volume Information") returned -1 [0052.663] lstrcmpiW (lpString1="A5FtGGp wIJ7t.bmp", lpString2=".") returned 1 [0052.663] lstrcmpiW (lpString1="A5FtGGp wIJ7t.bmp", lpString2="..") returned 1 [0052.663] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp") returned 72 [0052.663] StrStrIW (lpFirst="A5FtGGp wIJ7t.bmp", lpSrch=".lolkek") returned 0x0 [0052.663] lstrcmpW (lpString1="A5FtGGp wIJ7t.bmp", lpString2="LOLKEK.txt") returned -1 [0052.663] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp") returned 72 [0052.663] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3ca6db8 [0052.663] lstrcpyW (in: lpString1=0x3ca6db8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\A5FtGGp wIJ7t.bmp" [0052.663] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.663] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.663] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55c73f20, ftCreationTime.dwHighDateTime=0x1d63297, ftLastAccessTime.dwLowDateTime=0xd9b3d8a0, ftLastAccessTime.dwHighDateTime=0x1d62a79, ftLastWriteTime.dwLowDateTime=0xd9b3d8a0, ftLastWriteTime.dwHighDateTime=0x1d62a79, nFileSizeHigh=0x0, nFileSizeLow=0xc76, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="h0hZEojHvPfqGeW.png", cAlternateFileName="H0HZEO~1.PNG")) returned 1 [0052.663] lstrcmpiW (lpString1="h0hZEojHvPfqGeW.png", lpString2="Windows") returned -1 [0052.663] lstrcmpiW (lpString1="h0hZEojHvPfqGeW.png", lpString2="Program Files") returned -1 [0052.663] lstrcmpiW (lpString1="h0hZEojHvPfqGeW.png", lpString2="Program Files (x86)") returned -1 [0052.663] lstrcmpiW (lpString1="h0hZEojHvPfqGeW.png", lpString2="$Recycle.bin") returned 1 [0052.663] lstrcmpiW (lpString1="h0hZEojHvPfqGeW.png", lpString2="System Volume Information") returned -1 [0052.663] lstrcmpiW (lpString1="h0hZEojHvPfqGeW.png", lpString2=".") returned 1 [0052.663] lstrcmpiW (lpString1="h0hZEojHvPfqGeW.png", lpString2="..") returned 1 [0052.663] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png") returned 74 [0052.664] StrStrIW (lpFirst="h0hZEojHvPfqGeW.png", lpSrch=".lolkek") returned 0x0 [0052.664] lstrcmpW (lpString1="h0hZEojHvPfqGeW.png", lpString2="LOLKEK.txt") returned -1 [0052.664] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png") returned 74 [0052.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3ca73d0 [0052.664] lstrcpyW (in: lpString1=0x3ca73d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\h0hZEojHvPfqGeW.png" [0052.664] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.664] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.664] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc2779a0, ftCreationTime.dwHighDateTime=0x1d62646, ftLastAccessTime.dwLowDateTime=0xa852d4e0, ftLastAccessTime.dwHighDateTime=0x1d62368, ftLastWriteTime.dwLowDateTime=0xa852d4e0, ftLastWriteTime.dwHighDateTime=0x1d62368, nFileSizeHigh=0x0, nFileSizeLow=0x120b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HCROYXm6AT.bmp", cAlternateFileName="HCROYX~1.BMP")) returned 1 [0052.664] lstrcmpiW (lpString1="HCROYXm6AT.bmp", lpString2="Windows") returned -1 [0052.664] lstrcmpiW (lpString1="HCROYXm6AT.bmp", lpString2="Program Files") returned -1 [0052.664] lstrcmpiW (lpString1="HCROYXm6AT.bmp", lpString2="Program Files (x86)") returned -1 [0052.664] lstrcmpiW (lpString1="HCROYXm6AT.bmp", lpString2="$Recycle.bin") returned 1 [0052.664] lstrcmpiW (lpString1="HCROYXm6AT.bmp", lpString2="System Volume Information") returned -1 [0052.664] lstrcmpiW (lpString1="HCROYXm6AT.bmp", lpString2=".") returned 1 [0052.664] lstrcmpiW (lpString1="HCROYXm6AT.bmp", lpString2="..") returned 1 [0052.664] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp") returned 69 [0052.664] StrStrIW (lpFirst="HCROYXm6AT.bmp", lpSrch=".lolkek") returned 0x0 [0052.664] lstrcmpW (lpString1="HCROYXm6AT.bmp", lpString2="LOLKEK.txt") returned -1 [0052.664] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp") returned 69 [0052.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x3de1d08 [0052.664] lstrcpyW (in: lpString1=0x3de1d08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HCROYXm6AT.bmp" [0052.664] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.664] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.664] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79bac980, ftCreationTime.dwHighDateTime=0x1d631be, ftLastAccessTime.dwLowDateTime=0x48426480, ftLastAccessTime.dwHighDateTime=0x1d6273c, ftLastWriteTime.dwLowDateTime=0x48426480, ftLastWriteTime.dwHighDateTime=0x1d6273c, nFileSizeHigh=0x0, nFileSizeLow=0x46d5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HyETetqgB0GSJyP6fsg.png", cAlternateFileName="HYETET~1.PNG")) returned 1 [0052.664] lstrcmpiW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2="Windows") returned -1 [0052.664] lstrcmpiW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2="Program Files") returned -1 [0052.664] lstrcmpiW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2="Program Files (x86)") returned -1 [0052.664] lstrcmpiW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2="$Recycle.bin") returned 1 [0052.664] lstrcmpiW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2="System Volume Information") returned -1 [0052.664] lstrcmpiW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2=".") returned 1 [0052.664] lstrcmpiW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2="..") returned 1 [0052.664] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png") returned 78 [0052.664] StrStrIW (lpFirst="HyETetqgB0GSJyP6fsg.png", lpSrch=".lolkek") returned 0x0 [0052.664] lstrcmpW (lpString1="HyETetqgB0GSJyP6fsg.png", lpString2="LOLKEK.txt") returned -1 [0052.664] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png") returned 78 [0052.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616ae0 [0052.664] lstrcpyW (in: lpString1=0x616ae0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\HyETetqgB0GSJyP6fsg.png" [0052.664] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.664] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.664] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6666da0, ftCreationTime.dwHighDateTime=0x1d62802, ftLastAccessTime.dwLowDateTime=0x10402b00, ftLastAccessTime.dwHighDateTime=0x1d62933, ftLastWriteTime.dwLowDateTime=0x10402b00, ftLastWriteTime.dwHighDateTime=0x1d62933, nFileSizeHigh=0x0, nFileSizeLow=0x805d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="KlQjYZVRJ.gif", cAlternateFileName="KLQJYZ~1.GIF")) returned 1 [0052.664] lstrcmpiW (lpString1="KlQjYZVRJ.gif", lpString2="Windows") returned -1 [0052.664] lstrcmpiW (lpString1="KlQjYZVRJ.gif", lpString2="Program Files") returned -1 [0052.664] lstrcmpiW (lpString1="KlQjYZVRJ.gif", lpString2="Program Files (x86)") returned -1 [0052.664] lstrcmpiW (lpString1="KlQjYZVRJ.gif", lpString2="$Recycle.bin") returned 1 [0052.665] lstrcmpiW (lpString1="KlQjYZVRJ.gif", lpString2="System Volume Information") returned -1 [0052.665] lstrcmpiW (lpString1="KlQjYZVRJ.gif", lpString2=".") returned 1 [0052.665] lstrcmpiW (lpString1="KlQjYZVRJ.gif", lpString2="..") returned 1 [0052.665] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif") returned 68 [0052.665] StrStrIW (lpFirst="KlQjYZVRJ.gif", lpSrch=".lolkek") returned 0x0 [0052.665] lstrcmpW (lpString1="KlQjYZVRJ.gif", lpString2="LOLKEK.txt") returned -1 [0052.665] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif") returned 68 [0052.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x3c948d8 [0052.665] lstrcpyW (in: lpString1=0x3c948d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\KlQjYZVRJ.gif" [0052.665] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.665] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.665] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaec6f850, ftCreationTime.dwHighDateTime=0x1d625b2, ftLastAccessTime.dwLowDateTime=0x31422ee0, ftLastAccessTime.dwHighDateTime=0x1d62274, ftLastWriteTime.dwLowDateTime=0x31422ee0, ftLastWriteTime.dwHighDateTime=0x1d62274, nFileSizeHigh=0x0, nFileSizeLow=0x4e7c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sjxezZK.gif", cAlternateFileName="")) returned 1 [0052.665] lstrcmpiW (lpString1="sjxezZK.gif", lpString2="Windows") returned -1 [0052.665] lstrcmpiW (lpString1="sjxezZK.gif", lpString2="Program Files") returned 1 [0052.665] lstrcmpiW (lpString1="sjxezZK.gif", lpString2="Program Files (x86)") returned 1 [0052.665] lstrcmpiW (lpString1="sjxezZK.gif", lpString2="$Recycle.bin") returned 1 [0052.665] lstrcmpiW (lpString1="sjxezZK.gif", lpString2="System Volume Information") returned -1 [0052.665] lstrcmpiW (lpString1="sjxezZK.gif", lpString2=".") returned 1 [0052.665] lstrcmpiW (lpString1="sjxezZK.gif", lpString2="..") returned 1 [0052.665] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif") returned 66 [0052.665] StrStrIW (lpFirst="sjxezZK.gif", lpSrch=".lolkek") returned 0x0 [0052.665] lstrcmpW (lpString1="sjxezZK.gif", lpString2="LOLKEK.txt") returned 1 [0052.665] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif") returned 66 [0052.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x611958 [0052.665] lstrcpyW (in: lpString1=0x611958, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\sjxezZK.gif" [0052.665] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.670] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.670] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c4209f0, ftCreationTime.dwHighDateTime=0x1d62b51, ftLastAccessTime.dwLowDateTime=0x1fdcdf40, ftLastAccessTime.dwHighDateTime=0x1d63103, ftLastWriteTime.dwLowDateTime=0x1fdcdf40, ftLastWriteTime.dwHighDateTime=0x1d63103, nFileSizeHigh=0x0, nFileSizeLow=0x569b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TM-par__cJ JD_tuv.gif", cAlternateFileName="TM-PAR~1.GIF")) returned 1 [0052.671] lstrcmpiW (lpString1="TM-par__cJ JD_tuv.gif", lpString2="Windows") returned -1 [0052.671] lstrcmpiW (lpString1="TM-par__cJ JD_tuv.gif", lpString2="Program Files") returned 1 [0052.671] lstrcmpiW (lpString1="TM-par__cJ JD_tuv.gif", lpString2="Program Files (x86)") returned 1 [0052.671] lstrcmpiW (lpString1="TM-par__cJ JD_tuv.gif", lpString2="$Recycle.bin") returned 1 [0052.671] lstrcmpiW (lpString1="TM-par__cJ JD_tuv.gif", lpString2="System Volume Information") returned 1 [0052.671] lstrcmpiW (lpString1="TM-par__cJ JD_tuv.gif", lpString2=".") returned 1 [0052.671] lstrcmpiW (lpString1="TM-par__cJ JD_tuv.gif", lpString2="..") returned 1 [0052.671] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif") returned 76 [0052.671] StrStrIW (lpFirst="TM-par__cJ JD_tuv.gif", lpSrch=".lolkek") returned 0x0 [0052.671] lstrcmpW (lpString1="TM-par__cJ JD_tuv.gif", lpString2="LOLKEK.txt") returned 1 [0052.671] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif") returned 76 [0052.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x695c78 [0052.671] lstrcpyW (in: lpString1=0x695c78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\TM-par__cJ JD_tuv.gif" [0052.671] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.671] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.671] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9382530, ftCreationTime.dwHighDateTime=0x1d6305b, ftLastAccessTime.dwLowDateTime=0xf1c165b0, ftLastAccessTime.dwHighDateTime=0x1d62d77, ftLastWriteTime.dwLowDateTime=0xf1c165b0, ftLastWriteTime.dwHighDateTime=0x1d62d77, nFileSizeHigh=0x0, nFileSizeLow=0xad5e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="u3jhTvpacucRK3NV-O.jpg", cAlternateFileName="U3JHTV~1.JPG")) returned 1 [0052.671] lstrcmpiW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2="Windows") returned -1 [0052.671] lstrcmpiW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2="Program Files") returned 1 [0052.671] lstrcmpiW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2="Program Files (x86)") returned 1 [0052.671] lstrcmpiW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2="$Recycle.bin") returned 1 [0052.671] lstrcmpiW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2="System Volume Information") returned 1 [0052.671] lstrcmpiW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2=".") returned 1 [0052.671] lstrcmpiW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2="..") returned 1 [0052.671] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg") returned 77 [0052.671] StrStrIW (lpFirst="u3jhTvpacucRK3NV-O.jpg", lpSrch=".lolkek") returned 0x0 [0052.671] lstrcmpW (lpString1="u3jhTvpacucRK3NV-O.jpg", lpString2="LOLKEK.txt") returned 1 [0052.671] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg") returned 77 [0052.671] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x6954c8 [0052.671] lstrcpyW (in: lpString1=0x6954c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\u3jhTvpacucRK3NV-O.jpg" [0052.671] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.681] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.681] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13f20980, ftCreationTime.dwHighDateTime=0x1d62640, ftLastAccessTime.dwLowDateTime=0x330e3680, ftLastAccessTime.dwHighDateTime=0x1d627bd, ftLastWriteTime.dwLowDateTime=0x330e3680, ftLastWriteTime.dwHighDateTime=0x1d627bd, nFileSizeHigh=0x0, nFileSizeLow=0xaf6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="xhozWgYb.jpg", cAlternateFileName="")) returned 1 [0052.681] lstrcmpiW (lpString1="xhozWgYb.jpg", lpString2="Windows") returned 1 [0052.681] lstrcmpiW (lpString1="xhozWgYb.jpg", lpString2="Program Files") returned 1 [0052.681] lstrcmpiW (lpString1="xhozWgYb.jpg", lpString2="Program Files (x86)") returned 1 [0052.681] lstrcmpiW (lpString1="xhozWgYb.jpg", lpString2="$Recycle.bin") returned 1 [0052.681] lstrcmpiW (lpString1="xhozWgYb.jpg", lpString2="System Volume Information") returned 1 [0052.681] lstrcmpiW (lpString1="xhozWgYb.jpg", lpString2=".") returned 1 [0052.681] lstrcmpiW (lpString1="xhozWgYb.jpg", lpString2="..") returned 1 [0052.681] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg") returned 67 [0052.681] StrStrIW (lpFirst="xhozWgYb.jpg", lpSrch=".lolkek") returned 0x0 [0052.681] lstrcmpW (lpString1="xhozWgYb.jpg", lpString2="LOLKEK.txt") returned 1 [0052.681] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg") returned 67 [0052.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x612d08 [0052.681] lstrcpyW (in: lpString1=0x612d08, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\xhozWgYb.jpg" [0052.681] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.681] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.681] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfa0e890, ftCreationTime.dwHighDateTime=0x1d62560, ftLastAccessTime.dwLowDateTime=0x38032c0, ftLastAccessTime.dwHighDateTime=0x1d62c99, ftLastWriteTime.dwLowDateTime=0x38032c0, ftLastWriteTime.dwHighDateTime=0x1d62c99, nFileSizeHigh=0x0, nFileSizeLow=0x17c1a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XwaIjnM4DEdbADngJ.jpg", cAlternateFileName="XWAIJN~1.JPG")) returned 1 [0052.681] lstrcmpiW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2="Windows") returned 1 [0052.681] lstrcmpiW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2="Program Files") returned 1 [0052.681] lstrcmpiW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2="Program Files (x86)") returned 1 [0052.682] lstrcmpiW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2="$Recycle.bin") returned 1 [0052.682] lstrcmpiW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2="System Volume Information") returned 1 [0052.682] lstrcmpiW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2=".") returned 1 [0052.682] lstrcmpiW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2="..") returned 1 [0052.682] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg") returned 76 [0052.682] StrStrIW (lpFirst="XwaIjnM4DEdbADngJ.jpg", lpSrch=".lolkek") returned 0x0 [0052.682] lstrcmpW (lpString1="XwaIjnM4DEdbADngJ.jpg", lpString2="LOLKEK.txt") returned 1 [0052.682] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg") returned 76 [0052.682] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6958a0 [0052.682] lstrcpyW (in: lpString1=0x6958a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\XwaIjnM4DEdbADngJ.jpg" [0052.682] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.735] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.735] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfa0e890, ftCreationTime.dwHighDateTime=0x1d62560, ftLastAccessTime.dwLowDateTime=0x38032c0, ftLastAccessTime.dwHighDateTime=0x1d62c99, ftLastWriteTime.dwLowDateTime=0x38032c0, ftLastWriteTime.dwHighDateTime=0x1d62c99, nFileSizeHigh=0x0, nFileSizeLow=0x17c1a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XwaIjnM4DEdbADngJ.jpg", cAlternateFileName="XWAIJN~1.JPG")) returned 0 [0052.735] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0052.736] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\LOLKEK.txt") returned 65 [0052.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LT5kFx\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lt5kfx\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0052.736] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.736] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0052.737] CloseHandle (hObject=0x2a0) returned 1 [0052.737] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0052.737] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab8d3a70, ftCreationTime.dwHighDateTime=0x1d63181, ftLastAccessTime.dwLowDateTime=0x1ba79ae0, ftLastAccessTime.dwHighDateTime=0x1d62d9e, ftLastWriteTime.dwLowDateTime=0x1ba79ae0, ftLastWriteTime.dwHighDateTime=0x1d62d9e, nFileSizeHigh=0x0, nFileSizeLow=0x41d0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TbHZpX.gif", cAlternateFileName="")) returned 1 [0052.737] lstrcmpiW (lpString1="TbHZpX.gif", lpString2="Windows") returned -1 [0052.737] lstrcmpiW (lpString1="TbHZpX.gif", lpString2="Program Files") returned 1 [0052.737] lstrcmpiW (lpString1="TbHZpX.gif", lpString2="Program Files (x86)") returned 1 [0052.737] lstrcmpiW (lpString1="TbHZpX.gif", lpString2="$Recycle.bin") returned 1 [0052.737] lstrcmpiW (lpString1="TbHZpX.gif", lpString2="System Volume Information") returned 1 [0052.737] lstrcmpiW (lpString1="TbHZpX.gif", lpString2=".") returned 1 [0052.737] lstrcmpiW (lpString1="TbHZpX.gif", lpString2="..") returned 1 [0052.737] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif") returned 58 [0052.737] StrStrIW (lpFirst="TbHZpX.gif", lpSrch=".lolkek") returned 0x0 [0052.737] lstrcmpW (lpString1="TbHZpX.gif", lpString2="LOLKEK.txt") returned 1 [0052.737] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif") returned 58 [0052.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7760 [0052.737] lstrcpyW (in: lpString1=0x3ca7760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\TbHZpX.gif" [0052.737] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.737] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.737] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28f80e90, ftCreationTime.dwHighDateTime=0x1d62c41, ftLastAccessTime.dwLowDateTime=0x606bddf0, ftLastAccessTime.dwHighDateTime=0x1d63251, ftLastWriteTime.dwLowDateTime=0x606bddf0, ftLastWriteTime.dwHighDateTime=0x1d63251, nFileSizeHigh=0x0, nFileSizeLow=0xae55, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x4z8qU vCeeB.png", cAlternateFileName="X4Z8QU~1.PNG")) returned 1 [0052.737] lstrcmpiW (lpString1="x4z8qU vCeeB.png", lpString2="Windows") returned 1 [0052.737] lstrcmpiW (lpString1="x4z8qU vCeeB.png", lpString2="Program Files") returned 1 [0052.737] lstrcmpiW (lpString1="x4z8qU vCeeB.png", lpString2="Program Files (x86)") returned 1 [0052.737] lstrcmpiW (lpString1="x4z8qU vCeeB.png", lpString2="$Recycle.bin") returned 1 [0052.737] lstrcmpiW (lpString1="x4z8qU vCeeB.png", lpString2="System Volume Information") returned 1 [0052.737] lstrcmpiW (lpString1="x4z8qU vCeeB.png", lpString2=".") returned 1 [0052.737] lstrcmpiW (lpString1="x4z8qU vCeeB.png", lpString2="..") returned 1 [0052.737] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png") returned 64 [0052.737] StrStrIW (lpFirst="x4z8qU vCeeB.png", lpSrch=".lolkek") returned 0x0 [0052.737] lstrcmpW (lpString1="x4z8qU vCeeB.png", lpString2="LOLKEK.txt") returned 1 [0052.737] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png") returned 64 [0052.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x611a70 [0052.737] lstrcpyW (in: lpString1=0x611a70, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\x4z8qU vCeeB.png" [0052.738] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.738] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.738] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xede80270, ftCreationTime.dwHighDateTime=0x1d63261, ftLastAccessTime.dwLowDateTime=0x36fb4610, ftLastAccessTime.dwHighDateTime=0x1d630fb, ftLastWriteTime.dwLowDateTime=0x36fb4610, ftLastWriteTime.dwHighDateTime=0x1d630fb, nFileSizeHigh=0x0, nFileSizeLow=0xd6da, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="xKzeHLfBgXc.gif", cAlternateFileName="XKZEHL~1.GIF")) returned 1 [0052.738] lstrcmpiW (lpString1="xKzeHLfBgXc.gif", lpString2="Windows") returned 1 [0052.738] lstrcmpiW (lpString1="xKzeHLfBgXc.gif", lpString2="Program Files") returned 1 [0052.738] lstrcmpiW (lpString1="xKzeHLfBgXc.gif", lpString2="Program Files (x86)") returned 1 [0052.738] lstrcmpiW (lpString1="xKzeHLfBgXc.gif", lpString2="$Recycle.bin") returned 1 [0052.738] lstrcmpiW (lpString1="xKzeHLfBgXc.gif", lpString2="System Volume Information") returned 1 [0052.738] lstrcmpiW (lpString1="xKzeHLfBgXc.gif", lpString2=".") returned 1 [0052.738] lstrcmpiW (lpString1="xKzeHLfBgXc.gif", lpString2="..") returned 1 [0052.738] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif") returned 63 [0052.738] StrStrIW (lpFirst="xKzeHLfBgXc.gif", lpSrch=".lolkek") returned 0x0 [0052.738] lstrcmpW (lpString1="xKzeHLfBgXc.gif", lpString2="LOLKEK.txt") returned 1 [0052.738] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif") returned 63 [0052.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4e90 [0052.738] lstrcpyW (in: lpString1=0x3ec4e90, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xKzeHLfBgXc.gif" [0052.738] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.738] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.738] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42271750, ftCreationTime.dwHighDateTime=0x1d623b1, ftLastAccessTime.dwLowDateTime=0x8723b230, ftLastAccessTime.dwHighDateTime=0x1d62fe8, ftLastWriteTime.dwLowDateTime=0x8723b230, ftLastWriteTime.dwHighDateTime=0x1d62fe8, nFileSizeHigh=0x0, nFileSizeLow=0xc278, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="xxZPzzmz8h.png", cAlternateFileName="XXZPZZ~1.PNG")) returned 1 [0052.738] lstrcmpiW (lpString1="xxZPzzmz8h.png", lpString2="Windows") returned 1 [0052.738] lstrcmpiW (lpString1="xxZPzzmz8h.png", lpString2="Program Files") returned 1 [0052.738] lstrcmpiW (lpString1="xxZPzzmz8h.png", lpString2="Program Files (x86)") returned 1 [0052.738] lstrcmpiW (lpString1="xxZPzzmz8h.png", lpString2="$Recycle.bin") returned 1 [0052.738] lstrcmpiW (lpString1="xxZPzzmz8h.png", lpString2="System Volume Information") returned 1 [0052.738] lstrcmpiW (lpString1="xxZPzzmz8h.png", lpString2=".") returned 1 [0052.738] lstrcmpiW (lpString1="xxZPzzmz8h.png", lpString2="..") returned 1 [0052.738] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png") returned 62 [0052.738] StrStrIW (lpFirst="xxZPzzmz8h.png", lpSrch=".lolkek") returned 0x0 [0052.738] lstrcmpW (lpString1="xxZPzzmz8h.png", lpString2="LOLKEK.txt") returned 1 [0052.738] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png") returned 62 [0052.738] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4f98 [0052.738] lstrcpyW (in: lpString1=0x3ec4f98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\xxZPzzmz8h.png" [0052.738] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.738] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.738] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b3e58e0, ftCreationTime.dwHighDateTime=0x1d62e88, ftLastAccessTime.dwLowDateTime=0x6b1d64a0, ftLastAccessTime.dwHighDateTime=0x1d62be2, ftLastWriteTime.dwLowDateTime=0x6b1d64a0, ftLastWriteTime.dwHighDateTime=0x1d62be2, nFileSizeHigh=0x0, nFileSizeLow=0xb73d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="z6zPMS1z2wdbzXaBOWj.bmp", cAlternateFileName="Z6ZPMS~1.BMP")) returned 1 [0052.739] lstrcmpiW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2="Windows") returned 1 [0052.739] lstrcmpiW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2="Program Files") returned 1 [0052.739] lstrcmpiW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2="Program Files (x86)") returned 1 [0052.739] lstrcmpiW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2="$Recycle.bin") returned 1 [0052.739] lstrcmpiW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2="System Volume Information") returned 1 [0052.739] lstrcmpiW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2=".") returned 1 [0052.739] lstrcmpiW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2="..") returned 1 [0052.739] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp") returned 71 [0052.739] StrStrIW (lpFirst="z6zPMS1z2wdbzXaBOWj.bmp", lpSrch=".lolkek") returned 0x0 [0052.739] lstrcmpW (lpString1="z6zPMS1z2wdbzXaBOWj.bmp", lpString2="LOLKEK.txt") returned 1 [0052.739] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp") returned 71 [0052.739] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f568 [0052.739] lstrcpyW (in: lpString1=0x3e3f568, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\z6zPMS1z2wdbzXaBOWj.bmp" [0052.739] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.739] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.739] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b3e58e0, ftCreationTime.dwHighDateTime=0x1d62e88, ftLastAccessTime.dwLowDateTime=0x6b1d64a0, ftLastAccessTime.dwHighDateTime=0x1d62be2, ftLastWriteTime.dwLowDateTime=0x6b1d64a0, ftLastWriteTime.dwHighDateTime=0x1d62be2, nFileSizeHigh=0x0, nFileSizeLow=0xb73d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="z6zPMS1z2wdbzXaBOWj.bmp", cAlternateFileName="Z6ZPMS~1.BMP")) returned 0 [0052.739] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.739] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LOLKEK.txt") returned 58 [0052.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4xjt\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4xjt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.739] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.739] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.740] CloseHandle (hObject=0x280) returned 1 [0052.740] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.741] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34b124f0, ftCreationTime.dwHighDateTime=0x1d62fbc, ftLastAccessTime.dwLowDateTime=0xebe44890, ftLastAccessTime.dwHighDateTime=0x1d62b21, ftLastWriteTime.dwLowDateTime=0xebe44890, ftLastWriteTime.dwHighDateTime=0x1d62b21, nFileSizeHigh=0x0, nFileSizeLow=0x2bb6, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="BNZlDvsu.gif", cAlternateFileName="")) returned 1 [0052.741] lstrcmpiW (lpString1="BNZlDvsu.gif", lpString2="Windows") returned -1 [0052.741] lstrcmpiW (lpString1="BNZlDvsu.gif", lpString2="Program Files") returned -1 [0052.741] lstrcmpiW (lpString1="BNZlDvsu.gif", lpString2="Program Files (x86)") returned -1 [0052.741] lstrcmpiW (lpString1="BNZlDvsu.gif", lpString2="$Recycle.bin") returned 1 [0052.742] lstrcmpiW (lpString1="BNZlDvsu.gif", lpString2="System Volume Information") returned -1 [0052.742] lstrcmpiW (lpString1="BNZlDvsu.gif", lpString2=".") returned 1 [0052.742] lstrcmpiW (lpString1="BNZlDvsu.gif", lpString2="..") returned 1 [0052.742] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif") returned 55 [0052.742] StrStrIW (lpFirst="BNZlDvsu.gif", lpSrch=".lolkek") returned 0x0 [0052.742] lstrcmpW (lpString1="BNZlDvsu.gif", lpString2="LOLKEK.txt") returned -1 [0052.742] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif") returned 55 [0052.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbc4f0 [0052.742] lstrcpyW (in: lpString1=0x3cbc4f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BNZlDvsu.gif" [0052.742] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.742] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x207964c0, ftCreationTime.dwHighDateTime=0x1d62a5d, ftLastAccessTime.dwLowDateTime=0x2563c4c0, ftLastAccessTime.dwHighDateTime=0x1d62fe5, ftLastWriteTime.dwLowDateTime=0x2563c4c0, ftLastWriteTime.dwHighDateTime=0x1d62fe5, nFileSizeHigh=0x0, nFileSizeLow=0xe684, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="BtYTmJ_b0gc.bmp", cAlternateFileName="BTYTMJ~1.BMP")) returned 1 [0052.742] lstrcmpiW (lpString1="BtYTmJ_b0gc.bmp", lpString2="Windows") returned -1 [0052.742] lstrcmpiW (lpString1="BtYTmJ_b0gc.bmp", lpString2="Program Files") returned -1 [0052.742] lstrcmpiW (lpString1="BtYTmJ_b0gc.bmp", lpString2="Program Files (x86)") returned -1 [0052.742] lstrcmpiW (lpString1="BtYTmJ_b0gc.bmp", lpString2="$Recycle.bin") returned 1 [0052.742] lstrcmpiW (lpString1="BtYTmJ_b0gc.bmp", lpString2="System Volume Information") returned -1 [0052.742] lstrcmpiW (lpString1="BtYTmJ_b0gc.bmp", lpString2=".") returned 1 [0052.742] lstrcmpiW (lpString1="BtYTmJ_b0gc.bmp", lpString2="..") returned 1 [0052.742] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp") returned 58 [0052.742] StrStrIW (lpFirst="BtYTmJ_b0gc.bmp", lpSrch=".lolkek") returned 0x0 [0052.742] lstrcmpW (lpString1="BtYTmJ_b0gc.bmp", lpString2="LOLKEK.txt") returned -1 [0052.742] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp") returned 58 [0052.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7668 [0052.742] lstrcpyW (in: lpString1=0x3ca7668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BtYTmJ_b0gc.bmp" [0052.742] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.742] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723d3fb0, ftCreationTime.dwHighDateTime=0x1d6226b, ftLastAccessTime.dwLowDateTime=0xc830d100, ftLastAccessTime.dwHighDateTime=0x1d627b3, ftLastWriteTime.dwLowDateTime=0xc830d100, ftLastWriteTime.dwHighDateTime=0x1d627b3, nFileSizeHigh=0x0, nFileSizeLow=0xc52d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="cgEjbdY.bmp", cAlternateFileName="")) returned 1 [0052.742] lstrcmpiW (lpString1="cgEjbdY.bmp", lpString2="Windows") returned -1 [0052.742] lstrcmpiW (lpString1="cgEjbdY.bmp", lpString2="Program Files") returned -1 [0052.742] lstrcmpiW (lpString1="cgEjbdY.bmp", lpString2="Program Files (x86)") returned -1 [0052.742] lstrcmpiW (lpString1="cgEjbdY.bmp", lpString2="$Recycle.bin") returned 1 [0052.742] lstrcmpiW (lpString1="cgEjbdY.bmp", lpString2="System Volume Information") returned -1 [0052.742] lstrcmpiW (lpString1="cgEjbdY.bmp", lpString2=".") returned 1 [0052.742] lstrcmpiW (lpString1="cgEjbdY.bmp", lpString2="..") returned 1 [0052.742] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp") returned 54 [0052.742] StrStrIW (lpFirst="cgEjbdY.bmp", lpSrch=".lolkek") returned 0x0 [0052.742] lstrcmpW (lpString1="cgEjbdY.bmp", lpString2="LOLKEK.txt") returned -1 [0052.743] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp") returned 54 [0052.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbc5d8 [0052.743] lstrcpyW (in: lpString1=0x3cbc5d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cgEjbdY.bmp" [0052.743] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.743] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.743] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.743] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.743] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.743] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.743] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.743] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.743] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.743] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.743] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned 54 [0052.743] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.743] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.743] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned 54 [0052.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbc6c0 [0052.743] lstrcpyW (in: lpString1=0x3cbc6c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" [0052.743] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.743] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.743] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb966160, ftCreationTime.dwHighDateTime=0x1d62aac, ftLastAccessTime.dwLowDateTime=0x48d58820, ftLastAccessTime.dwHighDateTime=0x1d6270d, ftLastWriteTime.dwLowDateTime=0x48d58820, ftLastWriteTime.dwHighDateTime=0x1d6270d, nFileSizeHigh=0x0, nFileSizeLow=0x1c97, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="FFO7.png", cAlternateFileName="")) returned 1 [0052.743] lstrcmpiW (lpString1="FFO7.png", lpString2="Windows") returned -1 [0052.743] lstrcmpiW (lpString1="FFO7.png", lpString2="Program Files") returned -1 [0052.743] lstrcmpiW (lpString1="FFO7.png", lpString2="Program Files (x86)") returned -1 [0052.743] lstrcmpiW (lpString1="FFO7.png", lpString2="$Recycle.bin") returned 1 [0052.743] lstrcmpiW (lpString1="FFO7.png", lpString2="System Volume Information") returned -1 [0052.743] lstrcmpiW (lpString1="FFO7.png", lpString2=".") returned 1 [0052.743] lstrcmpiW (lpString1="FFO7.png", lpString2="..") returned 1 [0052.743] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png") returned 51 [0052.743] StrStrIW (lpFirst="FFO7.png", lpSrch=".lolkek") returned 0x0 [0052.743] lstrcmpW (lpString1="FFO7.png", lpString2="LOLKEK.txt") returned -1 [0052.743] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png") returned 51 [0052.743] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbe5a0 [0052.743] lstrcpyW (in: lpString1=0x3cbe5a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFO7.png" [0052.743] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.744] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67356b40, ftCreationTime.dwHighDateTime=0x1d627e0, ftLastAccessTime.dwLowDateTime=0x2ea67eb0, ftLastAccessTime.dwHighDateTime=0x1d62801, ftLastWriteTime.dwLowDateTime=0x2ea67eb0, ftLastWriteTime.dwHighDateTime=0x1d62801, nFileSizeHigh=0x0, nFileSizeLow=0x16422, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="i6yq4qseuEpFM.jpg", cAlternateFileName="I6YQ4Q~1.JPG")) returned 1 [0052.744] lstrcmpiW (lpString1="i6yq4qseuEpFM.jpg", lpString2="Windows") returned -1 [0052.744] lstrcmpiW (lpString1="i6yq4qseuEpFM.jpg", lpString2="Program Files") returned -1 [0052.744] lstrcmpiW (lpString1="i6yq4qseuEpFM.jpg", lpString2="Program Files (x86)") returned -1 [0052.744] lstrcmpiW (lpString1="i6yq4qseuEpFM.jpg", lpString2="$Recycle.bin") returned 1 [0052.744] lstrcmpiW (lpString1="i6yq4qseuEpFM.jpg", lpString2="System Volume Information") returned -1 [0052.744] lstrcmpiW (lpString1="i6yq4qseuEpFM.jpg", lpString2=".") returned 1 [0052.744] lstrcmpiW (lpString1="i6yq4qseuEpFM.jpg", lpString2="..") returned 1 [0052.744] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg") returned 60 [0052.744] StrStrIW (lpFirst="i6yq4qseuEpFM.jpg", lpSrch=".lolkek") returned 0x0 [0052.744] lstrcmpW (lpString1="i6yq4qseuEpFM.jpg", lpString2="LOLKEK.txt") returned -1 [0052.744] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg") returned 60 [0052.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0660 [0052.744] lstrcpyW (in: lpString1=0x3da0660, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\i6yq4qseuEpFM.jpg" [0052.744] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.744] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96836e10, ftCreationTime.dwHighDateTime=0x1d62a7e, ftLastAccessTime.dwLowDateTime=0x2208eeb0, ftLastAccessTime.dwHighDateTime=0x1d62abb, ftLastWriteTime.dwLowDateTime=0x2208eeb0, ftLastWriteTime.dwHighDateTime=0x1d62abb, nFileSizeHigh=0x0, nFileSizeLow=0xcf38, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="umqThbQLzCVMcShBO.bmp", cAlternateFileName="UMQTHB~1.BMP")) returned 1 [0052.744] lstrcmpiW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2="Windows") returned -1 [0052.744] lstrcmpiW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2="Program Files") returned 1 [0052.744] lstrcmpiW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2="Program Files (x86)") returned 1 [0052.744] lstrcmpiW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2="$Recycle.bin") returned 1 [0052.744] lstrcmpiW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2="System Volume Information") returned 1 [0052.744] lstrcmpiW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2=".") returned 1 [0052.744] lstrcmpiW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2="..") returned 1 [0052.744] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp") returned 64 [0052.744] StrStrIW (lpFirst="umqThbQLzCVMcShBO.bmp", lpSrch=".lolkek") returned 0x0 [0052.744] lstrcmpW (lpString1="umqThbQLzCVMcShBO.bmp", lpString2="LOLKEK.txt") returned 1 [0052.744] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp") returned 64 [0052.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x612e20 [0052.744] lstrcpyW (in: lpString1=0x612e20, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\umqThbQLzCVMcShBO.bmp" [0052.744] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.744] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45a02b10, ftCreationTime.dwHighDateTime=0x1d6272b, ftLastAccessTime.dwLowDateTime=0xffbbd000, ftLastAccessTime.dwHighDateTime=0x1d62ec2, ftLastWriteTime.dwLowDateTime=0xffbbd000, ftLastWriteTime.dwHighDateTime=0x1d62ec2, nFileSizeHigh=0x0, nFileSizeLow=0x16ee5, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="wTw62Q3cjuFJg.jpg", cAlternateFileName="WTW62Q~1.JPG")) returned 1 [0052.744] lstrcmpiW (lpString1="wTw62Q3cjuFJg.jpg", lpString2="Windows") returned 1 [0052.744] lstrcmpiW (lpString1="wTw62Q3cjuFJg.jpg", lpString2="Program Files") returned 1 [0052.745] lstrcmpiW (lpString1="wTw62Q3cjuFJg.jpg", lpString2="Program Files (x86)") returned 1 [0052.745] lstrcmpiW (lpString1="wTw62Q3cjuFJg.jpg", lpString2="$Recycle.bin") returned 1 [0052.745] lstrcmpiW (lpString1="wTw62Q3cjuFJg.jpg", lpString2="System Volume Information") returned 1 [0052.745] lstrcmpiW (lpString1="wTw62Q3cjuFJg.jpg", lpString2=".") returned 1 [0052.745] lstrcmpiW (lpString1="wTw62Q3cjuFJg.jpg", lpString2="..") returned 1 [0052.745] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg") returned 60 [0052.745] StrStrIW (lpFirst="wTw62Q3cjuFJg.jpg", lpSrch=".lolkek") returned 0x0 [0052.745] lstrcmpW (lpString1="wTw62Q3cjuFJg.jpg", lpString2="LOLKEK.txt") returned 1 [0052.745] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg") returned 60 [0052.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf4) returned 0x3da0560 [0052.745] lstrcpyW (in: lpString1=0x3da0560, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wTw62Q3cjuFJg.jpg" [0052.745] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.745] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55a8ddd0, ftCreationTime.dwHighDateTime=0x1d62c59, ftLastAccessTime.dwLowDateTime=0xdc23e170, ftLastAccessTime.dwHighDateTime=0x1d623da, ftLastWriteTime.dwLowDateTime=0xdc23e170, ftLastWriteTime.dwHighDateTime=0x1d623da, nFileSizeHigh=0x0, nFileSizeLow=0x153af, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_GU23vwb.gif", cAlternateFileName="")) returned 1 [0052.745] lstrcmpiW (lpString1="_GU23vwb.gif", lpString2="Windows") returned -1 [0052.745] lstrcmpiW (lpString1="_GU23vwb.gif", lpString2="Program Files") returned -1 [0052.745] lstrcmpiW (lpString1="_GU23vwb.gif", lpString2="Program Files (x86)") returned -1 [0052.745] lstrcmpiW (lpString1="_GU23vwb.gif", lpString2="$Recycle.bin") returned 1 [0052.745] lstrcmpiW (lpString1="_GU23vwb.gif", lpString2="System Volume Information") returned -1 [0052.745] lstrcmpiW (lpString1="_GU23vwb.gif", lpString2=".") returned 1 [0052.745] lstrcmpiW (lpString1="_GU23vwb.gif", lpString2="..") returned 1 [0052.745] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif") returned 55 [0052.745] StrStrIW (lpFirst="_GU23vwb.gif", lpSrch=".lolkek") returned 0x0 [0052.745] lstrcmpW (lpString1="_GU23vwb.gif", lpString2="LOLKEK.txt") returned -1 [0052.745] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif") returned 55 [0052.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbc7a8 [0052.745] lstrcpyW (in: lpString1=0x3cbc7a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_GU23vwb.gif" [0052.745] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.745] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.745] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55a8ddd0, ftCreationTime.dwHighDateTime=0x1d62c59, ftLastAccessTime.dwLowDateTime=0xdc23e170, ftLastAccessTime.dwHighDateTime=0x1d623da, ftLastWriteTime.dwLowDateTime=0xdc23e170, ftLastWriteTime.dwHighDateTime=0x1d623da, nFileSizeHigh=0x0, nFileSizeLow=0x153af, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_GU23vwb.gif", cAlternateFileName="")) returned 0 [0052.745] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.745] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LOLKEK.txt") returned 53 [0052.746] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.746] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.746] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.747] CloseHandle (hObject=0x23c) returned 1 [0052.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.747] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0052.747] lstrcmpiW (lpString1="PrintHood", lpString2="Windows") returned -1 [0052.747] lstrcmpiW (lpString1="PrintHood", lpString2="Program Files") returned -1 [0052.747] lstrcmpiW (lpString1="PrintHood", lpString2="Program Files (x86)") returned -1 [0052.747] lstrcmpiW (lpString1="PrintHood", lpString2="$Recycle.bin") returned 1 [0052.747] lstrcmpiW (lpString1="PrintHood", lpString2="System Volume Information") returned -1 [0052.747] lstrcmpiW (lpString1="PrintHood", lpString2=".") returned 1 [0052.747] lstrcmpiW (lpString1="PrintHood", lpString2="..") returned 1 [0052.747] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned 43 [0052.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.747] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0052.747] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*" [0052.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55a8ddd0, ftCreationTime.dwHighDateTime=0x1d62c59, ftLastAccessTime.dwLowDateTime=0xdc23e170, ftLastAccessTime.dwHighDateTime=0x1d623da, ftLastWriteTime.dwLowDateTime=0xdc23e170, ftLastWriteTime.dwHighDateTime=0x1d623da, nFileSizeHigh=0x0, nFileSizeLow=0x153af, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_GU23vwb.gif", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.747] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.747] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Recent", cAlternateFileName="")) returned 1 [0052.747] lstrcmpiW (lpString1="Recent", lpString2="Windows") returned -1 [0052.747] lstrcmpiW (lpString1="Recent", lpString2="Program Files") returned 1 [0052.747] lstrcmpiW (lpString1="Recent", lpString2="Program Files (x86)") returned 1 [0052.747] lstrcmpiW (lpString1="Recent", lpString2="$Recycle.bin") returned 1 [0052.747] lstrcmpiW (lpString1="Recent", lpString2="System Volume Information") returned -1 [0052.747] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0052.747] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0052.747] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned 40 [0052.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.747] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0052.747] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*" [0052.747] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55a8ddd0, ftCreationTime.dwHighDateTime=0x1d62c59, ftLastAccessTime.dwLowDateTime=0xdc23e170, ftLastAccessTime.dwHighDateTime=0x1d623da, ftLastWriteTime.dwLowDateTime=0xdc23e170, ftLastWriteTime.dwHighDateTime=0x1d623da, nFileSizeHigh=0x0, nFileSizeLow=0x153af, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_GU23vwb.gif", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.748] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.748] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0052.748] lstrcmpiW (lpString1="Saved Games", lpString2="Windows") returned -1 [0052.748] lstrcmpiW (lpString1="Saved Games", lpString2="Program Files") returned 1 [0052.748] lstrcmpiW (lpString1="Saved Games", lpString2="Program Files (x86)") returned 1 [0052.748] lstrcmpiW (lpString1="Saved Games", lpString2="$Recycle.bin") returned 1 [0052.748] lstrcmpiW (lpString1="Saved Games", lpString2="System Volume Information") returned -1 [0052.748] lstrcmpiW (lpString1="Saved Games", lpString2=".") returned 1 [0052.748] lstrcmpiW (lpString1="Saved Games", lpString2="..") returned 1 [0052.748] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned 45 [0052.748] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.748] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0052.748] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*" [0052.748] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.748] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.748] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.748] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.748] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.748] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.748] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.748] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.748] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.748] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.748] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.748] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.748] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.748] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.748] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.748] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.748] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.748] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.749] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.749] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.749] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.749] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.749] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.749] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned 57 [0052.749] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.749] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.749] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned 57 [0052.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x62f730 [0052.749] lstrcpyW (in: lpString1=0x62f730, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" [0052.749] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.749] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.749] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0052.749] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.749] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\LOLKEK.txt") returned 56 [0052.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.749] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.749] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.750] CloseHandle (hObject=0x23c) returned 1 [0052.750] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.750] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Searches", cAlternateFileName="")) returned 1 [0052.750] lstrcmpiW (lpString1="Searches", lpString2="Windows") returned -1 [0052.750] lstrcmpiW (lpString1="Searches", lpString2="Program Files") returned 1 [0052.750] lstrcmpiW (lpString1="Searches", lpString2="Program Files (x86)") returned 1 [0052.750] lstrcmpiW (lpString1="Searches", lpString2="$Recycle.bin") returned 1 [0052.750] lstrcmpiW (lpString1="Searches", lpString2="System Volume Information") returned -1 [0052.750] lstrcmpiW (lpString1="Searches", lpString2=".") returned 1 [0052.750] lstrcmpiW (lpString1="Searches", lpString2="..") returned 1 [0052.750] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned 42 [0052.750] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.750] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0052.750] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*" [0052.750] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.751] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.751] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.751] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.751] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.751] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.751] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.751] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.751] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.751] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.751] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.751] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.751] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.751] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.751] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.751] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.751] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.751] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.751] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.751] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.751] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.751] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.751] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.751] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned 54 [0052.751] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.751] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.751] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned 54 [0052.751] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbc890 [0052.751] lstrcpyW (in: lpString1=0x3cbc890, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" [0052.751] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.751] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.751] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0052.751] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Windows") returned -1 [0052.751] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Program Files") returned -1 [0052.751] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Program Files (x86)") returned -1 [0052.751] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="$Recycle.bin") returned 1 [0052.751] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="System Volume Information") returned -1 [0052.751] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0052.751] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0052.752] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 63 [0052.752] StrStrIW (lpFirst="Everywhere.search-ms", lpSrch=".lolkek") returned 0x0 [0052.752] lstrcmpW (lpString1="Everywhere.search-ms", lpString2="LOLKEK.txt") returned -1 [0052.752] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 63 [0052.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec50a0 [0052.752] lstrcpyW (in: lpString1=0x3ec50a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" [0052.752] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.752] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.752] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0052.752] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Windows") returned -1 [0052.752] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Program Files") returned -1 [0052.752] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Program Files (x86)") returned -1 [0052.752] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="$Recycle.bin") returned 1 [0052.752] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="System Volume Information") returned -1 [0052.752] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0052.752] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0052.752] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 70 [0052.752] StrStrIW (lpFirst="Indexed Locations.search-ms", lpSrch=".lolkek") returned 0x0 [0052.752] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2="LOLKEK.txt") returned -1 [0052.752] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 70 [0052.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3e3f440 [0052.752] lstrcpyW (in: lpString1=0x3e3f440, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" [0052.752] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.757] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.757] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0052.757] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0052.757] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\LOLKEK.txt") returned 53 [0052.757] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0052.758] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.758] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0052.758] CloseHandle (hObject=0x23c) returned 1 [0052.758] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.758] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="SendTo", cAlternateFileName="")) returned 1 [0052.758] lstrcmpiW (lpString1="SendTo", lpString2="Windows") returned -1 [0052.759] lstrcmpiW (lpString1="SendTo", lpString2="Program Files") returned 1 [0052.759] lstrcmpiW (lpString1="SendTo", lpString2="Program Files (x86)") returned 1 [0052.759] lstrcmpiW (lpString1="SendTo", lpString2="$Recycle.bin") returned 1 [0052.759] lstrcmpiW (lpString1="SendTo", lpString2="System Volume Information") returned -1 [0052.759] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0052.759] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0052.759] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned 40 [0052.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.759] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0052.759] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*" [0052.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.759] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0052.759] lstrcmpiW (lpString1="Start Menu", lpString2="Windows") returned -1 [0052.759] lstrcmpiW (lpString1="Start Menu", lpString2="Program Files") returned 1 [0052.759] lstrcmpiW (lpString1="Start Menu", lpString2="Program Files (x86)") returned 1 [0052.759] lstrcmpiW (lpString1="Start Menu", lpString2="$Recycle.bin") returned 1 [0052.759] lstrcmpiW (lpString1="Start Menu", lpString2="System Volume Information") returned -1 [0052.759] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0052.759] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0052.759] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned 44 [0052.759] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.759] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0052.759] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*" [0052.759] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.759] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.759] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0052.759] lstrcmpiW (lpString1="Templates", lpString2="Windows") returned -1 [0052.759] lstrcmpiW (lpString1="Templates", lpString2="Program Files") returned 1 [0052.759] lstrcmpiW (lpString1="Templates", lpString2="Program Files (x86)") returned 1 [0052.760] lstrcmpiW (lpString1="Templates", lpString2="$Recycle.bin") returned 1 [0052.760] lstrcmpiW (lpString1="Templates", lpString2="System Volume Information") returned 1 [0052.760] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0052.760] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0052.760] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned 43 [0052.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.760] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0052.760] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*" [0052.760] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0052.760] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0052.760] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7daf8640, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7daf8640, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 1 [0052.760] lstrcmpiW (lpString1="Videos", lpString2="Windows") returned -1 [0052.760] lstrcmpiW (lpString1="Videos", lpString2="Program Files") returned 1 [0052.760] lstrcmpiW (lpString1="Videos", lpString2="Program Files (x86)") returned 1 [0052.760] lstrcmpiW (lpString1="Videos", lpString2="$Recycle.bin") returned 1 [0052.760] lstrcmpiW (lpString1="Videos", lpString2="System Volume Information") returned 1 [0052.760] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0052.760] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0052.760] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned 40 [0052.760] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0052.760] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0052.760] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*" [0052.760] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7daf8640, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7daf8640, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0052.760] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.760] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.760] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.761] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.761] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.761] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.761] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7daf8640, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7daf8640, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.761] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.761] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.761] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.761] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd698460, ftCreationTime.dwHighDateTime=0x1d62e62, ftLastAccessTime.dwLowDateTime=0x68291b40, ftLastAccessTime.dwHighDateTime=0x1d62cdc, ftLastWriteTime.dwLowDateTime=0x68291b40, ftLastWriteTime.dwHighDateTime=0x1d62cdc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="93_kpTCA", cAlternateFileName="")) returned 1 [0052.761] lstrcmpiW (lpString1="93_kpTCA", lpString2="Windows") returned -1 [0052.761] lstrcmpiW (lpString1="93_kpTCA", lpString2="Program Files") returned -1 [0052.761] lstrcmpiW (lpString1="93_kpTCA", lpString2="Program Files (x86)") returned -1 [0052.761] lstrcmpiW (lpString1="93_kpTCA", lpString2="$Recycle.bin") returned 1 [0052.761] lstrcmpiW (lpString1="93_kpTCA", lpString2="System Volume Information") returned -1 [0052.761] lstrcmpiW (lpString1="93_kpTCA", lpString2=".") returned 1 [0052.761] lstrcmpiW (lpString1="93_kpTCA", lpString2="..") returned 1 [0052.761] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA") returned 49 [0052.761] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.761] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA" [0052.761] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\*" [0052.761] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd698460, ftCreationTime.dwHighDateTime=0x1d62e62, ftLastAccessTime.dwLowDateTime=0x68291b40, ftLastAccessTime.dwHighDateTime=0x1d62cdc, ftLastWriteTime.dwLowDateTime=0x68291b40, ftLastWriteTime.dwHighDateTime=0x1d62cdc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.761] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.761] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.761] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.761] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.761] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.761] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.761] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd698460, ftCreationTime.dwHighDateTime=0x1d62e62, ftLastAccessTime.dwLowDateTime=0x68291b40, ftLastAccessTime.dwHighDateTime=0x1d62cdc, ftLastWriteTime.dwLowDateTime=0x68291b40, ftLastWriteTime.dwHighDateTime=0x1d62cdc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.761] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.761] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.761] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.761] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.762] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7662bf0, ftCreationTime.dwHighDateTime=0x1d62691, ftLastAccessTime.dwLowDateTime=0xb14cc760, ftLastAccessTime.dwHighDateTime=0x1d62a69, ftLastWriteTime.dwLowDateTime=0xb14cc760, ftLastWriteTime.dwHighDateTime=0x1d62a69, nFileSizeHigh=0x0, nFileSizeLow=0x1051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1oyegKj.mp4", cAlternateFileName="")) returned 1 [0052.762] lstrcmpiW (lpString1="1oyegKj.mp4", lpString2="Windows") returned -1 [0052.762] lstrcmpiW (lpString1="1oyegKj.mp4", lpString2="Program Files") returned -1 [0052.762] lstrcmpiW (lpString1="1oyegKj.mp4", lpString2="Program Files (x86)") returned -1 [0052.762] lstrcmpiW (lpString1="1oyegKj.mp4", lpString2="$Recycle.bin") returned 1 [0052.762] lstrcmpiW (lpString1="1oyegKj.mp4", lpString2="System Volume Information") returned -1 [0052.762] lstrcmpiW (lpString1="1oyegKj.mp4", lpString2=".") returned 1 [0052.762] lstrcmpiW (lpString1="1oyegKj.mp4", lpString2="..") returned 1 [0052.762] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4") returned 61 [0052.762] StrStrIW (lpFirst="1oyegKj.mp4", lpSrch=".lolkek") returned 0x0 [0052.762] lstrcmpW (lpString1="1oyegKj.mp4", lpString2="LOLKEK.txt") returned -1 [0052.762] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4") returned 61 [0052.762] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0460 [0052.762] lstrcpyW (in: lpString1=0x3da0460, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\1oyegKj.mp4" [0052.762] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.776] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.776] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedf19d40, ftCreationTime.dwHighDateTime=0x1d6318e, ftLastAccessTime.dwLowDateTime=0x1d1aa520, ftLastAccessTime.dwHighDateTime=0x1d62b28, ftLastWriteTime.dwLowDateTime=0x1d1aa520, ftLastWriteTime.dwHighDateTime=0x1d62b28, nFileSizeHigh=0x0, nFileSizeLow=0x2349, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IEDLIWg9Ym WzYekl7m.mkv", cAlternateFileName="IEDLIW~1.MKV")) returned 1 [0052.776] lstrcmpiW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2="Windows") returned -1 [0052.776] lstrcmpiW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2="Program Files") returned -1 [0052.776] lstrcmpiW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2="Program Files (x86)") returned -1 [0052.776] lstrcmpiW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2="$Recycle.bin") returned 1 [0052.776] lstrcmpiW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2="System Volume Information") returned -1 [0052.776] lstrcmpiW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2=".") returned 1 [0052.776] lstrcmpiW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2="..") returned 1 [0052.776] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv") returned 73 [0052.776] StrStrIW (lpFirst="IEDLIWg9Ym WzYekl7m.mkv", lpSrch=".lolkek") returned 0x0 [0052.776] lstrcmpW (lpString1="IEDLIWg9Ym WzYekl7m.mkv", lpString2="LOLKEK.txt") returned -1 [0052.776] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv") returned 73 [0052.776] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3cab7a0 [0052.776] lstrcpyW (in: lpString1=0x3cab7a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\IEDLIWg9Ym WzYekl7m.mkv" [0052.776] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.793] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.793] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72d80690, ftCreationTime.dwHighDateTime=0x1d62580, ftLastAccessTime.dwLowDateTime=0x20093850, ftLastAccessTime.dwHighDateTime=0x1d630b4, ftLastWriteTime.dwLowDateTime=0x20093850, ftLastWriteTime.dwHighDateTime=0x1d630b4, nFileSizeHigh=0x0, nFileSizeLow=0xe3a6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="M1Gzau CX_Fn.flv", cAlternateFileName="M1GZAU~1.FLV")) returned 1 [0052.793] lstrcmpiW (lpString1="M1Gzau CX_Fn.flv", lpString2="Windows") returned -1 [0052.793] lstrcmpiW (lpString1="M1Gzau CX_Fn.flv", lpString2="Program Files") returned -1 [0052.793] lstrcmpiW (lpString1="M1Gzau CX_Fn.flv", lpString2="Program Files (x86)") returned -1 [0052.793] lstrcmpiW (lpString1="M1Gzau CX_Fn.flv", lpString2="$Recycle.bin") returned 1 [0052.793] lstrcmpiW (lpString1="M1Gzau CX_Fn.flv", lpString2="System Volume Information") returned -1 [0052.793] lstrcmpiW (lpString1="M1Gzau CX_Fn.flv", lpString2=".") returned 1 [0052.793] lstrcmpiW (lpString1="M1Gzau CX_Fn.flv", lpString2="..") returned 1 [0052.793] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv") returned 66 [0052.793] StrStrIW (lpFirst="M1Gzau CX_Fn.flv", lpSrch=".lolkek") returned 0x0 [0052.793] lstrcmpW (lpString1="M1Gzau CX_Fn.flv", lpString2="LOLKEK.txt") returned 1 [0052.793] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv") returned 66 [0052.793] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x612f38 [0052.793] lstrcpyW (in: lpString1=0x612f38, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\M1Gzau CX_Fn.flv" [0052.793] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.793] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.793] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72d80690, ftCreationTime.dwHighDateTime=0x1d62580, ftLastAccessTime.dwLowDateTime=0x20093850, ftLastAccessTime.dwHighDateTime=0x1d630b4, ftLastWriteTime.dwLowDateTime=0x20093850, ftLastWriteTime.dwHighDateTime=0x1d630b4, nFileSizeHigh=0x0, nFileSizeLow=0xe3a6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="M1Gzau CX_Fn.flv", cAlternateFileName="M1GZAU~1.FLV")) returned 0 [0052.793] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.794] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\LOLKEK.txt") returned 60 [0052.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\93_kpTCA\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\93_kptca\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.826] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.826] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.826] CloseHandle (hObject=0x280) returned 1 [0052.826] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.826] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.826] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0052.826] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0052.827] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0052.827] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0052.827] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0052.827] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.827] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.827] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned 52 [0052.827] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0052.827] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0052.827] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned 52 [0052.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cc01d0 [0052.827] lstrcpyW (in: lpString1=0x3cc01d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" [0052.827] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.827] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.827] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1880fe0, ftCreationTime.dwHighDateTime=0x1d62e6c, ftLastAccessTime.dwLowDateTime=0xd6bbe460, ftLastAccessTime.dwHighDateTime=0x1d628c3, ftLastWriteTime.dwLowDateTime=0xd6bbe460, ftLastWriteTime.dwHighDateTime=0x1d628c3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="HcdElWZnM", cAlternateFileName="HCDELW~1")) returned 1 [0052.827] lstrcmpiW (lpString1="HcdElWZnM", lpString2="Windows") returned -1 [0052.827] lstrcmpiW (lpString1="HcdElWZnM", lpString2="Program Files") returned -1 [0052.827] lstrcmpiW (lpString1="HcdElWZnM", lpString2="Program Files (x86)") returned -1 [0052.827] lstrcmpiW (lpString1="HcdElWZnM", lpString2="$Recycle.bin") returned 1 [0052.827] lstrcmpiW (lpString1="HcdElWZnM", lpString2="System Volume Information") returned -1 [0052.827] lstrcmpiW (lpString1="HcdElWZnM", lpString2=".") returned 1 [0052.827] lstrcmpiW (lpString1="HcdElWZnM", lpString2="..") returned 1 [0052.827] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM") returned 50 [0052.827] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.827] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM" [0052.827] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\*" [0052.827] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1880fe0, ftCreationTime.dwHighDateTime=0x1d62e6c, ftLastAccessTime.dwLowDateTime=0xd6bbe460, ftLastAccessTime.dwHighDateTime=0x1d628c3, ftLastWriteTime.dwLowDateTime=0xd6bbe460, ftLastWriteTime.dwHighDateTime=0x1d628c3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.827] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.827] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.827] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.827] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.827] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.827] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.827] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1880fe0, ftCreationTime.dwHighDateTime=0x1d62e6c, ftLastAccessTime.dwLowDateTime=0xd6bbe460, ftLastAccessTime.dwHighDateTime=0x1d628c3, ftLastWriteTime.dwLowDateTime=0xd6bbe460, ftLastWriteTime.dwHighDateTime=0x1d628c3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.827] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.827] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.828] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.828] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.828] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.828] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.828] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.828] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a58f8e0, ftCreationTime.dwHighDateTime=0x1d631f9, ftLastAccessTime.dwLowDateTime=0x5c4e74b0, ftLastAccessTime.dwHighDateTime=0x1d629c5, ftLastWriteTime.dwLowDateTime=0x5c4e74b0, ftLastWriteTime.dwHighDateTime=0x1d629c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="A99P7gU-S", cAlternateFileName="A99P7G~1")) returned 1 [0052.828] lstrcmpiW (lpString1="A99P7gU-S", lpString2="Windows") returned -1 [0052.828] lstrcmpiW (lpString1="A99P7gU-S", lpString2="Program Files") returned -1 [0052.828] lstrcmpiW (lpString1="A99P7gU-S", lpString2="Program Files (x86)") returned -1 [0052.828] lstrcmpiW (lpString1="A99P7gU-S", lpString2="$Recycle.bin") returned 1 [0052.828] lstrcmpiW (lpString1="A99P7gU-S", lpString2="System Volume Information") returned -1 [0052.828] lstrcmpiW (lpString1="A99P7gU-S", lpString2=".") returned 1 [0052.828] lstrcmpiW (lpString1="A99P7gU-S", lpString2="..") returned 1 [0052.828] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S") returned 60 [0052.828] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e23ed8 [0052.828] lstrcpyW (in: lpString1=0x3e23ed8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S" [0052.828] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\*" [0052.828] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a58f8e0, ftCreationTime.dwHighDateTime=0x1d631f9, ftLastAccessTime.dwLowDateTime=0x5c4e74b0, ftLastAccessTime.dwHighDateTime=0x1d629c5, ftLastWriteTime.dwLowDateTime=0x5c4e74b0, ftLastWriteTime.dwHighDateTime=0x1d629c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0052.828] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.828] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.828] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.828] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.828] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.828] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.828] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a58f8e0, ftCreationTime.dwHighDateTime=0x1d631f9, ftLastAccessTime.dwLowDateTime=0x5c4e74b0, ftLastAccessTime.dwHighDateTime=0x1d629c5, ftLastWriteTime.dwLowDateTime=0x5c4e74b0, ftLastWriteTime.dwHighDateTime=0x1d629c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.829] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.829] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.829] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.829] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356f65e0, ftCreationTime.dwHighDateTime=0x1d62b1c, ftLastAccessTime.dwLowDateTime=0x60389da0, ftLastAccessTime.dwHighDateTime=0x1d62c2a, ftLastWriteTime.dwLowDateTime=0x60389da0, ftLastWriteTime.dwHighDateTime=0x1d62c2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1Aa8naZ9Jd", cAlternateFileName="1AA8NA~1")) returned 1 [0052.829] lstrcmpiW (lpString1="1Aa8naZ9Jd", lpString2="Windows") returned -1 [0052.829] lstrcmpiW (lpString1="1Aa8naZ9Jd", lpString2="Program Files") returned -1 [0052.829] lstrcmpiW (lpString1="1Aa8naZ9Jd", lpString2="Program Files (x86)") returned -1 [0052.829] lstrcmpiW (lpString1="1Aa8naZ9Jd", lpString2="$Recycle.bin") returned 1 [0052.829] lstrcmpiW (lpString1="1Aa8naZ9Jd", lpString2="System Volume Information") returned -1 [0052.829] lstrcmpiW (lpString1="1Aa8naZ9Jd", lpString2=".") returned 1 [0052.829] lstrcmpiW (lpString1="1Aa8naZ9Jd", lpString2="..") returned 1 [0052.829] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd") returned 71 [0052.829] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0052.829] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd" [0052.829] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\*" [0052.829] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356f65e0, ftCreationTime.dwHighDateTime=0x1d62b1c, ftLastAccessTime.dwLowDateTime=0x60389da0, ftLastAccessTime.dwHighDateTime=0x1d62c2a, ftLastWriteTime.dwLowDateTime=0x60389da0, ftLastWriteTime.dwHighDateTime=0x1d62c2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0052.829] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.829] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.829] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.829] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.829] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.829] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.829] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356f65e0, ftCreationTime.dwHighDateTime=0x1d62b1c, ftLastAccessTime.dwLowDateTime=0x60389da0, ftLastAccessTime.dwHighDateTime=0x1d62c2a, ftLastWriteTime.dwLowDateTime=0x60389da0, ftLastWriteTime.dwHighDateTime=0x1d62c2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.829] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.829] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.829] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.829] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.829] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d0be950, ftCreationTime.dwHighDateTime=0x1d62588, ftLastAccessTime.dwLowDateTime=0xb366b7b0, ftLastAccessTime.dwHighDateTime=0x1d629ae, ftLastWriteTime.dwLowDateTime=0xb366b7b0, ftLastWriteTime.dwHighDateTime=0x1d629ae, nFileSizeHigh=0x0, nFileSizeLow=0x6ca1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2lDvWgG.mkv", cAlternateFileName="")) returned 1 [0052.829] lstrcmpiW (lpString1="2lDvWgG.mkv", lpString2="Windows") returned -1 [0052.829] lstrcmpiW (lpString1="2lDvWgG.mkv", lpString2="Program Files") returned -1 [0052.829] lstrcmpiW (lpString1="2lDvWgG.mkv", lpString2="Program Files (x86)") returned -1 [0052.829] lstrcmpiW (lpString1="2lDvWgG.mkv", lpString2="$Recycle.bin") returned 1 [0052.830] lstrcmpiW (lpString1="2lDvWgG.mkv", lpString2="System Volume Information") returned -1 [0052.830] lstrcmpiW (lpString1="2lDvWgG.mkv", lpString2=".") returned 1 [0052.830] lstrcmpiW (lpString1="2lDvWgG.mkv", lpString2="..") returned 1 [0052.830] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv") returned 83 [0052.830] StrStrIW (lpFirst="2lDvWgG.mkv", lpSrch=".lolkek") returned 0x0 [0052.830] lstrcmpW (lpString1="2lDvWgG.mkv", lpString2="LOLKEK.txt") returned -1 [0052.830] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv") returned 83 [0052.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cade78 [0052.830] lstrcpyW (in: lpString1=0x3cade78, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\2lDvWgG.mkv" [0052.830] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.830] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.830] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a23d770, ftCreationTime.dwHighDateTime=0x1d630ee, ftLastAccessTime.dwLowDateTime=0xdb404bc0, ftLastAccessTime.dwHighDateTime=0x1d62acb, ftLastWriteTime.dwLowDateTime=0xdb404bc0, ftLastWriteTime.dwHighDateTime=0x1d62acb, nFileSizeHigh=0x0, nFileSizeLow=0xb8e9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DG93bNdYb-9UkEZGcx.mp4", cAlternateFileName="DG93BN~1.MP4")) returned 1 [0052.830] lstrcmpiW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2="Windows") returned -1 [0052.830] lstrcmpiW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2="Program Files") returned -1 [0052.830] lstrcmpiW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2="Program Files (x86)") returned -1 [0052.830] lstrcmpiW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2="$Recycle.bin") returned 1 [0052.830] lstrcmpiW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2="System Volume Information") returned -1 [0052.830] lstrcmpiW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2=".") returned 1 [0052.830] lstrcmpiW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2="..") returned 1 [0052.830] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4") returned 94 [0052.830] StrStrIW (lpFirst="DG93bNdYb-9UkEZGcx.mp4", lpSrch=".lolkek") returned 0x0 [0052.830] lstrcmpW (lpString1="DG93bNdYb-9UkEZGcx.mp4", lpString2="LOLKEK.txt") returned -1 [0052.830] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4") returned 94 [0052.830] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x62fd30 [0052.830] lstrcpyW (in: lpString1=0x62fd30, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\DG93bNdYb-9UkEZGcx.mp4" [0052.830] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.830] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.830] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5468b020, ftCreationTime.dwHighDateTime=0x1d629fd, ftLastAccessTime.dwLowDateTime=0x8c9f83f0, ftLastAccessTime.dwHighDateTime=0x1d62431, ftLastWriteTime.dwLowDateTime=0x8c9f83f0, ftLastWriteTime.dwHighDateTime=0x1d62431, nFileSizeHigh=0x0, nFileSizeLow=0x255e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IimFUakvNGuF9.swf", cAlternateFileName="IIMFUA~1.SWF")) returned 1 [0052.830] lstrcmpiW (lpString1="IimFUakvNGuF9.swf", lpString2="Windows") returned -1 [0052.830] lstrcmpiW (lpString1="IimFUakvNGuF9.swf", lpString2="Program Files") returned -1 [0052.830] lstrcmpiW (lpString1="IimFUakvNGuF9.swf", lpString2="Program Files (x86)") returned -1 [0052.830] lstrcmpiW (lpString1="IimFUakvNGuF9.swf", lpString2="$Recycle.bin") returned 1 [0052.830] lstrcmpiW (lpString1="IimFUakvNGuF9.swf", lpString2="System Volume Information") returned -1 [0052.830] lstrcmpiW (lpString1="IimFUakvNGuF9.swf", lpString2=".") returned 1 [0052.830] lstrcmpiW (lpString1="IimFUakvNGuF9.swf", lpString2="..") returned 1 [0052.830] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf") returned 89 [0052.830] StrStrIW (lpFirst="IimFUakvNGuF9.swf", lpSrch=".lolkek") returned 0x0 [0052.830] lstrcmpW (lpString1="IimFUakvNGuF9.swf", lpString2="LOLKEK.txt") returned -1 [0052.831] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf") returned 89 [0052.831] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x617b68 [0052.831] lstrcpyW (in: lpString1=0x617b68, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\IimFUakvNGuF9.swf" [0052.831] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.831] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.831] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5468b020, ftCreationTime.dwHighDateTime=0x1d629fd, ftLastAccessTime.dwLowDateTime=0x8c9f83f0, ftLastAccessTime.dwHighDateTime=0x1d62431, ftLastWriteTime.dwLowDateTime=0x8c9f83f0, ftLastWriteTime.dwHighDateTime=0x1d62431, nFileSizeHigh=0x0, nFileSizeLow=0x255e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IimFUakvNGuF9.swf", cAlternateFileName="IIMFUA~1.SWF")) returned 0 [0052.831] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0052.831] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\LOLKEK.txt") returned 82 [0052.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\1Aa8naZ9Jd\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\1aa8naz9jd\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0052.831] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.831] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0052.832] CloseHandle (hObject=0x258) returned 1 [0052.832] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0052.832] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf98bf2a0, ftCreationTime.dwHighDateTime=0x1d62553, ftLastAccessTime.dwLowDateTime=0xf3209a00, ftLastAccessTime.dwHighDateTime=0x1d623d3, ftLastWriteTime.dwLowDateTime=0xf3209a00, ftLastWriteTime.dwHighDateTime=0x1d623d3, nFileSizeHigh=0x0, nFileSizeLow=0xbff7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3l36eHojkzOIxazmr.avi", cAlternateFileName="3L36EH~1.AVI")) returned 1 [0052.832] lstrcmpiW (lpString1="3l36eHojkzOIxazmr.avi", lpString2="Windows") returned -1 [0052.832] lstrcmpiW (lpString1="3l36eHojkzOIxazmr.avi", lpString2="Program Files") returned -1 [0052.832] lstrcmpiW (lpString1="3l36eHojkzOIxazmr.avi", lpString2="Program Files (x86)") returned -1 [0052.832] lstrcmpiW (lpString1="3l36eHojkzOIxazmr.avi", lpString2="$Recycle.bin") returned 1 [0052.832] lstrcmpiW (lpString1="3l36eHojkzOIxazmr.avi", lpString2="System Volume Information") returned -1 [0052.832] lstrcmpiW (lpString1="3l36eHojkzOIxazmr.avi", lpString2=".") returned 1 [0052.832] lstrcmpiW (lpString1="3l36eHojkzOIxazmr.avi", lpString2="..") returned 1 [0052.832] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi") returned 82 [0052.832] StrStrIW (lpFirst="3l36eHojkzOIxazmr.avi", lpSrch=".lolkek") returned 0x0 [0052.832] lstrcmpW (lpString1="3l36eHojkzOIxazmr.avi", lpString2="LOLKEK.txt") returned -1 [0052.832] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi") returned 82 [0052.832] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3caebe8 [0052.832] lstrcpyW (in: lpString1=0x3caebe8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\3l36eHojkzOIxazmr.avi" [0052.832] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.832] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.832] lstrcmpiW (lpString1="BmrpAW.flv", lpString2="Windows") returned -1 [0052.833] lstrcmpiW (lpString1="BmrpAW.flv", lpString2="Program Files") returned -1 [0052.833] lstrcmpiW (lpString1="BmrpAW.flv", lpString2="Program Files (x86)") returned -1 [0052.833] lstrcmpiW (lpString1="BmrpAW.flv", lpString2="$Recycle.bin") returned 1 [0052.833] lstrcmpiW (lpString1="BmrpAW.flv", lpString2="System Volume Information") returned -1 [0052.833] lstrcmpiW (lpString1="BmrpAW.flv", lpString2=".") returned 1 [0052.833] lstrcmpiW (lpString1="BmrpAW.flv", lpString2="..") returned 1 [0052.833] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv") returned 71 [0052.833] StrStrIW (lpFirst="BmrpAW.flv", lpSrch=".lolkek") returned 0x0 [0052.833] lstrcmpW (lpString1="BmrpAW.flv", lpString2="LOLKEK.txt") returned -1 [0052.833] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv") returned 71 [0052.833] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f1f0 [0052.833] lstrcpyW (in: lpString1=0x3e3f1f0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\BmrpAW.flv" [0052.833] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.833] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.833] lstrcmpiW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2="Windows") returned -1 [0052.833] lstrcmpiW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2="Program Files") returned -1 [0052.833] lstrcmpiW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2="Program Files (x86)") returned -1 [0052.833] lstrcmpiW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2="$Recycle.bin") returned 1 [0052.833] lstrcmpiW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2="System Volume Information") returned -1 [0052.833] lstrcmpiW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2=".") returned 1 [0052.833] lstrcmpiW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2="..") returned 1 [0052.833] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi") returned 83 [0052.833] StrStrIW (lpFirst="i7QRiGgsl-pqSa5ty0.avi", lpSrch=".lolkek") returned 0x0 [0052.833] lstrcmpW (lpString1="i7QRiGgsl-pqSa5ty0.avi", lpString2="LOLKEK.txt") returned -1 [0052.833] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi") returned 83 [0052.833] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cae3d8 [0052.833] lstrcpyW (in: lpString1=0x3cae3d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\i7QRiGgsl-pqSa5ty0.avi" [0052.833] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.833] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.833] lstrcmpiW (lpString1="ilsbGdhv.avi", lpString2="Windows") returned -1 [0052.833] lstrcmpiW (lpString1="ilsbGdhv.avi", lpString2="Program Files") returned -1 [0052.833] lstrcmpiW (lpString1="ilsbGdhv.avi", lpString2="Program Files (x86)") returned -1 [0052.833] lstrcmpiW (lpString1="ilsbGdhv.avi", lpString2="$Recycle.bin") returned 1 [0052.833] lstrcmpiW (lpString1="ilsbGdhv.avi", lpString2="System Volume Information") returned -1 [0052.833] lstrcmpiW (lpString1="ilsbGdhv.avi", lpString2=".") returned 1 [0052.833] lstrcmpiW (lpString1="ilsbGdhv.avi", lpString2="..") returned 1 [0052.833] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi") returned 73 [0052.834] StrStrIW (lpFirst="ilsbGdhv.avi", lpSrch=".lolkek") returned 0x0 [0052.834] lstrcmpW (lpString1="ilsbGdhv.avi", lpString2="LOLKEK.txt") returned -1 [0052.834] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi") returned 73 [0052.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3cab668 [0052.834] lstrcpyW (in: lpString1=0x3cab668, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\ilsbGdhv.avi" [0052.834] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.834] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.834] lstrcmpiW (lpString1="pDi0SkMe8.mkv", lpString2="Windows") returned -1 [0052.834] lstrcmpiW (lpString1="pDi0SkMe8.mkv", lpString2="Program Files") returned -1 [0052.834] lstrcmpiW (lpString1="pDi0SkMe8.mkv", lpString2="Program Files (x86)") returned -1 [0052.834] lstrcmpiW (lpString1="pDi0SkMe8.mkv", lpString2="$Recycle.bin") returned 1 [0052.834] lstrcmpiW (lpString1="pDi0SkMe8.mkv", lpString2="System Volume Information") returned -1 [0052.834] lstrcmpiW (lpString1="pDi0SkMe8.mkv", lpString2=".") returned 1 [0052.834] lstrcmpiW (lpString1="pDi0SkMe8.mkv", lpString2="..") returned 1 [0052.834] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv") returned 74 [0052.834] StrStrIW (lpFirst="pDi0SkMe8.mkv", lpSrch=".lolkek") returned 0x0 [0052.834] lstrcmpW (lpString1="pDi0SkMe8.mkv", lpString2="LOLKEK.txt") returned 1 [0052.834] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv") returned 74 [0052.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3cabef0 [0052.834] lstrcpyW (in: lpString1=0x3cabef0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\pDi0SkMe8.mkv" [0052.834] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.834] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.834] lstrcmpiW (lpString1="T6GeFyiWPA.mkv", lpString2="Windows") returned -1 [0052.834] lstrcmpiW (lpString1="T6GeFyiWPA.mkv", lpString2="Program Files") returned 1 [0052.834] lstrcmpiW (lpString1="T6GeFyiWPA.mkv", lpString2="Program Files (x86)") returned 1 [0052.834] lstrcmpiW (lpString1="T6GeFyiWPA.mkv", lpString2="$Recycle.bin") returned 1 [0052.834] lstrcmpiW (lpString1="T6GeFyiWPA.mkv", lpString2="System Volume Information") returned 1 [0052.834] lstrcmpiW (lpString1="T6GeFyiWPA.mkv", lpString2=".") returned 1 [0052.834] lstrcmpiW (lpString1="T6GeFyiWPA.mkv", lpString2="..") returned 1 [0052.834] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv") returned 75 [0052.834] StrStrIW (lpFirst="T6GeFyiWPA.mkv", lpSrch=".lolkek") returned 0x0 [0052.834] lstrcmpW (lpString1="T6GeFyiWPA.mkv", lpString2="LOLKEK.txt") returned 1 [0052.834] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv") returned 75 [0052.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3cabc80 [0052.834] lstrcpyW (in: lpString1=0x3cabc80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\T6GeFyiWPA.mkv" [0052.834] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.852] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.853] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0052.853] wsprintfW (in: param_1=0x3e23ed8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\LOLKEK.txt") returned 71 [0052.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\A99P7gU-S\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\a99p7gu-s\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0052.853] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.853] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0052.854] CloseHandle (hObject=0x294) returned 1 [0052.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e23ed8 | out: hHeap=0x5a0000) returned 1 [0052.855] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1cb0aa40, ftCreationTime.dwHighDateTime=0x1d6286b, ftLastAccessTime.dwLowDateTime=0xe867bf40, ftLastAccessTime.dwHighDateTime=0x1d62d82, ftLastWriteTime.dwLowDateTime=0xe867bf40, ftLastWriteTime.dwHighDateTime=0x1d62d82, nFileSizeHigh=0x0, nFileSizeLow=0x44b3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Aj_3qWDmN.swf", cAlternateFileName="AJ_3QW~1.SWF")) returned 1 [0052.855] lstrcmpiW (lpString1="Aj_3qWDmN.swf", lpString2="Windows") returned -1 [0052.855] lstrcmpiW (lpString1="Aj_3qWDmN.swf", lpString2="Program Files") returned -1 [0052.855] lstrcmpiW (lpString1="Aj_3qWDmN.swf", lpString2="Program Files (x86)") returned -1 [0052.855] lstrcmpiW (lpString1="Aj_3qWDmN.swf", lpString2="$Recycle.bin") returned 1 [0052.855] lstrcmpiW (lpString1="Aj_3qWDmN.swf", lpString2="System Volume Information") returned -1 [0052.855] lstrcmpiW (lpString1="Aj_3qWDmN.swf", lpString2=".") returned 1 [0052.855] lstrcmpiW (lpString1="Aj_3qWDmN.swf", lpString2="..") returned 1 [0052.855] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf") returned 64 [0052.855] StrStrIW (lpFirst="Aj_3qWDmN.swf", lpSrch=".lolkek") returned 0x0 [0052.855] lstrcmpW (lpString1="Aj_3qWDmN.swf", lpString2="LOLKEK.txt") returned -1 [0052.855] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf") returned 64 [0052.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x613050 [0052.855] lstrcpyW (in: lpString1=0x613050, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Aj_3qWDmN.swf" [0052.855] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.855] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.855] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa889e170, ftCreationTime.dwHighDateTime=0x1d62d8f, ftLastAccessTime.dwLowDateTime=0x4395caf0, ftLastAccessTime.dwHighDateTime=0x1d62f14, ftLastWriteTime.dwLowDateTime=0x4395caf0, ftLastWriteTime.dwHighDateTime=0x1d62f14, nFileSizeHigh=0x0, nFileSizeLow=0x132cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ap5dc-7E.mkv", cAlternateFileName="")) returned 1 [0052.855] lstrcmpiW (lpString1="ap5dc-7E.mkv", lpString2="Windows") returned -1 [0052.855] lstrcmpiW (lpString1="ap5dc-7E.mkv", lpString2="Program Files") returned -1 [0052.855] lstrcmpiW (lpString1="ap5dc-7E.mkv", lpString2="Program Files (x86)") returned -1 [0052.855] lstrcmpiW (lpString1="ap5dc-7E.mkv", lpString2="$Recycle.bin") returned 1 [0052.855] lstrcmpiW (lpString1="ap5dc-7E.mkv", lpString2="System Volume Information") returned -1 [0052.855] lstrcmpiW (lpString1="ap5dc-7E.mkv", lpString2=".") returned 1 [0052.855] lstrcmpiW (lpString1="ap5dc-7E.mkv", lpString2="..") returned 1 [0052.855] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv") returned 63 [0052.855] StrStrIW (lpFirst="ap5dc-7E.mkv", lpSrch=".lolkek") returned 0x0 [0052.855] lstrcmpW (lpString1="ap5dc-7E.mkv", lpString2="LOLKEK.txt") returned -1 [0052.855] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv") returned 63 [0052.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4d88 [0052.855] lstrcpyW (in: lpString1=0x3ec4d88, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\ap5dc-7E.mkv" [0052.855] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.855] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.855] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeade1cb0, ftCreationTime.dwHighDateTime=0x1d622dd, ftLastAccessTime.dwLowDateTime=0xd50e3830, ftLastAccessTime.dwHighDateTime=0x1d62872, ftLastWriteTime.dwLowDateTime=0xd50e3830, ftLastWriteTime.dwHighDateTime=0x1d62872, nFileSizeHigh=0x0, nFileSizeLow=0xd86b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PygOd3teQXhT.avi", cAlternateFileName="PYGOD3~1.AVI")) returned 1 [0052.855] lstrcmpiW (lpString1="PygOd3teQXhT.avi", lpString2="Windows") returned -1 [0052.855] lstrcmpiW (lpString1="PygOd3teQXhT.avi", lpString2="Program Files") returned 1 [0052.855] lstrcmpiW (lpString1="PygOd3teQXhT.avi", lpString2="Program Files (x86)") returned 1 [0052.855] lstrcmpiW (lpString1="PygOd3teQXhT.avi", lpString2="$Recycle.bin") returned 1 [0052.855] lstrcmpiW (lpString1="PygOd3teQXhT.avi", lpString2="System Volume Information") returned -1 [0052.855] lstrcmpiW (lpString1="PygOd3teQXhT.avi", lpString2=".") returned 1 [0052.855] lstrcmpiW (lpString1="PygOd3teQXhT.avi", lpString2="..") returned 1 [0052.855] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi") returned 67 [0052.855] StrStrIW (lpFirst="PygOd3teQXhT.avi", lpSrch=".lolkek") returned 0x0 [0052.855] lstrcmpW (lpString1="PygOd3teQXhT.avi", lpString2="LOLKEK.txt") returned 1 [0052.856] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi") returned 67 [0052.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x60c620 [0052.856] lstrcpyW (in: lpString1=0x60c620, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\PygOd3teQXhT.avi" [0052.856] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.856] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.856] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe70c03f0, ftCreationTime.dwHighDateTime=0x1d62bce, ftLastAccessTime.dwLowDateTime=0x805a3080, ftLastAccessTime.dwHighDateTime=0x1d62874, ftLastWriteTime.dwLowDateTime=0x805a3080, ftLastWriteTime.dwHighDateTime=0x1d62874, nFileSizeHigh=0x0, nFileSizeLow=0xace3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Vizpkm4BXpv.mp4", cAlternateFileName="VIZPKM~1.MP4")) returned 1 [0052.856] lstrcmpiW (lpString1="Vizpkm4BXpv.mp4", lpString2="Windows") returned -1 [0052.856] lstrcmpiW (lpString1="Vizpkm4BXpv.mp4", lpString2="Program Files") returned 1 [0052.856] lstrcmpiW (lpString1="Vizpkm4BXpv.mp4", lpString2="Program Files (x86)") returned 1 [0052.856] lstrcmpiW (lpString1="Vizpkm4BXpv.mp4", lpString2="$Recycle.bin") returned 1 [0052.856] lstrcmpiW (lpString1="Vizpkm4BXpv.mp4", lpString2="System Volume Information") returned 1 [0052.856] lstrcmpiW (lpString1="Vizpkm4BXpv.mp4", lpString2=".") returned 1 [0052.856] lstrcmpiW (lpString1="Vizpkm4BXpv.mp4", lpString2="..") returned 1 [0052.856] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4") returned 66 [0052.856] StrStrIW (lpFirst="Vizpkm4BXpv.mp4", lpSrch=".lolkek") returned 0x0 [0052.856] lstrcmpW (lpString1="Vizpkm4BXpv.mp4", lpString2="LOLKEK.txt") returned 1 [0052.856] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4") returned 66 [0052.856] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x60c738 [0052.856] lstrcpyW (in: lpString1=0x60c738, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\Vizpkm4BXpv.mp4" [0052.856] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.864] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.864] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe70c03f0, ftCreationTime.dwHighDateTime=0x1d62bce, ftLastAccessTime.dwLowDateTime=0x805a3080, ftLastAccessTime.dwHighDateTime=0x1d62874, ftLastWriteTime.dwLowDateTime=0x805a3080, ftLastWriteTime.dwHighDateTime=0x1d62874, nFileSizeHigh=0x0, nFileSizeLow=0xace3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Vizpkm4BXpv.mp4", cAlternateFileName="VIZPKM~1.MP4")) returned 0 [0052.865] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.865] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\LOLKEK.txt") returned 61 [0052.865] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HcdElWZnM\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hcdelwznm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.865] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.865] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.866] CloseHandle (hObject=0x280) returned 1 [0052.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.867] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5963f7a0, ftCreationTime.dwHighDateTime=0x1d62b75, ftLastAccessTime.dwLowDateTime=0x50795d10, ftLastAccessTime.dwHighDateTime=0x1d62274, ftLastWriteTime.dwLowDateTime=0x50795d10, ftLastWriteTime.dwHighDateTime=0x1d62274, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="J_Ff-pYQlMC", cAlternateFileName="J_FF-P~1")) returned 1 [0052.867] lstrcmpiW (lpString1="J_Ff-pYQlMC", lpString2="Windows") returned -1 [0052.867] lstrcmpiW (lpString1="J_Ff-pYQlMC", lpString2="Program Files") returned -1 [0052.867] lstrcmpiW (lpString1="J_Ff-pYQlMC", lpString2="Program Files (x86)") returned -1 [0052.867] lstrcmpiW (lpString1="J_Ff-pYQlMC", lpString2="$Recycle.bin") returned 1 [0052.867] lstrcmpiW (lpString1="J_Ff-pYQlMC", lpString2="System Volume Information") returned -1 [0052.867] lstrcmpiW (lpString1="J_Ff-pYQlMC", lpString2=".") returned 1 [0052.867] lstrcmpiW (lpString1="J_Ff-pYQlMC", lpString2="..") returned 1 [0052.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC") returned 52 [0052.867] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.868] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC" [0052.868] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\*" [0052.868] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5963f7a0, ftCreationTime.dwHighDateTime=0x1d62b75, ftLastAccessTime.dwLowDateTime=0x50795d10, ftLastAccessTime.dwHighDateTime=0x1d62274, ftLastWriteTime.dwLowDateTime=0x50795d10, ftLastWriteTime.dwHighDateTime=0x1d62274, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.868] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.868] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.868] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.868] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.868] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.868] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.868] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5963f7a0, ftCreationTime.dwHighDateTime=0x1d62b75, ftLastAccessTime.dwLowDateTime=0x50795d10, ftLastAccessTime.dwHighDateTime=0x1d62274, ftLastWriteTime.dwLowDateTime=0x50795d10, ftLastWriteTime.dwHighDateTime=0x1d62274, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.868] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.868] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.868] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.868] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.868] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.868] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.868] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.868] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dbfe0c0, ftCreationTime.dwHighDateTime=0x1d627dd, ftLastAccessTime.dwLowDateTime=0x494030f0, ftLastAccessTime.dwHighDateTime=0x1d62a67, ftLastWriteTime.dwLowDateTime=0x494030f0, ftLastWriteTime.dwHighDateTime=0x1d62a67, nFileSizeHigh=0x0, nFileSizeLow=0x8cdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0DPdiDq.mp4", cAlternateFileName="")) returned 1 [0052.868] lstrcmpiW (lpString1="0DPdiDq.mp4", lpString2="Windows") returned -1 [0052.868] lstrcmpiW (lpString1="0DPdiDq.mp4", lpString2="Program Files") returned -1 [0052.868] lstrcmpiW (lpString1="0DPdiDq.mp4", lpString2="Program Files (x86)") returned -1 [0052.868] lstrcmpiW (lpString1="0DPdiDq.mp4", lpString2="$Recycle.bin") returned 1 [0052.868] lstrcmpiW (lpString1="0DPdiDq.mp4", lpString2="System Volume Information") returned -1 [0052.868] lstrcmpiW (lpString1="0DPdiDq.mp4", lpString2=".") returned 1 [0052.868] lstrcmpiW (lpString1="0DPdiDq.mp4", lpString2="..") returned 1 [0052.868] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4") returned 64 [0052.868] StrStrIW (lpFirst="0DPdiDq.mp4", lpSrch=".lolkek") returned 0x0 [0052.868] lstrcmpW (lpString1="0DPdiDq.mp4", lpString2="LOLKEK.txt") returned -1 [0052.868] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4") returned 64 [0052.868] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x60c850 [0052.868] lstrcpyW (in: lpString1=0x60c850, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\0DPdiDq.mp4" [0052.868] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.868] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.868] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d628460, ftCreationTime.dwHighDateTime=0x1d62d90, ftLastAccessTime.dwLowDateTime=0x351d7910, ftLastAccessTime.dwHighDateTime=0x1d6291e, ftLastWriteTime.dwLowDateTime=0x351d7910, ftLastWriteTime.dwHighDateTime=0x1d6291e, nFileSizeHigh=0x0, nFileSizeLow=0x1829e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="C1eLuekXB.avi", cAlternateFileName="C1ELUE~1.AVI")) returned 1 [0052.868] lstrcmpiW (lpString1="C1eLuekXB.avi", lpString2="Windows") returned -1 [0052.868] lstrcmpiW (lpString1="C1eLuekXB.avi", lpString2="Program Files") returned -1 [0052.868] lstrcmpiW (lpString1="C1eLuekXB.avi", lpString2="Program Files (x86)") returned -1 [0052.868] lstrcmpiW (lpString1="C1eLuekXB.avi", lpString2="$Recycle.bin") returned 1 [0052.868] lstrcmpiW (lpString1="C1eLuekXB.avi", lpString2="System Volume Information") returned -1 [0052.868] lstrcmpiW (lpString1="C1eLuekXB.avi", lpString2=".") returned 1 [0052.869] lstrcmpiW (lpString1="C1eLuekXB.avi", lpString2="..") returned 1 [0052.869] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi") returned 66 [0052.869] StrStrIW (lpFirst="C1eLuekXB.avi", lpSrch=".lolkek") returned 0x0 [0052.869] lstrcmpW (lpString1="C1eLuekXB.avi", lpString2="LOLKEK.txt") returned -1 [0052.869] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi") returned 66 [0052.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x60c968 [0052.869] lstrcpyW (in: lpString1=0x60c968, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\C1eLuekXB.avi" [0052.869] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.869] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.869] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83e06bf0, ftCreationTime.dwHighDateTime=0x1d62f15, ftLastAccessTime.dwLowDateTime=0xcd0e1730, ftLastAccessTime.dwHighDateTime=0x1d62d73, ftLastWriteTime.dwLowDateTime=0xcd0e1730, ftLastWriteTime.dwHighDateTime=0x1d62d73, nFileSizeHigh=0x0, nFileSizeLow=0x106b7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GZ6bQlqn1eW-xhEGGC.swf", cAlternateFileName="GZ6BQL~1.SWF")) returned 1 [0052.869] lstrcmpiW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2="Windows") returned -1 [0052.869] lstrcmpiW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2="Program Files") returned -1 [0052.869] lstrcmpiW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2="Program Files (x86)") returned -1 [0052.869] lstrcmpiW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2="$Recycle.bin") returned 1 [0052.869] lstrcmpiW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2="System Volume Information") returned -1 [0052.869] lstrcmpiW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2=".") returned 1 [0052.869] lstrcmpiW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2="..") returned 1 [0052.869] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf") returned 75 [0052.869] StrStrIW (lpFirst="GZ6bQlqn1eW-xhEGGC.swf", lpSrch=".lolkek") returned 0x0 [0052.869] lstrcmpW (lpString1="GZ6bQlqn1eW-xhEGGC.swf", lpString2="LOLKEK.txt") returned -1 [0052.869] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf") returned 75 [0052.869] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3caba10 [0052.869] lstrcpyW (in: lpString1=0x3caba10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\GZ6bQlqn1eW-xhEGGC.swf" [0052.869] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.883] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.884] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb964cf80, ftCreationTime.dwHighDateTime=0x1d62981, ftLastAccessTime.dwLowDateTime=0xcae917b0, ftLastAccessTime.dwHighDateTime=0x1d6300d, ftLastWriteTime.dwLowDateTime=0xcae917b0, ftLastWriteTime.dwHighDateTime=0x1d6300d, nFileSizeHigh=0x0, nFileSizeLow=0xa984, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IGEFcoAi-.avi", cAlternateFileName="IGEFCO~1.AVI")) returned 1 [0052.884] lstrcmpiW (lpString1="IGEFcoAi-.avi", lpString2="Windows") returned -1 [0052.884] lstrcmpiW (lpString1="IGEFcoAi-.avi", lpString2="Program Files") returned -1 [0052.884] lstrcmpiW (lpString1="IGEFcoAi-.avi", lpString2="Program Files (x86)") returned -1 [0052.884] lstrcmpiW (lpString1="IGEFcoAi-.avi", lpString2="$Recycle.bin") returned 1 [0052.884] lstrcmpiW (lpString1="IGEFcoAi-.avi", lpString2="System Volume Information") returned -1 [0052.884] lstrcmpiW (lpString1="IGEFcoAi-.avi", lpString2=".") returned 1 [0052.884] lstrcmpiW (lpString1="IGEFcoAi-.avi", lpString2="..") returned 1 [0052.884] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi") returned 66 [0052.884] StrStrIW (lpFirst="IGEFcoAi-.avi", lpSrch=".lolkek") returned 0x0 [0052.884] lstrcmpW (lpString1="IGEFcoAi-.avi", lpString2="LOLKEK.txt") returned -1 [0052.884] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi") returned 66 [0052.884] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x60ca80 [0052.884] lstrcpyW (in: lpString1=0x60ca80, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\IGEFcoAi-.avi" [0052.884] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.884] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.884] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dbe96c0, ftCreationTime.dwHighDateTime=0x1d63177, ftLastAccessTime.dwLowDateTime=0xc4c365f0, ftLastAccessTime.dwHighDateTime=0x1d62ba0, ftLastWriteTime.dwLowDateTime=0xc4c365f0, ftLastWriteTime.dwHighDateTime=0x1d62ba0, nFileSizeHigh=0x0, nFileSizeLow=0x56bd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="L69p4dhdWYbWCGZqAb.mkv", cAlternateFileName="L69P4D~1.MKV")) returned 1 [0052.884] lstrcmpiW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2="Windows") returned -1 [0052.884] lstrcmpiW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2="Program Files") returned -1 [0052.884] lstrcmpiW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2="Program Files (x86)") returned -1 [0052.884] lstrcmpiW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2="$Recycle.bin") returned 1 [0052.884] lstrcmpiW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2="System Volume Information") returned -1 [0052.884] lstrcmpiW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2=".") returned 1 [0052.884] lstrcmpiW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2="..") returned 1 [0052.884] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv") returned 75 [0052.884] StrStrIW (lpFirst="L69p4dhdWYbWCGZqAb.mkv", lpSrch=".lolkek") returned 0x0 [0052.884] lstrcmpW (lpString1="L69p4dhdWYbWCGZqAb.mkv", lpString2="LOLKEK.txt") returned -1 [0052.884] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv") returned 75 [0052.884] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3cabdb8 [0052.884] lstrcpyW (in: lpString1=0x3cabdb8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\L69p4dhdWYbWCGZqAb.mkv" [0052.884] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.890] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.890] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e19af90, ftCreationTime.dwHighDateTime=0x1d6238f, ftLastAccessTime.dwLowDateTime=0xf04d460, ftLastAccessTime.dwHighDateTime=0x1d63050, ftLastWriteTime.dwLowDateTime=0xf04d460, ftLastWriteTime.dwHighDateTime=0x1d63050, nFileSizeHigh=0x0, nFileSizeLow=0xff1a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ns iSz3liWpOEtpVTEZb.swf", cAlternateFileName="NSISZ3~1.SWF")) returned 1 [0052.890] lstrcmpiW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2="Windows") returned -1 [0052.890] lstrcmpiW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2="Program Files") returned -1 [0052.890] lstrcmpiW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2="Program Files (x86)") returned -1 [0052.890] lstrcmpiW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2="$Recycle.bin") returned 1 [0052.890] lstrcmpiW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2="System Volume Information") returned -1 [0052.890] lstrcmpiW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2=".") returned 1 [0052.890] lstrcmpiW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2="..") returned 1 [0052.890] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf") returned 77 [0052.890] StrStrIW (lpFirst="ns iSz3liWpOEtpVTEZb.swf", lpSrch=".lolkek") returned 0x0 [0052.890] lstrcmpW (lpString1="ns iSz3liWpOEtpVTEZb.swf", lpString2="LOLKEK.txt") returned 1 [0052.890] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf") returned 77 [0052.890] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x695758 [0052.890] lstrcpyW (in: lpString1=0x695758, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\ns iSz3liWpOEtpVTEZb.swf" [0052.890] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.891] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.891] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5565700, ftCreationTime.dwHighDateTime=0x1d627f8, ftLastAccessTime.dwLowDateTime=0xd827ac90, ftLastAccessTime.dwHighDateTime=0x1d623e5, ftLastWriteTime.dwLowDateTime=0xd827ac90, ftLastWriteTime.dwHighDateTime=0x1d623e5, nFileSizeHigh=0x0, nFileSizeLow=0x7cfc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Z1Zi57YChtDM1I9KUzS-.mkv", cAlternateFileName="Z1ZI57~1.MKV")) returned 1 [0052.891] lstrcmpiW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2="Windows") returned 1 [0052.891] lstrcmpiW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2="Program Files") returned 1 [0052.891] lstrcmpiW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2="Program Files (x86)") returned 1 [0052.891] lstrcmpiW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2="$Recycle.bin") returned 1 [0052.891] lstrcmpiW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2="System Volume Information") returned 1 [0052.891] lstrcmpiW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2=".") returned 1 [0052.891] lstrcmpiW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2="..") returned 1 [0052.891] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv") returned 77 [0052.891] StrStrIW (lpFirst="Z1Zi57YChtDM1I9KUzS-.mkv", lpSrch=".lolkek") returned 0x0 [0052.891] lstrcmpW (lpString1="Z1Zi57YChtDM1I9KUzS-.mkv", lpString2="LOLKEK.txt") returned 1 [0052.891] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv") returned 77 [0052.891] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x695610 [0052.891] lstrcpyW (in: lpString1=0x695610, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\Z1Zi57YChtDM1I9KUzS-.mkv" [0052.891] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.895] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.895] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5565700, ftCreationTime.dwHighDateTime=0x1d627f8, ftLastAccessTime.dwLowDateTime=0xd827ac90, ftLastAccessTime.dwHighDateTime=0x1d623e5, ftLastWriteTime.dwLowDateTime=0xd827ac90, ftLastWriteTime.dwHighDateTime=0x1d623e5, nFileSizeHigh=0x0, nFileSizeLow=0x7cfc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Z1Zi57YChtDM1I9KUzS-.mkv", cAlternateFileName="Z1ZI57~1.MKV")) returned 0 [0052.895] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.896] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\LOLKEK.txt") returned 63 [0052.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J_Ff-pYQlMC\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j_ff-pyqlmc\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.896] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.896] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.897] CloseHandle (hObject=0x280) returned 1 [0052.897] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.897] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4159ae0, ftCreationTime.dwHighDateTime=0x1d631d5, ftLastAccessTime.dwLowDateTime=0xea98cb40, ftLastAccessTime.dwHighDateTime=0x1d6241a, ftLastWriteTime.dwLowDateTime=0xea98cb40, ftLastWriteTime.dwHighDateTime=0x1d6241a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="K8OofYmfJnfU", cAlternateFileName="K8OOFY~1")) returned 1 [0052.897] lstrcmpiW (lpString1="K8OofYmfJnfU", lpString2="Windows") returned -1 [0052.897] lstrcmpiW (lpString1="K8OofYmfJnfU", lpString2="Program Files") returned -1 [0052.897] lstrcmpiW (lpString1="K8OofYmfJnfU", lpString2="Program Files (x86)") returned -1 [0052.897] lstrcmpiW (lpString1="K8OofYmfJnfU", lpString2="$Recycle.bin") returned 1 [0052.897] lstrcmpiW (lpString1="K8OofYmfJnfU", lpString2="System Volume Information") returned -1 [0052.897] lstrcmpiW (lpString1="K8OofYmfJnfU", lpString2=".") returned 1 [0052.897] lstrcmpiW (lpString1="K8OofYmfJnfU", lpString2="..") returned 1 [0052.897] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU") returned 53 [0052.897] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0052.897] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU" [0052.897] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\*" [0052.897] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4159ae0, ftCreationTime.dwHighDateTime=0x1d631d5, ftLastAccessTime.dwLowDateTime=0xea98cb40, ftLastAccessTime.dwHighDateTime=0x1d6241a, ftLastWriteTime.dwLowDateTime=0xea98cb40, ftLastWriteTime.dwHighDateTime=0x1d6241a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.897] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.897] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.897] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.897] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.897] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.897] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.897] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4159ae0, ftCreationTime.dwHighDateTime=0x1d631d5, ftLastAccessTime.dwLowDateTime=0xea98cb40, ftLastAccessTime.dwHighDateTime=0x1d6241a, ftLastWriteTime.dwLowDateTime=0xea98cb40, ftLastWriteTime.dwHighDateTime=0x1d6241a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.898] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.898] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.898] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.898] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.898] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.898] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.898] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.898] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbeef2c0, ftCreationTime.dwHighDateTime=0x1d625d1, ftLastAccessTime.dwLowDateTime=0x909c2260, ftLastAccessTime.dwHighDateTime=0x1d62283, ftLastWriteTime.dwLowDateTime=0x909c2260, ftLastWriteTime.dwHighDateTime=0x1d62283, nFileSizeHigh=0x0, nFileSizeLow=0x12aac, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VkuV1shPn.mp4", cAlternateFileName="VKUV1S~1.MP4")) returned 1 [0052.898] lstrcmpiW (lpString1="VkuV1shPn.mp4", lpString2="Windows") returned -1 [0052.898] lstrcmpiW (lpString1="VkuV1shPn.mp4", lpString2="Program Files") returned 1 [0052.898] lstrcmpiW (lpString1="VkuV1shPn.mp4", lpString2="Program Files (x86)") returned 1 [0052.898] lstrcmpiW (lpString1="VkuV1shPn.mp4", lpString2="$Recycle.bin") returned 1 [0052.898] lstrcmpiW (lpString1="VkuV1shPn.mp4", lpString2="System Volume Information") returned 1 [0052.898] lstrcmpiW (lpString1="VkuV1shPn.mp4", lpString2=".") returned 1 [0052.898] lstrcmpiW (lpString1="VkuV1shPn.mp4", lpString2="..") returned 1 [0052.898] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4") returned 67 [0052.898] StrStrIW (lpFirst="VkuV1shPn.mp4", lpSrch=".lolkek") returned 0x0 [0052.898] lstrcmpW (lpString1="VkuV1shPn.mp4", lpString2="LOLKEK.txt") returned 1 [0052.898] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4") returned 67 [0052.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x60cb98 [0052.898] lstrcpyW (in: lpString1=0x60cb98, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VkuV1shPn.mp4" [0052.898] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.909] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.909] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdbf7fa0, ftCreationTime.dwHighDateTime=0x1d62ca5, ftLastAccessTime.dwLowDateTime=0xa00d7e70, ftLastAccessTime.dwHighDateTime=0x1d62fc5, ftLastWriteTime.dwLowDateTime=0xa00d7e70, ftLastWriteTime.dwHighDateTime=0x1d62fc5, nFileSizeHigh=0x0, nFileSizeLow=0x937, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VXv2L-VP5.avi", cAlternateFileName="VXV2L-~1.AVI")) returned 1 [0052.909] lstrcmpiW (lpString1="VXv2L-VP5.avi", lpString2="Windows") returned -1 [0052.909] lstrcmpiW (lpString1="VXv2L-VP5.avi", lpString2="Program Files") returned 1 [0052.909] lstrcmpiW (lpString1="VXv2L-VP5.avi", lpString2="Program Files (x86)") returned 1 [0052.909] lstrcmpiW (lpString1="VXv2L-VP5.avi", lpString2="$Recycle.bin") returned 1 [0052.909] lstrcmpiW (lpString1="VXv2L-VP5.avi", lpString2="System Volume Information") returned 1 [0052.909] lstrcmpiW (lpString1="VXv2L-VP5.avi", lpString2=".") returned 1 [0052.909] lstrcmpiW (lpString1="VXv2L-VP5.avi", lpString2="..") returned 1 [0052.909] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi") returned 67 [0052.909] StrStrIW (lpFirst="VXv2L-VP5.avi", lpSrch=".lolkek") returned 0x0 [0052.909] lstrcmpW (lpString1="VXv2L-VP5.avi", lpString2="LOLKEK.txt") returned 1 [0052.909] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi") returned 67 [0052.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x60ccb0 [0052.909] lstrcpyW (in: lpString1=0x60ccb0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\VXv2L-VP5.avi" [0052.909] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.909] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.909] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdbf7fa0, ftCreationTime.dwHighDateTime=0x1d62ca5, ftLastAccessTime.dwLowDateTime=0xa00d7e70, ftLastAccessTime.dwHighDateTime=0x1d62fc5, ftLastWriteTime.dwLowDateTime=0xa00d7e70, ftLastWriteTime.dwHighDateTime=0x1d62fc5, nFileSizeHigh=0x0, nFileSizeLow=0x937, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VXv2L-VP5.avi", cAlternateFileName="VXV2L-~1.AVI")) returned 0 [0052.909] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0052.909] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\LOLKEK.txt") returned 64 [0052.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K8OofYmfJnfU\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k8oofymfjnfu\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0052.916] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0052.916] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0052.916] CloseHandle (hObject=0x280) returned 1 [0052.916] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0052.916] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad01f730, ftCreationTime.dwHighDateTime=0x1d62c3e, ftLastAccessTime.dwLowDateTime=0x67f6d800, ftLastAccessTime.dwHighDateTime=0x1d624d6, ftLastWriteTime.dwLowDateTime=0x67f6d800, ftLastWriteTime.dwHighDateTime=0x1d624d6, nFileSizeHigh=0x0, nFileSizeLow=0x14563, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="koRH53g.mp4", cAlternateFileName="")) returned 1 [0052.917] lstrcmpiW (lpString1="koRH53g.mp4", lpString2="Windows") returned -1 [0052.917] lstrcmpiW (lpString1="koRH53g.mp4", lpString2="Program Files") returned -1 [0052.917] lstrcmpiW (lpString1="koRH53g.mp4", lpString2="Program Files (x86)") returned -1 [0052.917] lstrcmpiW (lpString1="koRH53g.mp4", lpString2="$Recycle.bin") returned 1 [0052.917] lstrcmpiW (lpString1="koRH53g.mp4", lpString2="System Volume Information") returned -1 [0052.917] lstrcmpiW (lpString1="koRH53g.mp4", lpString2=".") returned 1 [0052.917] lstrcmpiW (lpString1="koRH53g.mp4", lpString2="..") returned 1 [0052.917] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4") returned 52 [0052.917] StrStrIW (lpFirst="koRH53g.mp4", lpSrch=".lolkek") returned 0x0 [0052.917] lstrcmpW (lpString1="koRH53g.mp4", lpString2="LOLKEK.txt") returned -1 [0052.917] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4") returned 52 [0052.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cc02b0 [0052.917] lstrcpyW (in: lpString1=0x3cc02b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\koRH53g.mp4" [0052.917] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.917] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.917] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23ae2930, ftCreationTime.dwHighDateTime=0x1d62eab, ftLastAccessTime.dwLowDateTime=0x380d4440, ftLastAccessTime.dwHighDateTime=0x1d62fe8, ftLastWriteTime.dwLowDateTime=0x380d4440, ftLastWriteTime.dwHighDateTime=0x1d62fe8, nFileSizeHigh=0x0, nFileSizeLow=0x3d91, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="o_ 4CoCv.mp4", cAlternateFileName="O_4COC~1.MP4")) returned 1 [0052.917] lstrcmpiW (lpString1="o_ 4CoCv.mp4", lpString2="Windows") returned -1 [0052.917] lstrcmpiW (lpString1="o_ 4CoCv.mp4", lpString2="Program Files") returned -1 [0052.917] lstrcmpiW (lpString1="o_ 4CoCv.mp4", lpString2="Program Files (x86)") returned -1 [0052.917] lstrcmpiW (lpString1="o_ 4CoCv.mp4", lpString2="$Recycle.bin") returned 1 [0052.917] lstrcmpiW (lpString1="o_ 4CoCv.mp4", lpString2="System Volume Information") returned -1 [0052.917] lstrcmpiW (lpString1="o_ 4CoCv.mp4", lpString2=".") returned 1 [0052.917] lstrcmpiW (lpString1="o_ 4CoCv.mp4", lpString2="..") returned 1 [0052.917] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4") returned 53 [0052.917] StrStrIW (lpFirst="o_ 4CoCv.mp4", lpSrch=".lolkek") returned 0x0 [0052.917] lstrcmpW (lpString1="o_ 4CoCv.mp4", lpString2="LOLKEK.txt") returned 1 [0052.917] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4") returned 53 [0052.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cc0390 [0052.917] lstrcpyW (in: lpString1=0x3cc0390, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\o_ 4CoCv.mp4" [0052.917] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.917] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.917] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e4c2800, ftCreationTime.dwHighDateTime=0x1d6226e, ftLastAccessTime.dwLowDateTime=0xf368c7f0, ftLastAccessTime.dwHighDateTime=0x1d62683, ftLastWriteTime.dwLowDateTime=0xf368c7f0, ftLastWriteTime.dwHighDateTime=0x1d62683, nFileSizeHigh=0x0, nFileSizeLow=0x3fe6, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="TV_-DD4oVYn3Au9G.mkv", cAlternateFileName="TV_-DD~1.MKV")) returned 1 [0052.918] lstrcmpiW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2="Windows") returned -1 [0052.918] lstrcmpiW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2="Program Files") returned 1 [0052.918] lstrcmpiW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2="Program Files (x86)") returned 1 [0052.918] lstrcmpiW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2="$Recycle.bin") returned 1 [0052.918] lstrcmpiW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2="System Volume Information") returned 1 [0052.918] lstrcmpiW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2=".") returned 1 [0052.918] lstrcmpiW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2="..") returned 1 [0052.918] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv") returned 61 [0052.918] StrStrIW (lpFirst="TV_-DD4oVYn3Au9G.mkv", lpSrch=".lolkek") returned 0x0 [0052.918] lstrcmpW (lpString1="TV_-DD4oVYn3Au9G.mkv", lpString2="LOLKEK.txt") returned 1 [0052.918] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv") returned 61 [0052.918] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf8) returned 0x3da0060 [0052.918] lstrcpyW (in: lpString1=0x3da0060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TV_-DD4oVYn3Au9G.mkv" [0052.918] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.929] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.929] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8c76170, ftCreationTime.dwHighDateTime=0x1d62405, ftLastAccessTime.dwLowDateTime=0x35bed6a0, ftLastAccessTime.dwHighDateTime=0x1d62493, ftLastWriteTime.dwLowDateTime=0x35bed6a0, ftLastWriteTime.dwHighDateTime=0x1d62493, nFileSizeHigh=0x0, nFileSizeLow=0x14941, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="wGEFji.mkv", cAlternateFileName="")) returned 1 [0052.929] lstrcmpiW (lpString1="wGEFji.mkv", lpString2="Windows") returned -1 [0052.929] lstrcmpiW (lpString1="wGEFji.mkv", lpString2="Program Files") returned 1 [0052.929] lstrcmpiW (lpString1="wGEFji.mkv", lpString2="Program Files (x86)") returned 1 [0052.929] lstrcmpiW (lpString1="wGEFji.mkv", lpString2="$Recycle.bin") returned 1 [0052.929] lstrcmpiW (lpString1="wGEFji.mkv", lpString2="System Volume Information") returned 1 [0052.929] lstrcmpiW (lpString1="wGEFji.mkv", lpString2=".") returned 1 [0052.929] lstrcmpiW (lpString1="wGEFji.mkv", lpString2="..") returned 1 [0052.929] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv") returned 51 [0052.929] StrStrIW (lpFirst="wGEFji.mkv", lpSrch=".lolkek") returned 0x0 [0052.930] lstrcmpW (lpString1="wGEFji.mkv", lpString2="LOLKEK.txt") returned 1 [0052.930] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv") returned 51 [0052.930] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbe678 [0052.930] lstrcpyW (in: lpString1=0x3cbe678, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\wGEFji.mkv" [0052.930] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.948] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.948] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9a50aa0, ftCreationTime.dwHighDateTime=0x1d629c0, ftLastAccessTime.dwLowDateTime=0xfb552730, ftLastAccessTime.dwHighDateTime=0x1d62843, ftLastWriteTime.dwLowDateTime=0xfb552730, ftLastWriteTime.dwHighDateTime=0x1d62843, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="xr0ibC", cAlternateFileName="")) returned 1 [0052.948] lstrcmpiW (lpString1="xr0ibC", lpString2="Windows") returned 1 [0052.948] lstrcmpiW (lpString1="xr0ibC", lpString2="Program Files") returned 1 [0052.948] lstrcmpiW (lpString1="xr0ibC", lpString2="Program Files (x86)") returned 1 [0052.948] lstrcmpiW (lpString1="xr0ibC", lpString2="$Recycle.bin") returned 1 [0052.948] lstrcmpiW (lpString1="xr0ibC", lpString2="System Volume Information") returned 1 [0052.948] lstrcmpiW (lpString1="xr0ibC", lpString2=".") returned 1 [0052.948] lstrcmpiW (lpString1="xr0ibC", lpString2="..") returned 1 [0052.948] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC") returned 47 [0052.948] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3e98c10 [0052.948] lstrcpyW (in: lpString1=0x3e98c10, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC" [0052.948] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\*") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\*" [0052.948] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9a50aa0, ftCreationTime.dwHighDateTime=0x1d629c0, ftLastAccessTime.dwLowDateTime=0xfb552730, ftLastAccessTime.dwHighDateTime=0x1d62843, ftLastWriteTime.dwLowDateTime=0xfb552730, ftLastWriteTime.dwHighDateTime=0x1d62843, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0052.948] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0052.948] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0052.948] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0052.948] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0052.948] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0052.948] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.948] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9a50aa0, ftCreationTime.dwHighDateTime=0x1d629c0, ftLastAccessTime.dwLowDateTime=0xfb552730, ftLastAccessTime.dwHighDateTime=0x1d62843, ftLastWriteTime.dwLowDateTime=0xfb552730, ftLastWriteTime.dwHighDateTime=0x1d62843, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0052.948] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0052.948] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0052.948] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0052.948] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0052.948] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0052.948] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.948] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.948] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc7e1b90, ftCreationTime.dwHighDateTime=0x1d62f62, ftLastAccessTime.dwLowDateTime=0x7674b270, ftLastAccessTime.dwHighDateTime=0x1d62419, ftLastWriteTime.dwLowDateTime=0x7674b270, ftLastWriteTime.dwHighDateTime=0x1d62419, nFileSizeHigh=0x0, nFileSizeLow=0x58b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6 hqfJbv5djafN.flv", cAlternateFileName="6HQFJB~1.FLV")) returned 1 [0052.948] lstrcmpiW (lpString1="6 hqfJbv5djafN.flv", lpString2="Windows") returned -1 [0052.948] lstrcmpiW (lpString1="6 hqfJbv5djafN.flv", lpString2="Program Files") returned -1 [0052.948] lstrcmpiW (lpString1="6 hqfJbv5djafN.flv", lpString2="Program Files (x86)") returned -1 [0052.949] lstrcmpiW (lpString1="6 hqfJbv5djafN.flv", lpString2="$Recycle.bin") returned 1 [0052.949] lstrcmpiW (lpString1="6 hqfJbv5djafN.flv", lpString2="System Volume Information") returned -1 [0052.949] lstrcmpiW (lpString1="6 hqfJbv5djafN.flv", lpString2=".") returned 1 [0052.949] lstrcmpiW (lpString1="6 hqfJbv5djafN.flv", lpString2="..") returned 1 [0052.949] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv") returned 66 [0052.949] StrStrIW (lpFirst="6 hqfJbv5djafN.flv", lpSrch=".lolkek") returned 0x0 [0052.949] lstrcmpW (lpString1="6 hqfJbv5djafN.flv", lpString2="LOLKEK.txt") returned -1 [0052.949] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv") returned 66 [0052.949] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x60cdc8 [0052.949] lstrcpyW (in: lpString1=0x60cdc8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\6 hqfJbv5djafN.flv" [0052.949] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.951] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.951] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3f63390, ftCreationTime.dwHighDateTime=0x1d631f7, ftLastAccessTime.dwLowDateTime=0x3a752760, ftLastAccessTime.dwHighDateTime=0x1d629a4, ftLastWriteTime.dwLowDateTime=0x3a752760, ftLastWriteTime.dwHighDateTime=0x1d629a4, nFileSizeHigh=0x0, nFileSizeLow=0xe655, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cnnoFkhWz7lTXxaD2p.swf", cAlternateFileName="CNNOFK~1.SWF")) returned 1 [0052.951] lstrcmpiW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2="Windows") returned -1 [0052.951] lstrcmpiW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2="Program Files") returned -1 [0052.951] lstrcmpiW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2="Program Files (x86)") returned -1 [0052.951] lstrcmpiW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2="$Recycle.bin") returned 1 [0052.951] lstrcmpiW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2="System Volume Information") returned -1 [0052.951] lstrcmpiW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2=".") returned 1 [0052.951] lstrcmpiW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2="..") returned 1 [0052.951] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf") returned 70 [0052.951] StrStrIW (lpFirst="cnnoFkhWz7lTXxaD2p.swf", lpSrch=".lolkek") returned 0x0 [0052.951] lstrcmpW (lpString1="cnnoFkhWz7lTXxaD2p.swf", lpString2="LOLKEK.txt") returned -1 [0052.951] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf") returned 70 [0052.951] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3e3f318 [0052.951] lstrcpyW (in: lpString1=0x3e3f318, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\cnnoFkhWz7lTXxaD2p.swf" [0052.951] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.984] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.984] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5809f90, ftCreationTime.dwHighDateTime=0x1d629c5, ftLastAccessTime.dwLowDateTime=0x91bd12c0, ftLastAccessTime.dwHighDateTime=0x1d62a86, ftLastWriteTime.dwLowDateTime=0x91bd12c0, ftLastWriteTime.dwHighDateTime=0x1d62a86, nFileSizeHigh=0x0, nFileSizeLow=0x429b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LAXVC4x.avi", cAlternateFileName="")) returned 1 [0052.984] lstrcmpiW (lpString1="LAXVC4x.avi", lpString2="Windows") returned -1 [0052.984] lstrcmpiW (lpString1="LAXVC4x.avi", lpString2="Program Files") returned -1 [0052.984] lstrcmpiW (lpString1="LAXVC4x.avi", lpString2="Program Files (x86)") returned -1 [0052.984] lstrcmpiW (lpString1="LAXVC4x.avi", lpString2="$Recycle.bin") returned 1 [0052.984] lstrcmpiW (lpString1="LAXVC4x.avi", lpString2="System Volume Information") returned -1 [0052.984] lstrcmpiW (lpString1="LAXVC4x.avi", lpString2=".") returned 1 [0052.984] lstrcmpiW (lpString1="LAXVC4x.avi", lpString2="..") returned 1 [0052.984] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi") returned 59 [0052.984] StrStrIW (lpFirst="LAXVC4x.avi", lpSrch=".lolkek") returned 0x0 [0052.984] lstrcmpW (lpString1="LAXVC4x.avi", lpString2="LOLKEK.txt") returned -1 [0052.985] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi") returned 59 [0052.985] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca85e8 [0052.985] lstrcpyW (in: lpString1=0x3ca85e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LAXVC4x.avi" [0052.985] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0052.985] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0052.985] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4c85310, ftCreationTime.dwHighDateTime=0x1d62755, ftLastAccessTime.dwLowDateTime=0x8b265a0, ftLastAccessTime.dwHighDateTime=0x1d625f6, ftLastWriteTime.dwLowDateTime=0x8b265a0, ftLastWriteTime.dwHighDateTime=0x1d625f6, nFileSizeHigh=0x0, nFileSizeLow=0x4629, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OoulMdp.avi", cAlternateFileName="")) returned 1 [0052.985] lstrcmpiW (lpString1="OoulMdp.avi", lpString2="Windows") returned -1 [0052.985] lstrcmpiW (lpString1="OoulMdp.avi", lpString2="Program Files") returned -1 [0052.985] lstrcmpiW (lpString1="OoulMdp.avi", lpString2="Program Files (x86)") returned -1 [0052.985] lstrcmpiW (lpString1="OoulMdp.avi", lpString2="$Recycle.bin") returned 1 [0052.985] lstrcmpiW (lpString1="OoulMdp.avi", lpString2="System Volume Information") returned -1 [0052.985] lstrcmpiW (lpString1="OoulMdp.avi", lpString2=".") returned 1 [0052.985] lstrcmpiW (lpString1="OoulMdp.avi", lpString2="..") returned 1 [0052.985] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi") returned 59 [0052.985] StrStrIW (lpFirst="OoulMdp.avi", lpSrch=".lolkek") returned 0x0 [0052.985] lstrcmpW (lpString1="OoulMdp.avi", lpString2="LOLKEK.txt") returned 1 [0052.985] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi") returned 59 [0052.985] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca8208 [0052.985] lstrcpyW (in: lpString1=0x3ca8208, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\OoulMdp.avi" [0052.985] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.066] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.066] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c547330, ftCreationTime.dwHighDateTime=0x1d62b6e, ftLastAccessTime.dwLowDateTime=0x3fef05a0, ftLastAccessTime.dwHighDateTime=0x1d625f6, ftLastWriteTime.dwLowDateTime=0x3fef05a0, ftLastWriteTime.dwHighDateTime=0x1d625f6, nFileSizeHigh=0x0, nFileSizeLow=0x5a88, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SXTx4.mkv", cAlternateFileName="")) returned 1 [0053.066] lstrcmpiW (lpString1="SXTx4.mkv", lpString2="Windows") returned -1 [0053.067] lstrcmpiW (lpString1="SXTx4.mkv", lpString2="Program Files") returned 1 [0053.067] lstrcmpiW (lpString1="SXTx4.mkv", lpString2="Program Files (x86)") returned 1 [0053.067] lstrcmpiW (lpString1="SXTx4.mkv", lpString2="$Recycle.bin") returned 1 [0053.067] lstrcmpiW (lpString1="SXTx4.mkv", lpString2="System Volume Information") returned -1 [0053.067] lstrcmpiW (lpString1="SXTx4.mkv", lpString2=".") returned 1 [0053.067] lstrcmpiW (lpString1="SXTx4.mkv", lpString2="..") returned 1 [0053.067] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv") returned 57 [0053.067] StrStrIW (lpFirst="SXTx4.mkv", lpSrch=".lolkek") returned 0x0 [0053.067] lstrcmpW (lpString1="SXTx4.mkv", lpString2="LOLKEK.txt") returned 1 [0053.067] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv") returned 57 [0053.067] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x6461a0 [0053.067] lstrcpyW (in: lpString1=0x6461a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\SXTx4.mkv" [0053.067] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.067] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.067] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636838b0, ftCreationTime.dwHighDateTime=0x1d62495, ftLastAccessTime.dwLowDateTime=0x147ac0e0, ftLastAccessTime.dwHighDateTime=0x1d62906, ftLastWriteTime.dwLowDateTime=0x147ac0e0, ftLastWriteTime.dwHighDateTime=0x1d62906, nFileSizeHigh=0x0, nFileSizeLow=0xc5b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YL98WWd.mkv", cAlternateFileName="")) returned 1 [0053.067] lstrcmpiW (lpString1="YL98WWd.mkv", lpString2="Windows") returned 1 [0053.067] lstrcmpiW (lpString1="YL98WWd.mkv", lpString2="Program Files") returned 1 [0053.067] lstrcmpiW (lpString1="YL98WWd.mkv", lpString2="Program Files (x86)") returned 1 [0053.067] lstrcmpiW (lpString1="YL98WWd.mkv", lpString2="$Recycle.bin") returned 1 [0053.067] lstrcmpiW (lpString1="YL98WWd.mkv", lpString2="System Volume Information") returned 1 [0053.067] lstrcmpiW (lpString1="YL98WWd.mkv", lpString2=".") returned 1 [0053.067] lstrcmpiW (lpString1="YL98WWd.mkv", lpString2="..") returned 1 [0053.067] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv") returned 59 [0053.067] StrStrIW (lpFirst="YL98WWd.mkv", lpSrch=".lolkek") returned 0x0 [0053.067] lstrcmpW (lpString1="YL98WWd.mkv", lpString2="LOLKEK.txt") returned 1 [0053.067] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv") returned 59 [0053.067] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca8300 [0053.067] lstrcpyW (in: lpString1=0x3ca8300, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\YL98WWd.mkv" [0053.067] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.067] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.067] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636838b0, ftCreationTime.dwHighDateTime=0x1d62495, ftLastAccessTime.dwLowDateTime=0x147ac0e0, ftLastAccessTime.dwHighDateTime=0x1d62906, ftLastWriteTime.dwLowDateTime=0x147ac0e0, ftLastWriteTime.dwHighDateTime=0x1d62906, nFileSizeHigh=0x0, nFileSizeLow=0xc5b2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YL98WWd.mkv", cAlternateFileName="")) returned 0 [0053.067] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.067] wsprintfW (in: param_1=0x3e98c10, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LOLKEK.txt") returned 58 [0053.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xr0ibC\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xr0ibc\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0053.068] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0053.068] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0053.069] CloseHandle (hObject=0x2a0) returned 1 [0053.069] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3e98c10 | out: hHeap=0x5a0000) returned 1 [0053.069] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x604559e0, ftCreationTime.dwHighDateTime=0x1d6234d, ftLastAccessTime.dwLowDateTime=0xd07d78f0, ftLastAccessTime.dwHighDateTime=0x1d63298, ftLastWriteTime.dwLowDateTime=0xd07d78f0, ftLastWriteTime.dwHighDateTime=0x1d63298, nFileSizeHigh=0x0, nFileSizeLow=0x8a19, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="znmvZPkxwivAE-hV12jg.swf", cAlternateFileName="ZNMVZP~1.SWF")) returned 1 [0053.069] lstrcmpiW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2="Windows") returned 1 [0053.069] lstrcmpiW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2="Program Files") returned 1 [0053.069] lstrcmpiW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2="Program Files (x86)") returned 1 [0053.069] lstrcmpiW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2="$Recycle.bin") returned 1 [0053.070] lstrcmpiW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2="System Volume Information") returned 1 [0053.070] lstrcmpiW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2=".") returned 1 [0053.070] lstrcmpiW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2="..") returned 1 [0053.070] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf") returned 65 [0053.070] StrStrIW (lpFirst="znmvZPkxwivAE-hV12jg.swf", lpSrch=".lolkek") returned 0x0 [0053.070] lstrcmpW (lpString1="znmvZPkxwivAE-hV12jg.swf", lpString2="LOLKEK.txt") returned 1 [0053.070] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf") returned 65 [0053.070] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x6128a8 [0053.070] lstrcpyW (in: lpString1=0x6128a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\znmvZPkxwivAE-hV12jg.swf" [0053.070] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.587] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.587] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x604559e0, ftCreationTime.dwHighDateTime=0x1d6234d, ftLastAccessTime.dwLowDateTime=0xd07d78f0, ftLastAccessTime.dwHighDateTime=0x1d63298, ftLastWriteTime.dwLowDateTime=0xd07d78f0, ftLastWriteTime.dwHighDateTime=0x1d63298, nFileSizeHigh=0x0, nFileSizeLow=0x8a19, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="znmvZPkxwivAE-hV12jg.swf", cAlternateFileName="ZNMVZP~1.SWF")) returned 0 [0053.587] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0053.587] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LOLKEK.txt") returned 51 [0053.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0053.588] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0053.588] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0053.588] CloseHandle (hObject=0x23c) returned 1 [0053.588] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.588] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7daf8640, ftLastAccessTime.dwHighDateTime=0x1d632de, ftLastWriteTime.dwLowDateTime=0x7daf8640, ftLastWriteTime.dwHighDateTime=0x1d632de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 0 [0053.589] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0053.589] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\LOLKEK.txt") returned 44 [0053.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\LOLKEK.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0053.589] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0053.589] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0053.590] CloseHandle (hObject=0x250) returned 1 [0053.590] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0053.591] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x5a38f0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0053.591] lstrcmpiW (lpString1="All Users", lpString2="Windows") returned -1 [0053.591] lstrcmpiW (lpString1="All Users", lpString2="Program Files") returned -1 [0053.591] lstrcmpiW (lpString1="All Users", lpString2="Program Files (x86)") returned -1 [0053.591] lstrcmpiW (lpString1="All Users", lpString2="$Recycle.bin") returned 1 [0053.591] lstrcmpiW (lpString1="All Users", lpString2="System Volume Information") returned -1 [0053.591] lstrcmpiW (lpString1="All Users", lpString2=".") returned 1 [0053.591] lstrcmpiW (lpString1="All Users", lpString2="..") returned 1 [0053.591] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users") returned 22 [0053.591] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x635fb0 [0053.591] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\Users\\All Users" | out: lpString1="\\\\?\\C:\\Users\\All Users") returned="\\\\?\\C:\\Users\\All Users" [0053.591] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\*") returned="\\\\?\\C:\\Users\\All Users\\*" [0053.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0053.591] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.591] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.591] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.591] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.591] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.591] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.592] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.592] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.592] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.592] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.592] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.592] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.592] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.592] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.592] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Adobe", cAlternateFileName="")) returned 1 [0053.592] lstrcmpiW (lpString1="Adobe", lpString2="Windows") returned -1 [0053.592] lstrcmpiW (lpString1="Adobe", lpString2="Program Files") returned -1 [0053.592] lstrcmpiW (lpString1="Adobe", lpString2="Program Files (x86)") returned -1 [0053.592] lstrcmpiW (lpString1="Adobe", lpString2="$Recycle.bin") returned 1 [0053.592] lstrcmpiW (lpString1="Adobe", lpString2="System Volume Information") returned -1 [0053.592] lstrcmpiW (lpString1="Adobe", lpString2=".") returned 1 [0053.592] lstrcmpiW (lpString1="Adobe", lpString2="..") returned 1 [0053.592] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe") returned 28 [0053.592] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.592] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Adobe" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe") returned="\\\\?\\C:\\Users\\All Users\\Adobe" [0053.592] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\*") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\*" [0053.592] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0053.592] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.592] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.592] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.592] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.593] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.593] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.593] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.593] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.593] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.593] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.593] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.593] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.593] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.593] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.593] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0053.593] lstrcmpiW (lpString1="Acrobat", lpString2="Windows") returned -1 [0053.593] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files") returned -1 [0053.593] lstrcmpiW (lpString1="Acrobat", lpString2="Program Files (x86)") returned -1 [0053.593] lstrcmpiW (lpString1="Acrobat", lpString2="$Recycle.bin") returned 1 [0053.593] lstrcmpiW (lpString1="Acrobat", lpString2="System Volume Information") returned -1 [0053.593] lstrcmpiW (lpString1="Acrobat", lpString2=".") returned 1 [0053.593] lstrcmpiW (lpString1="Acrobat", lpString2="..") returned 1 [0053.593] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat") returned 36 [0053.593] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.593] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat" [0053.593] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\*") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\*" [0053.593] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.593] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.593] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.593] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.593] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.594] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.594] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.594] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.594] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.594] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.594] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.594] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.594] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.594] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.594] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.594] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10.0", cAlternateFileName="")) returned 1 [0053.594] lstrcmpiW (lpString1="10.0", lpString2="Windows") returned -1 [0053.594] lstrcmpiW (lpString1="10.0", lpString2="Program Files") returned -1 [0053.594] lstrcmpiW (lpString1="10.0", lpString2="Program Files (x86)") returned -1 [0053.594] lstrcmpiW (lpString1="10.0", lpString2="$Recycle.bin") returned 1 [0053.594] lstrcmpiW (lpString1="10.0", lpString2="System Volume Information") returned -1 [0053.594] lstrcmpiW (lpString1="10.0", lpString2=".") returned 1 [0053.594] lstrcmpiW (lpString1="10.0", lpString2="..") returned 1 [0053.594] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0") returned 41 [0053.594] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.594] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0" [0053.594] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*" [0053.594] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.594] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.594] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.594] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.594] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.594] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.595] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.595] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.595] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.595] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.595] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.595] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.595] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.595] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.595] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.595] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.595] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.595] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.595] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.595] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.595] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.595] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.595] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.595] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\LOLKEK.txt") returned 52 [0053.595] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.595] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.595] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 1 [0053.595] lstrcmpiW (lpString1="Replicate", lpString2="Windows") returned -1 [0053.595] lstrcmpiW (lpString1="Replicate", lpString2="Program Files") returned 1 [0053.595] lstrcmpiW (lpString1="Replicate", lpString2="Program Files (x86)") returned 1 [0053.595] lstrcmpiW (lpString1="Replicate", lpString2="$Recycle.bin") returned 1 [0053.595] lstrcmpiW (lpString1="Replicate", lpString2="System Volume Information") returned -1 [0053.595] lstrcmpiW (lpString1="Replicate", lpString2=".") returned 1 [0053.595] lstrcmpiW (lpString1="Replicate", lpString2="..") returned 1 [0053.595] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate") returned 51 [0053.595] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.595] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate" [0053.596] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*" [0053.596] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.596] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.596] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.596] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.596] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.596] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.596] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.596] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.596] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.596] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.596] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.596] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.596] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.596] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.596] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.596] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.596] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.596] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.596] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.596] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.596] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.596] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.596] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.596] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\LOLKEK.txt") returned 62 [0053.596] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.596] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.596] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x350b1f00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x350b1f00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Security", cAlternateFileName="")) returned 1 [0053.596] lstrcmpiW (lpString1="Security", lpString2="Windows") returned -1 [0053.596] lstrcmpiW (lpString1="Security", lpString2="Program Files") returned 1 [0053.596] lstrcmpiW (lpString1="Security", lpString2="Program Files (x86)") returned 1 [0053.596] lstrcmpiW (lpString1="Security", lpString2="$Recycle.bin") returned 1 [0053.596] lstrcmpiW (lpString1="Security", lpString2="System Volume Information") returned -1 [0053.596] lstrcmpiW (lpString1="Security", lpString2=".") returned 1 [0053.596] lstrcmpiW (lpString1="Security", lpString2="..") returned 1 [0053.596] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned 60 [0053.596] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.597] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security" [0053.597] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*" [0053.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x350b1f00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x350b1f00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0053.597] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.597] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.597] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.597] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.597] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.597] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.597] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x350b1f00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x350b1f00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.597] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.597] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.597] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.597] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.597] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.597] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.597] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.597] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93de7300, ftCreationTime.dwHighDateTime=0x1cb84b4, ftLastAccessTime.dwLowDateTime=0x8000ce40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x350b1f00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x230, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="directories.acrodata.lolkek", cAlternateFileName="DIRECT~1.LOL")) returned 1 [0053.597] lstrcmpiW (lpString1="directories.acrodata.lolkek", lpString2="Windows") returned -1 [0053.597] lstrcmpiW (lpString1="directories.acrodata.lolkek", lpString2="Program Files") returned -1 [0053.597] lstrcmpiW (lpString1="directories.acrodata.lolkek", lpString2="Program Files (x86)") returned -1 [0053.597] lstrcmpiW (lpString1="directories.acrodata.lolkek", lpString2="$Recycle.bin") returned 1 [0053.597] lstrcmpiW (lpString1="directories.acrodata.lolkek", lpString2="System Volume Information") returned -1 [0053.597] lstrcmpiW (lpString1="directories.acrodata.lolkek", lpString2=".") returned 1 [0053.597] lstrcmpiW (lpString1="directories.acrodata.lolkek", lpString2="..") returned 1 [0053.597] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\directories.acrodata.lolkek") returned 88 [0053.597] StrStrIW (lpFirst="directories.acrodata.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.598] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.598] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.598] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.598] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.598] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.598] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.598] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.598] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.598] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\LOLKEK.txt") returned 71 [0053.598] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.598] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.598] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.598] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0053.598] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\LOLKEK.txt") returned 71 [0053.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\Security\\LOLKEK.txt" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\security\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.598] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x350b1f00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x350b1f00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Security", cAlternateFileName="")) returned 0 [0053.598] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.598] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\LOLKEK.txt") returned 62 [0053.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\Replicate\\LOLKEK.txt" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\replicate\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.598] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Replicate", cAlternateFileName="REPLIC~1")) returned 0 [0053.598] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.598] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\LOLKEK.txt") returned 52 [0053.598] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\10.0\\LOLKEK.txt" (normalized: "c:\\users\\all users\\adobe\\acrobat\\10.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.598] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.598] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.599] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.599] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.599] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.599] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.599] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.599] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.599] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.599] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\LOLKEK.txt") returned 47 [0053.599] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.599] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.599] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323058e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.599] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.599] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\LOLKEK.txt") returned 47 [0053.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\Acrobat\\LOLKEK.txt" (normalized: "c:\\users\\all users\\adobe\\acrobat\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.599] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.600] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ARM", cAlternateFileName="")) returned 1 [0053.600] lstrcmpiW (lpString1="ARM", lpString2="Windows") returned -1 [0053.600] lstrcmpiW (lpString1="ARM", lpString2="Program Files") returned -1 [0053.600] lstrcmpiW (lpString1="ARM", lpString2="Program Files (x86)") returned -1 [0053.600] lstrcmpiW (lpString1="ARM", lpString2="$Recycle.bin") returned 1 [0053.600] lstrcmpiW (lpString1="ARM", lpString2="System Volume Information") returned -1 [0053.600] lstrcmpiW (lpString1="ARM", lpString2=".") returned 1 [0053.600] lstrcmpiW (lpString1="ARM", lpString2="..") returned 1 [0053.600] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM") returned 32 [0053.600] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.600] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM" [0053.600] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\*") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\*" [0053.600] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.600] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.601] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.601] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.601] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.601] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.601] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.601] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.601] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.601] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.601] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.601] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.601] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.601] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.601] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.601] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3232ba40, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.601] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.601] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.601] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.601] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.601] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.601] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.601] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.601] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\LOLKEK.txt") returned 43 [0053.601] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.601] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.601] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3514a480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3514a480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 1 [0053.601] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="Windows") returned -1 [0053.601] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="Program Files") returned 1 [0053.601] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="Program Files (x86)") returned 1 [0053.601] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="$Recycle.bin") returned 1 [0053.601] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="System Volume Information") returned -1 [0053.601] lstrcmpiW (lpString1="Reader_10.0.0", lpString2=".") returned 1 [0053.601] lstrcmpiW (lpString1="Reader_10.0.0", lpString2="..") returned 1 [0053.601] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0") returned 46 [0053.601] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.602] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0" [0053.602] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\*") returned="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\*" [0053.602] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3514a480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3514a480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.602] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.602] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.602] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.602] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.602] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.602] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.602] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3514a480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3514a480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.602] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.602] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.602] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.602] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.602] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.602] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.602] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.602] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e186d00, ftCreationTime.dwHighDateTime=0x1cfb543, ftLastAccessTime.dwLowDateTime=0x7e186d00, ftLastAccessTime.dwHighDateTime=0x1cfb543, ftLastWriteTime.dwLowDateTime=0x35124320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3d851, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdbeRdrSecUpd10111.msp.lolkek", cAlternateFileName="ADBERD~1.LOL")) returned 1 [0053.602] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.lolkek", lpString2="Windows") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.lolkek", lpString2="Program Files") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.lolkek", lpString2="Program Files (x86)") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.lolkek", lpString2="$Recycle.bin") returned 1 [0053.602] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.lolkek", lpString2="System Volume Information") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.lolkek", lpString2=".") returned 1 [0053.602] lstrcmpiW (lpString1="AdbeRdrSecUpd10111.msp.lolkek", lpString2="..") returned 1 [0053.602] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrSecUpd10111.msp.lolkek") returned 76 [0053.602] StrStrIW (lpFirst="AdbeRdrSecUpd10111.msp.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.602] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4450880, ftCreationTime.dwHighDateTime=0x1cf6c45, ftLastAccessTime.dwLowDateTime=0xb4450880, ftLastAccessTime.dwHighDateTime=0x1cf6c45, ftLastWriteTime.dwLowDateTime=0x35124320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10e3051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdbeRdrUpd10110_MUI.msp.lolkek", cAlternateFileName="ADBERD~2.LOL")) returned 1 [0053.602] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.lolkek", lpString2="Windows") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.lolkek", lpString2="Program Files") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.lolkek", lpString2="Program Files (x86)") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.lolkek", lpString2="$Recycle.bin") returned 1 [0053.602] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.lolkek", lpString2="System Volume Information") returned -1 [0053.602] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.lolkek", lpString2=".") returned 1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10110_MUI.msp.lolkek", lpString2="..") returned 1 [0053.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10110_MUI.msp.lolkek") returned 77 [0053.603] StrStrIW (lpFirst="AdbeRdrUpd10110_MUI.msp.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.603] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2540cc00, ftCreationTime.dwHighDateTime=0x1d1056e, ftLastAccessTime.dwLowDateTime=0x2540cc00, ftLastAccessTime.dwHighDateTime=0x1d1056e, ftLastWriteTime.dwLowDateTime=0x3514a480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x109d051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AdbeRdrUpd10116_MUI.msp.lolkek", cAlternateFileName="ADBERD~3.LOL")) returned 1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.lolkek", lpString2="Windows") returned -1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.lolkek", lpString2="Program Files") returned -1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.lolkek", lpString2="Program Files (x86)") returned -1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.lolkek", lpString2="$Recycle.bin") returned 1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.lolkek", lpString2="System Volume Information") returned -1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.lolkek", lpString2=".") returned 1 [0053.603] lstrcmpiW (lpString1="AdbeRdrUpd10116_MUI.msp.lolkek", lpString2="..") returned 1 [0053.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\AdbeRdrUpd10116_MUI.msp.lolkek") returned 77 [0053.603] StrStrIW (lpFirst="AdbeRdrUpd10116_MUI.msp.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.603] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.603] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.603] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.603] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.603] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.603] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.603] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.603] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\LOLKEK.txt") returned 57 [0053.603] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.603] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.603] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x323058e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323058e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.603] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.603] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\LOLKEK.txt") returned 57 [0053.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\Reader_10.0.0\\LOLKEK.txt" (normalized: "c:\\users\\all users\\adobe\\arm\\reader_10.0.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.603] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.603] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe4efbbe0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3514a480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3514a480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Reader_10.0.0", cAlternateFileName="READER~1.0")) returned 0 [0053.604] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.604] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\LOLKEK.txt") returned 43 [0053.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\ARM\\LOLKEK.txt" (normalized: "c:\\users\\all users\\adobe\\arm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.604] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3232ba40, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.604] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.604] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.604] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.604] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.604] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.604] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.604] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.604] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\LOLKEK.txt") returned 39 [0053.604] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.604] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.604] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3232ba40, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.604] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0053.604] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Adobe\\LOLKEK.txt") returned 39 [0053.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Adobe\\LOLKEK.txt" (normalized: "c:\\users\\all users\\adobe\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.604] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.605] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0053.605] lstrcmpiW (lpString1="Application Data", lpString2="Windows") returned -1 [0053.605] lstrcmpiW (lpString1="Application Data", lpString2="Program Files") returned -1 [0053.605] lstrcmpiW (lpString1="Application Data", lpString2="Program Files (x86)") returned -1 [0053.605] lstrcmpiW (lpString1="Application Data", lpString2="$Recycle.bin") returned 1 [0053.605] lstrcmpiW (lpString1="Application Data", lpString2="System Volume Information") returned -1 [0053.605] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0053.605] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0053.605] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Application Data") returned 39 [0053.605] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.605] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Application Data") returned="\\\\?\\C:\\Users\\All Users\\Application Data" [0053.605] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Application Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Application Data\\*") returned="\\\\?\\C:\\Users\\All Users\\Application Data\\*" [0053.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Application Data\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3232ba40, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0053.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.606] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0053.606] lstrcmpiW (lpString1="Desktop", lpString2="Windows") returned -1 [0053.606] lstrcmpiW (lpString1="Desktop", lpString2="Program Files") returned -1 [0053.606] lstrcmpiW (lpString1="Desktop", lpString2="Program Files (x86)") returned -1 [0053.606] lstrcmpiW (lpString1="Desktop", lpString2="$Recycle.bin") returned 1 [0053.606] lstrcmpiW (lpString1="Desktop", lpString2="System Volume Information") returned -1 [0053.606] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Desktop") returned 30 [0053.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.606] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Desktop") returned="\\\\?\\C:\\Users\\All Users\\Desktop" [0053.606] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Desktop", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Desktop\\*") returned="\\\\?\\C:\\Users\\All Users\\Desktop\\*" [0053.606] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Desktop\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3232ba40, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0053.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.606] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0053.606] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Documents") returned 32 [0053.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.606] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Documents" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Documents") returned="\\\\?\\C:\\Users\\All Users\\Documents" [0053.606] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Documents", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Documents\\*") returned="\\\\?\\C:\\Users\\All Users\\Documents\\*" [0053.606] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Documents\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3232ba40, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0053.606] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.606] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0053.606] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Favorites") returned 32 [0053.606] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.606] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Favorites") returned="\\\\?\\C:\\Users\\All Users\\Favorites" [0053.607] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Favorites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Favorites\\*") returned="\\\\?\\C:\\Users\\All Users\\Favorites\\*" [0053.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Favorites\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3232ba40, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3232ba40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3232ba40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0053.607] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0053.607] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b56d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.607] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\LOLKEK.txt") returned 33 [0053.607] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.607] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.607] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0053.607] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft") returned 32 [0053.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0053.607] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft") returned="\\\\?\\C:\\Users\\All Users\\Microsoft" [0053.607] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\*" [0053.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0053.607] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.607] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance") returned 43 [0053.607] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.607] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance" [0053.607] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\*" [0053.607] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x323c3fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323c3fc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.608] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client") returned 50 [0053.608] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.608] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client" [0053.608] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\*" [0053.608] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x32377d00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32377d00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.608] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0") returned 54 [0053.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.609] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0" [0053.609] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\*" [0053.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3fc949a4, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x32377d00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32377d00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.609] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned 60 [0053.609] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.609] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US" [0053.609] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*" [0053.609] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x243448f1, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x351e2a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x351e2a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e358 [0053.609] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D.lolkek") returned 87 [0053.609] StrStrIW (lpFirst="Help_CValidator.H1D.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.609] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae2660aa, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x351705e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3664d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MKWD_AssetId.H1W.lolkek", cAlternateFileName="HELP_M~2.LOL")) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_AssetId.H1W.lolkek") returned 89 [0053.610] StrStrIW (lpFirst="Help_MKWD_AssetId.H1W.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.610] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae409b6f, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x351705e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3263d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MKWD_BestBet.H1W.lolkek", cAlternateFileName="HELP_M~1.LOL")) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W.lolkek") returned 89 [0053.610] StrStrIW (lpFirst="Help_MKWD_BestBet.H1W.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.610] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x35196740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x79f6b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MTOC_help.H1H.lolkek", cAlternateFileName="HELP_M~4.LOL")) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H.lolkek") returned 86 [0053.610] StrStrIW (lpFirst="Help_MTOC_help.H1H.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.610] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26353250, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x351bc8a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3995, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MValidator.H1D.lolkek", cAlternateFileName="HEF8FD~1.LOL")) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.H1D.lolkek") returned 87 [0053.610] StrStrIW (lpFirst="Help_MValidator.H1D.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.610] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24534c56, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae45604d, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x351705e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x55, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help_MValidator.Lck.lolkek", cAlternateFileName="HELP_M~3.LOL")) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck.lolkek") returned 87 [0053.610] StrStrIW (lpFirst="Help_MValidator.Lck.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.610] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x249fa376, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xae0e8854, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x351e2a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xd5361, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.lolkek", cAlternateFileName="HELP{9~1.LOL")) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.lolkek") returned 114 [0053.610] StrStrIW (lpFirst="Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.610] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32351ba0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32351ba0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32351ba0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\LOLKEK.txt") returned 71 [0053.610] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.610] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.610] FindNextFileW (in: hFindFile=0x62e358, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32351ba0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32351ba0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32351ba0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.610] FindClose (in: hFindFile=0x62e358 | out: hFindFile=0x62e358) returned 1 [0053.610] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\LOLKEK.txt") returned 71 [0053.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\en-US\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.610] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.610] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32377d00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32377d00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32377d00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.610] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\LOLKEK.txt") returned 65 [0053.610] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.610] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.611] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32377d00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32377d00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32377d00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.611] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.611] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\LOLKEK.txt") returned 65 [0053.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\1.0\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\1.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.611] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32377d00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32377d00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32377d00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.611] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\LOLKEK.txt") returned 61 [0053.611] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.611] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.611] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32377d00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32377d00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32377d00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.611] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.611] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\LOLKEK.txt") returned 61 [0053.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\Client\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\assistance\\client\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.611] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323c3fc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323c3fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323ea120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.611] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\LOLKEK.txt") returned 54 [0053.611] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.611] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.611] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x323c3fc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323c3fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323ea120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.611] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.611] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\LOLKEK.txt") returned 54 [0053.611] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Assistance\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\assistance\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.611] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.612] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32540d80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32540d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Crypto", cAlternateFileName="")) returned 1 [0053.612] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto") returned 39 [0053.612] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.613] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto" [0053.613] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\*" [0053.613] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32540d80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32540d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.613] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS") returned 43 [0053.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.613] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS" [0053.613] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*" [0053.613] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x323ea120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323ea120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.613] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\LOLKEK.txt") returned 54 [0053.613] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.613] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.613] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x323ea120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323ea120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0053.613] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys") returned 55 [0053.613] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.614] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys" [0053.614] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\*" [0053.614] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x323ea120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323ea120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.614] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\LOLKEK.txt") returned 66 [0053.614] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.614] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.614] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x323ea120, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x323ea120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323ea120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.614] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.614] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\LOLKEK.txt") returned 66 [0053.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\crypto\\dss\\machinekeys\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.614] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x323ea120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x323ea120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0053.614] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.614] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\LOLKEK.txt") returned 54 [0053.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\crypto\\dss\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.614] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.614] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3245c540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3245c540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Keys", cAlternateFileName="")) returned 1 [0053.615] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys") returned 44 [0053.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.615] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys" [0053.615] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\*" [0053.615] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3245c540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3245c540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.615] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\LOLKEK.txt") returned 55 [0053.615] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.615] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.615] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3245c540, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3245c540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3245c540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.615] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.615] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\LOLKEK.txt") returned 55 [0053.615] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\crypto\\keys\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.615] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.615] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32540d80, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32540d80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32540d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.615] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\LOLKEK.txt") returned 50 [0053.615] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.615] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.615] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x324f4ac0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x324f4ac0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 1 [0053.615] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA") returned 43 [0053.615] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.615] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA" [0053.615] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*" [0053.615] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x324f4ac0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x324f4ac0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.616] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\LOLKEK.txt") returned 54 [0053.616] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.616] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.616] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3245c540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3245c540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0053.616] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys") returned 55 [0053.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.616] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys" [0053.616] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\*" [0053.616] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3245c540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3245c540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.616] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\LOLKEK.txt") returned 66 [0053.616] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.616] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.616] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3245c540, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3245c540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3245c540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.616] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.616] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\LOLKEK.txt") returned 66 [0053.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\machinekeys\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.616] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.616] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x35208b60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x35208b60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0053.616] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned 52 [0053.616] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.616] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18" [0053.616] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*" [0053.616] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x35208b60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x35208b60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.617] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek") returned 129 [0053.617] StrStrIW (lpFirst="6d14e4b1d8ca773bab785d1be032546e_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.617] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5bc2f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe5bc2f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x35208b60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x46e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek", cAlternateFileName="D42CC0~1.LOL")) returned 1 [0053.617] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek") returned 129 [0053.617] StrStrIW (lpFirst="d42cc0c3858a58db2db37658219e6400_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.617] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x324a8800, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x324a8800, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x324f4ac0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.617] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\LOLKEK.txt") returned 63 [0053.617] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.617] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.617] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x324a8800, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x324a8800, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x324f4ac0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.617] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.617] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\LOLKEK.txt") returned 63 [0053.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\s-1-5-18\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.617] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfc65d150, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x35208b60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x35208b60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0053.617] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.617] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\LOLKEK.txt") returned 54 [0053.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\crypto\\rsa\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.617] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x324f4ac0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x324f4ac0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 0 [0053.617] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.617] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\LOLKEK.txt") returned 50 [0053.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Crypto\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\crypto\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.617] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.618] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0053.618] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage") returned 45 [0053.618] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.618] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage" [0053.618] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\*" [0053.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.619] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device") returned 52 [0053.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.619] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device" [0053.619] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*" [0053.619] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.619] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\LOLKEK.txt") returned 63 [0053.619] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.619] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.619] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0053.619] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned 91 [0053.619] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.619] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" [0053.620] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*" [0053.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.620] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png") returned 106 [0053.620] StrStrIW (lpFirst="background.png", lpSrch=".lolkek") returned 0x0 [0053.620] lstrcmpW (lpString1="background.png", lpString2="LOLKEK.txt") returned -1 [0053.620] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png") returned 106 [0053.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x61a2a8 [0053.620] lstrcpyW (in: lpString1=0x61a2a8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" [0053.620] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.620] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.620] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7c5b0d9, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xc7c5b0d9, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xc7c5b0d9, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0053.620] lstrcmpiW (lpString1="behavior.xml", lpString2="Windows") returned -1 [0053.620] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files") returned -1 [0053.620] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files (x86)") returned -1 [0053.620] lstrcmpiW (lpString1="behavior.xml", lpString2="$Recycle.bin") returned 1 [0053.620] lstrcmpiW (lpString1="behavior.xml", lpString2="System Volume Information") returned -1 [0053.620] lstrcmpiW (lpString1="behavior.xml", lpString2=".") returned 1 [0053.620] lstrcmpiW (lpString1="behavior.xml", lpString2="..") returned 1 [0053.620] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml") returned 104 [0053.620] StrStrIW (lpFirst="behavior.xml", lpSrch=".lolkek") returned 0x0 [0053.620] lstrcmpW (lpString1="behavior.xml", lpString2="LOLKEK.txt") returned -1 [0053.620] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml") returned 104 [0053.620] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3bf11a0 [0053.620] lstrcpyW (in: lpString1=0x3bf11a0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" [0053.620] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.640] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.640] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f07a66f, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f07a66f, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76b3ce5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="device.png", cAlternateFileName="")) returned 1 [0053.640] lstrcmpiW (lpString1="device.png", lpString2="Windows") returned -1 [0053.640] lstrcmpiW (lpString1="device.png", lpString2="Program Files") returned -1 [0053.641] lstrcmpiW (lpString1="device.png", lpString2="Program Files (x86)") returned -1 [0053.641] lstrcmpiW (lpString1="device.png", lpString2="$Recycle.bin") returned 1 [0053.641] lstrcmpiW (lpString1="device.png", lpString2="System Volume Information") returned -1 [0053.641] lstrcmpiW (lpString1="device.png", lpString2=".") returned 1 [0053.641] lstrcmpiW (lpString1="device.png", lpString2="..") returned 1 [0053.641] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png") returned 102 [0053.641] StrStrIW (lpFirst="device.png", lpSrch=".lolkek") returned 0x0 [0053.641] lstrcmpW (lpString1="device.png", lpString2="LOLKEK.txt") returned -1 [0053.641] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png") returned 102 [0053.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3be0050 [0053.641] lstrcpyW (in: lpString1=0x3be0050, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" [0053.641] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.641] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.641] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x325d9300, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.641] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.641] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.641] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.641] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.641] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.641] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.641] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.641] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\LOLKEK.txt") returned 102 [0053.641] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.641] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.641] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0a07cc, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0a07cc, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0053.641] lstrcmpiW (lpString1="overlay.png", lpString2="Windows") returned -1 [0053.641] lstrcmpiW (lpString1="overlay.png", lpString2="Program Files") returned -1 [0053.641] lstrcmpiW (lpString1="overlay.png", lpString2="Program Files (x86)") returned -1 [0053.641] lstrcmpiW (lpString1="overlay.png", lpString2="$Recycle.bin") returned 1 [0053.641] lstrcmpiW (lpString1="overlay.png", lpString2="System Volume Information") returned -1 [0053.641] lstrcmpiW (lpString1="overlay.png", lpString2=".") returned 1 [0053.641] lstrcmpiW (lpString1="overlay.png", lpString2="..") returned 1 [0053.641] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png") returned 103 [0053.641] StrStrIW (lpFirst="overlay.png", lpSrch=".lolkek") returned 0x0 [0053.641] lstrcmpW (lpString1="overlay.png", lpString2="LOLKEK.txt") returned 1 [0053.641] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png") returned 103 [0053.641] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x62c750 [0053.641] lstrcpyW (in: lpString1=0x62c750, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" [0053.642] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.642] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.642] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0053.642] lstrcmpiW (lpString1="superbar.png", lpString2="Windows") returned -1 [0053.642] lstrcmpiW (lpString1="superbar.png", lpString2="Program Files") returned 1 [0053.642] lstrcmpiW (lpString1="superbar.png", lpString2="Program Files (x86)") returned 1 [0053.642] lstrcmpiW (lpString1="superbar.png", lpString2="$Recycle.bin") returned 1 [0053.642] lstrcmpiW (lpString1="superbar.png", lpString2="System Volume Information") returned -1 [0053.642] lstrcmpiW (lpString1="superbar.png", lpString2=".") returned 1 [0053.642] lstrcmpiW (lpString1="superbar.png", lpString2="..") returned 1 [0053.642] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png") returned 104 [0053.642] StrStrIW (lpFirst="superbar.png", lpSrch=".lolkek") returned 0x0 [0053.642] lstrcmpW (lpString1="superbar.png", lpString2="LOLKEK.txt") returned 1 [0053.642] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png") returned 104 [0053.642] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3de0f28 [0053.642] lstrcpyW (in: lpString1=0x3de0f28, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png" [0053.642] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.642] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.642] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0c6929, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0c6929, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc76d9e43, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0053.642] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.642] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\LOLKEK.txt") returned 102 [0053.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.643] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0053.643] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="Windows") returned -1 [0053.643] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="Program Files") returned -1 [0053.643] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="Program Files (x86)") returned -1 [0053.643] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="$Recycle.bin") returned 1 [0053.643] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="System Volume Information") returned -1 [0053.643] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2=".") returned 1 [0053.643] lstrcmpiW (lpString1="{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="..") returned 1 [0053.643] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned 91 [0053.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.644] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}" [0053.644] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*" [0053.644] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.644] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.644] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.644] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.644] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.644] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.644] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.644] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.644] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.644] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.644] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.644] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.644] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.644] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.644] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.644] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0af2f7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x9c0af2f7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x9c0af2f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="background.png", cAlternateFileName="")) returned 1 [0053.644] lstrcmpiW (lpString1="background.png", lpString2="Windows") returned -1 [0053.644] lstrcmpiW (lpString1="background.png", lpString2="Program Files") returned -1 [0053.644] lstrcmpiW (lpString1="background.png", lpString2="Program Files (x86)") returned -1 [0053.644] lstrcmpiW (lpString1="background.png", lpString2="$Recycle.bin") returned 1 [0053.644] lstrcmpiW (lpString1="background.png", lpString2="System Volume Information") returned -1 [0053.644] lstrcmpiW (lpString1="background.png", lpString2=".") returned 1 [0053.644] lstrcmpiW (lpString1="background.png", lpString2="..") returned 1 [0053.645] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png") returned 106 [0053.645] StrStrIW (lpFirst="background.png", lpSrch=".lolkek") returned 0x0 [0053.645] lstrcmpW (lpString1="background.png", lpString2="LOLKEK.txt") returned -1 [0053.645] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png") returned 106 [0053.645] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3dd4c80 [0053.645] lstrcpyW (in: lpString1=0x3dd4c80, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\background.png" [0053.645] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.650] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.650] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2feb941, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2feb941, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x769, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0053.650] lstrcmpiW (lpString1="behavior.xml", lpString2="Windows") returned -1 [0053.650] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files") returned -1 [0053.650] lstrcmpiW (lpString1="behavior.xml", lpString2="Program Files (x86)") returned -1 [0053.650] lstrcmpiW (lpString1="behavior.xml", lpString2="$Recycle.bin") returned 1 [0053.650] lstrcmpiW (lpString1="behavior.xml", lpString2="System Volume Information") returned -1 [0053.650] lstrcmpiW (lpString1="behavior.xml", lpString2=".") returned 1 [0053.650] lstrcmpiW (lpString1="behavior.xml", lpString2="..") returned 1 [0053.650] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml") returned 104 [0053.650] StrStrIW (lpFirst="behavior.xml", lpSrch=".lolkek") returned 0x0 [0053.650] lstrcmpW (lpString1="behavior.xml", lpString2="LOLKEK.txt") returned -1 [0053.650] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml") returned 104 [0053.650] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3ca6420 [0053.650] lstrcpyW (in: lpString1=0x3ca6420, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\behavior.xml" [0053.650] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.661] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.661] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x325d9300, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.661] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.661] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.661] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.661] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.661] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.661] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.661] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.661] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\LOLKEK.txt") returned 102 [0053.661] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.661] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.661] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0053.661] lstrcmpiW (lpString1="watermark.png", lpString2="Windows") returned -1 [0053.661] lstrcmpiW (lpString1="watermark.png", lpString2="Program Files") returned 1 [0053.661] lstrcmpiW (lpString1="watermark.png", lpString2="Program Files (x86)") returned 1 [0053.661] lstrcmpiW (lpString1="watermark.png", lpString2="$Recycle.bin") returned 1 [0053.661] lstrcmpiW (lpString1="watermark.png", lpString2="System Volume Information") returned 1 [0053.661] lstrcmpiW (lpString1="watermark.png", lpString2=".") returned 1 [0053.661] lstrcmpiW (lpString1="watermark.png", lpString2="..") returned 1 [0053.661] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png") returned 105 [0053.661] StrStrIW (lpFirst="watermark.png", lpSrch=".lolkek") returned 0x0 [0053.661] lstrcmpW (lpString1="watermark.png", lpString2="LOLKEK.txt") returned 1 [0053.662] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png") returned 105 [0053.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x3dd7b20 [0053.662] lstrcpyW (in: lpString1=0x3dd7b20, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png" [0053.662] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.662] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.662] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3011a9e, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd3011a9e, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x9c0d5455, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0053.662] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.662] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\LOLKEK.txt") returned 102 [0053.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.662] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x325d9300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x325d9300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0053.662] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.662] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\LOLKEK.txt") returned 63 [0053.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.663] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.663] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.663] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.663] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.663] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.663] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.663] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.663] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.663] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\LOLKEK.txt") returned 56 [0053.663] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.663] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.663] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Task", cAlternateFileName="")) returned 1 [0053.663] lstrcmpiW (lpString1="Task", lpString2="Windows") returned -1 [0053.663] lstrcmpiW (lpString1="Task", lpString2="Program Files") returned 1 [0053.663] lstrcmpiW (lpString1="Task", lpString2="Program Files (x86)") returned 1 [0053.663] lstrcmpiW (lpString1="Task", lpString2="$Recycle.bin") returned 1 [0053.663] lstrcmpiW (lpString1="Task", lpString2="System Volume Information") returned 1 [0053.664] lstrcmpiW (lpString1="Task", lpString2=".") returned 1 [0053.664] lstrcmpiW (lpString1="Task", lpString2="..") returned 1 [0053.664] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task") returned 50 [0053.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.664] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task" [0053.664] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*" [0053.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.664] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.664] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.664] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.664] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.664] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.664] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.664] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.664] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.664] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.664] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.664] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.664] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.664] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.664] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.664] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.664] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.664] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.664] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.664] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.665] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.665] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.665] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.665] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\LOLKEK.txt") returned 61 [0053.665] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.665] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.665] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0053.665] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="Windows") returned -1 [0053.665] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="Program Files") returned -1 [0053.665] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="Program Files (x86)") returned -1 [0053.665] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="$Recycle.bin") returned 1 [0053.665] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="System Volume Information") returned -1 [0053.665] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2=".") returned 1 [0053.665] lstrcmpiW (lpString1="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="..") returned 1 [0053.665] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned 89 [0053.665] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.665] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}" [0053.665] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*" [0053.665] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.665] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.665] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.665] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.666] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.666] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.666] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.666] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.666] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.666] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.666] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.666] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.666] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.666] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.666] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.666] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0053.666] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0053.666] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0053.666] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0053.666] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0053.666] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0053.666] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0053.666] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0053.666] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned 95 [0053.666] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.666] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US" [0053.666] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*" [0053.666] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0053.666] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.667] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.667] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.667] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.667] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.667] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.667] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.667] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.667] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.667] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.667] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.667] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.667] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.667] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.667] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x326979e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.667] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.667] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.667] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.667] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.667] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.667] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.667] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.667] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\LOLKEK.txt") returned 106 [0053.667] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.667] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.667] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0053.667] lstrcmpiW (lpString1="resource.xml", lpString2="Windows") returned -1 [0053.667] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files") returned 1 [0053.667] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files (x86)") returned 1 [0053.667] lstrcmpiW (lpString1="resource.xml", lpString2="$Recycle.bin") returned 1 [0053.667] lstrcmpiW (lpString1="resource.xml", lpString2="System Volume Information") returned -1 [0053.667] lstrcmpiW (lpString1="resource.xml", lpString2=".") returned 1 [0053.667] lstrcmpiW (lpString1="resource.xml", lpString2="..") returned 1 [0053.667] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml") returned 108 [0053.667] StrStrIW (lpFirst="resource.xml", lpSrch=".lolkek") returned 0x0 [0053.667] lstrcmpW (lpString1="resource.xml", lpString2="LOLKEK.txt") returned 1 [0053.667] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml") returned 108 [0053.667] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60f448 [0053.667] lstrcpyW (in: lpString1=0x60f448, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\resource.xml" [0053.667] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.676] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.676] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x932b6af, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x95b44f8, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x932b6af, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0053.676] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0053.676] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\LOLKEK.txt") returned 106 [0053.677] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.677] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c7f9e6, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c7f9e6, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0053.677] lstrcmpiW (lpString1="folder.ico", lpString2="Windows") returned -1 [0053.677] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files") returned -1 [0053.677] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files (x86)") returned -1 [0053.677] lstrcmpiW (lpString1="folder.ico", lpString2="$Recycle.bin") returned 1 [0053.677] lstrcmpiW (lpString1="folder.ico", lpString2="System Volume Information") returned -1 [0053.677] lstrcmpiW (lpString1="folder.ico", lpString2=".") returned 1 [0053.677] lstrcmpiW (lpString1="folder.ico", lpString2="..") returned 1 [0053.677] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico") returned 100 [0053.677] StrStrIW (lpFirst="folder.ico", lpSrch=".lolkek") returned 0x0 [0053.677] lstrcmpW (lpString1="folder.ico", lpString2="LOLKEK.txt") returned -1 [0053.677] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico") returned 100 [0053.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x6188f0 [0053.677] lstrcpyW (in: lpString1=0x6188f0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\folder.ico" [0053.677] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.677] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.677] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x326979e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x326979e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x326979e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.677] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.677] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.677] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.677] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.677] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.677] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.677] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.677] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\LOLKEK.txt") returned 100 [0053.677] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.677] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.677] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2db04ce, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2db04ce, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c0e93d7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0053.677] lstrcmpiW (lpString1="netfol.ico", lpString2="Windows") returned -1 [0053.677] lstrcmpiW (lpString1="netfol.ico", lpString2="Program Files") returned -1 [0053.677] lstrcmpiW (lpString1="netfol.ico", lpString2="Program Files (x86)") returned -1 [0053.677] lstrcmpiW (lpString1="netfol.ico", lpString2="$Recycle.bin") returned 1 [0053.677] lstrcmpiW (lpString1="netfol.ico", lpString2="System Volume Information") returned -1 [0053.677] lstrcmpiW (lpString1="netfol.ico", lpString2=".") returned 1 [0053.677] lstrcmpiW (lpString1="netfol.ico", lpString2="..") returned 1 [0053.677] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico") returned 100 [0053.677] StrStrIW (lpFirst="netfol.ico", lpSrch=".lolkek") returned 0x0 [0053.677] lstrcmpW (lpString1="netfol.ico", lpString2="LOLKEK.txt") returned 1 [0053.677] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico") returned 100 [0053.677] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x60e608 [0053.677] lstrcpyW (in: lpString1=0x60e608, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\netfol.ico" [0053.678] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.710] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.710] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2ca5b43, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2ca5b43, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c10f535, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0053.710] lstrcmpiW (lpString1="pictures.ico", lpString2="Windows") returned -1 [0053.710] lstrcmpiW (lpString1="pictures.ico", lpString2="Program Files") returned -1 [0053.710] lstrcmpiW (lpString1="pictures.ico", lpString2="Program Files (x86)") returned -1 [0053.710] lstrcmpiW (lpString1="pictures.ico", lpString2="$Recycle.bin") returned 1 [0053.710] lstrcmpiW (lpString1="pictures.ico", lpString2="System Volume Information") returned -1 [0053.710] lstrcmpiW (lpString1="pictures.ico", lpString2=".") returned 1 [0053.710] lstrcmpiW (lpString1="pictures.ico", lpString2="..") returned 1 [0053.710] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico") returned 102 [0053.711] StrStrIW (lpFirst="pictures.ico", lpSrch=".lolkek") returned 0x0 [0053.711] lstrcmpW (lpString1="pictures.ico", lpString2="LOLKEK.txt") returned 1 [0053.711] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico") returned 102 [0053.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x631ed0 [0053.711] lstrcpyW (in: lpString1=0x631ed0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\pictures.ico" [0053.711] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.711] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.711] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2c59889, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2c59889, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1cdc0b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0053.711] lstrcmpiW (lpString1="resource.xml", lpString2="Windows") returned -1 [0053.711] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files") returned 1 [0053.711] lstrcmpiW (lpString1="resource.xml", lpString2="Program Files (x86)") returned 1 [0053.711] lstrcmpiW (lpString1="resource.xml", lpString2="$Recycle.bin") returned 1 [0053.711] lstrcmpiW (lpString1="resource.xml", lpString2="System Volume Information") returned -1 [0053.711] lstrcmpiW (lpString1="resource.xml", lpString2=".") returned 1 [0053.711] lstrcmpiW (lpString1="resource.xml", lpString2="..") returned 1 [0053.711] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml") returned 102 [0053.711] StrStrIW (lpFirst="resource.xml", lpSrch=".lolkek") returned 0x0 [0053.711] lstrcmpW (lpString1="resource.xml", lpString2="LOLKEK.txt") returned 1 [0053.711] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml") returned 102 [0053.711] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x3c94cd0 [0053.711] lstrcpyW (in: lpString1=0x3c94cd0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\resource.xml" [0053.711] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.730] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.730] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2cf1dfd, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2cf1dfd, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0053.731] lstrcmpiW (lpString1="ringtones.ico", lpString2="Windows") returned -1 [0053.731] lstrcmpiW (lpString1="ringtones.ico", lpString2="Program Files") returned 1 [0053.731] lstrcmpiW (lpString1="ringtones.ico", lpString2="Program Files (x86)") returned 1 [0053.731] lstrcmpiW (lpString1="ringtones.ico", lpString2="$Recycle.bin") returned 1 [0053.731] lstrcmpiW (lpString1="ringtones.ico", lpString2="System Volume Information") returned -1 [0053.731] lstrcmpiW (lpString1="ringtones.ico", lpString2=".") returned 1 [0053.731] lstrcmpiW (lpString1="ringtones.ico", lpString2="..") returned 1 [0053.731] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico") returned 103 [0053.731] StrStrIW (lpFirst="ringtones.ico", lpSrch=".lolkek") returned 0x0 [0053.731] lstrcmpW (lpString1="ringtones.ico", lpString2="LOLKEK.txt") returned 1 [0053.731] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico") returned 103 [0053.731] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a0) returned 0x3dddfa0 [0053.731] lstrcpyW (in: lpString1=0x3dddfa0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\ringtones.ico" [0053.731] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.731] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.731] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d17f5a, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d17f5a, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c1f3d69, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0053.731] lstrcmpiW (lpString1="settings.ico", lpString2="Windows") returned -1 [0053.731] lstrcmpiW (lpString1="settings.ico", lpString2="Program Files") returned 1 [0053.731] lstrcmpiW (lpString1="settings.ico", lpString2="Program Files (x86)") returned 1 [0053.731] lstrcmpiW (lpString1="settings.ico", lpString2="$Recycle.bin") returned 1 [0053.731] lstrcmpiW (lpString1="settings.ico", lpString2="System Volume Information") returned -1 [0053.731] lstrcmpiW (lpString1="settings.ico", lpString2=".") returned 1 [0053.731] lstrcmpiW (lpString1="settings.ico", lpString2="..") returned 1 [0053.731] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico") returned 102 [0053.731] StrStrIW (lpFirst="settings.ico", lpSrch=".lolkek") returned 0x0 [0053.731] lstrcmpW (lpString1="settings.ico", lpString2="LOLKEK.txt") returned 1 [0053.731] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico") returned 102 [0053.731] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x19c) returned 0x610ed8 [0053.731] lstrcpyW (in: lpString1=0x610ed8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\settings.ico" [0053.731] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.737] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.737] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d3e0b7, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d3e0b7, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0053.737] lstrcmpiW (lpString1="sync.ico", lpString2="Windows") returned -1 [0053.737] lstrcmpiW (lpString1="sync.ico", lpString2="Program Files") returned 1 [0053.737] lstrcmpiW (lpString1="sync.ico", lpString2="Program Files (x86)") returned 1 [0053.737] lstrcmpiW (lpString1="sync.ico", lpString2="$Recycle.bin") returned 1 [0053.737] lstrcmpiW (lpString1="sync.ico", lpString2="System Volume Information") returned -1 [0053.737] lstrcmpiW (lpString1="sync.ico", lpString2=".") returned 1 [0053.737] lstrcmpiW (lpString1="sync.ico", lpString2="..") returned 1 [0053.737] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico") returned 98 [0053.737] StrStrIW (lpFirst="sync.ico", lpSrch=".lolkek") returned 0x0 [0053.737] lstrcmpW (lpString1="sync.ico", lpString2="LOLKEK.txt") returned 1 [0053.737] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico") returned 98 [0053.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18c) returned 0x3eb7b50 [0053.737] lstrcpyW (in: lpString1=0x3eb7b50, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\sync.ico" [0053.737] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.737] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.737] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c219ec7, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0x7c219ec7, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x3473, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0053.737] lstrcmpiW (lpString1="tasks.xml", lpString2="Windows") returned -1 [0053.737] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files") returned 1 [0053.737] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files (x86)") returned 1 [0053.737] lstrcmpiW (lpString1="tasks.xml", lpString2="$Recycle.bin") returned 1 [0053.737] lstrcmpiW (lpString1="tasks.xml", lpString2="System Volume Information") returned 1 [0053.737] lstrcmpiW (lpString1="tasks.xml", lpString2=".") returned 1 [0053.737] lstrcmpiW (lpString1="tasks.xml", lpString2="..") returned 1 [0053.737] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml") returned 99 [0053.737] StrStrIW (lpFirst="tasks.xml", lpSrch=".lolkek") returned 0x0 [0053.737] lstrcmpW (lpString1="tasks.xml", lpString2="LOLKEK.txt") returned 1 [0053.737] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml") returned 99 [0053.737] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x3be01f8 [0053.737] lstrcpyW (in: lpString1=0x3be01f8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\tasks.xml" [0053.737] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.743] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.743] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0053.743] lstrcmpiW (lpString1="wmp.ico", lpString2="Windows") returned 1 [0053.743] lstrcmpiW (lpString1="wmp.ico", lpString2="Program Files") returned 1 [0053.743] lstrcmpiW (lpString1="wmp.ico", lpString2="Program Files (x86)") returned 1 [0053.744] lstrcmpiW (lpString1="wmp.ico", lpString2="$Recycle.bin") returned 1 [0053.744] lstrcmpiW (lpString1="wmp.ico", lpString2="System Volume Information") returned 1 [0053.744] lstrcmpiW (lpString1="wmp.ico", lpString2=".") returned 1 [0053.744] lstrcmpiW (lpString1="wmp.ico", lpString2="..") returned 1 [0053.744] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico") returned 97 [0053.744] StrStrIW (lpFirst="wmp.ico", lpSrch=".lolkek") returned 0x0 [0053.744] lstrcmpW (lpString1="wmp.ico", lpString2="LOLKEK.txt") returned 1 [0053.744] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico") returned 97 [0053.744] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x60eb70 [0053.744] lstrcpyW (in: lpString1=0x60eb70, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\wmp.ico" [0053.744] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.744] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.744] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2d64214, ftCreationTime.dwHighDateTime=0x1ca0407, ftLastAccessTime.dwLowDateTime=0xd2d64214, ftLastAccessTime.dwHighDateTime=0x1ca0407, ftLastWriteTime.dwLowDateTime=0x7c219ec7, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0053.744] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.744] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\LOLKEK.txt") returned 100 [0053.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.744] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.745] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0053.745] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="Windows") returned -1 [0053.745] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="Program Files") returned -1 [0053.745] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="Program Files (x86)") returned -1 [0053.745] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="$Recycle.bin") returned 1 [0053.745] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="System Volume Information") returned -1 [0053.745] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2=".") returned 1 [0053.745] lstrcmpiW (lpString1="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="..") returned 1 [0053.745] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned 89 [0053.745] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.746] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}" [0053.746] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*" [0053.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.746] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.746] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.746] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned 95 [0053.746] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3c95760 [0053.746] lstrcpyW (in: lpString1=0x3c95760, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US" [0053.746] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*" [0053.746] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32709e00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32709e00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0053.747] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\LOLKEK.txt") returned 106 [0053.747] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.747] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.747] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0053.747] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml") returned 108 [0053.747] StrStrIW (lpFirst="resource.xml", lpSrch=".lolkek") returned 0x0 [0053.747] lstrcmpW (lpString1="resource.xml", lpString2="LOLKEK.txt") returned 1 [0053.747] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml") returned 108 [0053.747] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60f280 [0053.747] lstrcpyW (in: lpString1=0x60f280, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\resource.xml" [0053.747] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.754] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.754] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2a152a, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xb5e9110, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xb2a152a, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0053.754] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0053.754] wsprintfW (in: param_1=0x3c95760, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\LOLKEK.txt") returned 106 [0053.754] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.754] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3c95760 | out: hHeap=0x5a0000) returned 1 [0053.754] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78a2eab, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0053.754] lstrcmpiW (lpString1="folder.ico", lpString2="Windows") returned -1 [0053.754] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files") returned -1 [0053.754] lstrcmpiW (lpString1="folder.ico", lpString2="Program Files (x86)") returned -1 [0053.754] lstrcmpiW (lpString1="folder.ico", lpString2="$Recycle.bin") returned 1 [0053.754] lstrcmpiW (lpString1="folder.ico", lpString2="System Volume Information") returned -1 [0053.754] lstrcmpiW (lpString1="folder.ico", lpString2=".") returned 1 [0053.754] lstrcmpiW (lpString1="folder.ico", lpString2="..") returned 1 [0053.754] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico") returned 100 [0053.754] StrStrIW (lpFirst="folder.ico", lpSrch=".lolkek") returned 0x0 [0053.754] lstrcmpW (lpString1="folder.ico", lpString2="LOLKEK.txt") returned -1 [0053.754] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico") returned 100 [0053.755] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x194) returned 0x3bf2af8 [0053.755] lstrcpyW (in: lpString1=0x3bf2af8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\folder.ico" [0053.755] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.766] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.766] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.766] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.766] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.766] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.766] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.766] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.766] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.766] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.766] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\LOLKEK.txt") returned 100 [0053.766] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.766] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.766] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0053.766] lstrcmpiW (lpString1="print_pref.ico", lpString2="Windows") returned -1 [0053.766] lstrcmpiW (lpString1="print_pref.ico", lpString2="Program Files") returned -1 [0053.766] lstrcmpiW (lpString1="print_pref.ico", lpString2="Program Files (x86)") returned -1 [0053.766] lstrcmpiW (lpString1="print_pref.ico", lpString2="$Recycle.bin") returned 1 [0053.766] lstrcmpiW (lpString1="print_pref.ico", lpString2="System Volume Information") returned -1 [0053.766] lstrcmpiW (lpString1="print_pref.ico", lpString2=".") returned 1 [0053.766] lstrcmpiW (lpString1="print_pref.ico", lpString2="..") returned 1 [0053.766] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico") returned 104 [0053.766] StrStrIW (lpFirst="print_pref.ico", lpSrch=".lolkek") returned 0x0 [0053.766] lstrcmpW (lpString1="print_pref.ico", lpString2="LOLKEK.txt") returned 1 [0053.766] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico") returned 104 [0053.766] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3bf2c98 [0053.766] lstrcpyW (in: lpString1=0x3bf2c98, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_pref.ico" [0053.767] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.768] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.768] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f0eca86, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f0eca86, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc78c9009, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0053.768] lstrcmpiW (lpString1="print_property.ico", lpString2="Windows") returned -1 [0053.768] lstrcmpiW (lpString1="print_property.ico", lpString2="Program Files") returned -1 [0053.768] lstrcmpiW (lpString1="print_property.ico", lpString2="Program Files (x86)") returned -1 [0053.768] lstrcmpiW (lpString1="print_property.ico", lpString2="$Recycle.bin") returned 1 [0053.768] lstrcmpiW (lpString1="print_property.ico", lpString2="System Volume Information") returned -1 [0053.768] lstrcmpiW (lpString1="print_property.ico", lpString2=".") returned 1 [0053.768] lstrcmpiW (lpString1="print_property.ico", lpString2="..") returned 1 [0053.768] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico") returned 108 [0053.768] StrStrIW (lpFirst="print_property.ico", lpSrch=".lolkek") returned 0x0 [0053.768] lstrcmpW (lpString1="print_property.ico", lpString2="LOLKEK.txt") returned 1 [0053.768] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico") returned 108 [0053.768] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b4) returned 0x60f610 [0053.768] lstrcpyW (in: lpString1=0x60f610, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_property.ico" [0053.768] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.769] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.769] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f112be3, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f112be3, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7be8cbf, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0053.770] lstrcmpiW (lpString1="print_queue.ico", lpString2="Windows") returned -1 [0053.770] lstrcmpiW (lpString1="print_queue.ico", lpString2="Program Files") returned -1 [0053.770] lstrcmpiW (lpString1="print_queue.ico", lpString2="Program Files (x86)") returned -1 [0053.770] lstrcmpiW (lpString1="print_queue.ico", lpString2="$Recycle.bin") returned 1 [0053.770] lstrcmpiW (lpString1="print_queue.ico", lpString2="System Volume Information") returned -1 [0053.770] lstrcmpiW (lpString1="print_queue.ico", lpString2=".") returned 1 [0053.770] lstrcmpiW (lpString1="print_queue.ico", lpString2="..") returned 1 [0053.770] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico") returned 105 [0053.770] StrStrIW (lpFirst="print_queue.ico", lpSrch=".lolkek") returned 0x0 [0053.770] lstrcmpW (lpString1="print_queue.ico", lpString2="LOLKEK.txt") returned 1 [0053.770] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico") returned 105 [0053.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x3ca5f28 [0053.770] lstrcpyW (in: lpString1=0x3ca5f28, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\print_queue.ico" [0053.770] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.770] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.770] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0053.770] lstrcmpiW (lpString1="scan_.ico", lpString2="Windows") returned -1 [0053.770] lstrcmpiW (lpString1="scan_.ico", lpString2="Program Files") returned 1 [0053.770] lstrcmpiW (lpString1="scan_.ico", lpString2="Program Files (x86)") returned 1 [0053.770] lstrcmpiW (lpString1="scan_.ico", lpString2="$Recycle.bin") returned 1 [0053.770] lstrcmpiW (lpString1="scan_.ico", lpString2="System Volume Information") returned -1 [0053.770] lstrcmpiW (lpString1="scan_.ico", lpString2=".") returned 1 [0053.770] lstrcmpiW (lpString1="scan_.ico", lpString2="..") returned 1 [0053.770] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico") returned 99 [0053.770] StrStrIW (lpFirst="scan_.ico", lpSrch=".lolkek") returned 0x0 [0053.770] lstrcmpW (lpString1="scan_.ico", lpString2="LOLKEK.txt") returned 1 [0053.770] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico") returned 99 [0053.770] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x3ca60d8 [0053.770] lstrcpyW (in: lpString1=0x3ca60d8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_.ico" [0053.770] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.786] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.786] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f15ee9d, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f15ee9d, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c0ee1d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0053.786] lstrcmpiW (lpString1="scan_property.ico", lpString2="Windows") returned -1 [0053.786] lstrcmpiW (lpString1="scan_property.ico", lpString2="Program Files") returned 1 [0053.786] lstrcmpiW (lpString1="scan_property.ico", lpString2="Program Files (x86)") returned 1 [0053.787] lstrcmpiW (lpString1="scan_property.ico", lpString2="$Recycle.bin") returned 1 [0053.787] lstrcmpiW (lpString1="scan_property.ico", lpString2="System Volume Information") returned -1 [0053.787] lstrcmpiW (lpString1="scan_property.ico", lpString2=".") returned 1 [0053.787] lstrcmpiW (lpString1="scan_property.ico", lpString2="..") returned 1 [0053.787] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico") returned 107 [0053.787] StrStrIW (lpFirst="scan_property.ico", lpSrch=".lolkek") returned 0x0 [0053.787] lstrcmpW (lpString1="scan_property.ico", lpString2="LOLKEK.txt") returned 1 [0053.787] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico") returned 107 [0053.787] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x634058 [0053.787] lstrcpyW (in: lpString1=0x634058, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_property.ico" [0053.787] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.791] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.791] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f138d40, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f138d40, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7c34f7b, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0053.791] lstrcmpiW (lpString1="scan_settings.ico", lpString2="Windows") returned -1 [0053.791] lstrcmpiW (lpString1="scan_settings.ico", lpString2="Program Files") returned 1 [0053.791] lstrcmpiW (lpString1="scan_settings.ico", lpString2="Program Files (x86)") returned 1 [0053.791] lstrcmpiW (lpString1="scan_settings.ico", lpString2="$Recycle.bin") returned 1 [0053.791] lstrcmpiW (lpString1="scan_settings.ico", lpString2="System Volume Information") returned -1 [0053.791] lstrcmpiW (lpString1="scan_settings.ico", lpString2=".") returned 1 [0053.791] lstrcmpiW (lpString1="scan_settings.ico", lpString2="..") returned 1 [0053.791] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico") returned 107 [0053.791] StrStrIW (lpFirst="scan_settings.ico", lpSrch=".lolkek") returned 0x0 [0053.791] lstrcmpW (lpString1="scan_settings.ico", lpString2="LOLKEK.txt") returned 1 [0053.791] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico") returned 107 [0053.791] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x634210 [0053.791] lstrcpyW (in: lpString1=0x634210, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\scan_settings.ico" [0053.791] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.833] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.833] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0053.833] lstrcmpiW (lpString1="tasks.xml", lpString2="Windows") returned -1 [0053.833] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files") returned 1 [0053.833] lstrcmpiW (lpString1="tasks.xml", lpString2="Program Files (x86)") returned 1 [0053.833] lstrcmpiW (lpString1="tasks.xml", lpString2="$Recycle.bin") returned 1 [0053.833] lstrcmpiW (lpString1="tasks.xml", lpString2="System Volume Information") returned 1 [0053.833] lstrcmpiW (lpString1="tasks.xml", lpString2=".") returned 1 [0053.833] lstrcmpiW (lpString1="tasks.xml", lpString2="..") returned 1 [0053.833] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml") returned 99 [0053.834] StrStrIW (lpFirst="tasks.xml", lpSrch=".lolkek") returned 0x0 [0053.834] lstrcmpW (lpString1="tasks.xml", lpString2="LOLKEK.txt") returned 1 [0053.834] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml") returned 99 [0053.834] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x190) returned 0x3dde238 [0053.834] lstrcpyW (in: lpString1=0x3dde238, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\tasks.xml" [0053.834] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.843] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.843] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f054512, ftCreationTime.dwHighDateTime=0x1ca040c, ftLastAccessTime.dwLowDateTime=0x5f054512, ftLastAccessTime.dwHighDateTime=0x1ca040c, ftLastWriteTime.dwLowDateTime=0xc7d3f90d, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tasks.xml", cAlternateFileName="")) returned 0 [0053.843] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.843] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\LOLKEK.txt") returned 100 [0053.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.843] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0053.843] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.843] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\LOLKEK.txt") returned 61 [0053.843] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\task\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.845] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd96989e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Task", cAlternateFileName="")) returned 0 [0053.845] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.845] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\LOLKEK.txt") returned 56 [0053.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Device Stage\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.845] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.845] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0053.845] lstrcmpiW (lpString1="DeviceSync", lpString2="Windows") returned -1 [0053.845] lstrcmpiW (lpString1="DeviceSync", lpString2="Program Files") returned -1 [0053.845] lstrcmpiW (lpString1="DeviceSync", lpString2="Program Files (x86)") returned -1 [0053.845] lstrcmpiW (lpString1="DeviceSync", lpString2="$Recycle.bin") returned 1 [0053.845] lstrcmpiW (lpString1="DeviceSync", lpString2="System Volume Information") returned -1 [0053.846] lstrcmpiW (lpString1="DeviceSync", lpString2=".") returned 1 [0053.846] lstrcmpiW (lpString1="DeviceSync", lpString2="..") returned 1 [0053.846] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync") returned 43 [0053.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.846] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync" [0053.846] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync\\*" [0053.846] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.846] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.846] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.846] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.846] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.846] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.846] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.846] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.846] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.846] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.846] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.846] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.846] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.846] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.846] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.846] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.846] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.846] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.846] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.846] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.846] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.846] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.846] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.846] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync\\LOLKEK.txt") returned 54 [0053.846] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.846] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.846] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.846] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.846] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync\\LOLKEK.txt") returned 54 [0053.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\DeviceSync\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\devicesync\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.846] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.846] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DRM", cAlternateFileName="")) returned 1 [0053.847] lstrcmpiW (lpString1="DRM", lpString2="Windows") returned -1 [0053.847] lstrcmpiW (lpString1="DRM", lpString2="Program Files") returned -1 [0053.847] lstrcmpiW (lpString1="DRM", lpString2="Program Files (x86)") returned -1 [0053.847] lstrcmpiW (lpString1="DRM", lpString2="$Recycle.bin") returned 1 [0053.847] lstrcmpiW (lpString1="DRM", lpString2="System Volume Information") returned -1 [0053.847] lstrcmpiW (lpString1="DRM", lpString2=".") returned 1 [0053.847] lstrcmpiW (lpString1="DRM", lpString2="..") returned 1 [0053.847] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM") returned 36 [0053.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.847] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM" [0053.847] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\*" [0053.847] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.847] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.847] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.847] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.847] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.847] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.847] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.847] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.847] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.847] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.847] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.847] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.847] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.847] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.847] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.847] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.847] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.847] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.847] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.847] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.847] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.847] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.847] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.847] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\LOLKEK.txt") returned 47 [0053.847] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.847] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.847] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Server", cAlternateFileName="")) returned 1 [0053.847] lstrcmpiW (lpString1="Server", lpString2="Windows") returned -1 [0053.847] lstrcmpiW (lpString1="Server", lpString2="Program Files") returned 1 [0053.847] lstrcmpiW (lpString1="Server", lpString2="Program Files (x86)") returned 1 [0053.847] lstrcmpiW (lpString1="Server", lpString2="$Recycle.bin") returned 1 [0053.847] lstrcmpiW (lpString1="Server", lpString2="System Volume Information") returned -1 [0053.847] lstrcmpiW (lpString1="Server", lpString2=".") returned 1 [0053.848] lstrcmpiW (lpString1="Server", lpString2="..") returned 1 [0053.848] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server") returned 43 [0053.848] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.848] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server" [0053.848] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server\\*" [0053.848] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.848] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.848] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.848] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.848] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.848] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.848] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.848] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.848] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.848] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.848] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.848] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.848] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.848] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.848] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.848] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.848] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.848] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.848] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.848] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.848] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.848] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.849] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.849] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server\\LOLKEK.txt") returned 54 [0053.849] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.849] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.849] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3272ff60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.849] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.849] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server\\LOLKEK.txt") returned 54 [0053.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\Server\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\drm\\server\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.849] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3272ff60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3272ff60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Server", cAlternateFileName="")) returned 0 [0053.849] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.849] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\LOLKEK.txt") returned 47 [0053.849] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\DRM\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\drm\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.849] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="eHome", cAlternateFileName="")) returned 1 [0053.849] lstrcmpiW (lpString1="eHome", lpString2="Windows") returned -1 [0053.849] lstrcmpiW (lpString1="eHome", lpString2="Program Files") returned -1 [0053.849] lstrcmpiW (lpString1="eHome", lpString2="Program Files (x86)") returned -1 [0053.849] lstrcmpiW (lpString1="eHome", lpString2="$Recycle.bin") returned 1 [0053.849] lstrcmpiW (lpString1="eHome", lpString2="System Volume Information") returned -1 [0053.849] lstrcmpiW (lpString1="eHome", lpString2=".") returned 1 [0053.849] lstrcmpiW (lpString1="eHome", lpString2="..") returned 1 [0053.849] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome") returned 38 [0053.849] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.849] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome" [0053.849] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\*" [0053.849] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.849] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.849] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.849] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.849] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.849] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.849] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.849] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.850] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.850] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.850] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.850] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="logs", cAlternateFileName="")) returned 1 [0053.850] lstrcmpiW (lpString1="logs", lpString2="Windows") returned -1 [0053.850] lstrcmpiW (lpString1="logs", lpString2="Program Files") returned -1 [0053.850] lstrcmpiW (lpString1="logs", lpString2="Program Files (x86)") returned -1 [0053.850] lstrcmpiW (lpString1="logs", lpString2="$Recycle.bin") returned 1 [0053.850] lstrcmpiW (lpString1="logs", lpString2="System Volume Information") returned -1 [0053.850] lstrcmpiW (lpString1="logs", lpString2=".") returned 1 [0053.850] lstrcmpiW (lpString1="logs", lpString2="..") returned 1 [0053.850] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs") returned 43 [0053.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.850] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs" [0053.850] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs\\*" [0053.850] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.850] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.850] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.850] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.850] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.850] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.850] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.850] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x9182055d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.850] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.850] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.850] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.850] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.850] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.850] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.850] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.850] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.850] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.850] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.851] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs\\LOLKEK.txt") returned 54 [0053.851] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.851] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.851] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.851] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.851] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs\\LOLKEK.txt") returned 54 [0053.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\logs\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\ehome\\logs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.851] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.851] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.851] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\LOLKEK.txt") returned 49 [0053.851] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.851] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.851] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.851] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.851] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\LOLKEK.txt") returned 49 [0053.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\eHome\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\ehome\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.851] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.851] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0053.851] lstrcmpiW (lpString1="Event Viewer", lpString2="Windows") returned -1 [0053.851] lstrcmpiW (lpString1="Event Viewer", lpString2="Program Files") returned -1 [0053.851] lstrcmpiW (lpString1="Event Viewer", lpString2="Program Files (x86)") returned -1 [0053.851] lstrcmpiW (lpString1="Event Viewer", lpString2="$Recycle.bin") returned 1 [0053.851] lstrcmpiW (lpString1="Event Viewer", lpString2="System Volume Information") returned -1 [0053.851] lstrcmpiW (lpString1="Event Viewer", lpString2=".") returned 1 [0053.851] lstrcmpiW (lpString1="Event Viewer", lpString2="..") returned 1 [0053.851] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer") returned 45 [0053.851] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.851] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer" [0053.851] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\*" [0053.852] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.852] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.852] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.852] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.852] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.852] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.852] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.852] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.852] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.852] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.852] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.852] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.852] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.852] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.852] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.852] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.852] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.852] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.852] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.852] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.852] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.852] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.852] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.852] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\LOLKEK.txt") returned 56 [0053.852] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.852] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.852] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Views", cAlternateFileName="")) returned 1 [0053.852] lstrcmpiW (lpString1="Views", lpString2="Windows") returned -1 [0053.852] lstrcmpiW (lpString1="Views", lpString2="Program Files") returned 1 [0053.852] lstrcmpiW (lpString1="Views", lpString2="Program Files (x86)") returned 1 [0053.852] lstrcmpiW (lpString1="Views", lpString2="$Recycle.bin") returned 1 [0053.852] lstrcmpiW (lpString1="Views", lpString2="System Volume Information") returned 1 [0053.853] lstrcmpiW (lpString1="Views", lpString2=".") returned 1 [0053.853] lstrcmpiW (lpString1="Views", lpString2="..") returned 1 [0053.853] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views") returned 51 [0053.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.853] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views" [0053.853] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\*" [0053.853] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.853] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.853] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.853] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.853] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.853] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.853] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.853] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.853] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.853] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.853] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.853] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.853] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.853] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.853] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.853] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ApplicationViewsRootNode", cAlternateFileName="APPLIC~1")) returned 1 [0053.853] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="Windows") returned -1 [0053.853] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="Program Files") returned -1 [0053.853] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="Program Files (x86)") returned -1 [0053.853] lstrcmpiW (lpString1="ApplicationViewsRootNode", lpString2="$Recycle.bin") returned 1 [0053.853] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned 76 [0053.853] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.854] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode" [0053.854] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*" [0053.854] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.854] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.854] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\LOLKEK.txt") returned 87 [0053.854] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.854] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.854] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.854] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.854] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\LOLKEK.txt") returned 87 [0053.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\ApplicationViewsRootNode\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\event viewer\\views\\applicationviewsrootnode\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.855] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.855] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\LOLKEK.txt") returned 62 [0053.855] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.855] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.855] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327560c0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.855] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.855] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\LOLKEK.txt") returned 62 [0053.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\Views\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\event viewer\\views\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.855] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3235c810, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x327560c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327560c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Views", cAlternateFileName="")) returned 0 [0053.855] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.855] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\LOLKEK.txt") returned 56 [0053.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Event Viewer\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\event viewer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.855] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.855] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x362b2560, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x362b2560, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IdentityCRL", cAlternateFileName="IDENTI~1")) returned 1 [0053.855] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL") returned 44 [0053.855] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.855] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL" [0053.855] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\*" [0053.855] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd98f9f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x362b2560, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x362b2560, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.856] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\LOLKEK.txt") returned 55 [0053.856] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.856] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.856] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd591378b, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd591378b, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x362b2560, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3d51, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ppcrlconfig.dll.lolkek", cAlternateFileName="PPCRLC~1.LOL")) returned 1 [0053.856] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlconfig.dll.lolkek") returned 67 [0053.856] StrStrIW (lpFirst="ppcrlconfig.dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.856] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x362b2560, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3e159, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ppcrlui.dll.lolkek", cAlternateFileName="")) returned 1 [0053.856] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\ppcrlui.dll.lolkek") returned 63 [0053.856] StrStrIW (lpFirst="ppcrlui.dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.856] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd582ef5d, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xd582ef5d, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x362b2560, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3e159, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ppcrlui.dll.lolkek", cAlternateFileName="")) returned 0 [0053.856] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.856] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\LOLKEK.txt") returned 55 [0053.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\IdentityCRL\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\identitycrl\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.856] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.857] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32c3ee20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.857] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\LOLKEK.txt") returned 43 [0053.857] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.857] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.857] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0053.857] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player") returned 45 [0053.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.857] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player" [0053.857] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player\\*" [0053.857] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ee349fc, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.857] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player\\LOLKEK.txt") returned 56 [0053.857] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.857] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.857] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.857] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.857] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player\\LOLKEK.txt") returned 56 [0053.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Media Player\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\media player\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.857] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.857] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x362d86c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x362d86c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MF", cAlternateFileName="")) returned 1 [0053.857] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF") returned 35 [0053.857] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.857] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF" [0053.857] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\*" [0053.857] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x362d86c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x362d86c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.857] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\Active.GRL.lolkek") returned 53 [0053.857] StrStrIW (lpFirst="Active.GRL.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.857] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.857] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\LOLKEK.txt") returned 46 [0053.857] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.857] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.857] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x362d86c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3acd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pending.GRL.lolkek", cAlternateFileName="")) returned 1 [0053.858] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\Pending.GRL.lolkek") returned 54 [0053.858] StrStrIW (lpFirst="Pending.GRL.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.858] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x362d86c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3acd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Pending.GRL.lolkek", cAlternateFileName="")) returned 0 [0053.858] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.858] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\LOLKEK.txt") returned 46 [0053.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\MF\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\mf\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.858] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.858] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSDN", cAlternateFileName="")) returned 1 [0053.858] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN") returned 37 [0053.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.858] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN" [0053.858] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\*" [0053.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.858] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0") returned 41 [0053.858] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.858] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0" [0053.858] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\*" [0053.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.858] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\LOLKEK.txt") returned 52 [0053.858] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.858] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.858] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.858] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.858] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\LOLKEK.txt") returned 52 [0053.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\8.0\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\msdn\\8.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.858] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.858] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.858] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\LOLKEK.txt") returned 48 [0053.859] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.859] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.859] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.859] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.859] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\LOLKEK.txt") returned 48 [0053.859] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\MSDN\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\msdn\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.859] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.859] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NetFramework", cAlternateFileName="NETFRA~1")) returned 1 [0053.859] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework") returned 45 [0053.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.859] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework" [0053.859] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\*" [0053.859] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.859] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore") returned 61 [0053.859] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.859] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore" [0053.859] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\*" [0053.859] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x56ac2f60, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.859] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\LOLKEK.txt") returned 72 [0053.859] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.859] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.859] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.859] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.859] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\LOLKEK.txt") returned 72 [0053.859] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\BreadcrumbStore\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\netframework\\breadcrumbstore\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.860] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.860] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\LOLKEK.txt") returned 56 [0053.860] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.860] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.860] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3277c220, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3277c220, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3277c220, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.860] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.860] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\LOLKEK.txt") returned 56 [0053.860] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\NetFramework\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\netframework\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.860] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.860] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x327a2380, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327a2380, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Network", cAlternateFileName="")) returned 1 [0053.860] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network") returned 40 [0053.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.860] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network" [0053.860] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\*" [0053.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x327a2380, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327a2380, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.860] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections") returned 52 [0053.860] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.860] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections" [0053.860] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections\\*" [0053.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x327a2380, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327a2380, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.860] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections\\LOLKEK.txt") returned 63 [0053.860] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.860] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.861] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x327a2380, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327a2380, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327a2380, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.861] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.861] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections\\LOLKEK.txt") returned 63 [0053.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Connections\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\network\\connections\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.861] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.861] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x362fe820, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x362fe820, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Downloader", cAlternateFileName="DOWNLO~1")) returned 1 [0053.861] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader") returned 51 [0053.861] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.861] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader" [0053.861] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\*" [0053.861] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x362fe820, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x362fe820, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.861] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\LOLKEK.txt") returned 62 [0053.861] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.861] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.861] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x362d86c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x400051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qmgr0.dat.lolkek", cAlternateFileName="")) returned 1 [0053.861] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat.lolkek") returned 68 [0053.861] StrStrIW (lpFirst="qmgr0.dat.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.861] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x362fe820, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x400051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qmgr1.dat.lolkek", cAlternateFileName="")) returned 1 [0053.861] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat.lolkek") returned 68 [0053.861] StrStrIW (lpFirst="qmgr1.dat.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.861] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7606ea15, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x7606ea15, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x362fe820, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x400051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qmgr1.dat.lolkek", cAlternateFileName="")) returned 0 [0053.861] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.861] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\LOLKEK.txt") returned 62 [0053.861] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.862] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327a2380, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327a2380, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327a2380, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.862] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\LOLKEK.txt") returned 51 [0053.862] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.862] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.862] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327a2380, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327a2380, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327a2380, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.862] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.862] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\LOLKEK.txt") returned 51 [0053.862] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Network\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\network\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.862] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.862] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x36396da0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x36396da0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OFFICE", cAlternateFileName="")) returned 1 [0053.862] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE") returned 39 [0053.862] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.862] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE" [0053.862] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\*" [0053.862] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x36396da0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x36396da0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.862] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico.lolkek") returned 63 [0053.862] StrStrIW (lpFirst="AssetLibrary.ico.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.862] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x36370c40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x62cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="DocumentRepository.ico.lolkek", cAlternateFileName="DOCUME~1.LOL")) returned 1 [0053.862] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico.lolkek") returned 69 [0053.862] StrStrIW (lpFirst="DocumentRepository.ico.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.862] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.862] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\LOLKEK.txt") returned 50 [0053.862] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.862] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.862] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x36370c40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5537f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MySharePoints.ico.lolkek", cAlternateFileName="MYSHAR~1.LOL")) returned 1 [0053.862] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico.lolkek") returned 64 [0053.863] StrStrIW (lpFirst="MySharePoints.ico.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.863] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x36370c40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x62cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MySite.ico.lolkek", cAlternateFileName="MYSITE~1.LOL")) returned 1 [0053.863] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico.lolkek") returned 57 [0053.863] StrStrIW (lpFirst="MySite.ico.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.863] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x36396da0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x62cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SharePointPortalSite.ico.lolkek", cAlternateFileName="SHAREP~1.LOL")) returned 1 [0053.863] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico.lolkek") returned 71 [0053.863] StrStrIW (lpFirst="SharePointPortalSite.ico.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.863] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x36396da0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x62cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SharePointTeamSite.ico.lolkek", cAlternateFileName="SHAREP~2.LOL")) returned 1 [0053.863] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico.lolkek") returned 69 [0053.863] StrStrIW (lpFirst="SharePointTeamSite.ico.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.863] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0053.863] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions") returned 50 [0053.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.863] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions" [0053.863] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\*" [0053.863] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.863] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036") returned 55 [0053.863] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.863] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036" [0053.863] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\*" [0053.863] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x3655fe20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3655fe20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.863] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ENVELOPR.DLL.trx_dll.lolkek") returned 83 [0053.863] StrStrIW (lpFirst="ENVELOPR.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.863] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x363bcf00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xbfb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.DLL.trx_dll.lolkek", cAlternateFileName="GRINTL~1.LOL")) returned 1 [0053.863] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.DLL.trx_dll.lolkek") returned 83 [0053.863] StrStrIW (lpFirst="GRINTL32.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.863] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x363e3060, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3d9b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.REST.trx_dll.lolkek", cAlternateFileName="GRINTL~2.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\GRINTL32.REST.trx_dll.lolkek") returned 84 [0053.864] StrStrIW (lpFirst="GRINTL32.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x327c84e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x327c84e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x327c84e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\LOLKEK.txt") returned 66 [0053.864] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.864] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x363e3060, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x49fb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MAPIR.DLL.trx_dll.lolkek", cAlternateFileName="MAPIRD~1.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MAPIR.DLL.trx_dll.lolkek") returned 80 [0053.864] StrStrIW (lpFirst="MAPIR.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x363e3060, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xc1b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MOR6INT.REST.trx_dll.lolkek", cAlternateFileName="MOR6IN~1.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MOR6INT.REST.trx_dll.lolkek") returned 83 [0053.864] StrStrIW (lpFirst="MOR6INT.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364091c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x179b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.DLL.trx_dll.lolkek", cAlternateFileName="MSOINT~1.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.DLL.trx_dll.lolkek") returned 82 [0053.864] StrStrIW (lpFirst="MSOINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364091c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2cedb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.REST.trx_dll.lolkek", cAlternateFileName="MSOINT~2.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\MSOINTL.REST.trx_dll.lolkek") returned 83 [0053.864] StrStrIW (lpFirst="MSOINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3642f320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xb3b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OMSINTL.DLL.trx_dll.lolkek", cAlternateFileName="OMSINT~1.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OMSINTL.DLL.trx_dll.lolkek") returned 82 [0053.864] StrStrIW (lpFirst="OMSINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3642f320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x7bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.DLL.trx_dll.lolkek", cAlternateFileName="ONINTL~1.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.DLL.trx_dll.lolkek") returned 81 [0053.864] StrStrIW (lpFirst="ONINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3642f320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3fbb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.REST.trx_dll.lolkek", cAlternateFileName="ONINTL~2.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\ONINTL.REST.trx_dll.lolkek") returned 82 [0053.864] StrStrIW (lpFirst="ONINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36455480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x375b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.DLL.trx_dll.lolkek", cAlternateFileName="OUTLLI~1.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.DLL.trx_dll.lolkek") returned 83 [0053.864] StrStrIW (lpFirst="OUTLLIBR.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.864] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36455480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xa65b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.REST.trx_dll.lolkek", cAlternateFileName="OUTLLI~2.LOL")) returned 1 [0053.864] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLLIBR.REST.trx_dll.lolkek") returned 84 [0053.864] StrStrIW (lpFirst="OUTLLIBR.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36455480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLWVW.DLL.trx_dll.lolkek", cAlternateFileName="OUTLWV~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\OUTLWVW.DLL.trx_dll.lolkek") returned 82 [0053.865] StrStrIW (lpFirst="OUTLWVW.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3647b5e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xcdb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.DLL.trx_dll.lolkek", cAlternateFileName="PPINTL~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.DLL.trx_dll.lolkek") returned 81 [0053.865] StrStrIW (lpFirst="PPINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364a1740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x45fb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.REST.trx_dll.lolkek", cAlternateFileName="PPINTL~2.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PPINTL.REST.trx_dll.lolkek") returned 82 [0053.865] StrStrIW (lpFirst="PPINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364a1740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a3b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.DLL.trx_dll.lolkek", cAlternateFileName="PUB6IN~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.DLL.trx_dll.lolkek") returned 83 [0053.865] StrStrIW (lpFirst="PUB6INTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364a1740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x8e1b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.REST.trx_dll.lolkek", cAlternateFileName="PUB6IN~2.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUB6INTL.REST.trx_dll.lolkek") returned 84 [0053.865] StrStrIW (lpFirst="PUB6INTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364c78a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5abb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUBWZINT.REST.trx_dll.lolkek", cAlternateFileName="PUBWZI~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\PUBWZINT.REST.trx_dll.lolkek") returned 84 [0053.865] StrStrIW (lpFirst="PUBWZINT.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364c78a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x33b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SGRES.DLL.trx_dll.lolkek", cAlternateFileName="SGRESD~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\SGRES.DLL.trx_dll.lolkek") returned 80 [0053.865] StrStrIW (lpFirst="SGRES.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364eda00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x41b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="STINTL.DLL.trx_dll.lolkek", cAlternateFileName="STINTL~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\STINTL.DLL.trx_dll.lolkek") returned 81 [0053.865] StrStrIW (lpFirst="STINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x364eda00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x69b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISBRRES.DLL.trx_dll.lolkek", cAlternateFileName="VISBRR~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISBRRES.DLL.trx_dll.lolkek") returned 83 [0053.865] StrStrIW (lpFirst="VISBRRES.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36513b60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x775b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISINTL.DLL.trx_dll.lolkek", cAlternateFileName="VISINT~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\VISINTL.DLL.trx_dll.lolkek") returned 82 [0053.865] StrStrIW (lpFirst="VISINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.865] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36513b60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.DLL.trx_dll.lolkek", cAlternateFileName="WWINTL~1.LOL")) returned 1 [0053.865] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.DLL.trx_dll.lolkek") returned 81 [0053.866] StrStrIW (lpFirst="WWINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.866] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb31c100, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36513b60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x115bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.REST.trx_dll.lolkek", cAlternateFileName="WWINTL~2.LOL")) returned 1 [0053.866] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\WWINTL.REST.trx_dll.lolkek") returned 82 [0053.866] StrStrIW (lpFirst="WWINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.866] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b688100, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36539cc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x253b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.DLL.trx_dll.lolkek", cAlternateFileName="XLINTL~1.LOL")) returned 1 [0053.866] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.DLL.trx_dll.lolkek") returned 83 [0053.866] StrStrIW (lpFirst="XLINTL32.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.866] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a375400, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36539cc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1379b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.REST.trx_dll.lolkek", cAlternateFileName="XLINTL~2.LOL")) returned 1 [0053.866] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLINTL32.REST.trx_dll.lolkek") returned 84 [0053.866] StrStrIW (lpFirst="XLINTL32.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.866] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3655fe20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3db1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll.lolkek", cAlternateFileName="XLSLIC~1.LOL")) returned 1 [0053.866] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\XLSLICER.DLL.trx_dll.lolkek") returned 83 [0053.866] StrStrIW (lpFirst="XLSLICER.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.866] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe092000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3655fe20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3db1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll.lolkek", cAlternateFileName="XLSLIC~1.LOL")) returned 0 [0053.866] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.866] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\LOLKEK.txt") returned 66 [0053.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\1036\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.866] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.866] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x36702d40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x36702d40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3082", cAlternateFileName="")) returned 1 [0053.866] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082") returned 55 [0053.866] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0053.866] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082" [0053.866] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\*" [0053.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x36702d40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x36702d40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.866] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll.lolkek") returned 83 [0053.866] StrStrIW (lpFirst="ENVELOPR.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36585f80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xb9b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.DLL.trx_dll.lolkek", cAlternateFileName="GRINTL~1.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.DLL.trx_dll.lolkek") returned 83 [0053.867] StrStrIW (lpFirst="GRINTL32.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36585f80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x399b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GRINTL32.REST.trx_dll.lolkek", cAlternateFileName="GRINTL~2.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\GRINTL32.REST.trx_dll.lolkek") returned 84 [0053.867] StrStrIW (lpFirst="GRINTL32.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\LOLKEK.txt") returned 66 [0053.867] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.867] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36585f80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x47db1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MAPIR.DLL.trx_dll.lolkek", cAlternateFileName="MAPIRD~1.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MAPIR.DLL.trx_dll.lolkek") returned 80 [0053.867] StrStrIW (lpFirst="MAPIR.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x365ac0e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xc1b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MOR6INT.REST.trx_dll.lolkek", cAlternateFileName="MOR6IN~1.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MOR6INT.REST.trx_dll.lolkek") returned 83 [0053.867] StrStrIW (lpFirst="MOR6INT.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x365ac0e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x16fb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.DLL.trx_dll.lolkek", cAlternateFileName="MSOINT~1.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.DLL.trx_dll.lolkek") returned 82 [0053.867] StrStrIW (lpFirst="MSOINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x365d2240, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2b25b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSOINTL.REST.trx_dll.lolkek", cAlternateFileName="MSOINT~2.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\MSOINTL.REST.trx_dll.lolkek") returned 83 [0053.867] StrStrIW (lpFirst="MSOINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x365d2240, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xb3b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OMSINTL.DLL.trx_dll.lolkek", cAlternateFileName="OMSINT~1.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OMSINTL.DLL.trx_dll.lolkek") returned 82 [0053.867] StrStrIW (lpFirst="OMSINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x365f83a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x7bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.DLL.trx_dll.lolkek", cAlternateFileName="ONINTL~1.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.DLL.trx_dll.lolkek") returned 81 [0053.867] StrStrIW (lpFirst="ONINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x365f83a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x3d9b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ONINTL.REST.trx_dll.lolkek", cAlternateFileName="ONINTL~2.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ONINTL.REST.trx_dll.lolkek") returned 82 [0053.867] StrStrIW (lpFirst="ONINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.867] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3661e500, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x359b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.DLL.trx_dll.lolkek", cAlternateFileName="OUTLLI~1.LOL")) returned 1 [0053.867] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.DLL.trx_dll.lolkek") returned 83 [0053.868] StrStrIW (lpFirst="OUTLLIBR.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3661e500, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x9f5b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLLIBR.REST.trx_dll.lolkek", cAlternateFileName="OUTLLI~2.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLLIBR.REST.trx_dll.lolkek") returned 84 [0053.868] StrStrIW (lpFirst="OUTLLIBR.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36644660, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2db1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OUTLWVW.DLL.trx_dll.lolkek", cAlternateFileName="OUTLWV~1.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\OUTLWVW.DLL.trx_dll.lolkek") returned 82 [0053.868] StrStrIW (lpFirst="OUTLWVW.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36644660, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xd1b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.DLL.trx_dll.lolkek", cAlternateFileName="PPINTL~1.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.DLL.trx_dll.lolkek") returned 81 [0053.868] StrStrIW (lpFirst="PPINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36644660, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x435b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PPINTL.REST.trx_dll.lolkek", cAlternateFileName="PPINTL~2.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PPINTL.REST.trx_dll.lolkek") returned 82 [0053.868] StrStrIW (lpFirst="PPINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3666a7c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a5b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.DLL.trx_dll.lolkek", cAlternateFileName="PUB6IN~1.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.DLL.trx_dll.lolkek") returned 83 [0053.868] StrStrIW (lpFirst="PUB6INTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3666a7c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x87fb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUB6INTL.REST.trx_dll.lolkek", cAlternateFileName="PUB6IN~2.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUB6INTL.REST.trx_dll.lolkek") returned 84 [0053.868] StrStrIW (lpFirst="PUB6INTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3666a7c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x57fb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PUBWZINT.REST.trx_dll.lolkek", cAlternateFileName="PUBWZI~1.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\PUBWZINT.REST.trx_dll.lolkek") returned 84 [0053.868] StrStrIW (lpFirst="PUBWZINT.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36690920, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x33b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SGRES.DLL.trx_dll.lolkek", cAlternateFileName="SGRESD~1.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\SGRES.DLL.trx_dll.lolkek") returned 80 [0053.868] StrStrIW (lpFirst="SGRES.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36690920, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x43b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="STINTL.DLL.trx_dll.lolkek", cAlternateFileName="STINTL~1.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\STINTL.DLL.trx_dll.lolkek") returned 81 [0053.868] StrStrIW (lpFirst="STINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.868] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x366b6a80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x69b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISBRRES.DLL.trx_dll.lolkek", cAlternateFileName="VISBRR~1.LOL")) returned 1 [0053.868] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISBRRES.DLL.trx_dll.lolkek") returned 83 [0053.868] StrStrIW (lpFirst="VISBRRES.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.869] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x366b6a80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x739b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISINTL.DLL.trx_dll.lolkek", cAlternateFileName="VISINT~1.LOL")) returned 1 [0053.869] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\VISINTL.DLL.trx_dll.lolkek") returned 82 [0053.869] StrStrIW (lpFirst="VISINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.869] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x366b6a80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x243b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.DLL.trx_dll.lolkek", cAlternateFileName="WWINTL~1.LOL")) returned 1 [0053.869] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.DLL.trx_dll.lolkek") returned 81 [0053.869] StrStrIW (lpFirst="WWINTL.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.869] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x366dcbe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x110bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WWINTL.REST.trx_dll.lolkek", cAlternateFileName="WWINTL~2.LOL")) returned 1 [0053.869] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\WWINTL.REST.trx_dll.lolkek") returned 82 [0053.869] StrStrIW (lpFirst="WWINTL.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.869] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x366dcbe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x239b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.DLL.trx_dll.lolkek", cAlternateFileName="XLINTL~1.LOL")) returned 1 [0053.869] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.DLL.trx_dll.lolkek") returned 83 [0053.869] StrStrIW (lpFirst="XLINTL32.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.869] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36702d40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1267b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLINTL32.REST.trx_dll.lolkek", cAlternateFileName="XLINTL~2.LOL")) returned 1 [0053.869] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLINTL32.REST.trx_dll.lolkek") returned 84 [0053.869] StrStrIW (lpFirst="XLINTL32.REST.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.869] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36702d40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x39b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll.lolkek", cAlternateFileName="XLSLIC~1.LOL")) returned 1 [0053.869] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\XLSLICER.DLL.trx_dll.lolkek") returned 83 [0053.869] StrStrIW (lpFirst="XLSLICER.DLL.trx_dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.869] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x36702d40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x39b1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="XLSLICER.DLL.trx_dll.lolkek", cAlternateFileName="XLSLIC~1.LOL")) returned 0 [0053.869] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.869] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\LOLKEK.txt") returned 66 [0053.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\3082\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.869] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0053.869] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.869] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\LOLKEK.txt") returned 61 [0053.869] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.869] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.869] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.869] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.870] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\LOLKEK.txt") returned 61 [0053.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\office\\uicaptions\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.870] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0053.870] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.870] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\LOLKEK.txt") returned 50 [0053.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OFFICE\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\office\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.870] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.870] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x36775160, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x36775160, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OfficeSoftwareProtectionPlatform", cAlternateFileName="OFFICE~1")) returned 1 [0053.870] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform") returned 65 [0053.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.870] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform" [0053.870] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\*" [0053.870] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x36775160, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x36775160, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.870] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned 71 [0053.870] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.870] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache" [0053.870] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*" [0053.870] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x36728ea0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x36728ea0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.870] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.lolkek") returned 88 [0053.870] StrStrIW (lpFirst="cache.dat.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.871] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.871] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\LOLKEK.txt") returned 82 [0053.871] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.871] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.871] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.871] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.871] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\LOLKEK.txt") returned 82 [0053.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.871] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.871] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\LOLKEK.txt") returned 76 [0053.871] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.871] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.871] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x36775160, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x469c26, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tokens.dat.lolkek", cAlternateFileName="TOKENS~1.LOL")) returned 1 [0053.871] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.lolkek") returned 83 [0053.871] StrStrIW (lpFirst="tokens.dat.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.871] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x36775160, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x469c26, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tokens.dat.lolkek", cAlternateFileName="TOKENS~1.LOL")) returned 0 [0053.871] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.871] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\LOLKEK.txt") returned 76 [0053.871] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.871] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.871] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RAC", cAlternateFileName="")) returned 1 [0053.871] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC") returned 36 [0053.871] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0d78 [0053.871] lstrcpyW (in: lpString1=0x3be0d78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC" [0053.871] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\*" [0053.871] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.872] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\LOLKEK.txt") returned 47 [0053.872] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.872] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.872] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Outbound", cAlternateFileName="")) returned 1 [0053.872] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound") returned 45 [0053.872] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.872] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound" [0053.872] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\*" [0053.872] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.872] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\LOLKEK.txt") returned 56 [0053.872] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.872] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.872] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328147a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.872] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.872] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\LOLKEK.txt") returned 56 [0053.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Outbound\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\rac\\outbound\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.872] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.872] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0053.872] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData") returned 50 [0053.872] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.872] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData" [0053.872] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\*" [0053.872] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x328147a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328147a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.873] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\LOLKEK.txt") returned 61 [0053.873] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.873] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.873] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x2850a320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0053.873] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf") returned 69 [0053.873] StrStrIW (lpFirst="RacWmiDatabase.sdf", lpSrch=".lolkek") returned 0x0 [0053.873] lstrcmpW (lpString1="RacWmiDatabase.sdf", lpString2="LOLKEK.txt") returned 1 [0053.873] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf") returned 69 [0053.873] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x60ed00 [0053.873] lstrcpyW (in: lpString1=0x60ed00, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\RacWmiDatabase.sdf" [0053.873] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.874] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.874] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x284e41c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x2850a320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0053.875] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.875] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\LOLKEK.txt") returned 61 [0053.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\rac\\publisheddata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.875] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.875] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0053.875] lstrcmpiW (lpString1="StateData", lpString2="Windows") returned -1 [0053.875] lstrcmpiW (lpString1="StateData", lpString2="Program Files") returned 1 [0053.875] lstrcmpiW (lpString1="StateData", lpString2="Program Files (x86)") returned 1 [0053.875] lstrcmpiW (lpString1="StateData", lpString2="$Recycle.bin") returned 1 [0053.875] lstrcmpiW (lpString1="StateData", lpString2="System Volume Information") returned -1 [0053.875] lstrcmpiW (lpString1="StateData", lpString2=".") returned 1 [0053.875] lstrcmpiW (lpString1="StateData", lpString2="..") returned 1 [0053.875] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData") returned 46 [0053.875] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.875] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData" [0053.875] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\*" [0053.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.875] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.875] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.875] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.875] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.875] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.875] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.875] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.875] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.875] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.875] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.875] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.875] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.875] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.875] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.875] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3283a900, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.875] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.875] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.875] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.875] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.875] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.875] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.875] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.875] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\LOLKEK.txt") returned 57 [0053.876] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.876] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.876] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xbddb7d60, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0053.876] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="Windows") returned -1 [0053.876] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="Program Files") returned 1 [0053.876] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="Program Files (x86)") returned 1 [0053.876] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="$Recycle.bin") returned 1 [0053.876] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="System Volume Information") returned -1 [0053.876] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2=".") returned 1 [0053.876] lstrcmpiW (lpString1="RacDatabase.sdf", lpString2="..") returned 1 [0053.876] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf") returned 62 [0053.876] StrStrIW (lpFirst="RacDatabase.sdf", lpSrch=".lolkek") returned 0x0 [0053.876] lstrcmpW (lpString1="RacDatabase.sdf", lpString2="LOLKEK.txt") returned 1 [0053.876] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf") returned 62 [0053.876] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec51a8 [0053.876] lstrcpyW (in: lpString1=0x3ec51a8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacDatabase.sdf" [0053.876] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.877] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.877] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0053.877] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="Windows") returned -1 [0053.877] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="Program Files") returned 1 [0053.877] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="Program Files (x86)") returned 1 [0053.877] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="$Recycle.bin") returned 1 [0053.877] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="System Volume Information") returned -1 [0053.877] lstrcmpiW (lpString1="RacMetaData.dat", lpString2=".") returned 1 [0053.877] lstrcmpiW (lpString1="RacMetaData.dat", lpString2="..") returned 1 [0053.877] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat") returned 62 [0053.877] StrStrIW (lpFirst="RacMetaData.dat", lpSrch=".lolkek") returned 0x0 [0053.877] lstrcmpW (lpString1="RacMetaData.dat", lpString2="LOLKEK.txt") returned 1 [0053.877] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat") returned 62 [0053.877] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec52b0 [0053.877] lstrcpyW (in: lpString1=0x3ec52b0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" [0053.877] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.883] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.883] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0xbddddec0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 0 [0053.883] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.883] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\LOLKEK.txt") returned 57 [0053.883] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.884] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.884] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 1 [0053.884] lstrcmpiW (lpString1="Temp", lpString2="Windows") returned -1 [0053.884] lstrcmpiW (lpString1="Temp", lpString2="Program Files") returned 1 [0053.884] lstrcmpiW (lpString1="Temp", lpString2="Program Files (x86)") returned 1 [0053.884] lstrcmpiW (lpString1="Temp", lpString2="$Recycle.bin") returned 1 [0053.884] lstrcmpiW (lpString1="Temp", lpString2="System Volume Information") returned 1 [0053.884] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0053.884] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0053.884] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp") returned 41 [0053.884] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.884] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp" [0053.884] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\*" [0053.884] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.884] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.884] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.884] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.884] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.884] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.884] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.884] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.884] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.884] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.884] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.884] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.884] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.884] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.884] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.884] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3283a900, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.884] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.884] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.885] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.885] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.885] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.885] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.885] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.885] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\LOLKEK.txt") returned 52 [0053.885] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.885] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.885] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285a28a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x285a28a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285a28a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sql64AB.tmp", cAlternateFileName="")) returned 1 [0053.885] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="Windows") returned -1 [0053.885] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="Program Files") returned 1 [0053.885] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="Program Files (x86)") returned 1 [0053.885] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="$Recycle.bin") returned 1 [0053.885] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="System Volume Information") returned -1 [0053.885] lstrcmpiW (lpString1="sql64AB.tmp", lpString2=".") returned 1 [0053.885] lstrcmpiW (lpString1="sql64AB.tmp", lpString2="..") returned 1 [0053.885] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp") returned 53 [0053.885] StrStrIW (lpFirst="sql64AB.tmp", lpSrch=".lolkek") returned 0x0 [0053.885] lstrcmpW (lpString1="sql64AB.tmp", lpString2="LOLKEK.txt") returned 1 [0053.885] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp") returned 53 [0053.885] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cc09b0 [0053.885] lstrcpyW (in: lpString1=0x3cc09b0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64AB.tmp" [0053.885] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.886] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.886] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285c8a00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sql64BB.tmp", cAlternateFileName="")) returned 1 [0053.886] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="Windows") returned -1 [0053.886] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="Program Files") returned 1 [0053.886] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="Program Files (x86)") returned 1 [0053.886] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="$Recycle.bin") returned 1 [0053.886] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="System Volume Information") returned -1 [0053.886] lstrcmpiW (lpString1="sql64BB.tmp", lpString2=".") returned 1 [0053.886] lstrcmpiW (lpString1="sql64BB.tmp", lpString2="..") returned 1 [0053.886] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp") returned 53 [0053.886] StrStrIW (lpFirst="sql64BB.tmp", lpSrch=".lolkek") returned 0x0 [0053.886] lstrcmpW (lpString1="sql64BB.tmp", lpString2="LOLKEK.txt") returned 1 [0053.886] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp") returned 53 [0053.886] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cc0470 [0053.887] lstrcpyW (in: lpString1=0x3cc0470, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\sql64BB.tmp" [0053.887] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.931] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.931] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x285c8a00, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x285c8a00, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x285c8a00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sql64BB.tmp", cAlternateFileName="")) returned 0 [0053.931] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.931] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\LOLKEK.txt") returned 52 [0053.931] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\Temp\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\rac\\temp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.931] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.932] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 0 [0053.932] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.932] wsprintfW (in: param_1=0x3be0d78, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\LOLKEK.txt") returned 47 [0053.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\RAC\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\rac\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.933] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0d78 | out: hHeap=0x5a0000) returned 1 [0053.933] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x32860a60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32860a60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Search", cAlternateFileName="")) returned 1 [0053.933] lstrcmpiW (lpString1="Search", lpString2="Windows") returned -1 [0053.933] lstrcmpiW (lpString1="Search", lpString2="Program Files") returned 1 [0053.933] lstrcmpiW (lpString1="Search", lpString2="Program Files (x86)") returned 1 [0053.933] lstrcmpiW (lpString1="Search", lpString2="$Recycle.bin") returned 1 [0053.933] lstrcmpiW (lpString1="Search", lpString2="System Volume Information") returned -1 [0053.933] lstrcmpiW (lpString1="Search", lpString2=".") returned 1 [0053.933] lstrcmpiW (lpString1="Search", lpString2="..") returned 1 [0053.933] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search") returned 39 [0053.933] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.933] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search" [0053.933] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\*" [0053.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x32860a60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32860a60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.933] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.933] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.933] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.933] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.933] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.933] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.933] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x32860a60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32860a60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.933] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.933] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.933] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.933] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.933] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.934] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.934] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.934] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Data", cAlternateFileName="")) returned 1 [0053.934] lstrcmpiW (lpString1="Data", lpString2="Windows") returned -1 [0053.934] lstrcmpiW (lpString1="Data", lpString2="Program Files") returned -1 [0053.934] lstrcmpiW (lpString1="Data", lpString2="Program Files (x86)") returned -1 [0053.934] lstrcmpiW (lpString1="Data", lpString2="$Recycle.bin") returned 1 [0053.934] lstrcmpiW (lpString1="Data", lpString2="System Volume Information") returned -1 [0053.934] lstrcmpiW (lpString1="Data", lpString2=".") returned 1 [0053.934] lstrcmpiW (lpString1="Data", lpString2="..") returned 1 [0053.934] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data") returned 44 [0053.934] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0053.934] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data" [0053.934] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\*" [0053.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.934] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.934] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.934] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.934] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.934] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.934] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.934] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27df8b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.934] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.934] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.934] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.934] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.934] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.935] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.935] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.935] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Applications", cAlternateFileName="APPLIC~1")) returned 1 [0053.935] lstrcmpiW (lpString1="Applications", lpString2="Windows") returned -1 [0053.935] lstrcmpiW (lpString1="Applications", lpString2="Program Files") returned -1 [0053.935] lstrcmpiW (lpString1="Applications", lpString2="Program Files (x86)") returned -1 [0053.935] lstrcmpiW (lpString1="Applications", lpString2="$Recycle.bin") returned 1 [0053.935] lstrcmpiW (lpString1="Applications", lpString2="System Volume Information") returned -1 [0053.935] lstrcmpiW (lpString1="Applications", lpString2=".") returned 1 [0053.935] lstrcmpiW (lpString1="Applications", lpString2="..") returned 1 [0053.935] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications") returned 57 [0053.935] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.935] lstrcpyW (in: lpString1=0x3be0868, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications" [0053.935] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\*" [0053.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.935] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.935] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.935] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.935] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.935] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.935] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.935] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.935] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.935] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.935] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.935] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.935] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.935] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.935] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.935] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3283a900, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.935] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.935] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.935] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.935] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.935] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.935] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.935] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.936] wsprintfW (in: param_1=0x3be0868, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\LOLKEK.txt") returned 68 [0053.936] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.936] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.936] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0053.936] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0053.936] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29612a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 0 [0053.936] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.936] wsprintfW (in: param_1=0x3be0868, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\LOLKEK.txt") returned 68 [0053.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.936] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.936] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3283a900, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.936] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.936] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.936] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.936] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.936] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.936] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.936] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.936] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\LOLKEK.txt") returned 55 [0053.936] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.936] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.936] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 1 [0053.936] lstrcmpiW (lpString1="Temp", lpString2="Windows") returned -1 [0053.936] lstrcmpiW (lpString1="Temp", lpString2="Program Files") returned 1 [0053.936] lstrcmpiW (lpString1="Temp", lpString2="Program Files (x86)") returned 1 [0053.936] lstrcmpiW (lpString1="Temp", lpString2="$Recycle.bin") returned 1 [0053.936] lstrcmpiW (lpString1="Temp", lpString2="System Volume Information") returned 1 [0053.936] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0053.936] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0053.936] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp") returned 49 [0053.936] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0868 [0053.936] lstrcpyW (in: lpString1=0x3be0868, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp" [0053.936] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp\\*" [0053.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0053.937] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.937] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.937] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.937] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.937] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.937] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.937] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.937] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.937] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.937] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.937] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.937] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.937] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.937] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.937] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3283a900, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.937] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.937] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.937] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.937] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.937] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.937] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.937] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.937] wsprintfW (in: param_1=0x3be0868, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp\\LOLKEK.txt") returned 60 [0053.937] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.937] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.937] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3283a900, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.937] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0053.937] wsprintfW (in: param_1=0x3be0868, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp\\LOLKEK.txt") returned 60 [0053.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\Temp\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\temp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.937] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0868 | out: hHeap=0x5a0000) returned 1 [0053.937] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e1ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x3283a900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3283a900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 0 [0053.937] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0053.938] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\LOLKEK.txt") returned 55 [0053.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\Data\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.938] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32860a60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32860a60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32860a60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.938] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.938] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.938] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.938] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.938] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.938] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.938] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.938] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\LOLKEK.txt") returned 50 [0053.938] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.938] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.938] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32860a60, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32860a60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32860a60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0053.938] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0053.938] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\LOLKEK.txt") returned 50 [0053.938] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Search\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\search\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0053.938] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0053.938] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x37dc5fa0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37dc5fa0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User Account Pictures", cAlternateFileName="USERAC~1")) returned 1 [0053.938] lstrcmpiW (lpString1="User Account Pictures", lpString2="Windows") returned -1 [0053.938] lstrcmpiW (lpString1="User Account Pictures", lpString2="Program Files") returned 1 [0053.938] lstrcmpiW (lpString1="User Account Pictures", lpString2="Program Files (x86)") returned 1 [0053.938] lstrcmpiW (lpString1="User Account Pictures", lpString2="$Recycle.bin") returned 1 [0053.938] lstrcmpiW (lpString1="User Account Pictures", lpString2="System Volume Information") returned 1 [0053.938] lstrcmpiW (lpString1="User Account Pictures", lpString2=".") returned 1 [0053.938] lstrcmpiW (lpString1="User Account Pictures", lpString2="..") returned 1 [0053.938] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures") returned 54 [0053.938] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0053.938] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures" [0053.938] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\*" [0053.938] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x37dc5fa0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37dc5fa0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0053.939] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.939] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.939] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.939] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.939] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.939] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.939] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x37dc5fa0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37dc5fa0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.939] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.939] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.939] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.939] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.939] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.939] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.939] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.939] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29423840, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29423840, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36a22a20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x51, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5p5NrGJn0jS HALPmcxz.dat.lolkek", cAlternateFileName="5P5NRG~1.LOL")) returned 1 [0053.939] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpString2="Windows") returned -1 [0053.939] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpString2="Program Files") returned -1 [0053.939] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpString2="Program Files (x86)") returned -1 [0053.939] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpString2="$Recycle.bin") returned 1 [0053.939] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpString2="System Volume Information") returned -1 [0053.939] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpString2=".") returned 1 [0053.939] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpString2="..") returned 1 [0053.939] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\5p5NrGJn0jS HALPmcxz.dat.lolkek") returned 86 [0053.939] StrStrIW (lpFirst="5p5NrGJn0jS HALPmcxz.dat.lolkek", lpSrch=".lolkek") returned=".lolkek" [0053.939] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Default Pictures", cAlternateFileName="DEFAUL~1")) returned 1 [0053.939] lstrcmpiW (lpString1="Default Pictures", lpString2="Windows") returned -1 [0053.939] lstrcmpiW (lpString1="Default Pictures", lpString2="Program Files") returned -1 [0053.939] lstrcmpiW (lpString1="Default Pictures", lpString2="Program Files (x86)") returned -1 [0053.939] lstrcmpiW (lpString1="Default Pictures", lpString2="$Recycle.bin") returned 1 [0053.939] lstrcmpiW (lpString1="Default Pictures", lpString2="System Volume Information") returned -1 [0053.939] lstrcmpiW (lpString1="Default Pictures", lpString2=".") returned 1 [0053.939] lstrcmpiW (lpString1="Default Pictures", lpString2="..") returned 1 [0053.939] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures") returned 71 [0053.939] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0053.939] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures" [0053.939] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\*" [0053.940] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0053.940] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0053.940] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0053.940] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0053.940] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0053.940] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0053.940] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.940] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0053.940] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0053.940] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0053.940] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0053.940] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0053.940] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0053.940] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.940] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.940] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32886bc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0053.940] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0053.940] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0053.940] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0053.940] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0053.940] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0053.940] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0053.940] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0053.940] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\LOLKEK.txt") returned 82 [0053.940] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0053.940] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0053.940] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xda0a8861, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile10.bmp", cAlternateFileName="")) returned 1 [0053.940] lstrcmpiW (lpString1="usertile10.bmp", lpString2="Windows") returned -1 [0053.940] lstrcmpiW (lpString1="usertile10.bmp", lpString2="Program Files") returned 1 [0053.940] lstrcmpiW (lpString1="usertile10.bmp", lpString2="Program Files (x86)") returned 1 [0053.940] lstrcmpiW (lpString1="usertile10.bmp", lpString2="$Recycle.bin") returned 1 [0053.940] lstrcmpiW (lpString1="usertile10.bmp", lpString2="System Volume Information") returned 1 [0053.940] lstrcmpiW (lpString1="usertile10.bmp", lpString2=".") returned 1 [0053.940] lstrcmpiW (lpString1="usertile10.bmp", lpString2="..") returned 1 [0053.940] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp") returned 86 [0053.940] StrStrIW (lpFirst="usertile10.bmp", lpSrch=".lolkek") returned 0x0 [0053.941] lstrcmpW (lpString1="usertile10.bmp", lpString2="LOLKEK.txt") returned 1 [0053.941] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp") returned 86 [0053.941] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb63d8 [0053.941] lstrcpyW (in: lpString1=0x3eb63d8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile10.bmp" [0053.941] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.941] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.941] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae24f474, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae24f474, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb5a2927, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile11.bmp", cAlternateFileName="")) returned 1 [0053.941] lstrcmpiW (lpString1="usertile11.bmp", lpString2="Windows") returned -1 [0053.941] lstrcmpiW (lpString1="usertile11.bmp", lpString2="Program Files") returned 1 [0053.941] lstrcmpiW (lpString1="usertile11.bmp", lpString2="Program Files (x86)") returned 1 [0053.941] lstrcmpiW (lpString1="usertile11.bmp", lpString2="$Recycle.bin") returned 1 [0053.941] lstrcmpiW (lpString1="usertile11.bmp", lpString2="System Volume Information") returned 1 [0053.941] lstrcmpiW (lpString1="usertile11.bmp", lpString2=".") returned 1 [0053.941] lstrcmpiW (lpString1="usertile11.bmp", lpString2="..") returned 1 [0053.941] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp") returned 86 [0053.941] StrStrIW (lpFirst="usertile11.bmp", lpSrch=".lolkek") returned 0x0 [0053.941] lstrcmpW (lpString1="usertile11.bmp", lpString2="LOLKEK.txt") returned 1 [0053.941] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp") returned 86 [0053.941] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6540 [0053.941] lstrcpyW (in: lpString1=0x3eb6540, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile11.bmp" [0053.941] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.941] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.941] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2755d1, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2755d1, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb6d3417, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile12.bmp", cAlternateFileName="")) returned 1 [0053.941] lstrcmpiW (lpString1="usertile12.bmp", lpString2="Windows") returned -1 [0053.941] lstrcmpiW (lpString1="usertile12.bmp", lpString2="Program Files") returned 1 [0053.941] lstrcmpiW (lpString1="usertile12.bmp", lpString2="Program Files (x86)") returned 1 [0053.941] lstrcmpiW (lpString1="usertile12.bmp", lpString2="$Recycle.bin") returned 1 [0053.941] lstrcmpiW (lpString1="usertile12.bmp", lpString2="System Volume Information") returned 1 [0053.941] lstrcmpiW (lpString1="usertile12.bmp", lpString2=".") returned 1 [0053.941] lstrcmpiW (lpString1="usertile12.bmp", lpString2="..") returned 1 [0053.941] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp") returned 86 [0053.941] StrStrIW (lpFirst="usertile12.bmp", lpSrch=".lolkek") returned 0x0 [0053.941] lstrcmpW (lpString1="usertile12.bmp", lpString2="LOLKEK.txt") returned 1 [0053.941] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp") returned 86 [0053.941] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb5fa0 [0053.941] lstrcpyW (in: lpString1=0x3eb5fa0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile12.bmp" [0053.941] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.942] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.942] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae29b72e, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae29b72e, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb76b98f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xbeb8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile13.bmp", cAlternateFileName="")) returned 1 [0053.942] lstrcmpiW (lpString1="usertile13.bmp", lpString2="Windows") returned -1 [0053.942] lstrcmpiW (lpString1="usertile13.bmp", lpString2="Program Files") returned 1 [0053.942] lstrcmpiW (lpString1="usertile13.bmp", lpString2="Program Files (x86)") returned 1 [0053.942] lstrcmpiW (lpString1="usertile13.bmp", lpString2="$Recycle.bin") returned 1 [0053.942] lstrcmpiW (lpString1="usertile13.bmp", lpString2="System Volume Information") returned 1 [0053.942] lstrcmpiW (lpString1="usertile13.bmp", lpString2=".") returned 1 [0053.942] lstrcmpiW (lpString1="usertile13.bmp", lpString2="..") returned 1 [0053.942] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp") returned 86 [0053.942] StrStrIW (lpFirst="usertile13.bmp", lpSrch=".lolkek") returned 0x0 [0053.942] lstrcmpW (lpString1="usertile13.bmp", lpString2="LOLKEK.txt") returned 1 [0053.942] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp") returned 86 [0053.942] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6108 [0053.942] lstrcpyW (in: lpString1=0x3eb6108, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile13.bmp" [0053.942] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.942] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.942] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdb82a065, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile14.bmp", cAlternateFileName="")) returned 1 [0053.942] lstrcmpiW (lpString1="usertile14.bmp", lpString2="Windows") returned -1 [0053.942] lstrcmpiW (lpString1="usertile14.bmp", lpString2="Program Files") returned 1 [0053.942] lstrcmpiW (lpString1="usertile14.bmp", lpString2="Program Files (x86)") returned 1 [0053.942] lstrcmpiW (lpString1="usertile14.bmp", lpString2="$Recycle.bin") returned 1 [0053.942] lstrcmpiW (lpString1="usertile14.bmp", lpString2="System Volume Information") returned 1 [0053.942] lstrcmpiW (lpString1="usertile14.bmp", lpString2=".") returned 1 [0053.942] lstrcmpiW (lpString1="usertile14.bmp", lpString2="..") returned 1 [0053.942] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp") returned 86 [0053.942] StrStrIW (lpFirst="usertile14.bmp", lpSrch=".lolkek") returned 0x0 [0053.942] lstrcmpW (lpString1="usertile14.bmp", lpString2="LOLKEK.txt") returned 1 [0053.942] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp") returned 86 [0053.942] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6270 [0053.942] lstrcpyW (in: lpString1=0x3eb6270, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile14.bmp" [0053.942] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.942] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.942] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2e79e8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae2e79e8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdbb95fd7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile15.bmp", cAlternateFileName="")) returned 1 [0053.942] lstrcmpiW (lpString1="usertile15.bmp", lpString2="Windows") returned -1 [0053.943] lstrcmpiW (lpString1="usertile15.bmp", lpString2="Program Files") returned 1 [0053.943] lstrcmpiW (lpString1="usertile15.bmp", lpString2="Program Files (x86)") returned 1 [0053.943] lstrcmpiW (lpString1="usertile15.bmp", lpString2="$Recycle.bin") returned 1 [0053.943] lstrcmpiW (lpString1="usertile15.bmp", lpString2="System Volume Information") returned 1 [0053.943] lstrcmpiW (lpString1="usertile15.bmp", lpString2=".") returned 1 [0053.943] lstrcmpiW (lpString1="usertile15.bmp", lpString2="..") returned 1 [0053.943] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp") returned 86 [0053.943] StrStrIW (lpFirst="usertile15.bmp", lpSrch=".lolkek") returned 0x0 [0053.943] lstrcmpW (lpString1="usertile15.bmp", lpString2="LOLKEK.txt") returned 1 [0053.943] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp") returned 86 [0053.943] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb5b68 [0053.943] lstrcpyW (in: lpString1=0x3eb5b68, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile15.bmp" [0053.943] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.943] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.943] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae30db45, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae30db45, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdca9c9ed, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile16.bmp", cAlternateFileName="")) returned 1 [0053.943] lstrcmpiW (lpString1="usertile16.bmp", lpString2="Windows") returned -1 [0053.943] lstrcmpiW (lpString1="usertile16.bmp", lpString2="Program Files") returned 1 [0053.943] lstrcmpiW (lpString1="usertile16.bmp", lpString2="Program Files (x86)") returned 1 [0053.943] lstrcmpiW (lpString1="usertile16.bmp", lpString2="$Recycle.bin") returned 1 [0053.943] lstrcmpiW (lpString1="usertile16.bmp", lpString2="System Volume Information") returned 1 [0053.943] lstrcmpiW (lpString1="usertile16.bmp", lpString2=".") returned 1 [0053.943] lstrcmpiW (lpString1="usertile16.bmp", lpString2="..") returned 1 [0053.943] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp") returned 86 [0053.943] StrStrIW (lpFirst="usertile16.bmp", lpSrch=".lolkek") returned 0x0 [0053.943] lstrcmpW (lpString1="usertile16.bmp", lpString2="LOLKEK.txt") returned 1 [0053.943] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp") returned 86 [0053.943] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb5cd0 [0053.943] lstrcpyW (in: lpString1=0x3eb5cd0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile16.bmp" [0053.943] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.943] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.943] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc3f8f7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile17.bmp", cAlternateFileName="")) returned 1 [0053.943] lstrcmpiW (lpString1="usertile17.bmp", lpString2="Windows") returned -1 [0053.943] lstrcmpiW (lpString1="usertile17.bmp", lpString2="Program Files") returned 1 [0053.943] lstrcmpiW (lpString1="usertile17.bmp", lpString2="Program Files (x86)") returned 1 [0053.943] lstrcmpiW (lpString1="usertile17.bmp", lpString2="$Recycle.bin") returned 1 [0053.943] lstrcmpiW (lpString1="usertile17.bmp", lpString2="System Volume Information") returned 1 [0053.943] lstrcmpiW (lpString1="usertile17.bmp", lpString2=".") returned 1 [0053.944] lstrcmpiW (lpString1="usertile17.bmp", lpString2="..") returned 1 [0053.944] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp") returned 86 [0053.944] StrStrIW (lpFirst="usertile17.bmp", lpSrch=".lolkek") returned 0x0 [0053.944] lstrcmpW (lpString1="usertile17.bmp", lpString2="LOLKEK.txt") returned 1 [0053.944] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp") returned 86 [0053.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6db0 [0053.944] lstrcpyW (in: lpString1=0x3eb6db0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile17.bmp" [0053.944] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.944] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.944] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae333ca2, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae333ca2, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc65a55, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile18.bmp", cAlternateFileName="")) returned 1 [0053.944] lstrcmpiW (lpString1="usertile18.bmp", lpString2="Windows") returned -1 [0053.944] lstrcmpiW (lpString1="usertile18.bmp", lpString2="Program Files") returned 1 [0053.944] lstrcmpiW (lpString1="usertile18.bmp", lpString2="Program Files (x86)") returned 1 [0053.944] lstrcmpiW (lpString1="usertile18.bmp", lpString2="$Recycle.bin") returned 1 [0053.944] lstrcmpiW (lpString1="usertile18.bmp", lpString2="System Volume Information") returned 1 [0053.944] lstrcmpiW (lpString1="usertile18.bmp", lpString2=".") returned 1 [0053.944] lstrcmpiW (lpString1="usertile18.bmp", lpString2="..") returned 1 [0053.944] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp") returned 86 [0053.944] StrStrIW (lpFirst="usertile18.bmp", lpSrch=".lolkek") returned 0x0 [0053.944] lstrcmpW (lpString1="usertile18.bmp", lpString2="LOLKEK.txt") returned 1 [0053.944] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp") returned 86 [0053.944] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6f18 [0053.944] lstrcpyW (in: lpString1=0x3eb6f18, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile18.bmp" [0053.944] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.944] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.944] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae359dff, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae359dff, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdcc8bbb3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile19.bmp", cAlternateFileName="")) returned 1 [0053.944] lstrcmpiW (lpString1="usertile19.bmp", lpString2="Windows") returned -1 [0053.944] lstrcmpiW (lpString1="usertile19.bmp", lpString2="Program Files") returned 1 [0053.944] lstrcmpiW (lpString1="usertile19.bmp", lpString2="Program Files (x86)") returned 1 [0053.944] lstrcmpiW (lpString1="usertile19.bmp", lpString2="$Recycle.bin") returned 1 [0053.944] lstrcmpiW (lpString1="usertile19.bmp", lpString2="System Volume Information") returned 1 [0053.944] lstrcmpiW (lpString1="usertile19.bmp", lpString2=".") returned 1 [0053.944] lstrcmpiW (lpString1="usertile19.bmp", lpString2="..") returned 1 [0053.944] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp") returned 86 [0053.944] StrStrIW (lpFirst="usertile19.bmp", lpSrch=".lolkek") returned 0x0 [0053.944] lstrcmpW (lpString1="usertile19.bmp", lpString2="LOLKEK.txt") returned 1 [0053.944] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp") returned 86 [0053.945] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb7080 [0053.945] lstrcpyW (in: lpString1=0x3eb7080, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile19.bmp" [0053.945] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.945] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.945] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae37ff5c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae37ff5c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdccb1d11, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile20.bmp", cAlternateFileName="")) returned 1 [0053.945] lstrcmpiW (lpString1="usertile20.bmp", lpString2="Windows") returned -1 [0053.945] lstrcmpiW (lpString1="usertile20.bmp", lpString2="Program Files") returned 1 [0053.945] lstrcmpiW (lpString1="usertile20.bmp", lpString2="Program Files (x86)") returned 1 [0053.945] lstrcmpiW (lpString1="usertile20.bmp", lpString2="$Recycle.bin") returned 1 [0053.945] lstrcmpiW (lpString1="usertile20.bmp", lpString2="System Volume Information") returned 1 [0053.945] lstrcmpiW (lpString1="usertile20.bmp", lpString2=".") returned 1 [0053.945] lstrcmpiW (lpString1="usertile20.bmp", lpString2="..") returned 1 [0053.945] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp") returned 86 [0053.945] StrStrIW (lpFirst="usertile20.bmp", lpSrch=".lolkek") returned 0x0 [0053.945] lstrcmpW (lpString1="usertile20.bmp", lpString2="LOLKEK.txt") returned 1 [0053.945] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp") returned 86 [0053.945] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb71e8 [0053.945] lstrcpyW (in: lpString1=0x3eb71e8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile20.bmp" [0053.945] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.966] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.966] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd069f3f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile21.bmp", cAlternateFileName="")) returned 1 [0053.966] lstrcmpiW (lpString1="usertile21.bmp", lpString2="Windows") returned -1 [0053.966] lstrcmpiW (lpString1="usertile21.bmp", lpString2="Program Files") returned 1 [0053.966] lstrcmpiW (lpString1="usertile21.bmp", lpString2="Program Files (x86)") returned 1 [0053.966] lstrcmpiW (lpString1="usertile21.bmp", lpString2="$Recycle.bin") returned 1 [0053.966] lstrcmpiW (lpString1="usertile21.bmp", lpString2="System Volume Information") returned 1 [0053.966] lstrcmpiW (lpString1="usertile21.bmp", lpString2=".") returned 1 [0053.967] lstrcmpiW (lpString1="usertile21.bmp", lpString2="..") returned 1 [0053.967] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp") returned 86 [0053.967] StrStrIW (lpFirst="usertile21.bmp", lpSrch=".lolkek") returned 0x0 [0053.967] lstrcmpW (lpString1="usertile21.bmp", lpString2="LOLKEK.txt") returned 1 [0053.967] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp") returned 86 [0053.967] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb7350 [0053.967] lstrcpyW (in: lpString1=0x3eb7350, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile21.bmp" [0053.967] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.967] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.967] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3a60b9, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3a60b9, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd09009d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile22.bmp", cAlternateFileName="")) returned 1 [0053.967] lstrcmpiW (lpString1="usertile22.bmp", lpString2="Windows") returned -1 [0053.967] lstrcmpiW (lpString1="usertile22.bmp", lpString2="Program Files") returned 1 [0053.967] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp") returned 86 [0053.967] StrStrIW (lpFirst="usertile22.bmp", lpSrch=".lolkek") returned 0x0 [0053.967] lstrcmpW (lpString1="usertile22.bmp", lpString2="LOLKEK.txt") returned 1 [0053.967] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp") returned 86 [0053.967] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb74b8 [0053.967] lstrcpyW (in: lpString1=0x3eb74b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile22.bmp" [0053.967] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.967] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.967] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3cc216, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3cc216, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd0b61fb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile23.bmp", cAlternateFileName="")) returned 1 [0053.967] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp") returned 86 [0053.967] StrStrIW (lpFirst="usertile23.bmp", lpSrch=".lolkek") returned 0x0 [0053.967] lstrcmpW (lpString1="usertile23.bmp", lpString2="LOLKEK.txt") returned 1 [0053.967] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp") returned 86 [0053.967] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb7620 [0053.967] lstrcpyW (in: lpString1=0x3eb7620, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile23.bmp" [0053.967] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.968] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.968] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd232fa7, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile24.bmp", cAlternateFileName="")) returned 1 [0053.968] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp") returned 86 [0053.968] StrStrIW (lpFirst="usertile24.bmp", lpSrch=".lolkek") returned 0x0 [0053.968] lstrcmpW (lpString1="usertile24.bmp", lpString2="LOLKEK.txt") returned 1 [0053.968] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp") returned 86 [0053.968] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb7788 [0053.968] lstrcpyW (in: lpString1=0x3eb7788, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile24.bmp" [0053.968] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.968] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.968] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd259105, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile25.bmp", cAlternateFileName="")) returned 1 [0053.968] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp") returned 86 [0053.968] StrStrIW (lpFirst="usertile25.bmp", lpSrch=".lolkek") returned 0x0 [0053.968] lstrcmpW (lpString1="usertile25.bmp", lpString2="LOLKEK.txt") returned 1 [0053.968] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp") returned 86 [0053.968] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb78f0 [0053.968] lstrcpyW (in: lpString1=0x3eb78f0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile25.bmp" [0053.968] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.976] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.976] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae3f2373, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae3f2373, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd27f263, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile26.bmp", cAlternateFileName="")) returned 1 [0053.976] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp") returned 86 [0053.977] StrStrIW (lpFirst="usertile26.bmp", lpSrch=".lolkek") returned 0x0 [0053.977] lstrcmpW (lpString1="usertile26.bmp", lpString2="LOLKEK.txt") returned 1 [0053.977] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp") returned 86 [0053.977] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4068 [0053.977] lstrcpyW (in: lpString1=0x3da4068, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile26.bmp" [0053.977] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.978] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.978] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4184d0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4184d0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd2a53c1, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile27.bmp", cAlternateFileName="")) returned 1 [0053.978] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp") returned 86 [0053.978] StrStrIW (lpFirst="usertile27.bmp", lpSrch=".lolkek") returned 0x0 [0053.978] lstrcmpW (lpString1="usertile27.bmp", lpString2="LOLKEK.txt") returned 1 [0053.978] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp") returned 86 [0053.978] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da41d0 [0053.978] lstrcpyW (in: lpString1=0x3da41d0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile27.bmp" [0053.978] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.990] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.990] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3177db, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile28.bmp", cAlternateFileName="")) returned 1 [0053.991] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp") returned 86 [0053.991] StrStrIW (lpFirst="usertile28.bmp", lpSrch=".lolkek") returned 0x0 [0053.991] lstrcmpW (lpString1="usertile28.bmp", lpString2="LOLKEK.txt") returned 1 [0053.991] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp") returned 86 [0053.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4338 [0053.991] lstrcpyW (in: lpString1=0x3da4338, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile28.bmp" [0053.991] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.991] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.991] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae43e62d, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae43e62d, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd33d939, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile29.bmp", cAlternateFileName="")) returned 1 [0053.991] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp") returned 86 [0053.991] StrStrIW (lpFirst="usertile29.bmp", lpSrch=".lolkek") returned 0x0 [0053.991] lstrcmpW (lpString1="usertile29.bmp", lpString2="LOLKEK.txt") returned 1 [0053.991] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp") returned 86 [0053.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da44a0 [0053.991] lstrcpyW (in: lpString1=0x3da44a0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile29.bmp" [0053.991] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0053.991] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0053.991] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae46478a, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae46478a, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile30.bmp", cAlternateFileName="")) returned 1 [0053.991] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp") returned 86 [0053.991] StrStrIW (lpFirst="usertile30.bmp", lpSrch=".lolkek") returned 0x0 [0053.991] lstrcmpW (lpString1="usertile30.bmp", lpString2="LOLKEK.txt") returned 1 [0053.991] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp") returned 86 [0053.991] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4608 [0053.991] lstrcpyW (in: lpString1=0x3da4608, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile30.bmp" [0053.991] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.083] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.083] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd3fc00f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile31.bmp", cAlternateFileName="")) returned 1 [0054.083] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp") returned 86 [0054.083] StrStrIW (lpFirst="usertile31.bmp", lpSrch=".lolkek") returned 0x0 [0054.083] lstrcmpW (lpString1="usertile31.bmp", lpString2="LOLKEK.txt") returned 1 [0054.083] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp") returned 86 [0054.083] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4770 [0054.083] lstrcpyW (in: lpString1=0x3da4770, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile31.bmp" [0054.083] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.083] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.083] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae48a8e7, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae48a8e7, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd42216d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile32.bmp", cAlternateFileName="")) returned 1 [0054.083] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp") returned 86 [0054.083] StrStrIW (lpFirst="usertile32.bmp", lpSrch=".lolkek") returned 0x0 [0054.084] lstrcmpW (lpString1="usertile32.bmp", lpString2="LOLKEK.txt") returned 1 [0054.084] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp") returned 86 [0054.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da48d8 [0054.084] lstrcpyW (in: lpString1=0x3da48d8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile32.bmp" [0054.084] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.084] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.084] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4b0a44, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4b0a44, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd4482cb, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile33.bmp", cAlternateFileName="")) returned 1 [0054.084] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp") returned 86 [0054.084] StrStrIW (lpFirst="usertile33.bmp", lpSrch=".lolkek") returned 0x0 [0054.084] lstrcmpW (lpString1="usertile33.bmp", lpString2="LOLKEK.txt") returned 1 [0054.084] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp") returned 86 [0054.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4a40 [0054.084] lstrcpyW (in: lpString1=0x3da4a40, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile33.bmp" [0054.084] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.084] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.084] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9c9561, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile34.bmp", cAlternateFileName="")) returned 1 [0054.084] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp") returned 86 [0054.084] StrStrIW (lpFirst="usertile34.bmp", lpSrch=".lolkek") returned 0x0 [0054.084] lstrcmpW (lpString1="usertile34.bmp", lpString2="LOLKEK.txt") returned 1 [0054.084] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp") returned 86 [0054.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4ba8 [0054.084] lstrcpyW (in: lpString1=0x3da4ba8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile34.bmp" [0054.084] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.084] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.084] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae4fccfe, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae4fccfe, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile35.bmp", cAlternateFileName="")) returned 1 [0054.084] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp") returned 86 [0054.084] StrStrIW (lpFirst="usertile35.bmp", lpSrch=".lolkek") returned 0x0 [0054.084] lstrcmpW (lpString1="usertile35.bmp", lpString2="LOLKEK.txt") returned 1 [0054.084] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp") returned 86 [0054.084] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4d10 [0054.084] lstrcpyW (in: lpString1=0x3da4d10, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile35.bmp" [0054.084] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.084] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.084] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae548fb8, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae548fb8, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xdd9ef6bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile36.bmp", cAlternateFileName="")) returned 1 [0054.084] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp") returned 86 [0054.084] StrStrIW (lpFirst="usertile36.bmp", lpSrch=".lolkek") returned 0x0 [0054.084] lstrcmpW (lpString1="usertile36.bmp", lpString2="LOLKEK.txt") returned 1 [0054.085] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp") returned 86 [0054.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4e78 [0054.085] lstrcpyW (in: lpString1=0x3da4e78, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile36.bmp" [0054.085] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.085] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.085] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae595272, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae595272, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile37.bmp", cAlternateFileName="")) returned 1 [0054.085] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp") returned 86 [0054.085] StrStrIW (lpFirst="usertile37.bmp", lpSrch=".lolkek") returned 0x0 [0054.085] lstrcmpW (lpString1="usertile37.bmp", lpString2="LOLKEK.txt") returned 1 [0054.085] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp") returned 86 [0054.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da4fe0 [0054.085] lstrcpyW (in: lpString1=0x3da4fe0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile37.bmp" [0054.085] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.085] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.085] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5bb3cf, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5bb3cf, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddb6c46b, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile38.bmp", cAlternateFileName="")) returned 1 [0054.085] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp") returned 86 [0054.085] StrStrIW (lpFirst="usertile38.bmp", lpSrch=".lolkek") returned 0x0 [0054.085] lstrcmpW (lpString1="usertile38.bmp", lpString2="LOLKEK.txt") returned 1 [0054.085] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp") returned 86 [0054.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da5148 [0054.085] lstrcpyW (in: lpString1=0x3da5148, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile38.bmp" [0054.085] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.085] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.085] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5e152c, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae5e152c, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc2ab41, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile39.bmp", cAlternateFileName="")) returned 1 [0054.085] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp") returned 86 [0054.085] StrStrIW (lpFirst="usertile39.bmp", lpSrch=".lolkek") returned 0x0 [0054.085] lstrcmpW (lpString1="usertile39.bmp", lpString2="LOLKEK.txt") returned 1 [0054.085] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp") returned 86 [0054.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da52b0 [0054.085] lstrcpyW (in: lpString1=0x3da52b0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile39.bmp" [0054.085] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.085] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.085] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae607689, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae607689, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddc50c9f, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile40.bmp", cAlternateFileName="")) returned 1 [0054.085] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp") returned 86 [0054.085] StrStrIW (lpFirst="usertile40.bmp", lpSrch=".lolkek") returned 0x0 [0054.085] lstrcmpW (lpString1="usertile40.bmp", lpString2="LOLKEK.txt") returned 1 [0054.085] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp") returned 86 [0054.085] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da5418 [0054.085] lstrcpyW (in: lpString1=0x3da5418, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile40.bmp" [0054.086] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.086] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.086] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae62d7e6, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae62d7e6, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddcc30b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile41.bmp", cAlternateFileName="")) returned 1 [0054.086] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp") returned 86 [0054.086] StrStrIW (lpFirst="usertile41.bmp", lpSrch=".lolkek") returned 0x0 [0054.086] lstrcmpW (lpString1="usertile41.bmp", lpString2="LOLKEK.txt") returned 1 [0054.086] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp") returned 86 [0054.086] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da5580 [0054.086] lstrcpyW (in: lpString1=0x3da5580, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile41.bmp" [0054.086] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.086] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.086] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddce9217, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile42.bmp", cAlternateFileName="")) returned 1 [0054.086] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp") returned 86 [0054.086] StrStrIW (lpFirst="usertile42.bmp", lpSrch=".lolkek") returned 0x0 [0054.086] lstrcmpW (lpString1="usertile42.bmp", lpString2="LOLKEK.txt") returned 1 [0054.086] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp") returned 86 [0054.086] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da56e8 [0054.086] lstrcpyW (in: lpString1=0x3da56e8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile42.bmp" [0054.086] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.086] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.086] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae653943, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae653943, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd0f375, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile43.bmp", cAlternateFileName="")) returned 1 [0054.086] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp") returned 86 [0054.086] StrStrIW (lpFirst="usertile43.bmp", lpSrch=".lolkek") returned 0x0 [0054.086] lstrcmpW (lpString1="usertile43.bmp", lpString2="LOLKEK.txt") returned 1 [0054.086] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp") returned 86 [0054.086] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da5850 [0054.086] lstrcpyW (in: lpString1=0x3da5850, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile43.bmp" [0054.086] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.086] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.086] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile44.bmp", cAlternateFileName="")) returned 1 [0054.086] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp") returned 86 [0054.086] StrStrIW (lpFirst="usertile44.bmp", lpSrch=".lolkek") returned 0x0 [0054.086] lstrcmpW (lpString1="usertile44.bmp", lpString2="LOLKEK.txt") returned 1 [0054.086] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp") returned 86 [0054.086] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da59b8 [0054.086] lstrcpyW (in: lpString1=0x3da59b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\usertile44.bmp" [0054.086] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.087] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.087] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae679aa0, ftCreationTime.dwHighDateTime=0x1ca040d, ftLastAccessTime.dwLowDateTime=0xae679aa0, ftLastAccessTime.dwHighDateTime=0x1ca040d, ftLastWriteTime.dwLowDateTime=0xddd354d3, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xc038, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="usertile44.bmp", cAlternateFileName="")) returned 0 [0054.087] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.087] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\LOLKEK.txt") returned 82 [0054.087] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default Pictures\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.087] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.087] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x37dc5fa0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xc089, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="guest.bmp.lolkek", cAlternateFileName="")) returned 1 [0054.087] lstrcmpiW (lpString1="guest.bmp.lolkek", lpString2="Windows") returned -1 [0054.087] lstrcmpiW (lpString1="guest.bmp.lolkek", lpString2="Program Files") returned -1 [0054.087] lstrcmpiW (lpString1="guest.bmp.lolkek", lpString2="Program Files (x86)") returned -1 [0054.087] lstrcmpiW (lpString1="guest.bmp.lolkek", lpString2="$Recycle.bin") returned 1 [0054.087] lstrcmpiW (lpString1="guest.bmp.lolkek", lpString2="System Volume Information") returned -1 [0054.087] lstrcmpiW (lpString1="guest.bmp.lolkek", lpString2=".") returned 1 [0054.087] lstrcmpiW (lpString1="guest.bmp.lolkek", lpString2="..") returned 1 [0054.087] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp.lolkek") returned 71 [0054.087] StrStrIW (lpFirst="guest.bmp.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.087] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32886bc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.087] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.087] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.087] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.087] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.087] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.087] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.087] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.087] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\LOLKEK.txt") returned 65 [0054.087] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.087] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.087] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x37dc5fa0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xc089, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="user.bmp.lolkek", cAlternateFileName="")) returned 1 [0054.087] lstrcmpiW (lpString1="user.bmp.lolkek", lpString2="Windows") returned -1 [0054.087] lstrcmpiW (lpString1="user.bmp.lolkek", lpString2="Program Files") returned 1 [0054.087] lstrcmpiW (lpString1="user.bmp.lolkek", lpString2="Program Files (x86)") returned 1 [0054.087] lstrcmpiW (lpString1="user.bmp.lolkek", lpString2="$Recycle.bin") returned 1 [0054.087] lstrcmpiW (lpString1="user.bmp.lolkek", lpString2="System Volume Information") returned 1 [0054.087] lstrcmpiW (lpString1="user.bmp.lolkek", lpString2=".") returned 1 [0054.087] lstrcmpiW (lpString1="user.bmp.lolkek", lpString2="..") returned 1 [0054.087] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user.bmp.lolkek") returned 70 [0054.087] StrStrIW (lpFirst="user.bmp.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.087] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bed1018, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x37dc5fa0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xc089, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="user.bmp.lolkek", cAlternateFileName="")) returned 0 [0054.087] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.087] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\LOLKEK.txt") returned 65 [0054.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\User Account Pictures\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.088] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.089] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Vault", cAlternateFileName="")) returned 1 [0054.090] lstrcmpiW (lpString1="Vault", lpString2="Windows") returned -1 [0054.090] lstrcmpiW (lpString1="Vault", lpString2="Program Files") returned 1 [0054.090] lstrcmpiW (lpString1="Vault", lpString2="Program Files (x86)") returned 1 [0054.090] lstrcmpiW (lpString1="Vault", lpString2="$Recycle.bin") returned 1 [0054.090] lstrcmpiW (lpString1="Vault", lpString2="System Volume Information") returned 1 [0054.090] lstrcmpiW (lpString1="Vault", lpString2=".") returned 1 [0054.090] lstrcmpiW (lpString1="Vault", lpString2="..") returned 1 [0054.090] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault") returned 38 [0054.090] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.090] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault" [0054.090] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault\\*" [0054.090] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.090] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.090] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.090] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.090] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.090] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.090] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.090] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.090] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.090] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.090] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.090] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.090] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.090] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.090] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.090] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32886bc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.090] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.090] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.090] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.090] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.090] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.090] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.090] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.090] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault\\LOLKEK.txt") returned 49 [0054.091] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.091] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.091] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32886bc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.091] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.091] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault\\LOLKEK.txt") returned 49 [0054.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Vault\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\vault\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.091] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.091] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VISIO", cAlternateFileName="")) returned 1 [0054.091] lstrcmpiW (lpString1="VISIO", lpString2="Windows") returned -1 [0054.091] lstrcmpiW (lpString1="VISIO", lpString2="Program Files") returned 1 [0054.091] lstrcmpiW (lpString1="VISIO", lpString2="Program Files (x86)") returned 1 [0054.091] lstrcmpiW (lpString1="VISIO", lpString2="$Recycle.bin") returned 1 [0054.091] lstrcmpiW (lpString1="VISIO", lpString2="System Volume Information") returned 1 [0054.091] lstrcmpiW (lpString1="VISIO", lpString2=".") returned 1 [0054.091] lstrcmpiW (lpString1="VISIO", lpString2="..") returned 1 [0054.091] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO") returned 38 [0054.091] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.091] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO" [0054.091] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO\\*" [0054.091] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.091] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.091] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.091] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.091] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.091] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.091] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.091] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80ac5760, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.091] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.091] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.091] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.091] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.091] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.091] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.091] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.091] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32886bc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.091] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.091] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.091] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.091] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.091] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.092] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.092] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.092] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO\\LOLKEK.txt") returned 49 [0054.092] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.092] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.092] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32886bc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32886bc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32886bc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.092] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.092] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO\\LOLKEK.txt") returned 49 [0054.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\VISIO\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\visio\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.092] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.092] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x60ae73a0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x60ae73a0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0054.092] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0054.092] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0054.092] lstrcmpiW (lpString1="Windows Defender", lpString2="Windows") returned 1 [0054.092] lstrcmpiW (lpString1="Windows Defender", lpString2="Program Files") returned 1 [0054.092] lstrcmpiW (lpString1="Windows Defender", lpString2="Program Files (x86)") returned 1 [0054.092] lstrcmpiW (lpString1="Windows Defender", lpString2="$Recycle.bin") returned 1 [0054.092] lstrcmpiW (lpString1="Windows Defender", lpString2="System Volume Information") returned 1 [0054.092] lstrcmpiW (lpString1="Windows Defender", lpString2=".") returned 1 [0054.092] lstrcmpiW (lpString1="Windows Defender", lpString2="..") returned 1 [0054.092] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender") returned 49 [0054.092] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.092] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender" [0054.092] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\*" [0054.092] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.092] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.092] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.092] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.092] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.092] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.092] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.092] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.092] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.092] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.092] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.092] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.092] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.092] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.092] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.092] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Definition Updates", cAlternateFileName="DEFINI~1")) returned 1 [0054.093] lstrcmpiW (lpString1="Definition Updates", lpString2="Windows") returned -1 [0054.093] lstrcmpiW (lpString1="Definition Updates", lpString2="Program Files") returned -1 [0054.093] lstrcmpiW (lpString1="Definition Updates", lpString2="Program Files (x86)") returned -1 [0054.093] lstrcmpiW (lpString1="Definition Updates", lpString2="$Recycle.bin") returned 1 [0054.093] lstrcmpiW (lpString1="Definition Updates", lpString2="System Volume Information") returned -1 [0054.093] lstrcmpiW (lpString1="Definition Updates", lpString2=".") returned 1 [0054.093] lstrcmpiW (lpString1="Definition Updates", lpString2="..") returned 1 [0054.093] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates") returned 68 [0054.093] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.093] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates" [0054.093] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\*" [0054.093] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.093] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.093] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.093] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.093] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.093] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.093] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.093] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.093] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.093] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.093] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.093] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.093] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.093] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.093] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.093] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Backup", cAlternateFileName="")) returned 1 [0054.093] lstrcmpiW (lpString1="Backup", lpString2="Windows") returned -1 [0054.093] lstrcmpiW (lpString1="Backup", lpString2="Program Files") returned -1 [0054.093] lstrcmpiW (lpString1="Backup", lpString2="Program Files (x86)") returned -1 [0054.093] lstrcmpiW (lpString1="Backup", lpString2="$Recycle.bin") returned 1 [0054.093] lstrcmpiW (lpString1="Backup", lpString2="System Volume Information") returned -1 [0054.093] lstrcmpiW (lpString1="Backup", lpString2=".") returned 1 [0054.093] lstrcmpiW (lpString1="Backup", lpString2="..") returned 1 [0054.093] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned 75 [0054.094] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.094] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup" [0054.094] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*" [0054.094] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.094] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.094] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.094] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.094] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.094] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.094] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.094] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.094] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.094] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.094] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.094] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.094] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.094] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.094] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.094] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.094] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.094] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.094] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.094] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.094] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.094] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.094] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.094] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\LOLKEK.txt") returned 86 [0054.094] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.094] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.094] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.094] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.094] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\LOLKEK.txt") returned 86 [0054.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\backup\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.095] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.095] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.095] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\LOLKEK.txt") returned 79 [0054.095] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.095] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.095] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Updates", cAlternateFileName="")) returned 1 [0054.095] lstrcmpiW (lpString1="Updates", lpString2="Windows") returned -1 [0054.095] lstrcmpiW (lpString1="Updates", lpString2="Program Files") returned 1 [0054.095] lstrcmpiW (lpString1="Updates", lpString2="Program Files (x86)") returned 1 [0054.095] lstrcmpiW (lpString1="Updates", lpString2="$Recycle.bin") returned 1 [0054.095] lstrcmpiW (lpString1="Updates", lpString2="System Volume Information") returned 1 [0054.095] lstrcmpiW (lpString1="Updates", lpString2=".") returned 1 [0054.095] lstrcmpiW (lpString1="Updates", lpString2="..") returned 1 [0054.095] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned 76 [0054.095] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.095] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates" [0054.095] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*" [0054.095] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.095] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.095] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.095] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.095] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.095] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.095] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.095] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.095] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.095] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.095] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.095] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.095] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.095] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.095] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.095] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.095] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.096] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.096] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.096] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.096] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.096] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.096] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.096] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\LOLKEK.txt") returned 87 [0054.096] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.096] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.096] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.096] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.096] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\LOLKEK.txt") returned 87 [0054.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\updates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.096] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.096] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x37e12260, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e12260, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 1 [0054.096] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="Windows") returned -1 [0054.096] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="Program Files") returned -1 [0054.096] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="Program Files (x86)") returned -1 [0054.096] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="$Recycle.bin") returned 1 [0054.096] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="System Volume Information") returned -1 [0054.096] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2=".") returned 1 [0054.096] lstrcmpiW (lpString1="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="..") returned 1 [0054.096] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned 107 [0054.096] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.096] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}" [0054.096] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*" [0054.096] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x37e12260, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e12260, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.096] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.096] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.096] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.096] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.096] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.096] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.096] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x37e12260, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e12260, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.096] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.096] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.096] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.096] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.096] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.096] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.097] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.097] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.097] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.097] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.097] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.097] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.097] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.097] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.097] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.097] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\LOLKEK.txt") returned 118 [0054.097] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.097] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.097] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fd91f9, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fd91f9, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x37dec100, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xb171e1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpasbase.vdm.lolkek", cAlternateFileName="")) returned 1 [0054.097] lstrcmpiW (lpString1="mpasbase.vdm.lolkek", lpString2="Windows") returned -1 [0054.097] lstrcmpiW (lpString1="mpasbase.vdm.lolkek", lpString2="Program Files") returned -1 [0054.097] lstrcmpiW (lpString1="mpasbase.vdm.lolkek", lpString2="Program Files (x86)") returned -1 [0054.097] lstrcmpiW (lpString1="mpasbase.vdm.lolkek", lpString2="$Recycle.bin") returned 1 [0054.097] lstrcmpiW (lpString1="mpasbase.vdm.lolkek", lpString2="System Volume Information") returned -1 [0054.097] lstrcmpiW (lpString1="mpasbase.vdm.lolkek", lpString2=".") returned 1 [0054.097] lstrcmpiW (lpString1="mpasbase.vdm.lolkek", lpString2="..") returned 1 [0054.097] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasbase.vdm.lolkek") returned 127 [0054.097] StrStrIW (lpFirst="mpasbase.vdm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.097] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fff35a, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fff35a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x37e12260, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x52de1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpasdlta.vdm.lolkek", cAlternateFileName="")) returned 1 [0054.097] lstrcmpiW (lpString1="mpasdlta.vdm.lolkek", lpString2="Windows") returned -1 [0054.097] lstrcmpiW (lpString1="mpasdlta.vdm.lolkek", lpString2="Program Files") returned -1 [0054.097] lstrcmpiW (lpString1="mpasdlta.vdm.lolkek", lpString2="Program Files (x86)") returned -1 [0054.097] lstrcmpiW (lpString1="mpasdlta.vdm.lolkek", lpString2="$Recycle.bin") returned 1 [0054.097] lstrcmpiW (lpString1="mpasdlta.vdm.lolkek", lpString2="System Volume Information") returned -1 [0054.097] lstrcmpiW (lpString1="mpasdlta.vdm.lolkek", lpString2=".") returned 1 [0054.097] lstrcmpiW (lpString1="mpasdlta.vdm.lolkek", lpString2="..") returned 1 [0054.097] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpasdlta.vdm.lolkek") returned 127 [0054.097] StrStrIW (lpFirst="mpasdlta.vdm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.097] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x37e12260, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x7d1da1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpengine.dll.lolkek", cAlternateFileName="")) returned 1 [0054.097] lstrcmpiW (lpString1="mpengine.dll.lolkek", lpString2="Windows") returned -1 [0054.097] lstrcmpiW (lpString1="mpengine.dll.lolkek", lpString2="Program Files") returned -1 [0054.097] lstrcmpiW (lpString1="mpengine.dll.lolkek", lpString2="Program Files (x86)") returned -1 [0054.097] lstrcmpiW (lpString1="mpengine.dll.lolkek", lpString2="$Recycle.bin") returned 1 [0054.097] lstrcmpiW (lpString1="mpengine.dll.lolkek", lpString2="System Volume Information") returned -1 [0054.097] lstrcmpiW (lpString1="mpengine.dll.lolkek", lpString2=".") returned 1 [0054.097] lstrcmpiW (lpString1="mpengine.dll.lolkek", lpString2="..") returned 1 [0054.097] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\mpengine.dll.lolkek") returned 127 [0054.097] StrStrIW (lpFirst="mpengine.dll.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.097] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x1fb3099, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x37e12260, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x7d1da1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mpengine.dll.lolkek", cAlternateFileName="")) returned 0 [0054.097] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.097] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\LOLKEK.txt") returned 118 [0054.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\{d2b0b133-42ed-44d3-809a-46ebb62ba863}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.098] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.098] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1fb3099, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x37e12260, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e12260, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{D2B0B133-42ED-44D3-809A-46EBB62BA863}", cAlternateFileName="{D2B0B~1")) returned 0 [0054.098] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.098] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\LOLKEK.txt") returned 79 [0054.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\definition updates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.098] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.098] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LocalCopy", cAlternateFileName="LOCALC~1")) returned 1 [0054.098] lstrcmpiW (lpString1="LocalCopy", lpString2="Windows") returned -1 [0054.098] lstrcmpiW (lpString1="LocalCopy", lpString2="Program Files") returned -1 [0054.098] lstrcmpiW (lpString1="LocalCopy", lpString2="Program Files (x86)") returned -1 [0054.098] lstrcmpiW (lpString1="LocalCopy", lpString2="$Recycle.bin") returned 1 [0054.098] lstrcmpiW (lpString1="LocalCopy", lpString2="System Volume Information") returned -1 [0054.098] lstrcmpiW (lpString1="LocalCopy", lpString2=".") returned 1 [0054.098] lstrcmpiW (lpString1="LocalCopy", lpString2="..") returned 1 [0054.098] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy") returned 59 [0054.098] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.098] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy" [0054.098] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\*" [0054.098] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.098] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.098] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.098] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.098] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.098] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.098] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.098] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.098] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.098] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.098] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.098] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.098] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.098] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.098] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.098] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.098] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.098] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.098] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.098] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.099] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\LOLKEK.txt") returned 70 [0054.099] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.099] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.099] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328acd20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328acd20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328acd20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.099] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.099] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\LOLKEK.txt") returned 70 [0054.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\localcopy\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.099] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328f8fe0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.099] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LOLKEK.txt") returned 60 [0054.099] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.099] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.099] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328d2e80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328d2e80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Quarantine", cAlternateFileName="QUARAN~1")) returned 1 [0054.099] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine") returned 60 [0054.099] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.099] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine" [0054.099] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\*" [0054.099] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328d2e80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328d2e80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.099] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328d2e80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328d2e80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.099] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\LOLKEK.txt") returned 71 [0054.099] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.099] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.099] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328d2e80, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328d2e80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328d2e80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.099] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.099] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\LOLKEK.txt") returned 71 [0054.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\quarantine\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.099] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.099] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Scans", cAlternateFileName="")) returned 1 [0054.100] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans") returned 55 [0054.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.100] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans" [0054.100] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\*" [0054.100] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.100] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History") returned 63 [0054.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.100] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History" [0054.100] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\*" [0054.100] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7690f9e4, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.100] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned 76 [0054.100] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.101] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager" [0054.101] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*" [0054.101] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76b24d28, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x37e383c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.101] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\LOLKEK.txt") returned 87 [0054.101] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.101] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.101] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x33bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MpSfc.bin.lolkek", cAlternateFileName="MPSFCB~1.LOL")) returned 1 [0054.101] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\MpSfc.bin.lolkek") returned 93 [0054.101] StrStrIW (lpFirst="MpSfc.bin.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.101] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc0a7e0, ftCreationTime.dwHighDateTime=0x1d2faf9, ftLastAccessTime.dwLowDateTime=0xcfc0a7e0, ftLastAccessTime.dwHighDateTime=0x1d2faf9, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x33bb1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MpSfc.bin.lolkek", cAlternateFileName="MPSFCB~1.LOL")) returned 0 [0054.101] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.101] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\LOLKEK.txt") returned 87 [0054.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\cachemanager\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.101] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.101] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328f8fe0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.101] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\LOLKEK.txt") returned 74 [0054.101] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.101] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.101] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x328d2e80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328d2e80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Results", cAlternateFileName="")) returned 1 [0054.101] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned 71 [0054.101] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.101] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results" [0054.101] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*" [0054.101] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x328d2e80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328d2e80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.101] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\LOLKEK.txt") returned 82 [0054.101] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.101] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.101] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x37e383c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Resource", cAlternateFileName="")) returned 1 [0054.102] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned 80 [0054.102] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0054.102] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource" [0054.102] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*" [0054.102] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x37e383c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.102] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\LOLKEK.txt") returned 91 [0054.102] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.102] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.102] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1ab1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.lolkek", cAlternateFileName="{1D1DB~1.LOL")) returned 1 [0054.102] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.lolkek") returned 126 [0054.102] StrStrIW (lpFirst="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.102] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80be8ad0, ftCreationTime.dwHighDateTime=0x1d33740, ftLastAccessTime.dwLowDateTime=0x80be8ad0, ftLastAccessTime.dwHighDateTime=0x1d33740, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1ab1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.lolkek", cAlternateFileName="{1D1DB~1.LOL")) returned 0 [0054.102] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.102] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\LOLKEK.txt") returned 91 [0054.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\Resource\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\resource\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.102] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0054.102] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa13d69d0, ftCreationTime.dwHighDateTime=0x1d2dda3, ftLastAccessTime.dwLowDateTime=0x37e383c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e383c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Resource", cAlternateFileName="")) returned 0 [0054.103] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.103] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\LOLKEK.txt") returned 82 [0054.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\results\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.103] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x37e5e520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Service", cAlternateFileName="")) returned 1 [0054.103] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned 71 [0054.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.103] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service" [0054.103] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*" [0054.103] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x769ce0c6, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x37e5e520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.103] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\History.Log.lolkek") returned 90 [0054.103] StrStrIW (lpFirst="History.Log.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.103] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328d2e80, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328d2e80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328d2e80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.103] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\LOLKEK.txt") returned 82 [0054.103] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.103] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.103] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1ad7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Unknown.Log.lolkek", cAlternateFileName="UNKNOW~1.LOL")) returned 1 [0054.103] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\Unknown.Log.lolkek") returned 90 [0054.103] StrStrIW (lpFirst="Unknown.Log.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.103] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadeed740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xadeed740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1ad7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Unknown.Log.lolkek", cAlternateFileName="UNKNOW~1.LOL")) returned 0 [0054.103] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.103] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\LOLKEK.txt") returned 82 [0054.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\service\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.103] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.103] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Store", cAlternateFileName="")) returned 1 [0054.103] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned 69 [0054.103] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.103] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store" [0054.103] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*" [0054.103] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.104] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\LOLKEK.txt") returned 80 [0054.104] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.104] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.104] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328f8fe0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.104] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.104] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\LOLKEK.txt") returned 80 [0054.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\store\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.104] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x244fb42, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Store", cAlternateFileName="")) returned 0 [0054.104] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.104] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\LOLKEK.txt") returned 74 [0054.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\history\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.104] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328f8fe0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.104] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\LOLKEK.txt") returned 66 [0054.104] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.104] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.104] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328f8fe0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.104] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.104] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\LOLKEK.txt") returned 66 [0054.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\scans\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.104] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.105] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x37e5e520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Support", cAlternateFileName="")) returned 1 [0054.105] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support") returned 57 [0054.105] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.106] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support" [0054.106] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\*" [0054.106] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x37e5e520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.106] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\LOLKEK.txt") returned 68 [0054.106] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.106] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.106] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76792c22, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x30b2b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MPLog-07132009-221054.log.lolkek", cAlternateFileName="MPLOG-~1.LOL")) returned 1 [0054.106] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\MPLog-07132009-221054.log.lolkek") returned 90 [0054.106] StrStrIW (lpFirst="MPLog-07132009-221054.log.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.106] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76792c22, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76792c22, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x30b2b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MPLog-07132009-221054.log.lolkek", cAlternateFileName="MPLOG-~1.LOL")) returned 0 [0054.106] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.106] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\LOLKEK.txt") returned 68 [0054.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\support\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.106] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x37e5e520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x37e5e520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Support", cAlternateFileName="")) returned 0 [0054.106] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.106] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LOLKEK.txt") returned 60 [0054.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows Defender\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows defender\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.106] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.106] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows NT", cAlternateFileName="WINDOW~2")) returned 1 [0054.106] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT") returned 43 [0054.106] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.106] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT" [0054.106] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\*" [0054.106] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.106] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\LOLKEK.txt") returned 54 [0054.107] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.107] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.107] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSFax", cAlternateFileName="")) returned 1 [0054.107] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax") returned 49 [0054.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.107] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax" [0054.107] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\*" [0054.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.107] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned 61 [0054.107] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.107] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog" [0054.107] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*" [0054.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.107] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\LOLKEK.txt") returned 72 [0054.107] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.107] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.107] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x328f8fe0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x328f8fe0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x328f8fe0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.107] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.107] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\LOLKEK.txt") returned 72 [0054.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\activitylog\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.107] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.107] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Common Coverpages", cAlternateFileName="COMMON~1")) returned 1 [0054.108] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned 67 [0054.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.108] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages" [0054.108] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*" [0054.108] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.108] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned 73 [0054.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.108] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US" [0054.108] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*" [0054.108] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.108] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov") returned 87 [0054.108] StrStrIW (lpFirst="confident.cov", lpSrch=".lolkek") returned 0x0 [0054.108] lstrcmpW (lpString1="confident.cov", lpString2="LOLKEK.txt") returned -1 [0054.108] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov") returned 87 [0054.108] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3da5b20 [0054.108] lstrcpyW (in: lpString1=0x3da5b20, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\confident.cov" [0054.108] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.108] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.108] lstrcmpiW (lpString1="fyi.cov", lpString2="Windows") returned -1 [0054.108] lstrcmpiW (lpString1="fyi.cov", lpString2="Program Files") returned -1 [0054.108] lstrcmpiW (lpString1="fyi.cov", lpString2="Program Files (x86)") returned -1 [0054.108] lstrcmpiW (lpString1="fyi.cov", lpString2="$Recycle.bin") returned 1 [0054.108] lstrcmpiW (lpString1="fyi.cov", lpString2="System Volume Information") returned -1 [0054.109] lstrcmpiW (lpString1="fyi.cov", lpString2=".") returned 1 [0054.109] lstrcmpiW (lpString1="fyi.cov", lpString2="..") returned 1 [0054.109] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov") returned 81 [0054.109] StrStrIW (lpFirst="fyi.cov", lpSrch=".lolkek") returned 0x0 [0054.109] lstrcmpW (lpString1="fyi.cov", lpString2="LOLKEK.txt") returned -1 [0054.109] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov") returned 81 [0054.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cadfd0 [0054.109] lstrcpyW (in: lpString1=0x3cadfd0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\fyi.cov" [0054.109] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.109] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.109] lstrcmpiW (lpString1="generic.cov", lpString2="Windows") returned -1 [0054.109] lstrcmpiW (lpString1="generic.cov", lpString2="Program Files") returned -1 [0054.109] lstrcmpiW (lpString1="generic.cov", lpString2="Program Files (x86)") returned -1 [0054.109] lstrcmpiW (lpString1="generic.cov", lpString2="$Recycle.bin") returned 1 [0054.109] lstrcmpiW (lpString1="generic.cov", lpString2="System Volume Information") returned -1 [0054.109] lstrcmpiW (lpString1="generic.cov", lpString2=".") returned 1 [0054.109] lstrcmpiW (lpString1="generic.cov", lpString2="..") returned 1 [0054.109] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov") returned 85 [0054.109] StrStrIW (lpFirst="generic.cov", lpSrch=".lolkek") returned 0x0 [0054.109] lstrcmpW (lpString1="generic.cov", lpString2="LOLKEK.txt") returned -1 [0054.109] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov") returned 85 [0054.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x3da5c88 [0054.109] lstrcpyW (in: lpString1=0x3da5c88, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\generic.cov" [0054.109] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.109] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.109] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.109] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.109] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.109] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.109] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.109] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.109] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.109] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\LOLKEK.txt") returned 84 [0054.109] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.109] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.109] lstrcmpiW (lpString1="urgent.cov", lpString2="Windows") returned -1 [0054.109] lstrcmpiW (lpString1="urgent.cov", lpString2="Program Files") returned 1 [0054.109] lstrcmpiW (lpString1="urgent.cov", lpString2="Program Files (x86)") returned 1 [0054.109] lstrcmpiW (lpString1="urgent.cov", lpString2="$Recycle.bin") returned 1 [0054.109] lstrcmpiW (lpString1="urgent.cov", lpString2="System Volume Information") returned 1 [0054.109] lstrcmpiW (lpString1="urgent.cov", lpString2=".") returned 1 [0054.109] lstrcmpiW (lpString1="urgent.cov", lpString2="..") returned 1 [0054.109] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov") returned 84 [0054.109] StrStrIW (lpFirst="urgent.cov", lpSrch=".lolkek") returned 0x0 [0054.109] lstrcmpW (lpString1="urgent.cov", lpString2="LOLKEK.txt") returned 1 [0054.109] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov") returned 84 [0054.109] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3da5df0 [0054.110] lstrcpyW (in: lpString1=0x3da5df0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\urgent.cov" [0054.110] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.110] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.110] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.110] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\LOLKEK.txt") returned 84 [0054.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.110] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.110] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.110] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.110] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.110] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.110] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.110] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.110] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.110] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\LOLKEK.txt") returned 78 [0054.110] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.110] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.110] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.110] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\LOLKEK.txt") returned 78 [0054.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\common coverpages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.110] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.110] lstrcmpiW (lpString1="Inbox", lpString2="Windows") returned -1 [0054.111] lstrcmpiW (lpString1="Inbox", lpString2="Program Files") returned -1 [0054.111] lstrcmpiW (lpString1="Inbox", lpString2="Program Files (x86)") returned -1 [0054.111] lstrcmpiW (lpString1="Inbox", lpString2="$Recycle.bin") returned 1 [0054.111] lstrcmpiW (lpString1="Inbox", lpString2="System Volume Information") returned -1 [0054.111] lstrcmpiW (lpString1="Inbox", lpString2=".") returned 1 [0054.111] lstrcmpiW (lpString1="Inbox", lpString2="..") returned 1 [0054.111] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox") returned 55 [0054.111] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.111] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox" [0054.111] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\*" [0054.111] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.111] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.111] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.111] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.111] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.111] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.111] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.111] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.111] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.111] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.111] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.111] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.111] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.111] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.111] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.111] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32b0e320, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.111] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.111] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.111] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.111] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.111] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.111] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.111] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.111] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\LOLKEK.txt") returned 66 [0054.111] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.111] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.111] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32b0e320, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.111] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.111] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\LOLKEK.txt") returned 66 [0054.111] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\inbox\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.111] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.112] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32ba68a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.112] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\LOLKEK.txt") returned 60 [0054.112] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.112] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.112] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Queue", cAlternateFileName="")) returned 1 [0054.112] lstrcmpiW (lpString1="Queue", lpString2="Windows") returned -1 [0054.112] lstrcmpiW (lpString1="Queue", lpString2="Program Files") returned 1 [0054.112] lstrcmpiW (lpString1="Queue", lpString2="Program Files (x86)") returned 1 [0054.112] lstrcmpiW (lpString1="Queue", lpString2="$Recycle.bin") returned 1 [0054.112] lstrcmpiW (lpString1="Queue", lpString2="System Volume Information") returned -1 [0054.112] lstrcmpiW (lpString1="Queue", lpString2=".") returned 1 [0054.112] lstrcmpiW (lpString1="Queue", lpString2="..") returned 1 [0054.112] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue") returned 55 [0054.112] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.112] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue" [0054.112] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\*" [0054.112] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.112] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.112] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.112] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.112] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.112] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.112] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.112] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b0e320, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.112] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.112] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.112] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.112] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.112] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.112] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.112] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.112] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32b0e320, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b34480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.112] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.113] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\LOLKEK.txt") returned 66 [0054.113] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.113] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.113] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32b0e320, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32b0e320, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b34480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.113] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.113] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\LOLKEK.txt") returned 66 [0054.113] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\queue\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.113] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.113] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b34480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b34480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SentItems", cAlternateFileName="SENTIT~1")) returned 1 [0054.113] lstrcmpiW (lpString1="SentItems", lpString2="Windows") returned -1 [0054.113] lstrcmpiW (lpString1="SentItems", lpString2="Program Files") returned 1 [0054.113] lstrcmpiW (lpString1="SentItems", lpString2="Program Files (x86)") returned 1 [0054.113] lstrcmpiW (lpString1="SentItems", lpString2="$Recycle.bin") returned 1 [0054.113] lstrcmpiW (lpString1="SentItems", lpString2="System Volume Information") returned -1 [0054.113] lstrcmpiW (lpString1="SentItems", lpString2=".") returned 1 [0054.113] lstrcmpiW (lpString1="SentItems", lpString2="..") returned 1 [0054.113] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems") returned 59 [0054.113] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.113] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems" [0054.113] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\*" [0054.113] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b34480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b34480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.113] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.113] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.113] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.113] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.113] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.113] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.113] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32b34480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b34480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.113] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.113] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.113] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.113] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.113] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.113] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.113] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.113] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32b34480, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32b34480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b34480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.113] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.113] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.113] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.113] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.113] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.114] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.114] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.114] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\LOLKEK.txt") returned 70 [0054.114] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.114] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.114] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32b34480, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32b34480, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32b34480, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.114] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.114] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\LOLKEK.txt") returned 70 [0054.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\sentitems\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.114] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.114] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 1 [0054.114] lstrcmpiW (lpString1="VirtualInbox", lpString2="Windows") returned -1 [0054.114] lstrcmpiW (lpString1="VirtualInbox", lpString2="Program Files") returned 1 [0054.114] lstrcmpiW (lpString1="VirtualInbox", lpString2="Program Files (x86)") returned 1 [0054.114] lstrcmpiW (lpString1="VirtualInbox", lpString2="$Recycle.bin") returned 1 [0054.114] lstrcmpiW (lpString1="VirtualInbox", lpString2="System Volume Information") returned 1 [0054.114] lstrcmpiW (lpString1="VirtualInbox", lpString2=".") returned 1 [0054.114] lstrcmpiW (lpString1="VirtualInbox", lpString2="..") returned 1 [0054.114] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned 62 [0054.114] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.114] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox" [0054.114] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*" [0054.114] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.114] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.114] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.114] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.114] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.114] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.114] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.114] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.114] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.114] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.114] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.114] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.114] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.114] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.114] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.114] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0054.114] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0054.114] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0054.114] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0054.114] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0054.115] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0054.115] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0054.115] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0054.115] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned 68 [0054.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.115] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US" [0054.115] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*" [0054.115] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.115] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.115] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.115] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.115] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.115] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.115] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.115] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.115] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.115] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.115] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.115] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.115] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.115] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.115] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.115] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32ba68a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.115] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.115] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.115] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.115] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.115] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.115] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.115] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.115] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\LOLKEK.txt") returned 79 [0054.115] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.115] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.115] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 1 [0054.115] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="Windows") returned -1 [0054.115] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="Program Files") returned 1 [0054.115] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="Program Files (x86)") returned 1 [0054.115] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="$Recycle.bin") returned 1 [0054.115] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="System Volume Information") returned 1 [0054.115] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2=".") returned 1 [0054.115] lstrcmpiW (lpString1="WelcomeFax.tif", lpString2="..") returned 1 [0054.115] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif") returned 83 [0054.115] StrStrIW (lpFirst="WelcomeFax.tif", lpSrch=".lolkek") returned 0x0 [0054.115] lstrcmpW (lpString1="WelcomeFax.tif", lpString2="LOLKEK.txt") returned 1 [0054.115] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif") returned 83 [0054.115] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cadd20 [0054.115] lstrcpyW (in: lpString1=0x3cadd20, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\WelcomeFax.tif" [0054.116] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.116] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.116] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe3998d, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfe3998d, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 0 [0054.116] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.116] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\LOLKEK.txt") returned 79 [0054.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.116] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32ba68a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.116] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.116] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.116] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.116] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.116] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.116] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.116] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.116] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\LOLKEK.txt") returned 73 [0054.116] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.116] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.116] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32ba68a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.116] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.116] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\LOLKEK.txt") returned 73 [0054.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\virtualinbox\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.116] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d91b669, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x32ba68a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32ba68a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 0 [0054.116] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.116] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\LOLKEK.txt") returned 60 [0054.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msfax\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.116] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.116] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSScan", cAlternateFileName="")) returned 1 [0054.116] lstrcmpiW (lpString1="MSScan", lpString2="Windows") returned -1 [0054.116] lstrcmpiW (lpString1="MSScan", lpString2="Program Files") returned -1 [0054.116] lstrcmpiW (lpString1="MSScan", lpString2="Program Files (x86)") returned -1 [0054.116] lstrcmpiW (lpString1="MSScan", lpString2="$Recycle.bin") returned 1 [0054.117] lstrcmpiW (lpString1="MSScan", lpString2="System Volume Information") returned -1 [0054.117] lstrcmpiW (lpString1="MSScan", lpString2=".") returned 1 [0054.117] lstrcmpiW (lpString1="MSScan", lpString2="..") returned 1 [0054.117] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan") returned 50 [0054.117] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.117] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan" [0054.117] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\*" [0054.117] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.117] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.117] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.117] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.117] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.117] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.117] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.117] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.117] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.117] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.117] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.117] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.117] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.117] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.117] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.117] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32c3ee20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.117] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.117] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.117] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.117] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.117] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.117] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.117] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.117] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\LOLKEK.txt") returned 61 [0054.117] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.117] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.117] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xea1525c5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 1 [0054.117] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="Windows") returned -1 [0054.117] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="Program Files") returned 1 [0054.120] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="Program Files (x86)") returned 1 [0054.121] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="$Recycle.bin") returned 1 [0054.121] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="System Volume Information") returned 1 [0054.121] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2=".") returned 1 [0054.121] lstrcmpiW (lpString1="WelcomeScan.jpg", lpString2="..") returned 1 [0054.121] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg") returned 66 [0054.121] StrStrIW (lpFirst="WelcomeScan.jpg", lpSrch=".lolkek") returned 0x0 [0054.121] lstrcmpW (lpString1="WelcomeScan.jpg", lpString2="LOLKEK.txt") returned 1 [0054.121] lstrlenW (lpString="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg") returned 66 [0054.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x612218 [0054.121] lstrcpyW (in: lpString1=0x612218, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg" [0054.121] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.121] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.121] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea12c467, ftCreationTime.dwHighDateTime=0x1c9ea0e, ftLastAccessTime.dwLowDateTime=0xea12c467, ftLastAccessTime.dwHighDateTime=0x1c9ea0e, ftLastWriteTime.dwLowDateTime=0xea1525c5, ftLastWriteTime.dwHighDateTime=0x1c9ea0e, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 0 [0054.121] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.121] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\LOLKEK.txt") returned 61 [0054.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.121] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.121] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSScan", cAlternateFileName="")) returned 0 [0054.121] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.121] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\LOLKEK.txt") returned 54 [0054.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\Windows NT\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.121] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.121] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0054.121] lstrcmpiW (lpString1="WwanSvc", lpString2="Windows") returned 1 [0054.121] lstrcmpiW (lpString1="WwanSvc", lpString2="Program Files") returned 1 [0054.121] lstrcmpiW (lpString1="WwanSvc", lpString2="Program Files (x86)") returned 1 [0054.121] lstrcmpiW (lpString1="WwanSvc", lpString2="$Recycle.bin") returned 1 [0054.121] lstrcmpiW (lpString1="WwanSvc", lpString2="System Volume Information") returned 1 [0054.121] lstrcmpiW (lpString1="WwanSvc", lpString2=".") returned 1 [0054.121] lstrcmpiW (lpString1="WwanSvc", lpString2="..") returned 1 [0054.121] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc") returned 40 [0054.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.121] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc" [0054.121] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\*" [0054.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.122] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.122] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.122] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.122] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.122] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.122] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.122] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.122] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.122] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.122] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.122] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.122] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.122] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.122] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.122] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x32c3ee20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.122] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Windows") returned -1 [0054.122] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files") returned -1 [0054.122] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="Program Files (x86)") returned -1 [0054.122] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="$Recycle.bin") returned 1 [0054.122] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="System Volume Information") returned -1 [0054.122] lstrcmpiW (lpString1="LOLKEK.txt", lpString2=".") returned 1 [0054.122] lstrcmpiW (lpString1="LOLKEK.txt", lpString2="..") returned 1 [0054.122] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\LOLKEK.txt") returned 51 [0054.122] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.122] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.122] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 1 [0054.122] lstrcmpiW (lpString1="Profiles", lpString2="Windows") returned -1 [0054.122] lstrcmpiW (lpString1="Profiles", lpString2="Program Files") returned -1 [0054.122] lstrcmpiW (lpString1="Profiles", lpString2="Program Files (x86)") returned -1 [0054.122] lstrcmpiW (lpString1="Profiles", lpString2="$Recycle.bin") returned 1 [0054.122] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles") returned 49 [0054.122] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.122] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles" [0054.122] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\*" [0054.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.123] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.124] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\LOLKEK.txt") returned 60 [0054.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\wwansvc\\profiles\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.124] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7fffaad0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7fffaad0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Profiles", cAlternateFileName="")) returned 0 [0054.124] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.124] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\LOLKEK.txt") returned 51 [0054.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\WwanSvc\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\wwansvc\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.124] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x32c3ee20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x32c3ee20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0054.124] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.124] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft\\LOLKEK.txt") returned 43 [0054.124] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.124] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.125] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x382d4e60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x382d4e60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0054.125] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help") returned 37 [0054.125] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0054.125] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Microsoft Help" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft Help") returned="\\\\?\\C:\\Users\\All Users\\Microsoft Help" [0054.126] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft Help", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\*") returned="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\*" [0054.126] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0x382d4e60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x382d4e60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.126] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\Hx.hxn.lolkek") returned 51 [0054.126] StrStrIW (lpFirst="Hx.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.126] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33b45900, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x33b45900, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33b45900, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.126] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\LOLKEK.txt") returned 48 [0054.126] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.126] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.126] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa72fc10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa72fc10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x381a4360, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.EXCEL.14.1033.hxn.lolkek", cAlternateFileName="MSEXCE~1.LOL")) returned 1 [0054.126] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.14.1033.hxn.lolkek") returned 65 [0054.126] StrStrIW (lpFirst="MS.EXCEL.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.126] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa755d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa755d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x381a4360, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1af, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.EXCEL.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSEXCE~2.LOL")) returned 1 [0054.126] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.EXCEL.DEV.14.1033.hxn.lolkek") returned 69 [0054.126] StrStrIW (lpFirst="MS.EXCEL.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.126] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x381ca4c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.GRAPH.14.1033.hxn.lolkek", cAlternateFileName="MSGRAP~1.LOL")) returned 1 [0054.126] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.GRAPH.14.1033.hxn.lolkek") returned 65 [0054.126] StrStrIW (lpFirst="MS.GRAPH.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.126] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd789af0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd789af0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x381ca4c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x19d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.GROOVE.14.1033.hxn.lolkek", cAlternateFileName="MSGROO~1.LOL")) returned 1 [0054.126] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.GROOVE.14.1033.hxn.lolkek") returned 66 [0054.126] StrStrIW (lpFirst="MS.GROOVE.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.126] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x381ca4c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.INFOPATH.14.1033.hxn.lolkek", cAlternateFileName="MSINFO~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATH.14.1033.hxn.lolkek") returned 68 [0054.127] StrStrIW (lpFirst="MS.INFOPATH.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x113ae4d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x113ae4d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x381f0620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1cd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.INFOPATHEDITOR.14.1033.hxn.lolkek", cAlternateFileName="MSINFO~2.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.INFOPATHEDITOR.14.1033.hxn.lolkek") returned 74 [0054.127] StrStrIW (lpFirst="MS.INFOPATHEDITOR.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x381f0620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSACCESS.14.1033.hxn.lolkek", cAlternateFileName="MSMSAC~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.14.1033.hxn.lolkek") returned 68 [0054.127] StrStrIW (lpFirst="MS.MSACCESS.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15f8e210, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x15f8e210, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x381f0620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSACCESS.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSMSAC~2.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.MSACCESS.DEV.14.1033.hxn.lolkek") returned 72 [0054.127] StrStrIW (lpFirst="MS.MSACCESS.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x381f0620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSOUC.14.1033.hxn.lolkek", cAlternateFileName="MSMSOU~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.MSOUC.14.1033.hxn.lolkek") returned 65 [0054.127] StrStrIW (lpFirst="MS.MSOUC.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x381f0620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSPUB.14.1033.hxn.lolkek", cAlternateFileName="MSMSPU~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.14.1033.hxn.lolkek") returned 65 [0054.127] StrStrIW (lpFirst="MS.MSPUB.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1beeb370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1beeb370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x38216780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1af, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSPUB.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSMSPU~2.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.MSPUB.DEV.14.1033.hxn.lolkek") returned 69 [0054.127] StrStrIW (lpFirst="MS.MSPUB.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x38216780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x19d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.MSTORE.14.1033.hxn.lolkek", cAlternateFileName="MSMSTO~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.MSTORE.14.1033.hxn.lolkek") returned 66 [0054.127] StrStrIW (lpFirst="MS.MSTORE.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x38216780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x18b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.OIS.14.1033.hxn.lolkek", cAlternateFileName="MSOIS1~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.OIS.14.1033.hxn.lolkek") returned 63 [0054.127] StrStrIW (lpFirst="MS.OIS.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc997810, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc997810, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x38216780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.ONENOTE.14.1033.hxn.lolkek", cAlternateFileName="MSONEN~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.ONENOTE.14.1033.hxn.lolkek") returned 67 [0054.127] StrStrIW (lpFirst="MS.ONENOTE.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x3823c8e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.OUTLOOK.14.1033.hxn.lolkek", cAlternateFileName="MSOUTL~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.14.1033.hxn.lolkek") returned 67 [0054.127] StrStrIW (lpFirst="MS.OUTLOOK.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25328b0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x25328b0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x3823c8e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1bb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.OUTLOOK.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSOUTL~2.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.OUTLOOK.DEV.14.1033.hxn.lolkek") returned 71 [0054.127] StrStrIW (lpFirst="MS.OUTLOOK.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3823c8e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.POWERPNT.14.1033.hxn.lolkek", cAlternateFileName="MSPOWE~1.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.14.1033.hxn.lolkek") returned 68 [0054.127] StrStrIW (lpFirst="MS.POWERPNT.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5fa06b0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf5fa06b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3823c8e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1c1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.POWERPNT.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSPOWE~2.LOL")) returned 1 [0054.127] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.POWERPNT.DEV.14.1033.hxn.lolkek") returned 72 [0054.127] StrStrIW (lpFirst="MS.POWERPNT.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.127] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef377f10, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef377f10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x38262a40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.SETLANG.14.1033.hxn.lolkek", cAlternateFileName="MSSETL~1.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.SETLANG.14.1033.hxn.lolkek") returned 67 [0054.128] StrStrIW (lpFirst="MS.SETLANG.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x38262a40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO.14.1033.hxn.lolkek", cAlternateFileName="MSVISI~1.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.14.1033.hxn.lolkek") returned 65 [0054.128] StrStrIW (lpFirst="MS.VISIO.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x38262a40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1af, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSVISI~2.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.DEV.14.1033.hxn.lolkek") returned 69 [0054.128] StrStrIW (lpFirst="MS.VISIO.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x38262a40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1d9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO.SHAPESHEET.14.1033.hxn.lolkek", cAlternateFileName="MSVISI~3.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.VISIO.SHAPESHEET.14.1033.hxn.lolkek") returned 76 [0054.128] StrStrIW (lpFirst="MS.VISIO.SHAPESHEET.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x38288ba0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1af, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO_PRM.14.1033.hxn.lolkek", cAlternateFileName="MSVISI~4.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_PRM.14.1033.hxn.lolkek") returned 69 [0054.128] StrStrIW (lpFirst="MS.VISIO_PRM.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523a6340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x523a6340, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x38288ba0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1af, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.VISIO_STD.14.1033.hxn.lolkek", cAlternateFileName="MS2219~1.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.VISIO_STD.14.1033.hxn.lolkek") returned 69 [0054.128] StrStrIW (lpFirst="MS.VISIO_STD.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x38288ba0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINPROJ.14.1033.hxn.lolkek", cAlternateFileName="MSWINP~1.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.14.1033.hxn.lolkek") returned 67 [0054.128] StrStrIW (lpFirst="MS.WINPROJ.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf766ee0, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xaf766ee0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x382aed00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1bb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINPROJ.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSWINP~2.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.WINPROJ.DEV.14.1033.hxn.lolkek") returned 71 [0054.128] StrStrIW (lpFirst="MS.WINPROJ.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x382aed00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1a3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINWORD.14.1033.hxn.lolkek", cAlternateFileName="MSWINW~1.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.14.1033.hxn.lolkek") returned 67 [0054.128] StrStrIW (lpFirst="MS.WINWORD.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e67e130, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x1e67e130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x382aed00, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x1bb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MS.WINWORD.DEV.14.1033.hxn.lolkek", cAlternateFileName="MSWINW~2.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\MS.WINWORD.DEV.14.1033.hxn.lolkek") returned 71 [0054.128] StrStrIW (lpFirst="MS.WINWORD.DEV.14.1033.hxn.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0x382d4e60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x222d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nslist.hxl.lolkek", cAlternateFileName="NSLIST~1.LOL")) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\nslist.hxl.lolkek") returned 55 [0054.128] StrStrIW (lpFirst="nslist.hxl.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.128] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0x382d4e60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x222d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nslist.hxl.lolkek", cAlternateFileName="NSLIST~1.LOL")) returned 0 [0054.128] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.128] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\LOLKEK.txt") returned 48 [0054.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Microsoft Help\\LOLKEK.txt" (normalized: "c:\\users\\all users\\microsoft help\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.129] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.129] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33e655e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33e655e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0054.129] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Mozilla") returned 30 [0054.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0054.129] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Mozilla" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Mozilla") returned="\\\\?\\C:\\Users\\All Users\\Mozilla" [0054.129] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Mozilla", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Mozilla\\*") returned="\\\\?\\C:\\Users\\All Users\\Mozilla\\*" [0054.129] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Mozilla\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33e655e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33e655e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.129] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs") returned 35 [0054.129] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.129] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs") returned="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs" [0054.129] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs\\*") returned="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs\\*" [0054.129] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x382fafc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x382fafc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.129] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs\\LOLKEK.txt") returned 46 [0054.129] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.129] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.129] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x382fafc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="maintenanceservice-install.log.lolkek", cAlternateFileName="MAINTE~1.LOL")) returned 1 [0054.129] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs\\maintenanceservice-install.log.lolkek") returned 73 [0054.129] StrStrIW (lpFirst="maintenanceservice-install.log.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.129] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x382fafc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="maintenanceservice-install.log.lolkek", cAlternateFileName="MAINTE~1.LOL")) returned 0 [0054.129] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.129] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs\\LOLKEK.txt") returned 46 [0054.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Mozilla\\logs\\LOLKEK.txt" (normalized: "c:\\users\\all users\\mozilla\\logs\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.130] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33e655e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x33e655e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33e8b740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.130] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Mozilla\\LOLKEK.txt") returned 41 [0054.130] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.130] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.130] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33e655e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x33e655e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33e8b740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.130] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.130] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Mozilla\\LOLKEK.txt") returned 41 [0054.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Mozilla\\LOLKEK.txt" (normalized: "c:\\users\\all users\\mozilla\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.130] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x33e8b740, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33e8b740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Oracle", cAlternateFileName="")) returned 1 [0054.130] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Oracle") returned 29 [0054.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0054.130] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Oracle" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Oracle") returned="\\\\?\\C:\\Users\\All Users\\Oracle" [0054.130] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Oracle", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Oracle\\*") returned="\\\\?\\C:\\Users\\All Users\\Oracle\\*" [0054.130] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Oracle\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x33e8b740, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33e8b740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.130] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Oracle\\LOLKEK.txt") returned 40 [0054.130] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.130] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.130] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33e8b740, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x33e8b740, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33e8b740, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.130] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.130] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Oracle\\LOLKEK.txt") returned 40 [0054.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Oracle\\LOLKEK.txt" (normalized: "c:\\users\\all users\\oracle\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.130] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.130] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0054.130] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache") returned 36 [0054.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5dafc0 [0054.130] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache") returned="\\\\?\\C:\\Users\\All Users\\Package Cache" [0054.130] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\*" [0054.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.131] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned 77 [0054.131] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.131] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0054.131] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*" [0054.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33eb18a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33eb18a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.131] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\LOLKEK.txt") returned 88 [0054.131] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.131] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.131] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33eb18a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33eb18a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.131] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned 86 [0054.131] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.131] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages" [0054.131] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*" [0054.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33eb18a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33eb18a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.131] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\LOLKEK.txt") returned 97 [0054.131] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.131] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.131] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33eb18a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33eb18a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 1 [0054.131] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned 92 [0054.131] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.132] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch" [0054.132] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*" [0054.132] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33eb18a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33eb18a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.132] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\LOLKEK.txt") returned 103 [0054.132] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.132] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.132] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x38321120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38321120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 1 [0054.132] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned 96 [0054.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0054.132] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64" [0054.132] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*" [0054.132] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x38321120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38321120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.132] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\LOLKEK.txt") returned 107 [0054.132] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.132] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.133] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x38321120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xf718a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu.lolkek", cAlternateFileName="WINDOW~1.LOL")) returned 1 [0054.133] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.lolkek") returned 132 [0054.133] StrStrIW (lpFirst="Windows6.1-KB2999226-x64.msu.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.133] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59d2100, ftCreationTime.dwHighDateTime=0x1d0a100, ftLastAccessTime.dwLowDateTime=0x59d2100, ftLastAccessTime.dwHighDateTime=0x1d0a100, ftLastWriteTime.dwLowDateTime=0x38321120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xf718a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu.lolkek", cAlternateFileName="WINDOW~1.LOL")) returned 0 [0054.133] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.133] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\LOLKEK.txt") returned 107 [0054.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\x64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\x64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0054.133] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x38321120, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38321120, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 0 [0054.133] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.133] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\LOLKEK.txt") returned 103 [0054.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\Patch\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\patch\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.133] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33eb18a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33eb18a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 0 [0054.133] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.133] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\LOLKEK.txt") returned 97 [0054.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.133] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.133] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x29272c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33eb18a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33eb18a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.133] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.133] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\LOLKEK.txt") returned 88 [0054.133] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\42d5bec7ddfbd49e76467529cbc2868987bf8460\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.134] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.134] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cAlternateFileName="54050A~1")) returned 1 [0054.134] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned 77 [0054.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.135] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0054.135] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*" [0054.135] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.135] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\LOLKEK.txt") returned 88 [0054.135] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.135] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.135] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.135] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned 86 [0054.135] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.135] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages" [0054.135] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*" [0054.135] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.135] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\LOLKEK.txt") returned 97 [0054.135] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.135] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.135] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 1 [0054.136] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned 92 [0054.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.136] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch" [0054.136] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*" [0054.136] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.136] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\LOLKEK.txt") returned 103 [0054.136] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.136] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.136] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x38347280, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38347280, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 1 [0054.136] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned 96 [0054.136] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x658950 [0054.136] lstrcpyW (in: lpString1=0x658950, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64" [0054.136] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*" [0054.136] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x38347280, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38347280, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.136] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\LOLKEK.txt") returned 107 [0054.137] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.137] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.137] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x38347280, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xfc98d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu.lolkek", cAlternateFileName="WINDOW~1.LOL")) returned 1 [0054.137] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\Windows6.1-KB2999226-x64.msu.lolkek") returned 132 [0054.137] StrStrIW (lpFirst="Windows6.1-KB2999226-x64.msu.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.137] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ab54b00, ftCreationTime.dwHighDateTime=0x1d1a02d, ftLastAccessTime.dwLowDateTime=0x9ab54b00, ftLastAccessTime.dwHighDateTime=0x1d1a02d, ftLastWriteTime.dwLowDateTime=0x38347280, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xfc98d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows6.1-KB2999226-x64.msu.lolkek", cAlternateFileName="WINDOW~1.LOL")) returned 0 [0054.137] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.137] wsprintfW (in: param_1=0x658950, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\LOLKEK.txt") returned 107 [0054.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\x64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\x64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x658950 | out: hHeap=0x5a0000) returned 1 [0054.137] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x38347280, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38347280, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="x64", cAlternateFileName="")) returned 0 [0054.137] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.137] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\LOLKEK.txt") returned 103 [0054.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\Patch\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\patch\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.137] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Patch", cAlternateFileName="")) returned 0 [0054.137] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.137] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\LOLKEK.txt") returned 97 [0054.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.137] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa989d730, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x33f49e20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f49e20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.137] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.137] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\LOLKEK.txt") returned 88 [0054.137] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\54050a5f8ae7f0c56e553f0090146c17a1d2bf8d\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.137] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.138] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.138] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\LOLKEK.txt") returned 47 [0054.138] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.138] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.138] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33f6ff80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f6ff80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1 [0054.138] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned 86 [0054.138] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.139] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0054.139] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*" [0054.139] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33f6ff80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f6ff80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.139] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\LOLKEK.txt") returned 97 [0054.139] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.139] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.139] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33f6ff80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f6ff80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.139] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned 95 [0054.139] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.139] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages" [0054.139] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*" [0054.139] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33f6ff80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f6ff80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.139] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\LOLKEK.txt") returned 106 [0054.139] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.139] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.139] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x3836d3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3836d3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0054.139] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned 116 [0054.140] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.140] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86" [0054.140] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*" [0054.140] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x3836d3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3836d3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.140] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek") returned 132 [0054.140] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.140] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33f6ff80, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x33f6ff80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f6ff80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.140] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 127 [0054.140] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.140] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.140] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x3836d3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.140] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek") returned 149 [0054.140] StrStrIW (lpFirst="vc_runtimeMinimum_x86.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.140] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50cc6500, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x50cc6500, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x3836d3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.140] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.140] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 127 [0054.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\vcruntimeminimum_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.140] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.140] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x3836d3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3836d3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0054.140] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.140] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\LOLKEK.txt") returned 106 [0054.140] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.141] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.141] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb95720, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x33f6ff80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x33f6ff80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.141] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.141] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\LOLKEK.txt") returned 97 [0054.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{13a4ee12-23ea-3371-91ee-efb36ddfff3e}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.141] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.141] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38393540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38393540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0054.141] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned 75 [0054.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.141] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0054.141] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*" [0054.141] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38393540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38393540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.141] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\LOLKEK.txt") returned 86 [0054.141] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.141] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.141] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd314a0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x3836d3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2df, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm.lolkek", cAlternateFileName="STATER~1.LOL")) returned 1 [0054.141] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\state.rsm.lolkek") returned 92 [0054.141] StrStrIW (lpFirst="state.rsm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.141] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x38393540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x6f479, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 1 [0054.141] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\vcredist_x86.exe.lolkek") returned 99 [0054.141] StrStrIW (lpFirst="vcredist_x86.exe.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.141] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd0b340, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x38393540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x6f479, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 0 [0054.141] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.141] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\LOLKEK.txt") returned 86 [0054.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.141] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.141] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x341d1580, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x341d1580, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0054.141] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned 86 [0054.141] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.141] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0054.142] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*" [0054.142] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x341d1580, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x341d1580, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.142] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\LOLKEK.txt") returned 97 [0054.142] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.142] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.142] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x341d1580, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x341d1580, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.142] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned 95 [0054.142] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.142] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages" [0054.142] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*" [0054.142] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x341d1580, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x341d1580, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.142] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\LOLKEK.txt") returned 106 [0054.142] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.142] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.142] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x383b96a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x383b96a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0054.142] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned 121 [0054.142] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.142] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64" [0054.142] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*" [0054.142] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x383b96a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x383b96a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.142] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek") returned 137 [0054.142] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.142] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x341d1580, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x341d1580, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x341d1580, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.142] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 132 [0054.142] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.142] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.142] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x383b96a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.142] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek") returned 157 [0054.142] StrStrIW (lpFirst="vc_runtimeAdditional_x64.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.142] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4374a500, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x4374a500, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x383b96a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.143] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.143] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 132 [0054.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\vcruntimeadditional_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.143] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.143] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x383b96a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x383b96a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0054.143] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.143] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\LOLKEK.txt") returned 106 [0054.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.143] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.143] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x341d1580, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x341d1580, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.143] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.143] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\LOLKEK.txt") returned 97 [0054.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{37b8f9c7-03fb-3253-8781-2517c99d7c00}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.143] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.143] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x383df800, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x383df800, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1 [0054.143] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned 75 [0054.143] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.143] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0054.143] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*" [0054.143] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x383df800, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x383df800, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.143] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\LOLKEK.txt") returned 86 [0054.143] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.143] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.143] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a127460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x383b96a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2eb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm.lolkek", cAlternateFileName="STATER~1.LOL")) returned 1 [0054.143] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\state.rsm.lolkek") returned 92 [0054.143] StrStrIW (lpFirst="state.rsm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.143] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x383df800, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x710f9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 1 [0054.143] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\vcredist_x64.exe.lolkek") returned 99 [0054.144] StrStrIW (lpFirst="vcredist_x64.exe.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.144] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a0db1a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x383df800, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x710f9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 0 [0054.144] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.144] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\LOLKEK.txt") returned 86 [0054.144] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.144] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.144] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x3453d520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3453d520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1 [0054.144] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned 87 [0054.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.144] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0054.144] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*" [0054.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x3453d520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3453d520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.144] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\LOLKEK.txt") returned 98 [0054.144] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.144] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.144] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x3453d520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3453d520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.144] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned 96 [0054.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.144] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages" [0054.144] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*" [0054.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x3453d520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3453d520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.144] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\LOLKEK.txt") returned 107 [0054.144] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.144] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.144] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x38451c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0054.144] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned 117 [0054.144] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.144] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86" [0054.144] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*" [0054.144] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x38451c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.145] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\cab1.cab.lolkek") returned 133 [0054.145] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.145] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3453d520, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x3453d520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3453d520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.145] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 128 [0054.145] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.145] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.145] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x24051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.145] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\vc_runtimeMinimum_x86.msi.lolkek") returned 150 [0054.145] StrStrIW (lpFirst="vc_runtimeMinimum_x86.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.145] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb17b200, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfb17b200, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x24051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.145] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.145] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 128 [0054.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\vcruntimeminimum_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.145] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.145] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x38451c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0054.145] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.145] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\LOLKEK.txt") returned 107 [0054.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.145] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.145] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x3453d520, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3453d520, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.145] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.145] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\LOLKEK.txt") returned 98 [0054.145] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{582ea838-9199-3518-a05c-db09462f68ec}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.145] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.145] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x345af940, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x345af940, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1 [0054.145] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned 87 [0054.145] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.145] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0054.146] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*" [0054.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x345af940, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x345af940, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.146] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\LOLKEK.txt") returned 98 [0054.146] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.146] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.146] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x345af940, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x345af940, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.146] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned 96 [0054.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.146] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages" [0054.146] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*" [0054.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x345af940, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x345af940, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.146] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\LOLKEK.txt") returned 107 [0054.146] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.146] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.146] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x38451c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0054.146] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned 120 [0054.146] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.146] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86" [0054.146] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*" [0054.146] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x38451c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.146] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\cab1.cab.lolkek") returned 136 [0054.146] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.146] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x345af940, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x345af940, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x345af940, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.146] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt") returned 131 [0054.146] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.146] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.146] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.146] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\vc_runtimeAdditional_x86.msi.lolkek") returned 156 [0054.146] StrStrIW (lpFirst="vc_runtimeAdditional_x86.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.146] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfeab3900, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfeab3900, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.146] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.147] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt") returned 131 [0054.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\vcruntimeadditional_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.147] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x38451c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38451c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0054.147] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.147] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\LOLKEK.txt") returned 107 [0054.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.147] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x345af940, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x345af940, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.147] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.147] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\LOLKEK.txt") returned 98 [0054.147] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{68306422-7c57-373f-8860-d26ce4ba2a15}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.147] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.147] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x348370a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348370a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1 [0054.147] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned 87 [0054.147] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.147] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0054.147] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*" [0054.147] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x348370a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348370a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.147] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\LOLKEK.txt") returned 98 [0054.147] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.147] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.147] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x348370a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348370a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.147] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned 96 [0054.147] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.147] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages" [0054.147] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*" [0054.147] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x348370a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348370a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.148] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\LOLKEK.txt") returned 107 [0054.148] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.148] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.148] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x38477d80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38477d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0054.148] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned 119 [0054.148] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.148] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64" [0054.148] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*" [0054.148] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x38477d80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38477d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.148] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek") returned 135 [0054.148] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.148] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x348370a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x348370a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348370a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.148] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 130 [0054.148] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.148] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.148] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0x38477d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x24051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.148] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek") returned 152 [0054.148] StrStrIW (lpFirst="vc_runtimeMinimum_x64.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.148] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7a0c00, ftCreationTime.dwHighDateTime=0x1d28824, ftLastAccessTime.dwLowDateTime=0xfd7a0c00, ftLastAccessTime.dwHighDateTime=0x1d28824, ftLastWriteTime.dwLowDateTime=0x38477d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x24051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.148] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.148] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 130 [0054.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\vcruntimeminimum_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.148] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.148] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x38477d80, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38477d80, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0054.148] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.148] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\LOLKEK.txt") returned 107 [0054.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.149] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x348370a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348370a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.149] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.149] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\LOLKEK.txt") returned 98 [0054.149] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{8d4f7a6d-6b81-3dc8-9c21-6008e4866727}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.149] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.149] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348cf620, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348cf620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0054.149] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned 86 [0054.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.149] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0054.149] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*" [0054.149] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348cf620, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348cf620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.149] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\LOLKEK.txt") returned 97 [0054.149] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.149] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.149] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348cf620, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348cf620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.149] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned 95 [0054.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.149] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages" [0054.149] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*" [0054.149] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348cf620, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348cf620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.149] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\LOLKEK.txt") returned 106 [0054.149] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.149] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.149] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x384c4040, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x384c4040, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0054.149] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned 121 [0054.149] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.149] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64" [0054.149] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*" [0054.149] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x384c4040, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x384c4040, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.150] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\cab1.cab.lolkek") returned 137 [0054.150] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.150] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x348cf620, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x348cf620, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348cf620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.150] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 132 [0054.150] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.150] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.150] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x3849dee0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.150] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\vc_runtimeAdditional_x64.msi.lolkek") returned 157 [0054.150] StrStrIW (lpFirst="vc_runtimeAdditional_x64.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.150] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x3849dee0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.150] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.150] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 132 [0054.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\vcruntimeadditional_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.150] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x384c4040, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x384c4040, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0054.150] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.150] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\LOLKEK.txt") returned 106 [0054.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.150] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a20bca0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348cf620, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348cf620, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.150] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.150] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\LOLKEK.txt") returned 97 [0054.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{929fbd26-9020-399b-9a7a-751d61f0b942}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.150] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.150] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348f5780, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348f5780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0054.150] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned 86 [0054.150] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.151] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0054.151] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*" [0054.151] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348f5780, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348f5780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.151] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\LOLKEK.txt") returned 97 [0054.151] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.151] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.151] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348f5780, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348f5780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.151] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned 95 [0054.151] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.151] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages" [0054.151] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*" [0054.151] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348f5780, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348f5780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.151] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\LOLKEK.txt") returned 106 [0054.151] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.151] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.151] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x384ea1a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x384ea1a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0054.151] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned 118 [0054.151] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.151] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64" [0054.151] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*" [0054.151] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x384ea1a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x384ea1a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.151] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\cab1.cab.lolkek") returned 134 [0054.151] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.151] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x348f5780, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x348f5780, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348f5780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.151] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 129 [0054.151] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.151] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.151] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x384c4040, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.151] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\vc_runtimeMinimum_x64.msi.lolkek") returned 151 [0054.151] StrStrIW (lpFirst="vc_runtimeMinimum_x64.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.151] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a38c100, ftCreationTime.dwHighDateTime=0x1cf3dd2, ftLastAccessTime.dwLowDateTime=0x7a38c100, ftLastAccessTime.dwHighDateTime=0x1cf3dd2, ftLastWriteTime.dwLowDateTime=0x384c4040, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.152] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.152] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 129 [0054.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\vcruntimeminimum_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.152] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x384ea1a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x384ea1a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0054.152] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.152] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\LOLKEK.txt") returned 106 [0054.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.152] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x348f5780, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x348f5780, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.152] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.152] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\LOLKEK.txt") returned 97 [0054.152] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{a749d8e6-b613-3be3-8f5f-045c84eba29b}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.152] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.152] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x349d9fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x349d9fc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0054.152] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned 86 [0054.152] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.152] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0054.152] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*" [0054.152] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x349d9fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x349d9fc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.152] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\LOLKEK.txt") returned 97 [0054.152] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.152] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.152] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x349d9fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x349d9fc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.152] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned 95 [0054.152] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.153] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages" [0054.153] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*" [0054.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x349d9fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x349d9fc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.153] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.153] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.153] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38510300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38510300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0054.153] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86" [0054.153] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*" [0054.153] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38510300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38510300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.153] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.153] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x349d9fc0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x349d9fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x349d9fc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.153] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.153] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.153] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x38510300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.153] StrStrIW (lpFirst="vc_runtimeAdditional_x86.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.153] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x38510300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.153] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.153] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt") returned 130 [0054.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\vcruntimeadditional_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.153] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38510300, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38510300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0054.153] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.153] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\LOLKEK.txt") returned 106 [0054.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.153] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.154] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x349d9fc0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x349d9fc0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.154] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.154] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\LOLKEK.txt") returned 97 [0054.154] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{b175520c-86a2-35a7-8619-86dc379688b9}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.154] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.154] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a4c3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a4c3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0054.154] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0054.154] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*" [0054.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a4c3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a4c3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.154] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.154] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.154] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a4c3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a4c3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.154] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages" [0054.154] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*" [0054.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a4c3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a4c3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.154] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.154] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.154] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38536460, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0054.154] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86" [0054.154] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*" [0054.154] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38536460, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.154] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.154] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34a4c3e0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34a4c3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a4c3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.154] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.154] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.154] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x38510300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.155] StrStrIW (lpFirst="vc_runtimeMinimum_x86.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.155] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48395900, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x48395900, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x38510300, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.155] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.155] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt") returned 127 [0054.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\vcruntimeminimum_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.155] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38536460, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0054.155] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.155] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\LOLKEK.txt") returned 106 [0054.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.155] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a4c3e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a4c3e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.155] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.155] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\LOLKEK.txt") returned 97 [0054.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{bd95a8cd-1d9f-35ad-981a-3e7925026ebb}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.155] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.155] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38536460, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0054.155] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0054.155] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*" [0054.155] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x38536460, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.155] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.155] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.155] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2df, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm.lolkek", cAlternateFileName="STATER~1.LOL")) returned 1 [0054.155] StrStrIW (lpFirst="state.rsm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.155] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x6f3e9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 1 [0054.155] StrStrIW (lpFirst="vcredist_x64.exe.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.155] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x38536460, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x6f3e9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x64.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 0 [0054.156] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.156] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\LOLKEK.txt") returned 86 [0054.156] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.156] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.156] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a72540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a72540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0054.156] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0054.156] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*" [0054.156] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a72540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a72540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.156] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.156] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.156] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a72540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a72540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.156] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages" [0054.156] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*" [0054.156] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a72540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a72540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.156] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.156] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.156] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x3855c5c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3855c5c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0054.156] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64" [0054.156] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*" [0054.156] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x3855c5c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3855c5c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.156] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.156] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34a72540, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34a72540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a72540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.156] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.156] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.156] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x3855c5c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.157] StrStrIW (lpFirst="vc_runtimeMinimum_x64.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.157] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1afc00, ftCreationTime.dwHighDateTime=0x1ced4da, ftLastAccessTime.dwLowDateTime=0x5a1afc00, ftLastAccessTime.dwHighDateTime=0x1ced4da, ftLastWriteTime.dwLowDateTime=0x3855c5c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x25051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeMinimum_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.157] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.157] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt") returned 129 [0054.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\vcruntimeminimum_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.157] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x3855c5c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3855c5c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0054.157] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.157] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\LOLKEK.txt") returned 106 [0054.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.157] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabbdf20, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x34a72540, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a72540, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.157] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.157] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\LOLKEK.txt") returned 97 [0054.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{cf2bea3c-26ea-32f8-aa9b-331f7e34ba97}v11.0.61030\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.157] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.157] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x34a986a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a986a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cAlternateFileName="{E5127~1.250")) returned 1 [0054.157] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0054.157] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*" [0054.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x34a986a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a986a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.157] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.157] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.157] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x34a986a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a986a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.157] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages" [0054.157] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*" [0054.157] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x34a986a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a986a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.158] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.158] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.158] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x385a8880, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x385a8880, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0054.158] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64" [0054.158] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*" [0054.158] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x385a8880, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x385a8880, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.158] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.158] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34a986a0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34a986a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a986a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.158] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.158] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.158] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x38582720, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.158] StrStrIW (lpFirst="vc_runtimeAdditional_x64.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.158] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36fed00, ftCreationTime.dwHighDateTime=0x1d28825, ftLastAccessTime.dwLowDateTime=0x36fed00, ftLastAccessTime.dwHighDateTime=0x1d28825, ftLastWriteTime.dwLowDateTime=0x38582720, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x64.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.158] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.158] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt") returned 133 [0054.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\vcRuntimeAdditional_amd64\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\vcruntimeadditional_amd64\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.158] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x385a8880, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x385a8880, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0054.158] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.158] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\LOLKEK.txt") returned 107 [0054.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.158] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.158] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa9368710, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x34a986a0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34a986a0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.158] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.158] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\LOLKEK.txt") returned 98 [0054.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.159] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.159] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x385ce9e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x385ce9e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e52a6842-b0ac-476e-b48f-378a97a67346}", cAlternateFileName="{E52A6~1")) returned 1 [0054.159] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0054.159] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*" [0054.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0x385ce9e0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x385ce9e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.159] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.159] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.159] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x385a8880, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x34f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm.lolkek", cAlternateFileName="STATER~1.LOL")) returned 1 [0054.159] StrStrIW (lpFirst="state.rsm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.159] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x385ce9e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xbee89, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x64.exe.lolkek", cAlternateFileName="VC_RED~1.LOL")) returned 1 [0054.159] StrStrIW (lpFirst="VC_redist.x64.exe.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.159] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0x385ce9e0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xbee89, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x64.exe.lolkek", cAlternateFileName="VC_RED~1.LOL")) returned 0 [0054.159] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.159] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\LOLKEK.txt") returned 86 [0054.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.159] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.159] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x385f4b40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x385f4b40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cAlternateFileName="{E6E75~1")) returned 1 [0054.159] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0054.159] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*" [0054.159] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x385f4b40, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x385f4b40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.159] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.159] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.159] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcad7040, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x385a8880, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x2eb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm.lolkek", cAlternateFileName="STATER~1.LOL")) returned 1 [0054.159] StrStrIW (lpFirst="state.rsm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.159] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x385f4b40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x710d1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 1 [0054.159] StrStrIW (lpFirst="vcredist_x86.exe.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.159] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xca64c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x385f4b40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x710d1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcredist_x86.exe.lolkek", cAlternateFileName="VCREDI~1.LOL")) returned 0 [0054.159] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.160] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\LOLKEK.txt") returned 86 [0054.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.160] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x3861aca0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3861aca0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cAlternateFileName="{F325F~1")) returned 1 [0054.160] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0054.160] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*" [0054.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0x3861aca0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3861aca0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.160] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.160] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.160] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93efac0, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x385f4b40, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x34f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="state.rsm.lolkek", cAlternateFileName="STATER~1.LOL")) returned 1 [0054.160] StrStrIW (lpFirst="state.rsm.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.160] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x3861aca0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xbee81, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x86.exe.lolkek", cAlternateFileName="VC_RED~1.LOL")) returned 1 [0054.160] StrStrIW (lpFirst="VC_redist.x86.exe.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.160] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93c9960, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0x3861aca0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0xbee81, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="VC_redist.x86.exe.lolkek", cAlternateFileName="VC_RED~1.LOL")) returned 0 [0054.160] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.160] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\LOLKEK.txt") returned 86 [0054.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.160] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.160] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 1 [0054.160] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0054.160] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*" [0054.160] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.160] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.160] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.160] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 1 [0054.160] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0054.160] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*" [0054.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.161] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.161] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.161] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x3868d0c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3868d0c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0054.161] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0054.161] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*") returned="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*" [0054.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x3868d0c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3868d0c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.161] StrStrIW (lpFirst="cab1.cab.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.161] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34b0aac0, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b0aac0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b0aac0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.161] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.161] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.161] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x3868d0c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 1 [0054.161] StrStrIW (lpFirst="vc_runtimeAdditional_x86.msi.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.161] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f9b3800, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x4f9b3800, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x3868d0c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x23051, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vc_runtimeAdditional_x86.msi.lolkek", cAlternateFileName="VC_RUN~1.LOL")) returned 0 [0054.161] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.161] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt") returned 130 [0054.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.161] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.161] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x3868d0c0, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x3868d0c0, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0054.161] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.161] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\LOLKEK.txt") returned 106 [0054.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.161] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.161] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="packages", cAlternateFileName="")) returned 0 [0054.161] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.162] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\LOLKEK.txt") returned 97 [0054.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.162] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.162] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0 [0054.162] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.162] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Package Cache\\LOLKEK.txt") returned 47 [0054.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Package Cache\\LOLKEK.txt" (normalized: "c:\\users\\all users\\package cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.162] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.163] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0054.163] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Start Menu" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Start Menu") returned="\\\\?\\C:\\Users\\All Users\\Start Menu" [0054.163] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Start Menu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Start Menu\\*") returned="\\\\?\\C:\\Users\\All Users\\Start Menu\\*" [0054.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Start Menu\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.163] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.163] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sun", cAlternateFileName="")) returned 1 [0054.163] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Sun" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Sun") returned="\\\\?\\C:\\Users\\All Users\\Sun" [0054.163] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Sun", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Sun\\*") returned="\\\\?\\C:\\Users\\All Users\\Sun\\*" [0054.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Sun\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.163] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\All Users\\Sun\\Java" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Sun\\Java") returned="\\\\?\\C:\\Users\\All Users\\Sun\\Java" [0054.163] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Sun\\Java", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\*") returned="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\*" [0054.163] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.164] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update") returned="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update" [0054.164] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update\\*") returned="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update\\*" [0054.164] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x38666f60, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x38666f60, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.164] StrStrIW (lpFirst="jaureglist.xml.lolkek", lpSrch=".lolkek") returned=".lolkek" [0054.164] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.164] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.164] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.164] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.164] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.164] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update\\LOLKEK.txt") returned 54 [0054.164] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\Java Update\\LOLKEK.txt" (normalized: "c:\\users\\all users\\sun\\java\\java update\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.167] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.167] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.167] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.167] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.167] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.167] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.168] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\LOLKEK.txt") returned 42 [0054.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Sun\\Java\\LOLKEK.txt" (normalized: "c:\\users\\all users\\sun\\java\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.168] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.168] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 1 [0054.168] StrStrIW (lpFirst="LOLKEK.txt", lpSrch=".lolkek") returned 0x0 [0054.168] lstrcmpW (lpString1="LOLKEK.txt", lpString2="LOLKEK.txt") returned 0 [0054.168] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="")) returned 0 [0054.168] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.168] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\Sun\\LOLKEK.txt") returned 37 [0054.168] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\Sun\\LOLKEK.txt" (normalized: "c:\\users\\all users\\sun\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.168] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.169] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0054.169] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\All Users\\Templates" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Templates") returned="\\\\?\\C:\\Users\\All Users\\Templates" [0054.169] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\All Users\\Templates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\All Users\\Templates\\*") returned="\\\\?\\C:\\Users\\All Users\\Templates\\*" [0054.169] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\All Users\\Templates\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34b30c20, ftCreationTime.dwHighDateTime=0x1d648da, ftLastAccessTime.dwLowDateTime=0x34b30c20, ftLastAccessTime.dwHighDateTime=0x1d648da, ftLastWriteTime.dwLowDateTime=0x34b30c20, ftLastWriteTime.dwHighDateTime=0x1d648da, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.169] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.169] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0 [0054.169] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0054.169] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\All Users\\LOLKEK.txt") returned 33 [0054.169] CreateFileW (lpFileName="\\\\?\\C:\\Users\\All Users\\LOLKEK.txt" (normalized: "c:\\users\\all users\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0054.170] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0054.170] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x5a38f0, cFileName="Default", cAlternateFileName="")) returned 1 [0054.170] lstrcpyW (in: lpString1=0x635fb0, lpString2="\\\\?\\C:\\Users\\Default" | out: lpString1="\\\\?\\C:\\Users\\Default") returned="\\\\?\\C:\\Users\\Default" [0054.170] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\*") returned="\\\\?\\C:\\Users\\Default\\*" [0054.170] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0054.170] lstrcpyW (in: lpString1=0x5dafc0, lpString2="\\\\?\\C:\\Users\\Default\\AppData" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData") returned="\\\\?\\C:\\Users\\Default\\AppData" [0054.170] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\*" [0054.170] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.170] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local" [0054.170] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\*" [0054.170] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.171] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Application Data") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Application Data" [0054.171] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Application Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Application Data\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Application Data\\*" [0054.171] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Application Data\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x2010, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="ꐴ瘵뾣䛦ͣ疨였_纈0ͣͣ⒭䚗였_ͣ热/였_꿀]徰c헍皮")) returned 0xffffffff [0054.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.171] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="History", cAlternateFileName="")) returned 1 [0054.171] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\History" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\History") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\History" [0054.171] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\History", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\History\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\History\\*" [0054.171] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\History\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x2010, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LOLKEK.txt", cAlternateFileName="ꐴ瘵뾣䛦ͣ疨였_纈0ͣͣ⒭䚗였_ͣ热/였_꿀]徰c헍皮")) returned 0xffffffff [0054.171] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.171] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xddd35f67, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xbd7f0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0054.171] StrStrIW (lpFirst="IconCache.db", lpSrch=".lolkek") returned 0x0 [0054.171] lstrcmpW (lpString1="IconCache.db", lpString2="LOLKEK.txt") returned -1 [0054.171] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db") returned 47 [0054.171] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc0) returned 0x3cc6008 [0054.171] lstrcpyW (in: lpString1=0x3cc6008, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\IconCache.db" [0054.171] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.172] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.172] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0054.172] lstrcmpiW (lpString1="Microsoft", lpString2="Windows") returned -1 [0054.172] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files") returned -1 [0054.172] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files (x86)") returned -1 [0054.172] lstrcmpiW (lpString1="Microsoft", lpString2="$Recycle.bin") returned 1 [0054.172] lstrcmpiW (lpString1="Microsoft", lpString2="System Volume Information") returned -1 [0054.172] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0054.172] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0054.172] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft") returned 44 [0054.172] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.172] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft" [0054.172] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\*" [0054.172] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.176] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.176] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.176] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.176] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.176] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.176] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.176] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.176] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.176] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.176] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.176] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.176] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.176] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.176] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.176] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0054.176] lstrcmpiW (lpString1="Credentials", lpString2="Windows") returned -1 [0054.176] lstrcmpiW (lpString1="Credentials", lpString2="Program Files") returned -1 [0054.176] lstrcmpiW (lpString1="Credentials", lpString2="Program Files (x86)") returned -1 [0054.176] lstrcmpiW (lpString1="Credentials", lpString2="$Recycle.bin") returned 1 [0054.176] lstrcmpiW (lpString1="Credentials", lpString2="System Volume Information") returned -1 [0054.176] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0054.176] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0054.177] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials") returned 56 [0054.177] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.177] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials" [0054.177] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials\\*" [0054.177] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.177] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.177] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.177] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.177] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.177] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.177] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.177] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.177] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.177] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.177] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.177] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.177] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.177] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.177] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.177] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.177] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.177] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials\\LOLKEK.txt") returned 67 [0054.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Credentials\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\credentials\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.178] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.178] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.179] CloseHandle (hObject=0x280) returned 1 [0054.179] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.179] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Feeds", cAlternateFileName="")) returned 1 [0054.179] lstrcmpiW (lpString1="Feeds", lpString2="Windows") returned -1 [0054.179] lstrcmpiW (lpString1="Feeds", lpString2="Program Files") returned -1 [0054.179] lstrcmpiW (lpString1="Feeds", lpString2="Program Files (x86)") returned -1 [0054.179] lstrcmpiW (lpString1="Feeds", lpString2="$Recycle.bin") returned 1 [0054.179] lstrcmpiW (lpString1="Feeds", lpString2="System Volume Information") returned -1 [0054.179] lstrcmpiW (lpString1="Feeds", lpString2=".") returned 1 [0054.179] lstrcmpiW (lpString1="Feeds", lpString2="..") returned 1 [0054.179] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds") returned 50 [0054.179] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.179] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds" [0054.179] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\*" [0054.179] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.181] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.181] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.181] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.181] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.181] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.181] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.181] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.181] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.181] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.181] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.181] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.181] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.181] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.181] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.181] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff107f92, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0054.181] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="Windows") returned -1 [0054.181] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="Program Files") returned -1 [0054.181] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="Program Files (x86)") returned -1 [0054.181] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="$Recycle.bin") returned 1 [0054.181] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="System Volume Information") returned -1 [0054.181] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2=".") returned 1 [0054.181] lstrcmpiW (lpString1="FeedsStore.feedsdb-ms", lpString2="..") returned 1 [0054.181] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms") returned 72 [0054.181] StrStrIW (lpFirst="FeedsStore.feedsdb-ms", lpSrch=".lolkek") returned 0x0 [0054.181] lstrcmpW (lpString1="FeedsStore.feedsdb-ms", lpString2="LOLKEK.txt") returned -1 [0054.181] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms") returned 72 [0054.181] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x124) returned 0x3cac028 [0054.181] lstrcpyW (in: lpString1=0x3cac028, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" [0054.182] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.182] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.182] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0054.182] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="Windows") returned -1 [0054.182] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="Program Files") returned -1 [0054.182] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="Program Files (x86)") returned -1 [0054.182] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="$Recycle.bin") returned 1 [0054.182] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="System Volume Information") returned -1 [0054.182] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2=".") returned 1 [0054.182] lstrcmpiW (lpString1="Microsoft Feeds~", lpString2="..") returned 1 [0054.182] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned 67 [0054.182] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.182] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" [0054.182] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*" [0054.182] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.184] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.184] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.184] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.184] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.184] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.184] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.184] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.184] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.184] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.184] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.184] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.184] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.184] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.184] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.184] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0054.184] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="Windows") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="Program Files") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="Program Files (x86)") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="$Recycle.bin") returned 1 [0054.184] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="System Volume Information") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2=".") returned 1 [0054.184] lstrcmpiW (lpString1="Microsoft at Home~.feed-ms", lpString2="..") returned 1 [0054.184] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms") returned 94 [0054.184] StrStrIW (lpFirst="Microsoft at Home~.feed-ms", lpSrch=".lolkek") returned 0x0 [0054.184] lstrcmpW (lpString1="Microsoft at Home~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0054.184] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms") returned 94 [0054.184] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x3dde770 [0054.184] lstrcpyW (in: lpString1=0x3dde770, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" [0054.184] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.184] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.184] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft at Work~.feed-ms", cAlternateFileName="MICROS~1.FEE")) returned 1 [0054.184] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="Windows") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="Program Files") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="Program Files (x86)") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="$Recycle.bin") returned 1 [0054.184] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="System Volume Information") returned -1 [0054.184] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2=".") returned 1 [0054.184] lstrcmpiW (lpString1="Microsoft at Work~.feed-ms", lpString2="..") returned 1 [0054.184] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms") returned 94 [0054.184] StrStrIW (lpFirst="Microsoft at Work~.feed-ms", lpSrch=".lolkek") returned 0x0 [0054.184] lstrcmpW (lpString1="Microsoft at Work~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0054.185] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms") returned 94 [0054.185] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17c) returned 0x3ca6270 [0054.185] lstrcpyW (in: lpString1=0x3ca6270, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" [0054.185] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.185] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.185] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 1 [0054.185] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="Windows") returned -1 [0054.185] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="Program Files") returned -1 [0054.185] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="Program Files (x86)") returned -1 [0054.185] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="$Recycle.bin") returned 1 [0054.185] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="System Volume Information") returned -1 [0054.185] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2=".") returned 1 [0054.185] lstrcmpiW (lpString1="MSNBC News~.feed-ms", lpString2="..") returned 1 [0054.185] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms") returned 87 [0054.185] StrStrIW (lpFirst="MSNBC News~.feed-ms", lpSrch=".lolkek") returned 0x0 [0054.185] lstrcmpW (lpString1="MSNBC News~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0054.185] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms") returned 87 [0054.185] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3da6068 [0054.185] lstrcpyW (in: lpString1=0x3da6068, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" [0054.185] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.185] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.185] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 0 [0054.185] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.186] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\LOLKEK.txt") returned 78 [0054.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.187] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.187] WriteFile (in: hFile=0x228, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.187] CloseHandle (hObject=0x228) returned 1 [0054.188] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.188] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0054.188] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="Windows") returned -1 [0054.188] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="Program Files") returned -1 [0054.188] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="Program Files (x86)") returned -1 [0054.188] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="$Recycle.bin") returned 1 [0054.188] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="System Volume Information") returned -1 [0054.188] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2=".") returned 1 [0054.188] lstrcmpiW (lpString1="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="..") returned 1 [0054.188] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned 90 [0054.188] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.188] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" [0054.188] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*" [0054.188] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.188] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.188] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.188] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.188] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.188] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.188] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.188] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.188] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.188] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.188] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.188] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.188] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.188] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.188] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.188] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0054.188] lstrcmpiW (lpString1="WebSlices~", lpString2="Windows") returned -1 [0054.188] lstrcmpiW (lpString1="WebSlices~", lpString2="Program Files") returned 1 [0054.188] lstrcmpiW (lpString1="WebSlices~", lpString2="Program Files (x86)") returned 1 [0054.188] lstrcmpiW (lpString1="WebSlices~", lpString2="$Recycle.bin") returned 1 [0054.188] lstrcmpiW (lpString1="WebSlices~", lpString2="System Volume Information") returned 1 [0054.188] lstrcmpiW (lpString1="WebSlices~", lpString2=".") returned 1 [0054.188] lstrcmpiW (lpString1="WebSlices~", lpString2="..") returned 1 [0054.188] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned 101 [0054.188] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.189] lstrcpyW (in: lpString1=0x3dac050, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" [0054.189] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*" [0054.189] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.189] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.189] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.189] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.189] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.189] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.189] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.189] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.189] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.189] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.189] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.189] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.189] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.189] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.189] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.189] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0054.189] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="Windows") returned -1 [0054.189] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="Program Files") returned 1 [0054.190] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="Program Files (x86)") returned 1 [0054.190] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="$Recycle.bin") returned 1 [0054.190] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="System Volume Information") returned 1 [0054.190] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2=".") returned 1 [0054.190] lstrcmpiW (lpString1="Web Slice Gallery~.feed-ms", lpString2="..") returned 1 [0054.190] wsprintfW (in: param_1=0x3dac050, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms") returned 128 [0054.190] StrStrIW (lpFirst="Web Slice Gallery~.feed-ms", lpSrch=".lolkek") returned 0x0 [0054.190] lstrcmpW (lpString1="Web Slice Gallery~.feed-ms", lpString2="LOLKEK.txt") returned 1 [0054.190] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms") returned 128 [0054.190] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x204) returned 0x5c7aa8 [0054.190] lstrcpyW (in: lpString1=0x5c7aa8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" [0054.190] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.190] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.190] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 0 [0054.190] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.190] wsprintfW (in: param_1=0x3dac050, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\LOLKEK.txt") returned 112 [0054.190] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0054.190] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.190] WriteFile (in: hFile=0x294, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0054.191] CloseHandle (hObject=0x294) returned 1 [0054.191] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.191] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 0 [0054.191] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.191] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\LOLKEK.txt") returned 101 [0054.191] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.192] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.192] WriteFile (in: hFile=0x228, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.192] CloseHandle (hObject=0x228) returned 1 [0054.192] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.192] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 0 [0054.192] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.192] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\LOLKEK.txt") returned 61 [0054.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.193] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.193] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.193] CloseHandle (hObject=0x280) returned 1 [0054.193] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.195] lstrcmpiW (lpString1="Feeds Cache", lpString2="Windows") returned -1 [0054.195] lstrcmpiW (lpString1="Feeds Cache", lpString2="Program Files") returned -1 [0054.195] lstrcmpiW (lpString1="Feeds Cache", lpString2="Program Files (x86)") returned -1 [0054.195] lstrcmpiW (lpString1="Feeds Cache", lpString2="$Recycle.bin") returned 1 [0054.195] lstrcmpiW (lpString1="Feeds Cache", lpString2="System Volume Information") returned -1 [0054.195] lstrcmpiW (lpString1="Feeds Cache", lpString2=".") returned 1 [0054.195] lstrcmpiW (lpString1="Feeds Cache", lpString2="..") returned 1 [0054.195] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache") returned 56 [0054.195] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3be0390 [0054.195] lstrcpyW (in: lpString1=0x3be0390, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache" [0054.195] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\*" [0054.195] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.196] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.196] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.196] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.196] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.196] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.197] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.197] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.197] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.197] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.197] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.197] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.197] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.197] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.197] lstrcmpiW (lpString1="1NBUR4HR", lpString2="Windows") returned -1 [0054.197] lstrcmpiW (lpString1="1NBUR4HR", lpString2="Program Files") returned -1 [0054.197] lstrcmpiW (lpString1="1NBUR4HR", lpString2="Program Files (x86)") returned -1 [0054.197] lstrcmpiW (lpString1="1NBUR4HR", lpString2="$Recycle.bin") returned 1 [0054.197] lstrcmpiW (lpString1="1NBUR4HR", lpString2="System Volume Information") returned -1 [0054.197] lstrcmpiW (lpString1="1NBUR4HR", lpString2=".") returned 1 [0054.197] lstrcmpiW (lpString1="1NBUR4HR", lpString2="..") returned 1 [0054.197] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR") returned 65 [0054.197] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.198] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" [0054.198] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*" [0054.198] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.198] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.198] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.198] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.198] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.198] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.198] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.198] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.198] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.198] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.198] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.198] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.198] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.198] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.198] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.198] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.198] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.198] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.198] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.198] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.198] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.198] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini") returned 77 [0054.198] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.198] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.198] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini") returned 77 [0054.198] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x617000 [0054.198] lstrcpyW (in: lpString1=0x617000, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" [0054.198] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.198] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.198] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0054.198] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0054.198] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0054.198] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0054.198] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0054.198] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0054.198] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0054.199] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]") returned 75 [0054.199] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0054.199] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0054.199] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]") returned 75 [0054.199] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3cac160 [0054.199] lstrcpyW (in: lpString1=0x3cac160, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" [0054.199] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.199] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.199] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.199] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\LOLKEK.txt") returned 76 [0054.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.199] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.199] WriteFile (in: hFile=0x228, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.200] CloseHandle (hObject=0x228) returned 1 [0054.200] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.200] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0054.200] lstrcmpiW (lpString1="6ASVN7J7", lpString2="Windows") returned -1 [0054.200] lstrcmpiW (lpString1="6ASVN7J7", lpString2="Program Files") returned -1 [0054.200] lstrcmpiW (lpString1="6ASVN7J7", lpString2="Program Files (x86)") returned -1 [0054.200] lstrcmpiW (lpString1="6ASVN7J7", lpString2="$Recycle.bin") returned 1 [0054.200] lstrcmpiW (lpString1="6ASVN7J7", lpString2="System Volume Information") returned -1 [0054.200] lstrcmpiW (lpString1="6ASVN7J7", lpString2=".") returned 1 [0054.200] lstrcmpiW (lpString1="6ASVN7J7", lpString2="..") returned 1 [0054.200] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7") returned 65 [0054.200] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.200] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" [0054.200] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*" [0054.200] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.201] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.201] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.201] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.201] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.201] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.201] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.201] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.201] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.201] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.201] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.201] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.201] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.201] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.201] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.201] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.201] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.201] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.201] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.201] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.201] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.201] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.201] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.201] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini") returned 77 [0054.201] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.201] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.201] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini") returned 77 [0054.201] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x616850 [0054.201] lstrcpyW (in: lpString1=0x616850, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" [0054.201] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.201] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.201] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0054.201] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0054.201] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0054.201] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0054.201] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0054.201] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0054.201] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0054.201] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0054.201] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]") returned 75 [0054.201] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0054.201] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0054.201] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]") returned 75 [0054.202] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3cac298 [0054.202] lstrcpyW (in: lpString1=0x3cac298, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" [0054.202] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.202] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.202] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0054.202] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.202] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\LOLKEK.txt") returned 76 [0054.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.202] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.202] WriteFile (in: hFile=0x228, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.203] CloseHandle (hObject=0x228) returned 1 [0054.203] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.203] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0054.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="Windows") returned -1 [0054.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="Program Files") returned -1 [0054.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="Program Files (x86)") returned -1 [0054.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="$Recycle.bin") returned 1 [0054.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="System Volume Information") returned -1 [0054.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2=".") returned 1 [0054.203] lstrcmpiW (lpString1="D68G7BIJ", lpString2="..") returned 1 [0054.203] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ") returned 65 [0054.203] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.203] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" [0054.203] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*" [0054.203] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.203] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.203] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.203] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.203] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.203] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.203] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.203] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.204] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.204] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.204] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.204] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.204] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.204] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.204] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.204] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.204] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.204] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.204] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.204] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.204] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.204] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.204] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.204] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini") returned 77 [0054.204] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.204] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.204] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini") returned 77 [0054.204] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x616998 [0054.204] lstrcpyW (in: lpString1=0x616998, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" [0054.204] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.204] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.204] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0054.204] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0054.204] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0054.204] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0054.204] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0054.204] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0054.204] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0054.204] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0054.204] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]") returned 75 [0054.204] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0054.204] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0054.204] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]") returned 75 [0054.204] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3cab8d8 [0054.204] lstrcpyW (in: lpString1=0x3cab8d8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" [0054.204] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.205] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.205] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0054.205] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.205] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\LOLKEK.txt") returned 76 [0054.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0054.205] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.205] WriteFile (in: hFile=0x228, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.206] CloseHandle (hObject=0x228) returned 1 [0054.206] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.206] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.206] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.206] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.206] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.206] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.206] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.206] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.206] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.206] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini") returned 68 [0054.206] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.206] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.206] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini") returned 68 [0054.206] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x657f38 [0054.206] lstrcpyW (in: lpString1=0x657f38, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" [0054.206] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.208] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.208] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa9d0d0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="index.dat", cAlternateFileName="")) returned 1 [0054.208] lstrcmpiW (lpString1="index.dat", lpString2="Windows") returned -1 [0054.208] lstrcmpiW (lpString1="index.dat", lpString2="Program Files") returned -1 [0054.208] lstrcmpiW (lpString1="index.dat", lpString2="Program Files (x86)") returned -1 [0054.208] lstrcmpiW (lpString1="index.dat", lpString2="$Recycle.bin") returned 1 [0054.208] lstrcmpiW (lpString1="index.dat", lpString2="System Volume Information") returned -1 [0054.208] lstrcmpiW (lpString1="index.dat", lpString2=".") returned 1 [0054.208] lstrcmpiW (lpString1="index.dat", lpString2="..") returned 1 [0054.208] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat") returned 66 [0054.208] StrStrIW (lpFirst="index.dat", lpSrch=".lolkek") returned 0x0 [0054.208] lstrcmpW (lpString1="index.dat", lpString2="LOLKEK.txt") returned -1 [0054.208] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat") returned 66 [0054.208] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x10c) returned 0x6114f8 [0054.208] lstrcpyW (in: lpString1=0x6114f8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" [0054.208] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.215] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.215] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0054.215] lstrcmpiW (lpString1="KQMHSVKD", lpString2="Windows") returned -1 [0054.215] lstrcmpiW (lpString1="KQMHSVKD", lpString2="Program Files") returned -1 [0054.215] lstrcmpiW (lpString1="KQMHSVKD", lpString2="Program Files (x86)") returned -1 [0054.215] lstrcmpiW (lpString1="KQMHSVKD", lpString2="$Recycle.bin") returned 1 [0054.215] lstrcmpiW (lpString1="KQMHSVKD", lpString2="System Volume Information") returned -1 [0054.215] lstrcmpiW (lpString1="KQMHSVKD", lpString2=".") returned 1 [0054.215] lstrcmpiW (lpString1="KQMHSVKD", lpString2="..") returned 1 [0054.215] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD") returned 65 [0054.215] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.215] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" [0054.215] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*" [0054.215] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.215] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.215] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.215] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.215] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.215] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.215] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.215] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.215] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.215] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.215] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.215] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.215] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.215] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.215] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.215] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x668c5a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.215] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.215] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.215] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.216] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.216] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.216] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.216] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.216] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini") returned 77 [0054.216] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.216] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.216] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini") returned 77 [0054.216] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x138) returned 0x617148 [0054.216] lstrcpyW (in: lpString1=0x617148, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" [0054.216] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.216] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.216] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0054.216] lstrcmpiW (lpString1="fwlink[1]", lpString2="Windows") returned -1 [0054.216] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files") returned -1 [0054.216] lstrcmpiW (lpString1="fwlink[1]", lpString2="Program Files (x86)") returned -1 [0054.216] lstrcmpiW (lpString1="fwlink[1]", lpString2="$Recycle.bin") returned 1 [0054.216] lstrcmpiW (lpString1="fwlink[1]", lpString2="System Volume Information") returned -1 [0054.216] lstrcmpiW (lpString1="fwlink[1]", lpString2=".") returned 1 [0054.216] lstrcmpiW (lpString1="fwlink[1]", lpString2="..") returned 1 [0054.216] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]") returned 75 [0054.216] StrStrIW (lpFirst="fwlink[1]", lpSrch=".lolkek") returned 0x0 [0054.216] lstrcmpW (lpString1="fwlink[1]", lpString2="LOLKEK.txt") returned -1 [0054.216] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]") returned 75 [0054.216] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3cac3d0 [0054.216] lstrcpyW (in: lpString1=0x3cac3d0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" [0054.216] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.221] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.221] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 0 [0054.221] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.221] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\LOLKEK.txt") returned 76 [0054.221] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0054.222] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.222] WriteFile (in: hFile=0x210, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.223] CloseHandle (hObject=0x210) returned 1 [0054.223] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.224] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="KQMHSVKD", cAlternateFileName="")) returned 0 [0054.224] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.224] wsprintfW (in: param_1=0x3be0390, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\LOLKEK.txt") returned 67 [0054.224] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Feeds Cache\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\feeds cache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.224] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.224] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.225] CloseHandle (hObject=0x280) returned 1 [0054.225] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3be0390 | out: hHeap=0x5a0000) returned 1 [0054.225] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0054.225] lstrcmpiW (lpString1="Internet Explorer", lpString2="Windows") returned -1 [0054.225] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files") returned -1 [0054.225] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files (x86)") returned -1 [0054.225] lstrcmpiW (lpString1="Internet Explorer", lpString2="$Recycle.bin") returned 1 [0054.225] lstrcmpiW (lpString1="Internet Explorer", lpString2="System Volume Information") returned -1 [0054.225] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0054.225] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0054.225] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer") returned 62 [0054.225] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.225] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer" [0054.225] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\*" [0054.225] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.226] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.226] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.226] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.226] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.226] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.226] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.226] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x668c5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96e13f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.226] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.226] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.226] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.226] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.226] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.226] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.226] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.226] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff12e0f2, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0054.226] lstrcmpiW (lpString1="brndlog.bak", lpString2="Windows") returned -1 [0054.226] lstrcmpiW (lpString1="brndlog.bak", lpString2="Program Files") returned -1 [0054.226] lstrcmpiW (lpString1="brndlog.bak", lpString2="Program Files (x86)") returned -1 [0054.226] lstrcmpiW (lpString1="brndlog.bak", lpString2="$Recycle.bin") returned 1 [0054.226] lstrcmpiW (lpString1="brndlog.bak", lpString2="System Volume Information") returned -1 [0054.226] lstrcmpiW (lpString1="brndlog.bak", lpString2=".") returned 1 [0054.226] lstrcmpiW (lpString1="brndlog.bak", lpString2="..") returned 1 [0054.226] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak") returned 74 [0054.226] StrStrIW (lpFirst="brndlog.bak", lpSrch=".lolkek") returned 0x0 [0054.226] lstrcmpW (lpString1="brndlog.bak", lpString2="LOLKEK.txt") returned -1 [0054.226] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak") returned 74 [0054.226] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3cabb48 [0054.226] lstrcpyW (in: lpString1=0x3cabb48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" [0054.226] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.237] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.237] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0054.237] lstrcmpiW (lpString1="brndlog.txt", lpString2="Windows") returned -1 [0054.237] lstrcmpiW (lpString1="brndlog.txt", lpString2="Program Files") returned -1 [0054.237] lstrcmpiW (lpString1="brndlog.txt", lpString2="Program Files (x86)") returned -1 [0054.237] lstrcmpiW (lpString1="brndlog.txt", lpString2="$Recycle.bin") returned 1 [0054.237] lstrcmpiW (lpString1="brndlog.txt", lpString2="System Volume Information") returned -1 [0054.237] lstrcmpiW (lpString1="brndlog.txt", lpString2=".") returned 1 [0054.237] lstrcmpiW (lpString1="brndlog.txt", lpString2="..") returned 1 [0054.237] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt") returned 74 [0054.238] StrStrIW (lpFirst="brndlog.txt", lpSrch=".lolkek") returned 0x0 [0054.238] lstrcmpW (lpString1="brndlog.txt", lpString2="LOLKEK.txt") returned -1 [0054.238] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt") returned 74 [0054.238] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3cac508 [0054.238] lstrcpyW (in: lpString1=0x3cac508, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" [0054.238] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.251] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.251] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="brndlog.txt", cAlternateFileName="")) returned 0 [0054.251] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.251] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\LOLKEK.txt") returned 73 [0054.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Internet Explorer\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\internet explorer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.252] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.252] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.253] CloseHandle (hObject=0x280) returned 1 [0054.253] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.253] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0054.253] lstrcmpiW (lpString1="Media Player", lpString2="Windows") returned -1 [0054.253] lstrcmpiW (lpString1="Media Player", lpString2="Program Files") returned -1 [0054.253] lstrcmpiW (lpString1="Media Player", lpString2="Program Files (x86)") returned -1 [0054.253] lstrcmpiW (lpString1="Media Player", lpString2="$Recycle.bin") returned 1 [0054.253] lstrcmpiW (lpString1="Media Player", lpString2="System Volume Information") returned -1 [0054.253] lstrcmpiW (lpString1="Media Player", lpString2=".") returned 1 [0054.253] lstrcmpiW (lpString1="Media Player", lpString2="..") returned 1 [0054.253] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player") returned 57 [0054.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.253] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player" [0054.253] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\*" [0054.253] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.257] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.257] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.257] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.257] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.257] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.257] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.257] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.257] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.257] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.257] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.257] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.257] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.257] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.257] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.257] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8679d27, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0054.257] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="Windows") returned -1 [0054.257] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="Program Files") returned -1 [0054.257] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="Program Files (x86)") returned -1 [0054.257] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="$Recycle.bin") returned 1 [0054.257] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="System Volume Information") returned -1 [0054.257] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2=".") returned 1 [0054.257] lstrcmpiW (lpString1="CurrentDatabase_372.wmdb", lpString2="..") returned 1 [0054.257] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb") returned 82 [0054.257] StrStrIW (lpFirst="CurrentDatabase_372.wmdb", lpSrch=".lolkek") returned 0x0 [0054.257] lstrcmpW (lpString1="CurrentDatabase_372.wmdb", lpString2="LOLKEK.txt") returned -1 [0054.257] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb") returned 82 [0054.257] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3cad7c0 [0054.258] lstrcpyW (in: lpString1=0x3cad7c0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" [0054.258] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.260] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.260] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd856f385, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1106c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0054.260] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="Windows") returned -1 [0054.260] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="Program Files") returned -1 [0054.260] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="Program Files (x86)") returned -1 [0054.260] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="$Recycle.bin") returned 1 [0054.260] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="System Volume Information") returned -1 [0054.260] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2=".") returned 1 [0054.260] lstrcmpiW (lpString1="LocalMLS_3.wmdb", lpString2="..") returned 1 [0054.260] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb") returned 73 [0054.260] StrStrIW (lpFirst="LocalMLS_3.wmdb", lpSrch=".lolkek") returned 0x0 [0054.260] lstrcmpW (lpString1="LocalMLS_3.wmdb", lpString2="LOLKEK.txt") returned -1 [0054.260] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb") returned 73 [0054.260] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3cac640 [0054.260] lstrcpyW (in: lpString1=0x3cac640, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" [0054.261] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.264] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.264] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0054.264] lstrcmpiW (lpString1="Sync Playlists", lpString2="Windows") returned -1 [0054.264] lstrcmpiW (lpString1="Sync Playlists", lpString2="Program Files") returned 1 [0054.264] lstrcmpiW (lpString1="Sync Playlists", lpString2="Program Files (x86)") returned 1 [0054.264] lstrcmpiW (lpString1="Sync Playlists", lpString2="$Recycle.bin") returned 1 [0054.264] lstrcmpiW (lpString1="Sync Playlists", lpString2="System Volume Information") returned -1 [0054.264] lstrcmpiW (lpString1="Sync Playlists", lpString2=".") returned 1 [0054.264] lstrcmpiW (lpString1="Sync Playlists", lpString2="..") returned 1 [0054.264] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists") returned 72 [0054.264] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.264] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" [0054.264] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*" [0054.264] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.264] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.264] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.264] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.264] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.264] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.264] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.264] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.264] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.264] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.264] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.264] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.264] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.264] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.264] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.264] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 1 [0054.264] lstrcmpiW (lpString1="en-US", lpString2="Windows") returned -1 [0054.264] lstrcmpiW (lpString1="en-US", lpString2="Program Files") returned -1 [0054.264] lstrcmpiW (lpString1="en-US", lpString2="Program Files (x86)") returned -1 [0054.264] lstrcmpiW (lpString1="en-US", lpString2="$Recycle.bin") returned 1 [0054.264] lstrcmpiW (lpString1="en-US", lpString2="System Volume Information") returned -1 [0054.264] lstrcmpiW (lpString1="en-US", lpString2=".") returned 1 [0054.265] lstrcmpiW (lpString1="en-US", lpString2="..") returned 1 [0054.265] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned 78 [0054.265] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ee7e48 [0054.265] lstrcpyW (in: lpString1=0x3ee7e48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" [0054.265] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*" [0054.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.265] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.265] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.265] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.265] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.265] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.265] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.265] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.265] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.265] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.265] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.265] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.265] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.265] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.265] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.265] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0054.265] lstrcmpiW (lpString1="00010C6E", lpString2="Windows") returned -1 [0054.265] lstrcmpiW (lpString1="00010C6E", lpString2="Program Files") returned -1 [0054.265] lstrcmpiW (lpString1="00010C6E", lpString2="Program Files (x86)") returned -1 [0054.265] lstrcmpiW (lpString1="00010C6E", lpString2="$Recycle.bin") returned 1 [0054.265] lstrcmpiW (lpString1="00010C6E", lpString2="System Volume Information") returned -1 [0054.265] lstrcmpiW (lpString1="00010C6E", lpString2=".") returned 1 [0054.265] lstrcmpiW (lpString1="00010C6E", lpString2="..") returned 1 [0054.265] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned 87 [0054.265] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3ef7e50 [0054.265] lstrcpyW (in: lpString1=0x3ef7e50, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" [0054.265] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*" [0054.265] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0054.269] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.269] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.269] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.269] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.269] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.269] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.269] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.269] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.269] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.269] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.269] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.269] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.269] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.269] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.269] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0054.269] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Windows") returned -1 [0054.269] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Program Files") returned -1 [0054.269] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0054.269] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0054.269] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="System Volume Information") returned -1 [0054.269] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2=".") returned 1 [0054.269] lstrcmpiW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="..") returned 1 [0054.269] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned 122 [0054.269] StrStrIW (lpFirst="01_Music_auto_rated_at_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0054.269] lstrcmpW (lpString1="01_Music_auto_rated_at_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0054.270] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned 122 [0054.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x3c94aa8 [0054.270] lstrcpyW (in: lpString1=0x3c94aa8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" [0054.270] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.270] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.270] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0054.270] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Windows") returned -1 [0054.270] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0054.270] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0054.270] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0054.270] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0054.270] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2=".") returned 1 [0054.270] lstrcmpiW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="..") returned 1 [0054.270] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl") returned 124 [0054.270] StrStrIW (lpFirst="02_Music_added_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0054.270] lstrcmpW (lpString1="02_Music_added_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0054.270] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl") returned 124 [0054.270] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f4) returned 0x3dde3d0 [0054.270] lstrcpyW (in: lpString1=0x3dde3d0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" [0054.270] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.274] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.274] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0054.274] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0054.274] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0054.274] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0054.274] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0054.274] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0054.274] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0054.274] lstrcmpiW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0054.274] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl") returned 122 [0054.274] StrStrIW (lpFirst="03_Music_rated_at_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0054.274] lstrcmpW (lpString1="03_Music_rated_at_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0054.274] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl") returned 122 [0054.274] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x3dde8f8 [0054.275] lstrcpyW (in: lpString1=0x3dde8f8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" [0054.275] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.301] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.301] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0054.301] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Windows") returned -1 [0054.301] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0054.301] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0054.301] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0054.301] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0054.301] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2=".") returned 1 [0054.301] lstrcmpiW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="..") returned 1 [0054.301] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl") returned 125 [0054.302] StrStrIW (lpFirst="04_Music_played_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0054.302] lstrcmpW (lpString1="04_Music_played_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0054.302] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl") returned 125 [0054.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f8) returned 0x3ddeaf0 [0054.302] lstrcpyW (in: lpString1=0x3ddeaf0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" [0054.302] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.302] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.302] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0054.302] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Windows") returned -1 [0054.302] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Program Files") returned -1 [0054.302] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="Program Files (x86)") returned -1 [0054.302] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="$Recycle.bin") returned 1 [0054.302] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="System Volume Information") returned -1 [0054.302] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2=".") returned 1 [0054.302] lstrcmpiW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="..") returned 1 [0054.302] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl") returned 127 [0054.302] StrStrIW (lpFirst="05_Pictures_taken_in_the_last_month.wpl", lpSrch=".lolkek") returned 0x0 [0054.302] lstrcmpW (lpString1="05_Pictures_taken_in_the_last_month.wpl", lpString2="LOLKEK.txt") returned -1 [0054.302] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl") returned 127 [0054.302] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x200) returned 0x3dd5040 [0054.302] lstrcpyW (in: lpString1=0x3dd5040, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" [0054.302] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.352] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.352] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0054.352] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0054.352] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0054.352] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0054.352] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0054.352] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0054.352] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2=".") returned 1 [0054.353] lstrcmpiW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="..") returned 1 [0054.353] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl") returned 122 [0054.353] StrStrIW (lpFirst="06_Pictures_rated_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0054.353] lstrcmpW (lpString1="06_Pictures_rated_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0054.353] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl") returned 122 [0054.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x3ec5cf0 [0054.353] lstrcpyW (in: lpString1=0x3ec5cf0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" [0054.353] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.353] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.353] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0054.353] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Windows") returned -1 [0054.353] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Program Files") returned -1 [0054.353] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="Program Files (x86)") returned -1 [0054.353] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="$Recycle.bin") returned 1 [0054.353] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="System Volume Information") returned -1 [0054.353] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2=".") returned 1 [0054.353] lstrcmpiW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="..") returned 1 [0054.353] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl") returned 123 [0054.353] StrStrIW (lpFirst="07_TV_recorded_in_the_last_week.wpl", lpSrch=".lolkek") returned 0x0 [0054.353] lstrcmpW (lpString1="07_TV_recorded_in_the_last_week.wpl", lpString2="LOLKEK.txt") returned -1 [0054.353] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl") returned 123 [0054.353] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f0) returned 0x3dd5788 [0054.353] lstrcpyW (in: lpString1=0x3dd5788, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" [0054.353] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.353] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.353] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6666440, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0054.353] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Windows") returned -1 [0054.353] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Program Files") returned -1 [0054.354] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="Program Files (x86)") returned -1 [0054.354] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="$Recycle.bin") returned 1 [0054.354] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="System Volume Information") returned -1 [0054.354] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2=".") returned 1 [0054.354] lstrcmpiW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="..") returned 1 [0054.354] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl") returned 122 [0054.354] StrStrIW (lpFirst="08_Video_rated_at_4_or_5_stars.wpl", lpSrch=".lolkek") returned 0x0 [0054.354] lstrcmpW (lpString1="08_Video_rated_at_4_or_5_stars.wpl", lpString2="LOLKEK.txt") returned -1 [0054.354] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl") returned 122 [0054.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x698d80 [0054.354] lstrcpyW (in: lpString1=0x698d80, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" [0054.354] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.354] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.354] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0054.354] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Windows") returned -1 [0054.354] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Program Files") returned -1 [0054.354] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="Program Files (x86)") returned -1 [0054.354] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="$Recycle.bin") returned 1 [0054.354] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="System Volume Information") returned -1 [0054.354] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2=".") returned 1 [0054.354] lstrcmpiW (lpString1="09_Music_played_the_most.wpl", lpString2="..") returned 1 [0054.354] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl") returned 116 [0054.354] StrStrIW (lpFirst="09_Music_played_the_most.wpl", lpSrch=".lolkek") returned 0x0 [0054.354] lstrcmpW (lpString1="09_Music_played_the_most.wpl", lpString2="LOLKEK.txt") returned -1 [0054.354] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl") returned 116 [0054.354] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d4) returned 0x3dd5248 [0054.354] lstrcpyW (in: lpString1=0x3dd5248, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" [0054.354] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.354] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.354] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0054.354] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Windows") returned -1 [0054.354] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Program Files") returned -1 [0054.354] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="Program Files (x86)") returned -1 [0054.354] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="$Recycle.bin") returned 1 [0054.354] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="System Volume Information") returned -1 [0054.354] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2=".") returned 1 [0054.354] lstrcmpiW (lpString1="10_All_Music.wpl", lpString2="..") returned 1 [0054.355] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl") returned 104 [0054.355] StrStrIW (lpFirst="10_All_Music.wpl", lpSrch=".lolkek") returned 0x0 [0054.355] lstrcmpW (lpString1="10_All_Music.wpl", lpString2="LOLKEK.txt") returned -1 [0054.355] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl") returned 104 [0054.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x657598 [0054.355] lstrcpyW (in: lpString1=0x657598, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" [0054.355] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.355] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.355] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0054.355] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Windows") returned -1 [0054.355] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Program Files") returned -1 [0054.355] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="Program Files (x86)") returned -1 [0054.355] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="$Recycle.bin") returned 1 [0054.355] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="System Volume Information") returned -1 [0054.355] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2=".") returned 1 [0054.355] lstrcmpiW (lpString1="11_All_Pictures.wpl", lpString2="..") returned 1 [0054.355] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl") returned 107 [0054.355] StrStrIW (lpFirst="11_All_Pictures.wpl", lpSrch=".lolkek") returned 0x0 [0054.355] lstrcmpW (lpString1="11_All_Pictures.wpl", lpString2="LOLKEK.txt") returned -1 [0054.355] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl") returned 107 [0054.355] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b0) returned 0x3cbb4a0 [0054.355] lstrcpyW (in: lpString1=0x3cbb4a0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" [0054.355] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.355] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.355] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0054.355] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Windows") returned -1 [0054.355] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Program Files") returned -1 [0054.355] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="Program Files (x86)") returned -1 [0054.355] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="$Recycle.bin") returned 1 [0054.355] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="System Volume Information") returned -1 [0054.355] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2=".") returned 1 [0054.355] lstrcmpiW (lpString1="12_All_Video.wpl", lpString2="..") returned 1 [0054.355] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl") returned 104 [0054.355] StrStrIW (lpFirst="12_All_Video.wpl", lpSrch=".lolkek") returned 0x0 [0054.355] lstrcmpW (lpString1="12_All_Video.wpl", lpString2="LOLKEK.txt") returned -1 [0054.356] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl") returned 104 [0054.356] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a4) returned 0x3dd5428 [0054.356] lstrcpyW (in: lpString1=0x3dd5428, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" [0054.356] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.356] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.356] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66402e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66402e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 0 [0054.356] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0054.356] wsprintfW (in: param_1=0x3ef7e50, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\LOLKEK.txt") returned 98 [0054.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0054.357] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.357] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0054.358] CloseHandle (hObject=0x24c) returned 1 [0054.358] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ef7e50 | out: hHeap=0x5a0000) returned 1 [0054.358] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6666440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="00010C6E", cAlternateFileName="")) returned 0 [0054.358] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.358] wsprintfW (in: param_1=0x3ee7e48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\LOLKEK.txt") returned 89 [0054.358] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.359] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.359] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0054.360] CloseHandle (hObject=0x27c) returned 1 [0054.360] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3ee7e48 | out: hHeap=0x5a0000) returned 1 [0054.360] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="en-US", cAlternateFileName="")) returned 0 [0054.360] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.360] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\LOLKEK.txt") returned 83 [0054.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\sync playlists\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.361] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.361] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.361] CloseHandle (hObject=0x2bc) returned 1 [0054.361] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.361] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 0 [0054.362] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.362] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LOLKEK.txt") returned 68 [0054.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Media Player\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\media player\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.362] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.362] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.363] CloseHandle (hObject=0x280) returned 1 [0054.363] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.364] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66d8860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d1d5e4e, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0054.364] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0054.364] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd774d0cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0054.364] lstrcmpiW (lpString1="Windows Mail", lpString2="Windows") returned 1 [0054.364] lstrcmpiW (lpString1="Windows Mail", lpString2="Program Files") returned 1 [0054.364] lstrcmpiW (lpString1="Windows Mail", lpString2="Program Files (x86)") returned 1 [0054.364] lstrcmpiW (lpString1="Windows Mail", lpString2="$Recycle.bin") returned 1 [0054.364] lstrcmpiW (lpString1="Windows Mail", lpString2="System Volume Information") returned 1 [0054.364] lstrcmpiW (lpString1="Windows Mail", lpString2=".") returned 1 [0054.364] lstrcmpiW (lpString1="Windows Mail", lpString2="..") returned 1 [0054.364] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail") returned 57 [0054.365] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.365] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail" [0054.365] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\*" [0054.365] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd774d0cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.445] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.445] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.445] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.445] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.445] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.445] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.445] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd774d0cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.445] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.445] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.445] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.445] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.445] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.445] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.445] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.445] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0054.445] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="Windows") returned -1 [0054.445] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="Program Files") returned -1 [0054.446] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="Program Files (x86)") returned -1 [0054.446] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="$Recycle.bin") returned 1 [0054.446] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="System Volume Information") returned -1 [0054.446] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2=".") returned 1 [0054.446] lstrcmpiW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="..") returned 1 [0054.446] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 113 [0054.446] StrStrIW (lpFirst="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpSrch=".lolkek") returned 0x0 [0054.446] lstrcmpW (lpString1="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", lpString2="LOLKEK.txt") returned -1 [0054.446] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned 113 [0054.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c8) returned 0x3e350e8 [0054.446] lstrcpyW (in: lpString1=0x3e350e8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" [0054.446] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.446] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.446] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0054.446] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="Windows") returned -1 [0054.446] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="Program Files") returned -1 [0054.446] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="Program Files (x86)") returned -1 [0054.446] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="$Recycle.bin") returned 1 [0054.446] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="System Volume Information") returned -1 [0054.446] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2=".") returned 1 [0054.446] lstrcmpiW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="..") returned 1 [0054.446] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 113 [0054.446] StrStrIW (lpFirst="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpSrch=".lolkek") returned 0x0 [0054.446] lstrcmpW (lpString1="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", lpString2="LOLKEK.txt") returned -1 [0054.446] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned 113 [0054.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c8) returned 0x3e352c0 [0054.446] lstrcpyW (in: lpString1=0x3e352c0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" [0054.446] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.446] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.446] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6535940, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6535940, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cAlternateFileName="ACCOUN~1.OEA")) returned 1 [0054.446] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="Windows") returned -1 [0054.446] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="Program Files") returned -1 [0054.446] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="Program Files (x86)") returned -1 [0054.446] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="$Recycle.bin") returned 1 [0054.446] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="System Volume Information") returned -1 [0054.446] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2=".") returned 1 [0054.446] lstrcmpiW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="..") returned 1 [0054.446] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 113 [0054.446] StrStrIW (lpFirst="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpSrch=".lolkek") returned 0x0 [0054.446] lstrcmpW (lpString1="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", lpString2="LOLKEK.txt") returned -1 [0054.446] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned 113 [0054.446] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c8) returned 0x3e35498 [0054.446] lstrcpyW (in: lpString1=0x3e35498, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" [0054.446] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.447] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.447] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf303882f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Backup", cAlternateFileName="")) returned 1 [0054.447] lstrcmpiW (lpString1="Backup", lpString2="Windows") returned -1 [0054.447] lstrcmpiW (lpString1="Backup", lpString2="Program Files") returned -1 [0054.447] lstrcmpiW (lpString1="Backup", lpString2="Program Files (x86)") returned -1 [0054.447] lstrcmpiW (lpString1="Backup", lpString2="$Recycle.bin") returned 1 [0054.447] lstrcmpiW (lpString1="Backup", lpString2="System Volume Information") returned -1 [0054.447] lstrcmpiW (lpString1="Backup", lpString2=".") returned 1 [0054.447] lstrcmpiW (lpString1="Backup", lpString2="..") returned 1 [0054.447] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup") returned 64 [0054.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.447] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" [0054.447] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*" [0054.447] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf303882f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.447] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.447] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.447] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.447] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.447] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.447] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.447] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf303882f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.447] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.447] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.447] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.447] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.447] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.447] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.447] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.447] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="new", cAlternateFileName="")) returned 1 [0054.447] lstrcmpiW (lpString1="new", lpString2="Windows") returned -1 [0054.447] lstrcmpiW (lpString1="new", lpString2="Program Files") returned -1 [0054.447] lstrcmpiW (lpString1="new", lpString2="Program Files (x86)") returned -1 [0054.447] lstrcmpiW (lpString1="new", lpString2="$Recycle.bin") returned 1 [0054.447] lstrcmpiW (lpString1="new", lpString2="System Volume Information") returned -1 [0054.447] lstrcmpiW (lpString1="new", lpString2=".") returned 1 [0054.447] lstrcmpiW (lpString1="new", lpString2="..") returned 1 [0054.447] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new") returned 68 [0054.447] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.448] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new" [0054.448] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\*" [0054.448] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.475] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.475] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.475] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.475] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.475] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.475] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.475] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.475] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.475] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.475] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.475] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.475] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.475] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.475] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.475] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f2de8d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0054.475] lstrcmpiW (lpString1="edb00001.log", lpString2="Windows") returned -1 [0054.475] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files") returned -1 [0054.475] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files (x86)") returned -1 [0054.475] lstrcmpiW (lpString1="edb00001.log", lpString2="$Recycle.bin") returned 1 [0054.475] lstrcmpiW (lpString1="edb00001.log", lpString2="System Volume Information") returned -1 [0054.475] lstrcmpiW (lpString1="edb00001.log", lpString2=".") returned 1 [0054.475] lstrcmpiW (lpString1="edb00001.log", lpString2="..") returned 1 [0054.475] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log") returned 81 [0054.475] StrStrIW (lpFirst="edb00001.log", lpSrch=".lolkek") returned 0x0 [0054.475] lstrcmpW (lpString1="edb00001.log", lpString2="LOLKEK.txt") returned -1 [0054.475] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log") returned 81 [0054.475] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3caeff0 [0054.475] lstrcpyW (in: lpString1=0x3caeff0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\edb00001.log" [0054.475] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.475] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.475] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2ab7545, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x206000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0054.475] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Windows") returned 1 [0054.475] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files") returned 1 [0054.475] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files (x86)") returned 1 [0054.475] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="$Recycle.bin") returned 1 [0054.475] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="System Volume Information") returned 1 [0054.475] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".") returned 1 [0054.475] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="..") returned 1 [0054.475] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore") returned 95 [0054.475] StrStrIW (lpFirst="WindowsMail.MSMessageStore", lpSrch=".lolkek") returned 0x0 [0054.476] lstrcmpW (lpString1="WindowsMail.MSMessageStore", lpString2="LOLKEK.txt") returned 1 [0054.476] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore") returned 95 [0054.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x3e3bae0 [0054.476] lstrcpyW (in: lpString1=0x3e3bae0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.MSMessageStore" [0054.476] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.476] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.476] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0054.476] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Windows") returned 1 [0054.476] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files") returned 1 [0054.476] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files (x86)") returned 1 [0054.476] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="$Recycle.bin") returned 1 [0054.476] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="System Volume Information") returned 1 [0054.476] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".") returned 1 [0054.476] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="..") returned 1 [0054.476] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat") returned 84 [0054.476] StrStrIW (lpFirst="WindowsMail.pat", lpSrch=".lolkek") returned 0x0 [0054.476] lstrcmpW (lpString1="WindowsMail.pat", lpString2="LOLKEK.txt") returned 1 [0054.476] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat") returned 84 [0054.476] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb6810 [0054.476] lstrcpyW (in: lpString1=0x3eb6810, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\WindowsMail.pat" [0054.476] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.476] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.476] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0054.476] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.477] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\LOLKEK.txt") returned 79 [0054.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\new\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\new\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0054.478] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.478] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0054.478] CloseHandle (hObject=0x24c) returned 1 [0054.478] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.478] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="new", cAlternateFileName="")) returned 0 [0054.478] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.478] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\LOLKEK.txt") returned 75 [0054.479] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\backup\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.479] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.479] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.481] CloseHandle (hObject=0x27c) returned 1 [0054.481] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.481] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0054.481] lstrcmpiW (lpString1="edb.chk", lpString2="Windows") returned -1 [0054.481] lstrcmpiW (lpString1="edb.chk", lpString2="Program Files") returned -1 [0054.481] lstrcmpiW (lpString1="edb.chk", lpString2="Program Files (x86)") returned -1 [0054.481] lstrcmpiW (lpString1="edb.chk", lpString2="$Recycle.bin") returned 1 [0054.481] lstrcmpiW (lpString1="edb.chk", lpString2="System Volume Information") returned -1 [0054.481] lstrcmpiW (lpString1="edb.chk", lpString2=".") returned 1 [0054.482] lstrcmpiW (lpString1="edb.chk", lpString2="..") returned 1 [0054.482] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk") returned 65 [0054.482] StrStrIW (lpFirst="edb.chk", lpSrch=".lolkek") returned 0x0 [0054.482] lstrcmpW (lpString1="edb.chk", lpString2="LOLKEK.txt") returned -1 [0054.482] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk") returned 65 [0054.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x611840 [0054.482] lstrcpyW (in: lpString1=0x611840, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" [0054.482] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.482] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.482] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7bc3a13, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edb.log", cAlternateFileName="")) returned 1 [0054.482] lstrcmpiW (lpString1="edb.log", lpString2="Windows") returned -1 [0054.482] lstrcmpiW (lpString1="edb.log", lpString2="Program Files") returned -1 [0054.482] lstrcmpiW (lpString1="edb.log", lpString2="Program Files (x86)") returned -1 [0054.482] lstrcmpiW (lpString1="edb.log", lpString2="$Recycle.bin") returned 1 [0054.482] lstrcmpiW (lpString1="edb.log", lpString2="System Volume Information") returned -1 [0054.482] lstrcmpiW (lpString1="edb.log", lpString2=".") returned 1 [0054.482] lstrcmpiW (lpString1="edb.log", lpString2="..") returned 1 [0054.482] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log") returned 65 [0054.482] StrStrIW (lpFirst="edb.log", lpSrch=".lolkek") returned 0x0 [0054.482] lstrcmpW (lpString1="edb.log", lpString2="LOLKEK.txt") returned -1 [0054.482] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log") returned 65 [0054.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x6111b0 [0054.482] lstrcpyW (in: lpString1=0x6111b0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" [0054.482] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.482] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.482] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0054.482] lstrcmpiW (lpString1="edb00001.log", lpString2="Windows") returned -1 [0054.482] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files") returned -1 [0054.482] lstrcmpiW (lpString1="edb00001.log", lpString2="Program Files (x86)") returned -1 [0054.482] lstrcmpiW (lpString1="edb00001.log", lpString2="$Recycle.bin") returned 1 [0054.482] lstrcmpiW (lpString1="edb00001.log", lpString2="System Volume Information") returned -1 [0054.482] lstrcmpiW (lpString1="edb00001.log", lpString2=".") returned 1 [0054.482] lstrcmpiW (lpString1="edb00001.log", lpString2="..") returned 1 [0054.482] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log") returned 70 [0054.482] StrStrIW (lpFirst="edb00001.log", lpSrch=".lolkek") returned 0x0 [0054.482] lstrcmpW (lpString1="edb00001.log", lpString2="LOLKEK.txt") returned -1 [0054.482] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log") returned 70 [0054.482] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x11c) returned 0x3e3fb30 [0054.482] lstrcpyW (in: lpString1=0x3e3fb30, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" [0054.482] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.482] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.482] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edbres00001.jrs", cAlternateFileName="EDBRES~2.JRS")) returned 1 [0054.482] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="Windows") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="Program Files") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="Program Files (x86)") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="$Recycle.bin") returned 1 [0054.483] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="System Volume Information") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00001.jrs", lpString2=".") returned 1 [0054.483] lstrcmpiW (lpString1="edbres00001.jrs", lpString2="..") returned 1 [0054.483] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs") returned 73 [0054.483] StrStrIW (lpFirst="edbres00001.jrs", lpSrch=".lolkek") returned 0x0 [0054.483] lstrcmpW (lpString1="edbres00001.jrs", lpString2="LOLKEK.txt") returned -1 [0054.483] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs") returned 73 [0054.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca68d8 [0054.483] lstrcpyW (in: lpString1=0x3ca68d8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" [0054.483] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.483] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.483] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="edbres00002.jrs", cAlternateFileName="EDBRES~1.JRS")) returned 1 [0054.483] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="Windows") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="Program Files") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="Program Files (x86)") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="$Recycle.bin") returned 1 [0054.483] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="System Volume Information") returned -1 [0054.483] lstrcmpiW (lpString1="edbres00002.jrs", lpString2=".") returned 1 [0054.483] lstrcmpiW (lpString1="edbres00002.jrs", lpString2="..") returned 1 [0054.483] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs") returned 73 [0054.483] StrStrIW (lpFirst="edbres00002.jrs", lpSrch=".lolkek") returned 0x0 [0054.483] lstrcmpW (lpString1="edbres00002.jrs", lpString2="LOLKEK.txt") returned -1 [0054.483] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs") returned 73 [0054.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca6b48 [0054.483] lstrcpyW (in: lpString1=0x3ca6b48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" [0054.483] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.483] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.483] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="oeold.xml", cAlternateFileName="")) returned 1 [0054.483] lstrcmpiW (lpString1="oeold.xml", lpString2="Windows") returned -1 [0054.483] lstrcmpiW (lpString1="oeold.xml", lpString2="Program Files") returned -1 [0054.483] lstrcmpiW (lpString1="oeold.xml", lpString2="Program Files (x86)") returned -1 [0054.483] lstrcmpiW (lpString1="oeold.xml", lpString2="$Recycle.bin") returned 1 [0054.483] lstrcmpiW (lpString1="oeold.xml", lpString2="System Volume Information") returned -1 [0054.483] lstrcmpiW (lpString1="oeold.xml", lpString2=".") returned 1 [0054.483] lstrcmpiW (lpString1="oeold.xml", lpString2="..") returned 1 [0054.483] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml") returned 67 [0054.483] StrStrIW (lpFirst="oeold.xml", lpSrch=".lolkek") returned 0x0 [0054.483] lstrcmpW (lpString1="oeold.xml", lpString2="LOLKEK.txt") returned 1 [0054.483] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml") returned 67 [0054.483] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x611728 [0054.483] lstrcpyW (in: lpString1=0x611728, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" [0054.483] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.484] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.484] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0054.484] lstrcmpiW (lpString1="Stationery", lpString2="Windows") returned -1 [0054.484] lstrcmpiW (lpString1="Stationery", lpString2="Program Files") returned 1 [0054.484] lstrcmpiW (lpString1="Stationery", lpString2="Program Files (x86)") returned 1 [0054.484] lstrcmpiW (lpString1="Stationery", lpString2="$Recycle.bin") returned 1 [0054.484] lstrcmpiW (lpString1="Stationery", lpString2="System Volume Information") returned -1 [0054.484] lstrcmpiW (lpString1="Stationery", lpString2=".") returned 1 [0054.484] lstrcmpiW (lpString1="Stationery", lpString2="..") returned 1 [0054.484] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery") returned 68 [0054.484] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.484] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" [0054.484] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*" [0054.484] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.486] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.486] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.486] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.486] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.486] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.486] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.486] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.486] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.486] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.487] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.487] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.487] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.487] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.487] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.487] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Bears.htm", cAlternateFileName="")) returned 1 [0054.487] lstrcmpiW (lpString1="Bears.htm", lpString2="Windows") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.htm", lpString2="Program Files") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.htm", lpString2="Program Files (x86)") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.htm", lpString2="$Recycle.bin") returned 1 [0054.487] lstrcmpiW (lpString1="Bears.htm", lpString2="System Volume Information") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.htm", lpString2=".") returned 1 [0054.487] lstrcmpiW (lpString1="Bears.htm", lpString2="..") returned 1 [0054.487] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm") returned 78 [0054.487] StrStrIW (lpFirst="Bears.htm", lpSrch=".lolkek") returned 0x0 [0054.487] lstrcmpW (lpString1="Bears.htm", lpString2="LOLKEK.txt") returned -1 [0054.487] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm") returned 78 [0054.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616eb8 [0054.487] lstrcpyW (in: lpString1=0x616eb8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" [0054.487] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.487] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.487] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa352261, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Bears.jpg", cAlternateFileName="")) returned 1 [0054.487] lstrcmpiW (lpString1="Bears.jpg", lpString2="Windows") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.jpg", lpString2="Program Files") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.jpg", lpString2="Program Files (x86)") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.jpg", lpString2="$Recycle.bin") returned 1 [0054.487] lstrcmpiW (lpString1="Bears.jpg", lpString2="System Volume Information") returned -1 [0054.487] lstrcmpiW (lpString1="Bears.jpg", lpString2=".") returned 1 [0054.487] lstrcmpiW (lpString1="Bears.jpg", lpString2="..") returned 1 [0054.487] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg") returned 78 [0054.487] StrStrIW (lpFirst="Bears.jpg", lpSrch=".lolkek") returned 0x0 [0054.487] lstrcmpW (lpString1="Bears.jpg", lpString2="LOLKEK.txt") returned -1 [0054.487] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg") returned 78 [0054.487] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616c28 [0054.487] lstrcpyW (in: lpString1=0x616c28, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" [0054.487] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.487] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.487] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7bf1d2d9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x285, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0054.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="Windows") returned -1 [0054.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="Program Files") returned -1 [0054.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="System Volume Information") returned -1 [0054.487] lstrcmpiW (lpString1="Desktop.ini", lpString2=".") returned 1 [0054.487] lstrcmpiW (lpString1="Desktop.ini", lpString2="..") returned 1 [0054.487] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini") returned 80 [0054.488] StrStrIW (lpFirst="Desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.488] lstrcmpW (lpString1="Desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.488] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini") returned 80 [0054.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3cae530 [0054.488] lstrcpyW (in: lpString1=0x3cae530, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" [0054.488] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.488] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.488] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x650f7e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x650f7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce04b5c8, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Garden.htm", cAlternateFileName="")) returned 1 [0054.488] lstrcmpiW (lpString1="Garden.htm", lpString2="Windows") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.htm", lpString2="Program Files") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.htm", lpString2="Program Files (x86)") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.htm", lpString2="$Recycle.bin") returned 1 [0054.488] lstrcmpiW (lpString1="Garden.htm", lpString2="System Volume Information") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.htm", lpString2=".") returned 1 [0054.488] lstrcmpiW (lpString1="Garden.htm", lpString2="..") returned 1 [0054.488] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm") returned 79 [0054.488] StrStrIW (lpFirst="Garden.htm", lpSrch=".lolkek") returned 0x0 [0054.488] lstrcmpW (lpString1="Garden.htm", lpString2="LOLKEK.txt") returned -1 [0054.488] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm") returned 79 [0054.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x617520 [0054.488] lstrcpyW (in: lpString1=0x617520, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" [0054.488] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.488] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.488] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa410937, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x5d3f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Garden.jpg", cAlternateFileName="")) returned 1 [0054.488] lstrcmpiW (lpString1="Garden.jpg", lpString2="Windows") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.jpg", lpString2="Program Files") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.jpg", lpString2="Program Files (x86)") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.jpg", lpString2="$Recycle.bin") returned 1 [0054.488] lstrcmpiW (lpString1="Garden.jpg", lpString2="System Volume Information") returned -1 [0054.488] lstrcmpiW (lpString1="Garden.jpg", lpString2=".") returned 1 [0054.488] lstrcmpiW (lpString1="Garden.jpg", lpString2="..") returned 1 [0054.488] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg") returned 79 [0054.488] StrStrIW (lpFirst="Garden.jpg", lpSrch=".lolkek") returned 0x0 [0054.488] lstrcmpW (lpString1="Garden.jpg", lpString2="LOLKEK.txt") returned -1 [0054.488] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg") returned 79 [0054.488] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x140) returned 0x617668 [0054.488] lstrcpyW (in: lpString1=0x617668, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" [0054.488] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.488] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.488] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce071725, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Green Bubbles.htm", cAlternateFileName="GREENB~1.HTM")) returned 1 [0054.488] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="Windows") returned -1 [0054.488] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="Program Files") returned -1 [0054.488] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="Program Files (x86)") returned -1 [0054.488] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="$Recycle.bin") returned 1 [0054.489] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="System Volume Information") returned -1 [0054.489] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2=".") returned 1 [0054.489] lstrcmpiW (lpString1="Green Bubbles.htm", lpString2="..") returned 1 [0054.489] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm") returned 86 [0054.489] StrStrIW (lpFirst="Green Bubbles.htm", lpSrch=".lolkek") returned 0x0 [0054.489] lstrcmpW (lpString1="Green Bubbles.htm", lpString2="LOLKEK.txt") returned -1 [0054.489] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm") returned 86 [0054.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3eb6c48 [0054.489] lstrcpyW (in: lpString1=0x3eb6c48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" [0054.489] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.489] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.489] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa436a95, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1906, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="GreenBubbles.jpg", cAlternateFileName="GREENB~1.JPG")) returned 1 [0054.489] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="Windows") returned -1 [0054.489] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="Program Files") returned -1 [0054.489] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="Program Files (x86)") returned -1 [0054.489] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="$Recycle.bin") returned 1 [0054.489] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="System Volume Information") returned -1 [0054.489] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2=".") returned 1 [0054.489] lstrcmpiW (lpString1="GreenBubbles.jpg", lpString2="..") returned 1 [0054.489] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg") returned 85 [0054.489] StrStrIW (lpFirst="GreenBubbles.jpg", lpSrch=".lolkek") returned 0x0 [0054.489] lstrcmpW (lpString1="GreenBubbles.jpg", lpString2="LOLKEK.txt") returned -1 [0054.489] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg") returned 85 [0054.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x3eb6ae0 [0054.489] lstrcpyW (in: lpString1=0x3eb6ae0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" [0054.489] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.489] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.489] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0bd9df, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Hand Prints.htm", cAlternateFileName="HANDPR~1.HTM")) returned 1 [0054.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="Windows") returned -1 [0054.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="Program Files") returned -1 [0054.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="Program Files (x86)") returned -1 [0054.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="$Recycle.bin") returned 1 [0054.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="System Volume Information") returned -1 [0054.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2=".") returned 1 [0054.489] lstrcmpiW (lpString1="Hand Prints.htm", lpString2="..") returned 1 [0054.489] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm") returned 84 [0054.489] StrStrIW (lpFirst="Hand Prints.htm", lpSrch=".lolkek") returned 0x0 [0054.489] lstrcmpW (lpString1="Hand Prints.htm", lpString2="LOLKEK.txt") returned -1 [0054.489] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm") returned 84 [0054.489] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3eb6978 [0054.489] lstrcpyW (in: lpString1=0x3eb6978, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" [0054.489] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.489] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.489] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa45cbf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x107e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HandPrints.jpg", cAlternateFileName="HANDPR~1.JPG")) returned 1 [0054.490] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="Windows") returned -1 [0054.490] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="Program Files") returned -1 [0054.490] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="Program Files (x86)") returned -1 [0054.490] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="$Recycle.bin") returned 1 [0054.490] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="System Volume Information") returned -1 [0054.490] lstrcmpiW (lpString1="HandPrints.jpg", lpString2=".") returned 1 [0054.490] lstrcmpiW (lpString1="HandPrints.jpg", lpString2="..") returned 1 [0054.490] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg") returned 83 [0054.490] StrStrIW (lpFirst="HandPrints.jpg", lpSrch=".lolkek") returned 0x0 [0054.490] lstrcmpW (lpString1="HandPrints.jpg", lpString2="LOLKEK.txt") returned -1 [0054.490] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg") returned 83 [0054.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x150) returned 0x3cada70 [0054.490] lstrcpyW (in: lpString1=0x3cada70, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" [0054.490] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.490] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.490] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0e3b3c, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Orange Circles.htm", cAlternateFileName="ORANGE~1.HTM")) returned 1 [0054.490] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="Windows") returned -1 [0054.490] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="Program Files") returned -1 [0054.490] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="Program Files (x86)") returned -1 [0054.490] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="$Recycle.bin") returned 1 [0054.490] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="System Volume Information") returned -1 [0054.490] lstrcmpiW (lpString1="Orange Circles.htm", lpString2=".") returned 1 [0054.490] lstrcmpiW (lpString1="Orange Circles.htm", lpString2="..") returned 1 [0054.490] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm") returned 87 [0054.490] StrStrIW (lpFirst="Orange Circles.htm", lpSrch=".lolkek") returned 0x0 [0054.490] lstrcmpW (lpString1="Orange Circles.htm", lpString2="LOLKEK.txt") returned 1 [0054.490] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm") returned 87 [0054.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3da61d0 [0054.490] lstrcpyW (in: lpString1=0x3da61d0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" [0054.490] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.490] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.490] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa4cf00d, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="OrangeCircles.jpg", cAlternateFileName="ORANGE~1.JPG")) returned 1 [0054.490] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="Windows") returned -1 [0054.490] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="Program Files") returned -1 [0054.490] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="Program Files (x86)") returned -1 [0054.490] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="$Recycle.bin") returned 1 [0054.490] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="System Volume Information") returned -1 [0054.490] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2=".") returned 1 [0054.490] lstrcmpiW (lpString1="OrangeCircles.jpg", lpString2="..") returned 1 [0054.490] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg") returned 86 [0054.490] StrStrIW (lpFirst="OrangeCircles.jpg", lpSrch=".lolkek") returned 0x0 [0054.490] lstrcmpW (lpString1="OrangeCircles.jpg", lpString2="LOLKEK.txt") returned 1 [0054.490] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg") returned 86 [0054.490] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15c) returned 0x3da6338 [0054.490] lstrcpyW (in: lpString1=0x3da6338, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" [0054.490] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.491] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.491] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce109c99, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Peacock.htm", cAlternateFileName="")) returned 1 [0054.491] lstrcmpiW (lpString1="Peacock.htm", lpString2="Windows") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.htm", lpString2="Program Files") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.htm", lpString2="Program Files (x86)") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.htm", lpString2="$Recycle.bin") returned 1 [0054.491] lstrcmpiW (lpString1="Peacock.htm", lpString2="System Volume Information") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.htm", lpString2=".") returned 1 [0054.491] lstrcmpiW (lpString1="Peacock.htm", lpString2="..") returned 1 [0054.491] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm") returned 80 [0054.491] StrStrIW (lpFirst="Peacock.htm", lpSrch=".lolkek") returned 0x0 [0054.491] lstrcmpW (lpString1="Peacock.htm", lpString2="LOLKEK.txt") returned 1 [0054.491] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm") returned 80 [0054.491] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3cae280 [0054.491] lstrcpyW (in: lpString1=0x3cae280, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" [0054.491] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.491] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.491] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa51b2c9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x13fb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Peacock.jpg", cAlternateFileName="")) returned 1 [0054.491] lstrcmpiW (lpString1="Peacock.jpg", lpString2="Windows") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.jpg", lpString2="Program Files") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.jpg", lpString2="Program Files (x86)") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.jpg", lpString2="$Recycle.bin") returned 1 [0054.491] lstrcmpiW (lpString1="Peacock.jpg", lpString2="System Volume Information") returned -1 [0054.491] lstrcmpiW (lpString1="Peacock.jpg", lpString2=".") returned 1 [0054.491] lstrcmpiW (lpString1="Peacock.jpg", lpString2="..") returned 1 [0054.491] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg") returned 80 [0054.491] StrStrIW (lpFirst="Peacock.jpg", lpSrch=".lolkek") returned 0x0 [0054.491] lstrcmpW (lpString1="Peacock.jpg", lpString2="LOLKEK.txt") returned 1 [0054.491] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg") returned 80 [0054.491] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x3cae7e0 [0054.491] lstrcpyW (in: lpString1=0x3cae7e0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" [0054.491] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.491] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.491] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce12fdf6, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roses.htm", cAlternateFileName="")) returned 1 [0054.491] lstrcmpiW (lpString1="Roses.htm", lpString2="Windows") returned -1 [0054.491] lstrcmpiW (lpString1="Roses.htm", lpString2="Program Files") returned 1 [0054.491] lstrcmpiW (lpString1="Roses.htm", lpString2="Program Files (x86)") returned 1 [0054.491] lstrcmpiW (lpString1="Roses.htm", lpString2="$Recycle.bin") returned 1 [0054.491] lstrcmpiW (lpString1="Roses.htm", lpString2="System Volume Information") returned -1 [0054.491] lstrcmpiW (lpString1="Roses.htm", lpString2=".") returned 1 [0054.491] lstrcmpiW (lpString1="Roses.htm", lpString2="..") returned 1 [0054.491] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm") returned 78 [0054.491] StrStrIW (lpFirst="Roses.htm", lpSrch=".lolkek") returned 0x0 [0054.491] lstrcmpW (lpString1="Roses.htm", lpString2="LOLKEK.txt") returned 1 [0054.492] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm") returned 78 [0054.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616330 [0054.492] lstrcpyW (in: lpString1=0x616330, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" [0054.492] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.492] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.492] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa567585, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roses.jpg", cAlternateFileName="")) returned 1 [0054.492] lstrcmpiW (lpString1="Roses.jpg", lpString2="Windows") returned -1 [0054.492] lstrcmpiW (lpString1="Roses.jpg", lpString2="Program Files") returned 1 [0054.492] lstrcmpiW (lpString1="Roses.jpg", lpString2="Program Files (x86)") returned 1 [0054.492] lstrcmpiW (lpString1="Roses.jpg", lpString2="$Recycle.bin") returned 1 [0054.492] lstrcmpiW (lpString1="Roses.jpg", lpString2="System Volume Information") returned -1 [0054.492] lstrcmpiW (lpString1="Roses.jpg", lpString2=".") returned 1 [0054.492] lstrcmpiW (lpString1="Roses.jpg", lpString2="..") returned 1 [0054.492] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg") returned 78 [0054.492] StrStrIW (lpFirst="Roses.jpg", lpSrch=".lolkek") returned 0x0 [0054.492] lstrcmpW (lpString1="Roses.jpg", lpString2="LOLKEK.txt") returned 1 [0054.492] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg") returned 78 [0054.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x616d70 [0054.492] lstrcpyW (in: lpString1=0x616d70, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" [0054.492] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.492] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.492] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c3520, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64c3520, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce17c0b0, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Shades of Blue.htm", cAlternateFileName="SHADES~1.HTM")) returned 1 [0054.492] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="Windows") returned -1 [0054.492] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="Program Files") returned 1 [0054.492] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="Program Files (x86)") returned 1 [0054.492] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="$Recycle.bin") returned 1 [0054.492] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="System Volume Information") returned -1 [0054.492] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2=".") returned 1 [0054.492] lstrcmpiW (lpString1="Shades of Blue.htm", lpString2="..") returned 1 [0054.492] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm") returned 87 [0054.492] StrStrIW (lpFirst="Shades of Blue.htm", lpSrch=".lolkek") returned 0x0 [0054.492] lstrcmpW (lpString1="Shades of Blue.htm", lpString2="LOLKEK.txt") returned 1 [0054.492] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm") returned 87 [0054.492] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x160) returned 0x3da64a0 [0054.492] lstrcpyW (in: lpString1=0x3da64a0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" [0054.492] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.492] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.492] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa58d6e3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x127e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ShadesOfBlue.jpg", cAlternateFileName="SHADES~1.JPG")) returned 1 [0054.492] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="Windows") returned -1 [0054.492] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="Program Files") returned 1 [0054.492] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="Program Files (x86)") returned 1 [0054.493] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="$Recycle.bin") returned 1 [0054.493] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="System Volume Information") returned -1 [0054.493] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2=".") returned 1 [0054.493] lstrcmpiW (lpString1="ShadesOfBlue.jpg", lpString2="..") returned 1 [0054.493] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg") returned 85 [0054.493] StrStrIW (lpFirst="ShadesOfBlue.jpg", lpSrch=".lolkek") returned 0x0 [0054.493] lstrcmpW (lpString1="ShadesOfBlue.jpg", lpString2="LOLKEK.txt") returned 1 [0054.493] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg") returned 85 [0054.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x158) returned 0x3da6608 [0054.493] lstrcpyW (in: lpString1=0x3da6608, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" [0054.493] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.493] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.493] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1a220d, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Soft Blue.htm", cAlternateFileName="SOFTBL~1.HTM")) returned 1 [0054.493] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="Windows") returned -1 [0054.493] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="Program Files") returned 1 [0054.493] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="Program Files (x86)") returned 1 [0054.493] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="$Recycle.bin") returned 1 [0054.493] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="System Volume Information") returned -1 [0054.493] lstrcmpiW (lpString1="Soft Blue.htm", lpString2=".") returned 1 [0054.493] lstrcmpiW (lpString1="Soft Blue.htm", lpString2="..") returned 1 [0054.493] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm") returned 82 [0054.493] StrStrIW (lpFirst="Soft Blue.htm", lpSrch=".lolkek") returned 0x0 [0054.493] lstrcmpW (lpString1="Soft Blue.htm", lpString2="LOLKEK.txt") returned 1 [0054.493] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm") returned 82 [0054.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14c) returned 0x3caea90 [0054.493] lstrcpyW (in: lpString1=0x3caea90, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" [0054.493] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.493] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.493] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e9680, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x64e9680, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5b3841, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2949, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SoftBlue.jpg", cAlternateFileName="")) returned 1 [0054.493] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="Windows") returned -1 [0054.493] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="Program Files") returned 1 [0054.493] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="Program Files (x86)") returned 1 [0054.493] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="$Recycle.bin") returned 1 [0054.493] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="System Volume Information") returned -1 [0054.493] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2=".") returned 1 [0054.493] lstrcmpiW (lpString1="SoftBlue.jpg", lpString2="..") returned 1 [0054.493] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg") returned 81 [0054.493] StrStrIW (lpFirst="SoftBlue.jpg", lpSrch=".lolkek") returned 0x0 [0054.493] lstrcmpW (lpString1="SoftBlue.jpg", lpString2="LOLKEK.txt") returned 1 [0054.493] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg") returned 81 [0054.493] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x148) returned 0x3cae688 [0054.493] lstrcpyW (in: lpString1=0x3cae688, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" [0054.493] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.493] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.493] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x649d3c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x649d3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1c836a, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stars.htm", cAlternateFileName="")) returned 1 [0054.494] lstrcmpiW (lpString1="Stars.htm", lpString2="Windows") returned -1 [0054.494] lstrcmpiW (lpString1="Stars.htm", lpString2="Program Files") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.htm", lpString2="Program Files (x86)") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.htm", lpString2="$Recycle.bin") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.htm", lpString2="System Volume Information") returned -1 [0054.494] lstrcmpiW (lpString1="Stars.htm", lpString2=".") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.htm", lpString2="..") returned 1 [0054.494] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm") returned 78 [0054.494] StrStrIW (lpFirst="Stars.htm", lpSrch=".lolkek") returned 0x0 [0054.494] lstrcmpW (lpString1="Stars.htm", lpString2="LOLKEK.txt") returned 1 [0054.494] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm") returned 78 [0054.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x6165c0 [0054.494] lstrcpyW (in: lpString1=0x6165c0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" [0054.494] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.494] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.494] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stars.jpg", cAlternateFileName="")) returned 1 [0054.494] lstrcmpiW (lpString1="Stars.jpg", lpString2="Windows") returned -1 [0054.494] lstrcmpiW (lpString1="Stars.jpg", lpString2="Program Files") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.jpg", lpString2="Program Files (x86)") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.jpg", lpString2="$Recycle.bin") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.jpg", lpString2="System Volume Information") returned -1 [0054.494] lstrcmpiW (lpString1="Stars.jpg", lpString2=".") returned 1 [0054.494] lstrcmpiW (lpString1="Stars.jpg", lpString2="..") returned 1 [0054.494] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg") returned 78 [0054.494] StrStrIW (lpFirst="Stars.jpg", lpSrch=".lolkek") returned 0x0 [0054.494] lstrcmpW (lpString1="Stars.jpg", lpString2="LOLKEK.txt") returned 1 [0054.494] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg") returned 78 [0054.494] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x6160a0 [0054.494] lstrcpyW (in: lpString1=0x6160a0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" [0054.494] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.494] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.494] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6477260, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Stars.jpg", cAlternateFileName="")) returned 0 [0054.494] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.495] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\LOLKEK.txt") returned 79 [0054.495] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\stationery\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.496] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.496] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.496] CloseHandle (hObject=0x27c) returned 1 [0054.496] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.498] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd7b05332, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Windows") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="Program Files (x86)") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="$Recycle.bin") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="System Volume Information") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2=".") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.MSMessageStore", lpString2="..") returned 1 [0054.498] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned 84 [0054.498] StrStrIW (lpFirst="WindowsMail.MSMessageStore", lpSrch=".lolkek") returned 0x0 [0054.498] lstrcmpW (lpString1="WindowsMail.MSMessageStore", lpString2="LOLKEK.txt") returned 1 [0054.498] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned 84 [0054.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x154) returned 0x3da6770 [0054.498] lstrcpyW (in: lpString1=0x3da6770, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" [0054.498] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.498] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.498] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Windows") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="Program Files (x86)") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="$Recycle.bin") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="System Volume Information") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.pat", lpString2=".") returned 1 [0054.498] lstrcmpiW (lpString1="WindowsMail.pat", lpString2="..") returned 1 [0054.498] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat") returned 73 [0054.498] StrStrIW (lpFirst="WindowsMail.pat", lpSrch=".lolkek") returned 0x0 [0054.498] lstrcmpW (lpString1="WindowsMail.pat", lpString2="LOLKEK.txt") returned 1 [0054.498] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat") returned 73 [0054.498] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3ca7298 [0054.499] lstrcpyW (in: lpString1=0x3ca7298, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" [0054.499] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.499] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.499] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2e234eb, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 0 [0054.499] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.499] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\LOLKEK.txt") returned 68 [0054.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Mail\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows mail\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.499] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.499] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.500] CloseHandle (hObject=0x280) returned 1 [0054.500] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.500] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0054.500] lstrcmpiW (lpString1="Windows Media", lpString2="Windows") returned 1 [0054.500] lstrcmpiW (lpString1="Windows Media", lpString2="Program Files") returned 1 [0054.500] lstrcmpiW (lpString1="Windows Media", lpString2="Program Files (x86)") returned 1 [0054.500] lstrcmpiW (lpString1="Windows Media", lpString2="$Recycle.bin") returned 1 [0054.500] lstrcmpiW (lpString1="Windows Media", lpString2="System Volume Information") returned 1 [0054.500] lstrcmpiW (lpString1="Windows Media", lpString2=".") returned 1 [0054.500] lstrcmpiW (lpString1="Windows Media", lpString2="..") returned 1 [0054.500] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media") returned 58 [0054.500] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.500] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media" [0054.500] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\*" [0054.500] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.500] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.500] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.500] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.500] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.500] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.500] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.500] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.500] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.500] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.500] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.501] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.501] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.501] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.501] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.501] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12.0", cAlternateFileName="")) returned 1 [0054.501] lstrcmpiW (lpString1="12.0", lpString2="Windows") returned -1 [0054.501] lstrcmpiW (lpString1="12.0", lpString2="Program Files") returned -1 [0054.501] lstrcmpiW (lpString1="12.0", lpString2="Program Files (x86)") returned -1 [0054.501] lstrcmpiW (lpString1="12.0", lpString2="$Recycle.bin") returned 1 [0054.501] lstrcmpiW (lpString1="12.0", lpString2="System Volume Information") returned -1 [0054.501] lstrcmpiW (lpString1="12.0", lpString2=".") returned 1 [0054.501] lstrcmpiW (lpString1="12.0", lpString2="..") returned 1 [0054.501] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0") returned 63 [0054.501] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.501] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0" [0054.501] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*" [0054.501] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.501] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.501] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.501] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.501] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.501] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.501] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.501] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.501] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.501] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.501] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.501] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.501] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.501] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.501] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.502] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1f2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WMSDKNS.DTD", cAlternateFileName="")) returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="Windows") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="Program Files") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="Program Files (x86)") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="$Recycle.bin") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="System Volume Information") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2=".") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.DTD", lpString2="..") returned 1 [0054.502] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD") returned 75 [0054.502] StrStrIW (lpFirst="WMSDKNS.DTD", lpSrch=".lolkek") returned 0x0 [0054.502] lstrcmpW (lpString1="WMSDKNS.DTD", lpString2="LOLKEK.txt") returned 1 [0054.502] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD") returned 75 [0054.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3ca67a0 [0054.502] lstrcpyW (in: lpString1=0x3ca67a0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" [0054.502] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.502] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.502] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="Windows") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="Program Files") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="Program Files (x86)") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="$Recycle.bin") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="System Volume Information") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2=".") returned 1 [0054.502] lstrcmpiW (lpString1="WMSDKNS.XML", lpString2="..") returned 1 [0054.502] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML") returned 75 [0054.502] StrStrIW (lpFirst="WMSDKNS.XML", lpSrch=".lolkek") returned 0x0 [0054.502] lstrcmpW (lpString1="WMSDKNS.XML", lpString2="LOLKEK.txt") returned 1 [0054.502] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML") returned 75 [0054.502] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x130) returned 0x3cac778 [0054.502] lstrcpyW (in: lpString1=0x3cac778, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" [0054.502] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.502] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.502] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 0 [0054.502] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.502] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\LOLKEK.txt") returned 74 [0054.502] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\12.0\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.503] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.503] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.503] CloseHandle (hObject=0x27c) returned 1 [0054.503] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.503] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="12.0", cAlternateFileName="")) returned 0 [0054.504] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.504] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\LOLKEK.txt") returned 69 [0054.504] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Media\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows media\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.504] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.504] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.505] CloseHandle (hObject=0x280) returned 1 [0054.505] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.505] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0054.505] lstrcmpiW (lpString1="Windows Sidebar", lpString2="Windows") returned 1 [0054.505] lstrcmpiW (lpString1="Windows Sidebar", lpString2="Program Files") returned 1 [0054.505] lstrcmpiW (lpString1="Windows Sidebar", lpString2="Program Files (x86)") returned 1 [0054.505] lstrcmpiW (lpString1="Windows Sidebar", lpString2="$Recycle.bin") returned 1 [0054.505] lstrcmpiW (lpString1="Windows Sidebar", lpString2="System Volume Information") returned 1 [0054.505] lstrcmpiW (lpString1="Windows Sidebar", lpString2=".") returned 1 [0054.505] lstrcmpiW (lpString1="Windows Sidebar", lpString2="..") returned 1 [0054.505] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar") returned 60 [0054.505] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.505] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar" [0054.505] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\*" [0054.505] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.505] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.505] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.505] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.505] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.505] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.505] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.505] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.505] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.505] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.505] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.505] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.505] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.505] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.505] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.505] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Gadgets", cAlternateFileName="")) returned 1 [0054.505] lstrcmpiW (lpString1="Gadgets", lpString2="Windows") returned -1 [0054.505] lstrcmpiW (lpString1="Gadgets", lpString2="Program Files") returned -1 [0054.505] lstrcmpiW (lpString1="Gadgets", lpString2="Program Files (x86)") returned -1 [0054.505] lstrcmpiW (lpString1="Gadgets", lpString2="$Recycle.bin") returned 1 [0054.505] lstrcmpiW (lpString1="Gadgets", lpString2="System Volume Information") returned -1 [0054.505] lstrcmpiW (lpString1="Gadgets", lpString2=".") returned 1 [0054.505] lstrcmpiW (lpString1="Gadgets", lpString2="..") returned 1 [0054.505] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets") returned 68 [0054.506] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.506] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" [0054.506] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*" [0054.506] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.506] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.506] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.506] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.506] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.506] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.506] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.506] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.506] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.506] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.506] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.506] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.506] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.506] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.506] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.506] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.506] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.506] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\LOLKEK.txt") returned 79 [0054.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\gadgets\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.506] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.506] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.507] CloseHandle (hObject=0x27c) returned 1 [0054.508] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.508] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0054.508] lstrcmpiW (lpString1="Settings.ini", lpString2="Windows") returned -1 [0054.508] lstrcmpiW (lpString1="Settings.ini", lpString2="Program Files") returned 1 [0054.508] lstrcmpiW (lpString1="Settings.ini", lpString2="Program Files (x86)") returned 1 [0054.508] lstrcmpiW (lpString1="Settings.ini", lpString2="$Recycle.bin") returned 1 [0054.508] lstrcmpiW (lpString1="Settings.ini", lpString2="System Volume Information") returned -1 [0054.508] lstrcmpiW (lpString1="Settings.ini", lpString2=".") returned 1 [0054.508] lstrcmpiW (lpString1="Settings.ini", lpString2="..") returned 1 [0054.508] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini") returned 73 [0054.508] StrStrIW (lpFirst="Settings.ini", lpSrch=".lolkek") returned 0x0 [0054.508] lstrcmpW (lpString1="Settings.ini", lpString2="LOLKEK.txt") returned 1 [0054.508] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini") returned 73 [0054.508] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x128) returned 0x3cac8b0 [0054.508] lstrcpyW (in: lpString1=0x3cac8b0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" [0054.508] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.508] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.508] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Settings.ini", cAlternateFileName="")) returned 0 [0054.508] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.508] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\LOLKEK.txt") returned 71 [0054.508] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.509] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.509] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.509] CloseHandle (hObject=0x280) returned 1 [0054.509] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.509] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 0 [0054.509] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.509] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\LOLKEK.txt") returned 55 [0054.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Microsoft\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b8 [0054.510] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.510] WriteFile (in: hFile=0x2b8, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0054.510] CloseHandle (hObject=0x2b8) returned 1 [0054.510] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.510] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Temp", cAlternateFileName="")) returned 1 [0054.510] lstrcmpiW (lpString1="Temp", lpString2="Windows") returned -1 [0054.510] lstrcmpiW (lpString1="Temp", lpString2="Program Files") returned 1 [0054.510] lstrcmpiW (lpString1="Temp", lpString2="Program Files (x86)") returned 1 [0054.510] lstrcmpiW (lpString1="Temp", lpString2="$Recycle.bin") returned 1 [0054.510] lstrcmpiW (lpString1="Temp", lpString2="System Volume Information") returned 1 [0054.511] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0054.511] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0054.511] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp") returned 39 [0054.511] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.511] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp" [0054.511] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\*" [0054.511] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.522] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.522] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.522] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.522] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.522] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.522] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.522] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.522] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.522] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.522] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.523] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.523] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.523] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.523] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.523] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0054.523] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="Windows") returned -1 [0054.523] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="Program Files") returned -1 [0054.523] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="Program Files (x86)") returned -1 [0054.523] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="$Recycle.bin") returned 1 [0054.523] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="System Volume Information") returned -1 [0054.523] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2=".") returned 1 [0054.523] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="..") returned 1 [0054.523] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned 62 [0054.523] StrStrIW (lpFirst="FXSAPIDebugLogFile.txt", lpSrch=".lolkek") returned 0x0 [0054.523] lstrcmpW (lpString1="FXSAPIDebugLogFile.txt", lpString2="LOLKEK.txt") returned -1 [0054.523] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned 62 [0054.523] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4968 [0054.523] lstrcpyW (in: lpString1=0x3ec4968, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" [0054.523] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.523] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.523] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 0 [0054.523] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.523] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\LOLKEK.txt") returned 50 [0054.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temp\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.524] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.524] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0054.524] CloseHandle (hObject=0x280) returned 1 [0054.524] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.524] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0054.524] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Windows") returned -1 [0054.524] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Program Files") returned 1 [0054.524] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="Program Files (x86)") returned 1 [0054.524] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="$Recycle.bin") returned 1 [0054.525] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="System Volume Information") returned 1 [0054.525] lstrcmpiW (lpString1="Temporary Internet Files", lpString2=".") returned 1 [0054.525] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="..") returned 1 [0054.525] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files") returned 59 [0054.525] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.525] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files" [0054.525] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*" [0054.525] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="ꐴ瘵뾣䛦ͣ疨였_纈0ͣͣ⒭䚗였_ͣ热/였_꿀]徰c헍皮")) returned 0xffffffff [0054.525] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.525] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0054.525] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.525] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Local\\LOLKEK.txt") returned 45 [0054.525] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Local\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\local\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0054.525] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.525] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0054.526] CloseHandle (hObject=0x2a0) returned 1 [0054.526] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.526] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0054.526] lstrcmpiW (lpString1="LocalLow", lpString2="Windows") returned -1 [0054.526] lstrcmpiW (lpString1="LocalLow", lpString2="Program Files") returned -1 [0054.526] lstrcmpiW (lpString1="LocalLow", lpString2="Program Files (x86)") returned -1 [0054.526] lstrcmpiW (lpString1="LocalLow", lpString2="$Recycle.bin") returned 1 [0054.526] lstrcmpiW (lpString1="LocalLow", lpString2="System Volume Information") returned -1 [0054.526] lstrcmpiW (lpString1="LocalLow", lpString2=".") returned 1 [0054.526] lstrcmpiW (lpString1="LocalLow", lpString2="..") returned 1 [0054.526] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow") returned 37 [0054.526] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.526] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow" [0054.526] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\*" [0054.526] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.526] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.526] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.527] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.527] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.527] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.527] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.527] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.527] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.527] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.527] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.527] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0054.527] lstrcmpiW (lpString1="Microsoft", lpString2="Windows") returned -1 [0054.527] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files") returned -1 [0054.527] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files (x86)") returned -1 [0054.527] lstrcmpiW (lpString1="Microsoft", lpString2="$Recycle.bin") returned 1 [0054.527] lstrcmpiW (lpString1="Microsoft", lpString2="System Volume Information") returned -1 [0054.527] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0054.527] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0054.527] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft") returned 47 [0054.527] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.527] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft" [0054.527] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\*" [0054.527] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.527] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.527] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.527] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.527] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.527] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.527] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.527] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.527] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.527] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.527] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.527] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.527] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 1 [0054.528] lstrcmpiW (lpString1="CryptnetUrlCache", lpString2="Windows") returned -1 [0054.528] lstrcmpiW (lpString1="CryptnetUrlCache", lpString2="Program Files") returned -1 [0054.528] lstrcmpiW (lpString1="CryptnetUrlCache", lpString2="Program Files (x86)") returned -1 [0054.528] lstrcmpiW (lpString1="CryptnetUrlCache", lpString2="$Recycle.bin") returned 1 [0054.528] lstrcmpiW (lpString1="CryptnetUrlCache", lpString2="System Volume Information") returned -1 [0054.528] lstrcmpiW (lpString1="CryptnetUrlCache", lpString2=".") returned 1 [0054.528] lstrcmpiW (lpString1="CryptnetUrlCache", lpString2="..") returned 1 [0054.528] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache") returned 64 [0054.528] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.528] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache" [0054.528] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*" [0054.528] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.528] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.528] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.528] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.528] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.528] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.528] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.528] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.528] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.528] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.528] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.528] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.528] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.528] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.528] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.528] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Content", cAlternateFileName="")) returned 1 [0054.528] lstrcmpiW (lpString1="Content", lpString2="Windows") returned -1 [0054.528] lstrcmpiW (lpString1="Content", lpString2="Program Files") returned -1 [0054.528] lstrcmpiW (lpString1="Content", lpString2="Program Files (x86)") returned -1 [0054.528] lstrcmpiW (lpString1="Content", lpString2="$Recycle.bin") returned 1 [0054.528] lstrcmpiW (lpString1="Content", lpString2="System Volume Information") returned -1 [0054.528] lstrcmpiW (lpString1="Content", lpString2=".") returned 1 [0054.528] lstrcmpiW (lpString1="Content", lpString2="..") returned 1 [0054.528] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content") returned 72 [0054.528] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.529] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content" [0054.529] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*" [0054.529] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.529] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.529] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.529] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.529] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.529] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.529] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.529] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.529] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.529] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.529] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.529] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.529] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.529] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.529] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.529] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x228, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0054.529] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Windows") returned -1 [0054.529] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files") returned -1 [0054.529] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files (x86)") returned -1 [0054.529] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="$Recycle.bin") returned 1 [0054.529] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="System Volume Information") returned -1 [0054.529] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2=".") returned 1 [0054.529] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="..") returned 1 [0054.529] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 105 [0054.529] StrStrIW (lpFirst="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpSrch=".lolkek") returned 0x0 [0054.529] lstrcmpW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="LOLKEK.txt") returned -1 [0054.529] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 105 [0054.529] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x3dd55d8 [0054.529] lstrcpyW (in: lpString1=0x3dd55d8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" [0054.530] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.530] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.530] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0054.530] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Windows") returned -1 [0054.530] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Program Files") returned -1 [0054.530] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Program Files (x86)") returned -1 [0054.530] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="$Recycle.bin") returned 1 [0054.530] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="System Volume Information") returned -1 [0054.530] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2=".") returned 1 [0054.530] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="..") returned 1 [0054.530] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015") returned 105 [0054.530] StrStrIW (lpFirst="94308059B57B3142E455B38A6EB92015", lpSrch=".lolkek") returned 0x0 [0054.530] lstrcmpW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="LOLKEK.txt") returned -1 [0054.530] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015") returned 105 [0054.530] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a8) returned 0x62f580 [0054.530] lstrcpyW (in: lpString1=0x62f580, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" [0054.530] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.530] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.530] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 0 [0054.530] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.530] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\LOLKEK.txt") returned 83 [0054.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0054.531] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.531] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.531] CloseHandle (hObject=0x270) returned 1 [0054.531] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.531] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MetaData", cAlternateFileName="")) returned 1 [0054.531] lstrcmpiW (lpString1="MetaData", lpString2="Windows") returned -1 [0054.531] lstrcmpiW (lpString1="MetaData", lpString2="Program Files") returned -1 [0054.531] lstrcmpiW (lpString1="MetaData", lpString2="Program Files (x86)") returned -1 [0054.532] lstrcmpiW (lpString1="MetaData", lpString2="$Recycle.bin") returned 1 [0054.532] lstrcmpiW (lpString1="MetaData", lpString2="System Volume Information") returned -1 [0054.532] lstrcmpiW (lpString1="MetaData", lpString2=".") returned 1 [0054.532] lstrcmpiW (lpString1="MetaData", lpString2="..") returned 1 [0054.532] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData") returned 73 [0054.532] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.532] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData" [0054.532] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*" [0054.532] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.532] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.532] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.532] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.532] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.532] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.532] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.532] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.532] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.532] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.532] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.532] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.532] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.532] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.532] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.532] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0054.532] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Windows") returned -1 [0054.532] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files") returned -1 [0054.532] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="Program Files (x86)") returned -1 [0054.532] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="$Recycle.bin") returned 1 [0054.532] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="System Volume Information") returned -1 [0054.532] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2=".") returned 1 [0054.532] lstrcmpiW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="..") returned 1 [0054.532] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 106 [0054.532] StrStrIW (lpFirst="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpSrch=".lolkek") returned 0x0 [0054.532] lstrcmpW (lpString1="7B2238AACCEDC3F1FFE8E7EB5F575EC9", lpString2="LOLKEK.txt") returned -1 [0054.532] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned 106 [0054.532] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x618490 [0054.532] lstrcpyW (in: lpString1=0x618490, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" [0054.532] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.533] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.533] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0054.533] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Windows") returned -1 [0054.533] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Program Files") returned -1 [0054.533] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="Program Files (x86)") returned -1 [0054.533] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="$Recycle.bin") returned 1 [0054.533] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="System Volume Information") returned -1 [0054.533] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2=".") returned 1 [0054.533] lstrcmpiW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="..") returned 1 [0054.533] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015") returned 106 [0054.533] StrStrIW (lpFirst="94308059B57B3142E455B38A6EB92015", lpSrch=".lolkek") returned 0x0 [0054.533] lstrcmpW (lpString1="94308059B57B3142E455B38A6EB92015", lpString2="LOLKEK.txt") returned -1 [0054.533] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015") returned 106 [0054.533] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ac) returned 0x3ec5ee8 [0054.533] lstrcpyW (in: lpString1=0x3ec5ee8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015") returned="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" [0054.533] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.533] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.533] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 0 [0054.533] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.533] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\LOLKEK.txt") returned 84 [0054.533] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0054.533] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.533] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.534] CloseHandle (hObject=0x270) returned 1 [0054.534] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.534] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MetaData", cAlternateFileName="")) returned 0 [0054.534] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.534] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\LOLKEK.txt") returned 75 [0054.534] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\cryptneturlcache\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.535] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.535] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.535] CloseHandle (hObject=0x27c) returned 1 [0054.535] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.535] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 0 [0054.535] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.536] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\LOLKEK.txt") returned 58 [0054.536] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\Microsoft\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\locallow\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.536] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.536] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0054.537] CloseHandle (hObject=0x280) returned 1 [0054.537] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.537] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0054.537] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.537] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\LOLKEK.txt") returned 48 [0054.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LocalLow\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\locallow\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0054.537] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.537] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0054.538] CloseHandle (hObject=0x2a0) returned 1 [0054.538] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.539] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roaming", cAlternateFileName="")) returned 1 [0054.539] lstrcmpiW (lpString1="Roaming", lpString2="Windows") returned -1 [0054.539] lstrcmpiW (lpString1="Roaming", lpString2="Program Files") returned 1 [0054.539] lstrcmpiW (lpString1="Roaming", lpString2="Program Files (x86)") returned 1 [0054.539] lstrcmpiW (lpString1="Roaming", lpString2="$Recycle.bin") returned 1 [0054.539] lstrcmpiW (lpString1="Roaming", lpString2="System Volume Information") returned -1 [0054.539] lstrcmpiW (lpString1="Roaming", lpString2=".") returned 1 [0054.539] lstrcmpiW (lpString1="Roaming", lpString2="..") returned 1 [0054.539] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming") returned 36 [0054.539] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.539] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming" [0054.539] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\*" [0054.539] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.540] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.540] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.540] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.540] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.540] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.540] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.540] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.540] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.540] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.540] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.540] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.540] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.540] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.540] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.540] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0054.540] lstrcmpiW (lpString1="Identities", lpString2="Windows") returned -1 [0054.540] lstrcmpiW (lpString1="Identities", lpString2="Program Files") returned -1 [0054.540] lstrcmpiW (lpString1="Identities", lpString2="Program Files (x86)") returned -1 [0054.540] lstrcmpiW (lpString1="Identities", lpString2="$Recycle.bin") returned 1 [0054.540] lstrcmpiW (lpString1="Identities", lpString2="System Volume Information") returned -1 [0054.540] lstrcmpiW (lpString1="Identities", lpString2=".") returned 1 [0054.540] lstrcmpiW (lpString1="Identities", lpString2="..") returned 1 [0054.540] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities") returned 47 [0054.540] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.540] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities" [0054.540] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\*" [0054.540] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.541] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.541] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.541] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.541] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.541] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.541] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.541] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.541] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.541] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.541] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.541] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.541] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.541] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.541] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.541] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0054.541] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="Windows") returned -1 [0054.541] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="Program Files") returned -1 [0054.541] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="Program Files (x86)") returned -1 [0054.541] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="$Recycle.bin") returned 1 [0054.541] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="System Volume Information") returned -1 [0054.541] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0054.541] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0054.541] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned 86 [0054.541] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.541] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" [0054.541] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*" [0054.541] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.542] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.542] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.542] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.542] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.542] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.542] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.542] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.542] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.542] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.542] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.542] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.542] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.542] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.542] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.542] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.542] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.542] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\LOLKEK.txt") returned 97 [0054.542] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.542] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.542] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.543] CloseHandle (hObject=0x27c) returned 1 [0054.543] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.543] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0054.543] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.543] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\LOLKEK.txt") returned 58 [0054.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Identities\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\identities\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.544] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.544] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0054.544] CloseHandle (hObject=0x280) returned 1 [0054.544] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.544] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0054.544] lstrcmpiW (lpString1="Microsoft", lpString2="Windows") returned -1 [0054.544] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files") returned -1 [0054.544] lstrcmpiW (lpString1="Microsoft", lpString2="Program Files (x86)") returned -1 [0054.544] lstrcmpiW (lpString1="Microsoft", lpString2="$Recycle.bin") returned 1 [0054.544] lstrcmpiW (lpString1="Microsoft", lpString2="System Volume Information") returned -1 [0054.544] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0054.544] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0054.544] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft") returned 46 [0054.544] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.545] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft" [0054.545] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*" [0054.545] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62dbd8 [0054.557] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.558] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.558] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.558] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.558] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.558] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.558] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.559] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.559] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.559] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.559] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0054.559] lstrcmpiW (lpString1="Credentials", lpString2="Windows") returned -1 [0054.559] lstrcmpiW (lpString1="Credentials", lpString2="Program Files") returned -1 [0054.559] lstrcmpiW (lpString1="Credentials", lpString2="Program Files (x86)") returned -1 [0054.559] lstrcmpiW (lpString1="Credentials", lpString2="$Recycle.bin") returned 1 [0054.559] lstrcmpiW (lpString1="Credentials", lpString2="System Volume Information") returned -1 [0054.559] lstrcmpiW (lpString1="Credentials", lpString2=".") returned 1 [0054.559] lstrcmpiW (lpString1="Credentials", lpString2="..") returned 1 [0054.559] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials") returned 58 [0054.559] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.559] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials" [0054.559] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*" [0054.559] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.559] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.559] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.559] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.559] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.559] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.559] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.559] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.559] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.559] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.559] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.559] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.559] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.560] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.560] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\LOLKEK.txt") returned 69 [0054.560] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Credentials\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\credentials\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.560] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.560] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.561] CloseHandle (hObject=0x27c) returned 1 [0054.561] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.561] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Crypto", cAlternateFileName="")) returned 1 [0054.561] lstrcmpiW (lpString1="Crypto", lpString2="Windows") returned -1 [0054.561] lstrcmpiW (lpString1="Crypto", lpString2="Program Files") returned -1 [0054.561] lstrcmpiW (lpString1="Crypto", lpString2="Program Files (x86)") returned -1 [0054.561] lstrcmpiW (lpString1="Crypto", lpString2="$Recycle.bin") returned 1 [0054.561] lstrcmpiW (lpString1="Crypto", lpString2="System Volume Information") returned -1 [0054.561] lstrcmpiW (lpString1="Crypto", lpString2=".") returned 1 [0054.561] lstrcmpiW (lpString1="Crypto", lpString2="..") returned 1 [0054.561] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto") returned 53 [0054.561] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.561] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto" [0054.562] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*" [0054.562] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.562] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.562] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.562] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.562] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.562] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.562] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.562] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.562] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.562] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.562] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.562] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.562] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.562] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.562] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.562] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 1 [0054.562] lstrcmpiW (lpString1="RSA", lpString2="Windows") returned -1 [0054.562] lstrcmpiW (lpString1="RSA", lpString2="Program Files") returned 1 [0054.562] lstrcmpiW (lpString1="RSA", lpString2="Program Files (x86)") returned 1 [0054.562] lstrcmpiW (lpString1="RSA", lpString2="$Recycle.bin") returned 1 [0054.562] lstrcmpiW (lpString1="RSA", lpString2="System Volume Information") returned -1 [0054.562] lstrcmpiW (lpString1="RSA", lpString2=".") returned 1 [0054.562] lstrcmpiW (lpString1="RSA", lpString2="..") returned 1 [0054.562] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA") returned 57 [0054.562] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.563] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA" [0054.563] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*" [0054.563] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.563] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.563] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.563] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.563] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.563] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.563] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.563] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.563] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.563] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.563] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.563] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.563] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.563] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.563] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.563] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.563] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.563] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\LOLKEK.txt") returned 68 [0054.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\rsa\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0054.564] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.564] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.565] CloseHandle (hObject=0x270) returned 1 [0054.565] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.565] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="RSA", cAlternateFileName="")) returned 0 [0054.565] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.565] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\LOLKEK.txt") returned 64 [0054.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Crypto\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\crypto\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.565] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.565] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.566] CloseHandle (hObject=0x27c) returned 1 [0054.566] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.566] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0054.566] lstrcmpiW (lpString1="Internet Explorer", lpString2="Windows") returned -1 [0054.566] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files") returned -1 [0054.566] lstrcmpiW (lpString1="Internet Explorer", lpString2="Program Files (x86)") returned -1 [0054.566] lstrcmpiW (lpString1="Internet Explorer", lpString2="$Recycle.bin") returned 1 [0054.566] lstrcmpiW (lpString1="Internet Explorer", lpString2="System Volume Information") returned -1 [0054.566] lstrcmpiW (lpString1="Internet Explorer", lpString2=".") returned 1 [0054.566] lstrcmpiW (lpString1="Internet Explorer", lpString2="..") returned 1 [0054.566] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer") returned 64 [0054.566] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.566] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer" [0054.566] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*" [0054.566] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.567] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.567] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.567] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.567] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.567] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.567] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.567] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfda27f60, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.567] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.567] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.567] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.567] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.567] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.567] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.567] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.567] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0054.567] lstrcmpiW (lpString1="Quick Launch", lpString2="Windows") returned -1 [0054.567] lstrcmpiW (lpString1="Quick Launch", lpString2="Program Files") returned 1 [0054.567] lstrcmpiW (lpString1="Quick Launch", lpString2="Program Files (x86)") returned 1 [0054.567] lstrcmpiW (lpString1="Quick Launch", lpString2="$Recycle.bin") returned 1 [0054.567] lstrcmpiW (lpString1="Quick Launch", lpString2="System Volume Information") returned -1 [0054.567] lstrcmpiW (lpString1="Quick Launch", lpString2=".") returned 1 [0054.567] lstrcmpiW (lpString1="Quick Launch", lpString2="..") returned 1 [0054.567] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch") returned 77 [0054.567] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.567] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" [0054.567] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*" [0054.567] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.575] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.575] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.575] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.575] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.575] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.575] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.575] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.575] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.575] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.575] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.575] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.575] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.575] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.575] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.575] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x7de4960a, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e1692f0, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x92, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.576] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.576] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.576] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.576] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.576] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.576] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.576] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.576] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 89 [0054.576] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.576] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.576] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned 89 [0054.576] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x168) returned 0x3de05b0 [0054.576] lstrcpyW (in: lpString1=0x3de05b0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" [0054.576] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.576] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.576] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de234aa, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0054.576] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Windows") returned -1 [0054.576] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Program Files") returned 1 [0054.576] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="Program Files (x86)") returned 1 [0054.576] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="$Recycle.bin") returned 1 [0054.576] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="System Volume Information") returned -1 [0054.576] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2=".") returned 1 [0054.576] lstrcmpiW (lpString1="Shows Desktop.lnk", lpString2="..") returned 1 [0054.576] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 95 [0054.576] StrStrIW (lpFirst="Shows Desktop.lnk", lpSrch=".lolkek") returned 0x0 [0054.576] lstrcmpW (lpString1="Shows Desktop.lnk", lpString2="LOLKEK.txt") returned 1 [0054.576] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned 95 [0054.576] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x180) returned 0x3dde5d0 [0054.576] lstrcpyW (in: lpString1=0x3dde5d0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" [0054.576] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.610] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.610] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0054.610] lstrcmpiW (lpString1="User Pinned", lpString2="Windows") returned -1 [0054.610] lstrcmpiW (lpString1="User Pinned", lpString2="Program Files") returned 1 [0054.610] lstrcmpiW (lpString1="User Pinned", lpString2="Program Files (x86)") returned 1 [0054.610] lstrcmpiW (lpString1="User Pinned", lpString2="$Recycle.bin") returned 1 [0054.610] lstrcmpiW (lpString1="User Pinned", lpString2="System Volume Information") returned 1 [0054.610] lstrcmpiW (lpString1="User Pinned", lpString2=".") returned 1 [0054.610] lstrcmpiW (lpString1="User Pinned", lpString2="..") returned 1 [0054.610] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 89 [0054.610] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dac050 [0054.610] lstrcpyW (in: lpString1=0x3dac050, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" [0054.610] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*" [0054.611] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.611] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.611] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.611] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.611] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.611] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.611] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.611] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.611] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.611] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.611] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.611] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.611] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.611] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.611] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.611] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0054.611] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="Windows") returned -1 [0054.611] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="Program Files") returned -1 [0054.611] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="Program Files (x86)") returned -1 [0054.611] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="$Recycle.bin") returned 1 [0054.611] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="System Volume Information") returned -1 [0054.611] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2=".") returned 1 [0054.611] lstrcmpiW (lpString1="ImplicitAppShortcuts", lpString2="..") returned 1 [0054.611] wsprintfW (in: param_1=0x3dac050, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned 110 [0054.611] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dbc058 [0054.611] lstrcpyW (in: lpString1=0x3dbc058, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" [0054.611] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*" [0054.611] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0054.612] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.612] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.612] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.612] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.612] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.612] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.612] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.612] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.612] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.612] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.612] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.612] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.612] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.612] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.612] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.612] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0054.612] wsprintfW (in: param_1=0x3dbc058, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\LOLKEK.txt") returned 121 [0054.612] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0054.613] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.613] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0054.613] CloseHandle (hObject=0x258) returned 1 [0054.613] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dbc058 | out: hHeap=0x5a0000) returned 1 [0054.613] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0054.613] lstrcmpiW (lpString1="TaskBar", lpString2="Windows") returned -1 [0054.613] lstrcmpiW (lpString1="TaskBar", lpString2="Program Files") returned 1 [0054.613] lstrcmpiW (lpString1="TaskBar", lpString2="Program Files (x86)") returned 1 [0054.613] lstrcmpiW (lpString1="TaskBar", lpString2="$Recycle.bin") returned 1 [0054.613] lstrcmpiW (lpString1="TaskBar", lpString2="System Volume Information") returned 1 [0054.613] lstrcmpiW (lpString1="TaskBar", lpString2=".") returned 1 [0054.614] lstrcmpiW (lpString1="TaskBar", lpString2="..") returned 1 [0054.614] wsprintfW (in: param_1=0x3dac050, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned 97 [0054.614] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3dbc058 [0054.614] lstrcpyW (in: lpString1=0x3dbc058, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" [0054.614] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*" [0054.614] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e058 [0054.637] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.637] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.637] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.637] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.637] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.637] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.637] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.637] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.637] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.637] wsprintfW (in: param_1=0x3dbc058, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 109 [0054.637] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.637] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.637] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned 109 [0054.637] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b8) returned 0x60eef0 [0054.637] lstrcpyW (in: lpString1=0x60eef0, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" [0054.638] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.638] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.638] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0054.638] wsprintfW (in: param_1=0x3dbc058, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk") returned 119 [0054.638] StrStrIW (lpFirst="Internet Explorer.lnk", lpSrch=".lolkek") returned 0x0 [0054.638] lstrcmpW (lpString1="Internet Explorer.lnk", lpString2="LOLKEK.txt") returned -1 [0054.638] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk") returned 119 [0054.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e0) returned 0x3cb3668 [0054.638] lstrcpyW (in: lpString1=0x3cb3668, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" [0054.638] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.638] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.638] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0054.638] wsprintfW (in: param_1=0x3dbc058, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk") returned 118 [0054.638] StrStrIW (lpFirst="Windows Explorer.lnk", lpSrch=".lolkek") returned 0x0 [0054.638] lstrcmpW (lpString1="Windows Explorer.lnk", lpString2="LOLKEK.txt") returned 1 [0054.638] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk") returned 118 [0054.638] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1dc) returned 0x3cb3850 [0054.638] lstrcpyW (in: lpString1=0x3cb3850, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" [0054.638] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.638] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.638] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0054.638] wsprintfW (in: param_1=0x3dbc058, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk") returned 122 [0054.639] StrStrIW (lpFirst="Windows Media Player.lnk", lpSrch=".lolkek") returned 0x0 [0054.639] lstrcmpW (lpString1="Windows Media Player.lnk", lpString2="LOLKEK.txt") returned 1 [0054.639] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk") returned 122 [0054.639] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1ec) returned 0x3dd4e38 [0054.639] lstrcpyW (in: lpString1=0x3dd4e38, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" [0054.639] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.639] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.639] FindNextFileW (in: hFindFile=0x62e058, lpFindFileData=0x363e20c | out: lpFindFileData=0x363e20c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0054.639] FindClose (in: hFindFile=0x62e058 | out: hFindFile=0x62e058) returned 1 [0054.639] wsprintfW (in: param_1=0x3dbc058, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\LOLKEK.txt") returned 108 [0054.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0054.640] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.640] WriteFile (in: hFile=0x258, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e204, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e204*=0x10, lpOverlapped=0x0) returned 1 [0054.641] CloseHandle (hObject=0x258) returned 1 [0054.641] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dbc058 | out: hHeap=0x5a0000) returned 1 [0054.641] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6477260, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x123526f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0054.641] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.641] wsprintfW (in: param_1=0x3dac050, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\LOLKEK.txt") returned 100 [0054.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0054.642] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.642] WriteFile (in: hFile=0x2bc, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0054.642] CloseHandle (hObject=0x2bc) returned 1 [0054.642] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3dac050 | out: hHeap=0x5a0000) returned 1 [0054.642] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0054.642] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Windows") returned -1 [0054.642] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Program Files") returned 1 [0054.642] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="Program Files (x86)") returned 1 [0054.642] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="$Recycle.bin") returned 1 [0054.642] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="System Volume Information") returned 1 [0054.643] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2=".") returned 1 [0054.643] lstrcmpiW (lpString1="Window Switcher.lnk", lpString2="..") returned 1 [0054.643] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 97 [0054.643] StrStrIW (lpFirst="Window Switcher.lnk", lpSrch=".lolkek") returned 0x0 [0054.643] lstrcmpW (lpString1="Window Switcher.lnk", lpString2="LOLKEK.txt") returned 1 [0054.643] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned 97 [0054.643] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x188) returned 0x3de02e8 [0054.643] lstrcpyW (in: lpString1=0x3de02e8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" [0054.643] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.643] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.643] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de6f76b, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0054.643] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.643] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\LOLKEK.txt") returned 88 [0054.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0054.643] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.643] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.644] CloseHandle (hObject=0x270) returned 1 [0054.644] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.645] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 0 [0054.645] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.645] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\LOLKEK.txt") returned 75 [0054.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Internet Explorer\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\internet explorer\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.646] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.646] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.646] CloseHandle (hObject=0x27c) returned 1 [0054.646] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.646] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Protect", cAlternateFileName="")) returned 1 [0054.646] lstrcmpiW (lpString1="Protect", lpString2="Windows") returned -1 [0054.646] lstrcmpiW (lpString1="Protect", lpString2="Program Files") returned 1 [0054.646] lstrcmpiW (lpString1="Protect", lpString2="Program Files (x86)") returned 1 [0054.646] lstrcmpiW (lpString1="Protect", lpString2="$Recycle.bin") returned 1 [0054.646] lstrcmpiW (lpString1="Protect", lpString2="System Volume Information") returned -1 [0054.647] lstrcmpiW (lpString1="Protect", lpString2=".") returned 1 [0054.647] lstrcmpiW (lpString1="Protect", lpString2="..") returned 1 [0054.647] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect") returned 54 [0054.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.647] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect" [0054.647] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*" [0054.647] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.647] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.647] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.647] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.647] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.647] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.647] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.647] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.647] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.647] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.647] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.647] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.647] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.647] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.647] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.647] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0054.647] lstrcmpiW (lpString1="CREDHIST", lpString2="Windows") returned -1 [0054.647] lstrcmpiW (lpString1="CREDHIST", lpString2="Program Files") returned -1 [0054.647] lstrcmpiW (lpString1="CREDHIST", lpString2="Program Files (x86)") returned -1 [0054.647] lstrcmpiW (lpString1="CREDHIST", lpString2="$Recycle.bin") returned 1 [0054.647] lstrcmpiW (lpString1="CREDHIST", lpString2="System Volume Information") returned -1 [0054.647] lstrcmpiW (lpString1="CREDHIST", lpString2=".") returned 1 [0054.647] lstrcmpiW (lpString1="CREDHIST", lpString2="..") returned 1 [0054.647] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 63 [0054.647] StrStrIW (lpFirst="CREDHIST", lpSrch=".lolkek") returned 0x0 [0054.647] lstrcmpW (lpString1="CREDHIST", lpString2="LOLKEK.txt") returned -1 [0054.647] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned 63 [0054.647] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x100) returned 0x3ec4548 [0054.648] lstrcpyW (in: lpString1=0x3ec4548, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" [0054.648] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.648] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.648] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0054.648] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="Windows") returned -1 [0054.648] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="Program Files") returned 1 [0054.648] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="Program Files (x86)") returned 1 [0054.648] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="$Recycle.bin") returned 1 [0054.648] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="System Volume Information") returned -1 [0054.648] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2=".") returned 1 [0054.648] lstrcmpiW (lpString1="S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="..") returned 1 [0054.648] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned 100 [0054.648] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.648] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" [0054.648] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*" [0054.648] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.657] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.657] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.657] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.657] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.657] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.657] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.657] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.657] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.657] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.657] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.657] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.657] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.657] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.657] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.657] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x642afa0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0054.658] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="Windows") returned -1 [0054.658] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="Program Files") returned -1 [0054.658] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="Program Files (x86)") returned -1 [0054.658] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="$Recycle.bin") returned 1 [0054.658] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="System Volume Information") returned -1 [0054.658] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2=".") returned 1 [0054.658] lstrcmpiW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="..") returned 1 [0054.658] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned 137 [0054.658] StrStrIW (lpFirst="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpSrch=".lolkek") returned 0x0 [0054.658] lstrcmpW (lpString1="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", lpString2="LOLKEK.txt") returned -1 [0054.658] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned 137 [0054.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x228) returned 0x3eb7d00 [0054.658] lstrcpyW (in: lpString1=0x3eb7d00, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" [0054.658] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.658] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.658] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0054.658] lstrcmpiW (lpString1="Preferred", lpString2="Windows") returned -1 [0054.658] lstrcmpiW (lpString1="Preferred", lpString2="Program Files") returned -1 [0054.658] lstrcmpiW (lpString1="Preferred", lpString2="Program Files (x86)") returned -1 [0054.658] lstrcmpiW (lpString1="Preferred", lpString2="$Recycle.bin") returned 1 [0054.658] lstrcmpiW (lpString1="Preferred", lpString2="System Volume Information") returned -1 [0054.658] lstrcmpiW (lpString1="Preferred", lpString2=".") returned 1 [0054.658] lstrcmpiW (lpString1="Preferred", lpString2="..") returned 1 [0054.658] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned 110 [0054.658] StrStrIW (lpFirst="Preferred", lpSrch=".lolkek") returned 0x0 [0054.658] lstrcmpW (lpString1="Preferred", lpString2="LOLKEK.txt") returned 1 [0054.658] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned 110 [0054.658] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1bc) returned 0x61a030 [0054.658] lstrcpyW (in: lpString1=0x61a030, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" [0054.658] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.658] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.658] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x6404e40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6404e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0054.658] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.659] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\LOLKEK.txt") returned 111 [0054.659] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0054.660] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.660] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.660] CloseHandle (hObject=0x270) returned 1 [0054.660] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.661] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x642afa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 0 [0054.661] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.661] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\LOLKEK.txt") returned 65 [0054.661] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Protect\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\protect\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.661] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.661] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.662] CloseHandle (hObject=0x27c) returned 1 [0054.662] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.662] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0054.662] lstrcmpiW (lpString1="SystemCertificates", lpString2="Windows") returned -1 [0054.662] lstrcmpiW (lpString1="SystemCertificates", lpString2="Program Files") returned 1 [0054.662] lstrcmpiW (lpString1="SystemCertificates", lpString2="Program Files (x86)") returned 1 [0054.662] lstrcmpiW (lpString1="SystemCertificates", lpString2="$Recycle.bin") returned 1 [0054.662] lstrcmpiW (lpString1="SystemCertificates", lpString2="System Volume Information") returned 1 [0054.662] lstrcmpiW (lpString1="SystemCertificates", lpString2=".") returned 1 [0054.662] lstrcmpiW (lpString1="SystemCertificates", lpString2="..") returned 1 [0054.662] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned 65 [0054.662] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.662] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates" [0054.662] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*" [0054.662] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.662] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.662] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.662] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.662] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.662] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.663] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.663] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.663] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.663] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.663] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.663] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.663] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.663] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.663] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.663] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="My", cAlternateFileName="")) returned 1 [0054.663] lstrcmpiW (lpString1="My", lpString2="Windows") returned -1 [0054.663] lstrcmpiW (lpString1="My", lpString2="Program Files") returned -1 [0054.663] lstrcmpiW (lpString1="My", lpString2="Program Files (x86)") returned -1 [0054.663] lstrcmpiW (lpString1="My", lpString2="$Recycle.bin") returned 1 [0054.663] lstrcmpiW (lpString1="My", lpString2="System Volume Information") returned -1 [0054.663] lstrcmpiW (lpString1="My", lpString2=".") returned 1 [0054.663] lstrcmpiW (lpString1="My", lpString2="..") returned 1 [0054.663] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My") returned 68 [0054.663] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x6466b8 [0054.663] lstrcpyW (in: lpString1=0x6466b8, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" [0054.663] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*" [0054.663] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.663] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.663] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.663] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.663] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.664] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.664] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.664] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.664] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.664] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.664] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.664] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.664] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.664] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.664] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.664] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0054.664] lstrcmpiW (lpString1="Certificates", lpString2="Windows") returned -1 [0054.664] lstrcmpiW (lpString1="Certificates", lpString2="Program Files") returned -1 [0054.664] lstrcmpiW (lpString1="Certificates", lpString2="Program Files (x86)") returned -1 [0054.664] lstrcmpiW (lpString1="Certificates", lpString2="$Recycle.bin") returned 1 [0054.664] lstrcmpiW (lpString1="Certificates", lpString2="System Volume Information") returned -1 [0054.664] lstrcmpiW (lpString1="Certificates", lpString2=".") returned 1 [0054.664] lstrcmpiW (lpString1="Certificates", lpString2="..") returned 1 [0054.664] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates") returned 81 [0054.664] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3df1f48 [0054.664] lstrcpyW (in: lpString1=0x3df1f48, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" [0054.664] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*" [0054.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.666] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.666] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.666] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.666] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.666] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.666] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.666] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.666] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.666] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.666] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.666] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.666] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.666] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.666] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.666] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.666] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.666] wsprintfW (in: param_1=0x3df1f48, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\LOLKEK.txt") returned 92 [0054.666] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0054.667] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.667] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0054.667] CloseHandle (hObject=0x24c) returned 1 [0054.667] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3df1f48 | out: hHeap=0x5a0000) returned 1 [0054.667] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CRLs", cAlternateFileName="")) returned 1 [0054.667] lstrcmpiW (lpString1="CRLs", lpString2="Windows") returned -1 [0054.667] lstrcmpiW (lpString1="CRLs", lpString2="Program Files") returned -1 [0054.667] lstrcmpiW (lpString1="CRLs", lpString2="Program Files (x86)") returned -1 [0054.667] lstrcmpiW (lpString1="CRLs", lpString2="$Recycle.bin") returned 1 [0054.667] lstrcmpiW (lpString1="CRLs", lpString2="System Volume Information") returned -1 [0054.668] lstrcmpiW (lpString1="CRLs", lpString2=".") returned 1 [0054.668] lstrcmpiW (lpString1="CRLs", lpString2="..") returned 1 [0054.668] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs") returned 73 [0054.668] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0054.668] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" [0054.668] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*" [0054.668] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.668] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.668] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.668] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.668] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.668] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.668] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.668] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.668] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.668] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.668] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.668] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.668] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.668] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.668] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.668] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.668] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.668] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\LOLKEK.txt") returned 84 [0054.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0054.669] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.669] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0054.669] CloseHandle (hObject=0x24c) returned 1 [0054.670] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0054.670] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CTLs", cAlternateFileName="")) returned 1 [0054.670] lstrcmpiW (lpString1="CTLs", lpString2="Windows") returned -1 [0054.670] lstrcmpiW (lpString1="CTLs", lpString2="Program Files") returned -1 [0054.670] lstrcmpiW (lpString1="CTLs", lpString2="Program Files (x86)") returned -1 [0054.670] lstrcmpiW (lpString1="CTLs", lpString2="$Recycle.bin") returned 1 [0054.670] lstrcmpiW (lpString1="CTLs", lpString2="System Volume Information") returned -1 [0054.670] lstrcmpiW (lpString1="CTLs", lpString2=".") returned 1 [0054.670] lstrcmpiW (lpString1="CTLs", lpString2="..") returned 1 [0054.670] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs") returned 73 [0054.670] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3de1f40 [0054.670] lstrcpyW (in: lpString1=0x3de1f40, lpString2="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" [0054.670] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*") returned="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*" [0054.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e018 [0054.670] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.670] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.670] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.670] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.670] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.670] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.670] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.670] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.670] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.670] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.670] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.670] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.670] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.670] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.670] FindNextFileW (in: hFindFile=0x62e018, lpFindFileData=0x363e48c | out: lpFindFileData=0x363e48c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.670] FindClose (in: hFindFile=0x62e018 | out: hFindFile=0x62e018) returned 1 [0054.671] wsprintfW (in: param_1=0x3de1f40, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\LOLKEK.txt") returned 84 [0054.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0054.671] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.671] WriteFile (in: hFile=0x24c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e484, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e484*=0x10, lpOverlapped=0x0) returned 1 [0054.672] CloseHandle (hObject=0x24c) returned 1 [0054.672] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3de1f40 | out: hHeap=0x5a0000) returned 1 [0054.672] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363e70c | out: lpFindFileData=0x363e70c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="CTLs", cAlternateFileName="")) returned 0 [0054.672] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0054.672] wsprintfW (in: param_1=0x6466b8, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\LOLKEK.txt") returned 79 [0054.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\my\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x270 [0054.672] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.672] WriteFile (in: hFile=0x270, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e704, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e704*=0x10, lpOverlapped=0x0) returned 1 [0054.673] CloseHandle (hObject=0x270) returned 1 [0054.673] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x6466b8 | out: hHeap=0x5a0000) returned 1 [0054.673] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363e98c | out: lpFindFileData=0x363e98c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="My", cAlternateFileName="")) returned 0 [0054.673] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.673] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\LOLKEK.txt") returned 76 [0054.673] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\SystemCertificates\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\systemcertificates\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0054.673] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.673] WriteFile (in: hFile=0x27c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363e984, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363e984*=0x10, lpOverlapped=0x0) returned 1 [0054.674] CloseHandle (hObject=0x27c) returned 1 [0054.674] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.675] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0054.675] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0054.675] FindNextFileW (in: hFindFile=0x62dbd8, lpFindFileData=0x363ec0c | out: lpFindFileData=0x363ec0c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows", cAlternateFileName="")) returned 0 [0054.675] FindClose (in: hFindFile=0x62dbd8 | out: hFindFile=0x62dbd8) returned 1 [0054.675] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\LOLKEK.txt") returned 57 [0054.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\microsoft\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0054.676] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.676] WriteFile (in: hFile=0x280, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ec04, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ec04*=0x10, lpOverlapped=0x0) returned 1 [0054.676] CloseHandle (hObject=0x280) returned 1 [0054.676] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.676] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0054.676] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.676] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\LOLKEK.txt") returned 47 [0054.676] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\Roaming\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\roaming\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0054.677] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.677] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0054.677] CloseHandle (hObject=0x2a0) returned 1 [0054.677] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.677] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roaming", cAlternateFileName="")) returned 0 [0054.677] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.678] wsprintfW (in: param_1=0x5dafc0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\AppData\\LOLKEK.txt") returned 39 [0054.678] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\AppData\\LOLKEK.txt" (normalized: "c:\\users\\default\\appdata\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.678] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.678] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.679] CloseHandle (hObject=0x23c) returned 1 [0054.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5dafc0 | out: hHeap=0x5a0000) returned 1 [0054.679] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0054.679] lstrcmpiW (lpString1="Application Data", lpString2="Windows") returned -1 [0054.679] lstrcmpiW (lpString1="Application Data", lpString2="Program Files") returned -1 [0054.679] lstrcmpiW (lpString1="Application Data", lpString2="Program Files (x86)") returned -1 [0054.679] lstrcmpiW (lpString1="Application Data", lpString2="$Recycle.bin") returned 1 [0054.679] lstrcmpiW (lpString1="Application Data", lpString2="System Volume Information") returned -1 [0054.679] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0054.679] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0054.679] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Application Data") returned 37 [0054.679] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.679] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\Default\\Application Data") returned="\\\\?\\C:\\Users\\Default\\Application Data" [0054.679] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Application Data", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Application Data\\*") returned="\\\\?\\C:\\Users\\Default\\Application Data\\*" [0054.679] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Roaming", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.679] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.679] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Contacts", cAlternateFileName="")) returned 1 [0054.679] lstrcmpiW (lpString1="Contacts", lpString2="Windows") returned -1 [0054.679] lstrcmpiW (lpString1="Contacts", lpString2="Program Files") returned -1 [0054.679] lstrcmpiW (lpString1="Contacts", lpString2="Program Files (x86)") returned -1 [0054.679] lstrcmpiW (lpString1="Contacts", lpString2="$Recycle.bin") returned 1 [0054.679] lstrcmpiW (lpString1="Contacts", lpString2="System Volume Information") returned -1 [0054.679] lstrcmpiW (lpString1="Contacts", lpString2=".") returned 1 [0054.680] lstrcmpiW (lpString1="Contacts", lpString2="..") returned 1 [0054.680] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts") returned 29 [0054.680] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.680] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Contacts" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts") returned="\\\\?\\C:\\Users\\Default\\Contacts" [0054.680] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Contacts", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\*") returned="\\\\?\\C:\\Users\\Default\\Contacts\\*" [0054.680] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.680] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.680] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.680] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.680] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.680] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.680] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.680] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.680] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.680] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.680] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.680] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.680] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.680] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.680] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.680] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0054.680] lstrcmpiW (lpString1="Administrator.contact", lpString2="Windows") returned -1 [0054.680] lstrcmpiW (lpString1="Administrator.contact", lpString2="Program Files") returned -1 [0054.680] lstrcmpiW (lpString1="Administrator.contact", lpString2="Program Files (x86)") returned -1 [0054.680] lstrcmpiW (lpString1="Administrator.contact", lpString2="$Recycle.bin") returned 1 [0054.680] lstrcmpiW (lpString1="Administrator.contact", lpString2="System Volume Information") returned -1 [0054.680] lstrcmpiW (lpString1="Administrator.contact", lpString2=".") returned 1 [0054.680] lstrcmpiW (lpString1="Administrator.contact", lpString2="..") returned 1 [0054.680] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0054.680] StrStrIW (lpFirst="Administrator.contact", lpSrch=".lolkek") returned 0x0 [0054.681] lstrcmpW (lpString1="Administrator.contact", lpString2="LOLKEK.txt") returned -1 [0054.681] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0054.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbe900 [0054.681] lstrcpyW (in: lpString1=0x3cbe900, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" [0054.681] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.681] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.681] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.681] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.681] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.681] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.681] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.681] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.681] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.681] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.681] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned 41 [0054.681] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.681] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.681] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned 41 [0054.681] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa8) returned 0x3cb1668 [0054.681] lstrcpyW (in: lpString1=0x3cb1668, lpString2="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini" [0054.681] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.681] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.681] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.681] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.681] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Contacts\\LOLKEK.txt") returned 40 [0054.681] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\LOLKEK.txt" (normalized: "c:\\users\\default\\contacts\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.682] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.682] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.682] CloseHandle (hObject=0x23c) returned 1 [0054.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.683] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0054.683] lstrcmpiW (lpString1="Cookies", lpString2="Windows") returned -1 [0054.683] lstrcmpiW (lpString1="Cookies", lpString2="Program Files") returned -1 [0054.683] lstrcmpiW (lpString1="Cookies", lpString2="Program Files (x86)") returned -1 [0054.683] lstrcmpiW (lpString1="Cookies", lpString2="$Recycle.bin") returned 1 [0054.683] lstrcmpiW (lpString1="Cookies", lpString2="System Volume Information") returned -1 [0054.683] lstrcmpiW (lpString1="Cookies", lpString2=".") returned 1 [0054.683] lstrcmpiW (lpString1="Cookies", lpString2="..") returned 1 [0054.683] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Cookies") returned 28 [0054.683] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.683] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\Default\\Cookies") returned="\\\\?\\C:\\Users\\Default\\Cookies" [0054.683] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Cookies", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Cookies\\*") returned="\\\\?\\C:\\Users\\Default\\Cookies\\*" [0054.683] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.683] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.683] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0054.683] lstrcmpiW (lpString1="Desktop", lpString2="Windows") returned -1 [0054.683] lstrcmpiW (lpString1="Desktop", lpString2="Program Files") returned -1 [0054.683] lstrcmpiW (lpString1="Desktop", lpString2="Program Files (x86)") returned -1 [0054.683] lstrcmpiW (lpString1="Desktop", lpString2="$Recycle.bin") returned 1 [0054.683] lstrcmpiW (lpString1="Desktop", lpString2="System Volume Information") returned -1 [0054.683] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0054.683] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0054.683] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Desktop") returned 28 [0054.683] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.683] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\Default\\Desktop") returned="\\\\?\\C:\\Users\\Default\\Desktop" [0054.683] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Desktop", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Desktop\\*") returned="\\\\?\\C:\\Users\\Default\\Desktop\\*" [0054.683] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.684] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.684] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.684] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.684] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.684] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.684] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.684] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.684] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.684] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.684] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.684] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.684] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.684] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.684] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.684] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.684] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.684] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.684] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.684] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.684] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.684] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.684] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.684] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini") returned 40 [0054.684] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.684] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.684] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini") returned 40 [0054.684] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa4) returned 0x3cb1718 [0054.684] lstrcpyW (in: lpString1=0x3cb1718, lpString2="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini" [0054.684] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.684] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.684] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.684] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.684] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Desktop\\LOLKEK.txt") returned 39 [0054.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\LOLKEK.txt" (normalized: "c:\\users\\default\\desktop\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.685] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.685] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.686] CloseHandle (hObject=0x23c) returned 1 [0054.686] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.686] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0054.686] lstrcmpiW (lpString1="Documents", lpString2="Windows") returned -1 [0054.686] lstrcmpiW (lpString1="Documents", lpString2="Program Files") returned -1 [0054.686] lstrcmpiW (lpString1="Documents", lpString2="Program Files (x86)") returned -1 [0054.686] lstrcmpiW (lpString1="Documents", lpString2="$Recycle.bin") returned 1 [0054.686] lstrcmpiW (lpString1="Documents", lpString2="System Volume Information") returned -1 [0054.686] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0054.686] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0054.686] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents") returned 30 [0054.686] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.686] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Documents" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents") returned="\\\\?\\C:\\Users\\Default\\Documents" [0054.686] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Documents", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\*") returned="\\\\?\\C:\\Users\\Default\\Documents\\*" [0054.686] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.687] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.687] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.687] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.687] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.687] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.687] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.687] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.687] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.687] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.687] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.687] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.687] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.687] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.687] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.687] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.687] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.687] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.687] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.687] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.687] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.687] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.687] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.687] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned 42 [0054.687] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.687] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.687] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned 42 [0054.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xac) returned 0x3ca9668 [0054.687] lstrcpyW (in: lpString1=0x3ca9668, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini" [0054.687] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.687] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.687] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0054.687] lstrcmpiW (lpString1="My Music", lpString2="Windows") returned -1 [0054.687] lstrcmpiW (lpString1="My Music", lpString2="Program Files") returned -1 [0054.687] lstrcmpiW (lpString1="My Music", lpString2="Program Files (x86)") returned -1 [0054.687] lstrcmpiW (lpString1="My Music", lpString2="$Recycle.bin") returned 1 [0054.687] lstrcmpiW (lpString1="My Music", lpString2="System Volume Information") returned -1 [0054.687] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0054.687] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0054.687] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\My Music") returned 39 [0054.687] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.688] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Music") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Music" [0054.688] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Music", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*" [0054.688] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨였_纈0ͣͣ㨭䚗였_ͣ热/였_徰c읈a헍皮")) returned 0xffffffff [0054.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.688] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0054.688] lstrcmpiW (lpString1="My Pictures", lpString2="Windows") returned -1 [0054.688] lstrcmpiW (lpString1="My Pictures", lpString2="Program Files") returned -1 [0054.688] lstrcmpiW (lpString1="My Pictures", lpString2="Program Files (x86)") returned -1 [0054.688] lstrcmpiW (lpString1="My Pictures", lpString2="$Recycle.bin") returned 1 [0054.688] lstrcmpiW (lpString1="My Pictures", lpString2="System Volume Information") returned -1 [0054.688] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0054.688] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0054.688] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures") returned 42 [0054.688] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.688] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures" [0054.688] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*" [0054.688] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨였_纈0ͣͣ㨭䚗였_ͣ热/였_徰c읈a헍皮")) returned 0xffffffff [0054.688] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.688] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0054.688] lstrcmpiW (lpString1="My Videos", lpString2="Windows") returned -1 [0054.689] lstrcmpiW (lpString1="My Videos", lpString2="Program Files") returned -1 [0054.689] lstrcmpiW (lpString1="My Videos", lpString2="Program Files (x86)") returned -1 [0054.689] lstrcmpiW (lpString1="My Videos", lpString2="$Recycle.bin") returned 1 [0054.689] lstrcmpiW (lpString1="My Videos", lpString2="System Volume Information") returned -1 [0054.689] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0054.689] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0054.689] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\My Videos") returned 40 [0054.689] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.689] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Videos" [0054.689] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Videos", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*" [0054.689] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨였_纈0ͣͣ㨭䚗였_ͣ热/였_徰c읈a헍皮")) returned 0xffffffff [0054.689] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.689] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0054.689] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.689] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Documents\\LOLKEK.txt") returned 41 [0054.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\LOLKEK.txt" (normalized: "c:\\users\\default\\documents\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.690] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.690] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.691] CloseHandle (hObject=0x23c) returned 1 [0054.691] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.691] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0054.691] lstrcmpiW (lpString1="Downloads", lpString2="Windows") returned -1 [0054.691] lstrcmpiW (lpString1="Downloads", lpString2="Program Files") returned -1 [0054.691] lstrcmpiW (lpString1="Downloads", lpString2="Program Files (x86)") returned -1 [0054.691] lstrcmpiW (lpString1="Downloads", lpString2="$Recycle.bin") returned 1 [0054.691] lstrcmpiW (lpString1="Downloads", lpString2="System Volume Information") returned -1 [0054.691] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0054.691] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0054.691] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads") returned 30 [0054.691] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.691] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads") returned="\\\\?\\C:\\Users\\Default\\Downloads" [0054.691] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Downloads", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\*") returned="\\\\?\\C:\\Users\\Default\\Downloads\\*" [0054.691] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.692] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.692] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.692] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.692] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.692] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.692] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.692] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.692] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.692] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.692] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.692] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.692] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.692] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.692] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.692] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.692] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.692] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.692] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.692] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.692] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.692] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.692] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.692] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned 42 [0054.692] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.692] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.692] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned 42 [0054.692] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xac) returned 0x3ca9720 [0054.692] lstrcpyW (in: lpString1=0x3ca9720, lpString2="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini" [0054.692] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.692] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.692] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.692] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.693] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Downloads\\LOLKEK.txt") returned 41 [0054.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\LOLKEK.txt" (normalized: "c:\\users\\default\\downloads\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.693] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.693] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.694] CloseHandle (hObject=0x23c) returned 1 [0054.694] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.694] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0054.694] lstrcmpiW (lpString1="Favorites", lpString2="Windows") returned -1 [0054.694] lstrcmpiW (lpString1="Favorites", lpString2="Program Files") returned -1 [0054.694] lstrcmpiW (lpString1="Favorites", lpString2="Program Files (x86)") returned -1 [0054.694] lstrcmpiW (lpString1="Favorites", lpString2="$Recycle.bin") returned 1 [0054.694] lstrcmpiW (lpString1="Favorites", lpString2="System Volume Information") returned -1 [0054.694] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0054.694] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0054.694] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites") returned 30 [0054.694] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.694] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites") returned="\\\\?\\C:\\Users\\Default\\Favorites" [0054.694] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Favorites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\*") returned="\\\\?\\C:\\Users\\Default\\Favorites\\*" [0054.694] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.697] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.697] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.697] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.697] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.697] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.697] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.697] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.697] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.697] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.697] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.697] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.697] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.697] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.697] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.697] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.697] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.697] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.697] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.697] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.697] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.697] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.697] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.697] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned 42 [0054.697] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.697] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.697] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned 42 [0054.697] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xac) returned 0x3ca97d8 [0054.697] lstrcpyW (in: lpString1=0x3ca97d8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini" [0054.697] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.698] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.698] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0054.698] lstrcmpiW (lpString1="Links", lpString2="Windows") returned -1 [0054.698] lstrcmpiW (lpString1="Links", lpString2="Program Files") returned -1 [0054.698] lstrcmpiW (lpString1="Links", lpString2="Program Files (x86)") returned -1 [0054.698] lstrcmpiW (lpString1="Links", lpString2="$Recycle.bin") returned 1 [0054.698] lstrcmpiW (lpString1="Links", lpString2="System Volume Information") returned -1 [0054.698] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0054.698] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0054.698] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links") returned 36 [0054.698] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.698] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links" [0054.698] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*" [0054.698] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.698] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.698] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.698] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.698] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.698] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.698] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.698] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.698] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.698] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.698] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.698] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.698] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.698] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.698] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.698] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.698] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.698] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.698] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.698] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.699] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.699] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.699] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.699] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 48 [0054.699] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.699] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.699] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 48 [0054.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc4) returned 0x3e3be28 [0054.699] lstrcpyW (in: lpString1=0x3e3be28, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini" [0054.699] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.699] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.699] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0054.699] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="Windows") returned -1 [0054.699] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="Program Files") returned 1 [0054.699] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="Program Files (x86)") returned 1 [0054.699] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="$Recycle.bin") returned 1 [0054.699] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="System Volume Information") returned 1 [0054.699] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2=".") returned 1 [0054.699] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="..") returned 1 [0054.699] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0054.699] StrStrIW (lpFirst="Web Slice Gallery.url", lpSrch=".lolkek") returned 0x0 [0054.699] lstrcmpW (lpString1="Web Slice Gallery.url", lpString2="LOLKEK.txt") returned 1 [0054.699] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0054.699] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca86e0 [0054.699] lstrcpyW (in: lpString1=0x3ca86e0, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" [0054.699] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.699] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.699] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0054.699] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.699] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\LOLKEK.txt") returned 47 [0054.699] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\LOLKEK.txt" (normalized: "c:\\users\\default\\favorites\\links\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0054.700] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.700] WriteFile (in: hFile=0x1e0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0054.701] CloseHandle (hObject=0x1e0) returned 1 [0054.701] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.701] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0054.701] lstrcmpiW (lpString1="Microsoft Websites", lpString2="Windows") returned -1 [0054.701] lstrcmpiW (lpString1="Microsoft Websites", lpString2="Program Files") returned -1 [0054.701] lstrcmpiW (lpString1="Microsoft Websites", lpString2="Program Files (x86)") returned -1 [0054.701] lstrcmpiW (lpString1="Microsoft Websites", lpString2="$Recycle.bin") returned 1 [0054.701] lstrcmpiW (lpString1="Microsoft Websites", lpString2="System Volume Information") returned -1 [0054.701] lstrcmpiW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0054.701] lstrcmpiW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0054.701] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 49 [0054.701] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.701] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites" [0054.701] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*" [0054.701] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.704] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.704] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.704] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.704] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.704] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.704] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.704] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.704] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.704] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.704] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.705] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.705] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.705] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.705] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.705] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0054.705] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="Windows") returned -1 [0054.705] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="Program Files") returned -1 [0054.705] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="Program Files (x86)") returned -1 [0054.705] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="$Recycle.bin") returned 1 [0054.705] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="System Volume Information") returned -1 [0054.705] lstrcmpiW (lpString1="IE Add-on site.url", lpString2=".") returned 1 [0054.705] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="..") returned 1 [0054.705] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0054.705] StrStrIW (lpFirst="IE Add-on site.url", lpSrch=".lolkek") returned 0x0 [0054.705] lstrcmpW (lpString1="IE Add-on site.url", lpString2="LOLKEK.txt") returned -1 [0054.705] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0054.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x5fc230 [0054.705] lstrcpyW (in: lpString1=0x5fc230, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" [0054.705] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.705] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.705] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0054.705] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="Windows") returned -1 [0054.705] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="Program Files") returned -1 [0054.705] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="Program Files (x86)") returned -1 [0054.705] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="$Recycle.bin") returned 1 [0054.705] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="System Volume Information") returned -1 [0054.705] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2=".") returned 1 [0054.705] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="..") returned 1 [0054.705] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0054.705] StrStrIW (lpFirst="IE site on Microsoft.com.url", lpSrch=".lolkek") returned 0x0 [0054.705] lstrcmpW (lpString1="IE site on Microsoft.com.url", lpString2="LOLKEK.txt") returned -1 [0054.705] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0054.705] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x13c) returned 0x6178f8 [0054.705] lstrcpyW (in: lpString1=0x6178f8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" [0054.705] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.705] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.705] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="Windows") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="Program Files") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="Program Files (x86)") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="$Recycle.bin") returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="System Volume Information") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2=".") returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="..") returned 1 [0054.706] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0054.706] StrStrIW (lpFirst="Microsoft At Home.url", lpSrch=".lolkek") returned 0x0 [0054.706] lstrcmpW (lpString1="Microsoft At Home.url", lpString2="LOLKEK.txt") returned 1 [0054.706] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0054.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3ee78 [0054.706] lstrcpyW (in: lpString1=0x3e3ee78, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" [0054.706] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.706] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.706] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="Windows") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="Program Files") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="Program Files (x86)") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="$Recycle.bin") returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="System Volume Information") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2=".") returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="..") returned 1 [0054.706] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0054.706] StrStrIW (lpFirst="Microsoft At Work.url", lpSrch=".lolkek") returned 0x0 [0054.706] lstrcmpW (lpString1="Microsoft At Work.url", lpString2="LOLKEK.txt") returned 1 [0054.706] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0054.706] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x120) returned 0x3e3f0c8 [0054.706] lstrcpyW (in: lpString1=0x3e3f0c8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" [0054.706] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.706] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.706] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="Windows") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="Program Files") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="Program Files (x86)") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="$Recycle.bin") returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="System Volume Information") returned -1 [0054.706] lstrcmpiW (lpString1="Microsoft Store.url", lpString2=".") returned 1 [0054.706] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="..") returned 1 [0054.707] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0054.707] StrStrIW (lpFirst="Microsoft Store.url", lpSrch=".lolkek") returned 0x0 [0054.707] lstrcmpW (lpString1="Microsoft Store.url", lpString2="LOLKEK.txt") returned 1 [0054.707] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0054.707] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x60e930 [0054.707] lstrcpyW (in: lpString1=0x60e930, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" [0054.707] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.708] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.708] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0054.708] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.708] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\LOLKEK.txt") returned 60 [0054.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\LOLKEK.txt" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0054.709] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.709] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0054.710] CloseHandle (hObject=0x224) returned 1 [0054.710] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.711] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0054.711] lstrcmpiW (lpString1="MSN Websites", lpString2="Windows") returned -1 [0054.711] lstrcmpiW (lpString1="MSN Websites", lpString2="Program Files") returned -1 [0054.711] lstrcmpiW (lpString1="MSN Websites", lpString2="Program Files (x86)") returned -1 [0054.711] lstrcmpiW (lpString1="MSN Websites", lpString2="$Recycle.bin") returned 1 [0054.712] lstrcmpiW (lpString1="MSN Websites", lpString2="System Volume Information") returned -1 [0054.712] lstrcmpiW (lpString1="MSN Websites", lpString2=".") returned 1 [0054.712] lstrcmpiW (lpString1="MSN Websites", lpString2="..") returned 1 [0054.712] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites") returned 43 [0054.712] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.712] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites" [0054.712] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*" [0054.712] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.716] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.716] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.716] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.716] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.716] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.716] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.716] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.716] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.716] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.716] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.716] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.716] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.716] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.716] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.716] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0054.716] lstrcmpiW (lpString1="MSN Autos.url", lpString2="Windows") returned -1 [0054.716] lstrcmpiW (lpString1="MSN Autos.url", lpString2="Program Files") returned -1 [0054.716] lstrcmpiW (lpString1="MSN Autos.url", lpString2="Program Files (x86)") returned -1 [0054.716] lstrcmpiW (lpString1="MSN Autos.url", lpString2="$Recycle.bin") returned 1 [0054.716] lstrcmpiW (lpString1="MSN Autos.url", lpString2="System Volume Information") returned -1 [0054.716] lstrcmpiW (lpString1="MSN Autos.url", lpString2=".") returned 1 [0054.716] lstrcmpiW (lpString1="MSN Autos.url", lpString2="..") returned 1 [0054.716] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0054.716] StrStrIW (lpFirst="MSN Autos.url", lpSrch=".lolkek") returned 0x0 [0054.716] lstrcmpW (lpString1="MSN Autos.url", lpString2="LOLKEK.txt") returned 1 [0054.716] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0054.716] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x3e373b8 [0054.716] lstrcpyW (in: lpString1=0x3e373b8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" [0054.716] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.716] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.716] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0054.717] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="Windows") returned -1 [0054.717] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="Program Files") returned -1 [0054.717] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="Program Files (x86)") returned -1 [0054.717] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="$Recycle.bin") returned 1 [0054.717] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="System Volume Information") returned -1 [0054.717] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2=".") returned 1 [0054.717] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="..") returned 1 [0054.717] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0054.717] StrStrIW (lpFirst="MSN Entertainment.url", lpSrch=".lolkek") returned 0x0 [0054.717] lstrcmpW (lpString1="MSN Entertainment.url", lpString2="LOLKEK.txt") returned 1 [0054.717] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0054.717] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x6112c8 [0054.717] lstrcpyW (in: lpString1=0x6112c8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" [0054.717] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.722] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.722] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0054.722] lstrcmpiW (lpString1="MSN Money.url", lpString2="Windows") returned -1 [0054.722] lstrcmpiW (lpString1="MSN Money.url", lpString2="Program Files") returned -1 [0054.722] lstrcmpiW (lpString1="MSN Money.url", lpString2="Program Files (x86)") returned -1 [0054.722] lstrcmpiW (lpString1="MSN Money.url", lpString2="$Recycle.bin") returned 1 [0054.722] lstrcmpiW (lpString1="MSN Money.url", lpString2="System Volume Information") returned -1 [0054.722] lstrcmpiW (lpString1="MSN Money.url", lpString2=".") returned 1 [0054.723] lstrcmpiW (lpString1="MSN Money.url", lpString2="..") returned 1 [0054.723] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0054.723] StrStrIW (lpFirst="MSN Money.url", lpSrch=".lolkek") returned 0x0 [0054.723] lstrcmpW (lpString1="MSN Money.url", lpString2="LOLKEK.txt") returned 1 [0054.723] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0054.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x3e372c8 [0054.723] lstrcpyW (in: lpString1=0x3e372c8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" [0054.723] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.723] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.723] lstrcmpiW (lpString1="MSN Sports.url", lpString2="Windows") returned -1 [0054.723] lstrcmpiW (lpString1="MSN Sports.url", lpString2="Program Files") returned -1 [0054.723] lstrcmpiW (lpString1="MSN Sports.url", lpString2="Program Files (x86)") returned -1 [0054.723] lstrcmpiW (lpString1="MSN Sports.url", lpString2="$Recycle.bin") returned 1 [0054.723] lstrcmpiW (lpString1="MSN Sports.url", lpString2="System Volume Information") returned -1 [0054.723] lstrcmpiW (lpString1="MSN Sports.url", lpString2=".") returned 1 [0054.723] lstrcmpiW (lpString1="MSN Sports.url", lpString2="..") returned 1 [0054.723] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0054.723] StrStrIW (lpFirst="MSN Sports.url", lpSrch=".lolkek") returned 0x0 [0054.723] lstrcmpW (lpString1="MSN Sports.url", lpString2="LOLKEK.txt") returned 1 [0054.723] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0054.723] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca8018 [0054.723] lstrcpyW (in: lpString1=0x3ca8018, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" [0054.723] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.742] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.742] lstrcmpiW (lpString1="MSN.url", lpString2="Windows") returned -1 [0054.742] lstrcmpiW (lpString1="MSN.url", lpString2="Program Files") returned -1 [0054.742] lstrcmpiW (lpString1="MSN.url", lpString2="Program Files (x86)") returned -1 [0054.742] lstrcmpiW (lpString1="MSN.url", lpString2="$Recycle.bin") returned 1 [0054.742] lstrcmpiW (lpString1="MSN.url", lpString2="System Volume Information") returned -1 [0054.742] lstrcmpiW (lpString1="MSN.url", lpString2=".") returned 1 [0054.742] lstrcmpiW (lpString1="MSN.url", lpString2="..") returned 1 [0054.742] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0054.742] StrStrIW (lpFirst="MSN.url", lpSrch=".lolkek") returned 0x0 [0054.742] lstrcmpW (lpString1="MSN.url", lpString2="LOLKEK.txt") returned 1 [0054.742] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0054.742] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbe090 [0054.742] lstrcpyW (in: lpString1=0x3cbe090, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" [0054.742] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.749] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.749] lstrcmpiW (lpString1="MSNBC News.url", lpString2="Windows") returned -1 [0054.749] lstrcmpiW (lpString1="MSNBC News.url", lpString2="Program Files") returned -1 [0054.749] lstrcmpiW (lpString1="MSNBC News.url", lpString2="Program Files (x86)") returned -1 [0054.749] lstrcmpiW (lpString1="MSNBC News.url", lpString2="$Recycle.bin") returned 1 [0054.749] lstrcmpiW (lpString1="MSNBC News.url", lpString2="System Volume Information") returned -1 [0054.749] lstrcmpiW (lpString1="MSNBC News.url", lpString2=".") returned 1 [0054.749] lstrcmpiW (lpString1="MSNBC News.url", lpString2="..") returned 1 [0054.749] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0054.749] StrStrIW (lpFirst="MSNBC News.url", lpSrch=".lolkek") returned 0x0 [0054.749] lstrcmpW (lpString1="MSNBC News.url", lpString2="LOLKEK.txt") returned 1 [0054.749] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0054.749] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca8ac0 [0054.749] lstrcpyW (in: lpString1=0x3ca8ac0, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" [0054.749] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.749] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.750] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.750] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\LOLKEK.txt") returned 54 [0054.750] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\LOLKEK.txt" (normalized: "c:\\users\\default\\favorites\\msn websites\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0054.751] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.751] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0054.752] CloseHandle (hObject=0x224) returned 1 [0054.752] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.752] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0054.752] lstrcmpiW (lpString1="Windows Live", lpString2="Windows") returned 1 [0054.752] lstrcmpiW (lpString1="Windows Live", lpString2="Program Files") returned 1 [0054.752] lstrcmpiW (lpString1="Windows Live", lpString2="Program Files (x86)") returned 1 [0054.752] lstrcmpiW (lpString1="Windows Live", lpString2="$Recycle.bin") returned 1 [0054.752] lstrcmpiW (lpString1="Windows Live", lpString2="System Volume Information") returned 1 [0054.752] lstrcmpiW (lpString1="Windows Live", lpString2=".") returned 1 [0054.752] lstrcmpiW (lpString1="Windows Live", lpString2="..") returned 1 [0054.752] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live") returned 43 [0054.752] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.752] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live" [0054.752] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\*") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\*" [0054.752] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e298 [0054.756] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.756] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.757] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.757] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.757] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.757] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.757] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.757] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.757] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.757] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.757] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.757] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.757] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.757] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.757] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0054.757] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="Windows") returned -1 [0054.757] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="Program Files") returned -1 [0054.757] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="Program Files (x86)") returned -1 [0054.757] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="$Recycle.bin") returned 1 [0054.757] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="System Volume Information") returned -1 [0054.757] lstrcmpiW (lpString1="Get Windows Live.url", lpString2=".") returned 1 [0054.757] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="..") returned 1 [0054.757] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 64 [0054.757] StrStrIW (lpFirst="Get Windows Live.url", lpSrch=".lolkek") returned 0x0 [0054.757] lstrcmpW (lpString1="Get Windows Live.url", lpString2="LOLKEK.txt") returned -1 [0054.757] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 64 [0054.757] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x104) returned 0x612330 [0054.757] lstrcpyW (in: lpString1=0x612330, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" [0054.757] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.757] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.757] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0054.757] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="Windows") returned 1 [0054.757] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="Program Files") returned 1 [0054.757] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="Program Files (x86)") returned 1 [0054.758] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="$Recycle.bin") returned 1 [0054.758] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="System Volume Information") returned 1 [0054.758] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2=".") returned 1 [0054.758] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="..") returned 1 [0054.758] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 68 [0054.758] StrStrIW (lpFirst="Windows Live Gallery.url", lpSrch=".lolkek") returned 0x0 [0054.758] lstrcmpW (lpString1="Windows Live Gallery.url", lpString2="LOLKEK.txt") returned 1 [0054.758] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 68 [0054.758] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x62f8a0 [0054.758] lstrcpyW (in: lpString1=0x62f8a0, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" [0054.758] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.765] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.765] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0054.765] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="Windows") returned 1 [0054.765] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="Program Files") returned 1 [0054.765] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="Program Files (x86)") returned 1 [0054.765] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="$Recycle.bin") returned 1 [0054.765] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="System Volume Information") returned 1 [0054.765] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2=".") returned 1 [0054.765] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="..") returned 1 [0054.765] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 65 [0054.765] StrStrIW (lpFirst="Windows Live Mail.url", lpSrch=".lolkek") returned 0x0 [0054.765] lstrcmpW (lpString1="Windows Live Mail.url", lpString2="LOLKEK.txt") returned 1 [0054.765] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 65 [0054.765] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x108) returned 0x612448 [0054.765] lstrcpyW (in: lpString1=0x612448, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" [0054.765] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.768] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.768] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0054.768] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="Windows") returned 1 [0054.768] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="Program Files") returned 1 [0054.768] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="Program Files (x86)") returned 1 [0054.768] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="$Recycle.bin") returned 1 [0054.768] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="System Volume Information") returned 1 [0054.768] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2=".") returned 1 [0054.768] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="..") returned 1 [0054.768] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 67 [0054.768] StrStrIW (lpFirst="Windows Live Spaces.url", lpSrch=".lolkek") returned 0x0 [0054.768] lstrcmpW (lpString1="Windows Live Spaces.url", lpString2="LOLKEK.txt") returned 1 [0054.768] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 67 [0054.768] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x110) returned 0x6113e0 [0054.768] lstrcpyW (in: lpString1=0x6113e0, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" [0054.768] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.792] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.792] FindNextFileW (in: hFindFile=0x62e298, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0054.792] FindClose (in: hFindFile=0x62e298 | out: hFindFile=0x62e298) returned 1 [0054.793] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\LOLKEK.txt") returned 54 [0054.793] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\LOLKEK.txt" (normalized: "c:\\users\\default\\favorites\\windows live\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0054.794] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.794] WriteFile (in: hFile=0x224, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0054.795] CloseHandle (hObject=0x224) returned 1 [0054.795] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.795] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0054.795] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.795] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Favorites\\LOLKEK.txt") returned 41 [0054.795] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\LOLKEK.txt" (normalized: "c:\\users\\default\\favorites\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.795] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.795] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.796] CloseHandle (hObject=0x23c) returned 1 [0054.796] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.796] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Links", cAlternateFileName="")) returned 1 [0054.796] lstrcmpiW (lpString1="Links", lpString2="Windows") returned -1 [0054.796] lstrcmpiW (lpString1="Links", lpString2="Program Files") returned -1 [0054.796] lstrcmpiW (lpString1="Links", lpString2="Program Files (x86)") returned -1 [0054.796] lstrcmpiW (lpString1="Links", lpString2="$Recycle.bin") returned 1 [0054.796] lstrcmpiW (lpString1="Links", lpString2="System Volume Information") returned -1 [0054.796] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0054.796] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0054.796] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links") returned 26 [0054.796] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.796] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Links" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links") returned="\\\\?\\C:\\Users\\Default\\Links" [0054.796] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Links", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\*") returned="\\\\?\\C:\\Users\\Default\\Links\\*" [0054.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Links\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.835] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.835] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.835] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.835] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.835] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.835] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.835] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.835] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.835] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.835] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.835] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.835] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.835] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.835] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.835] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.835] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.835] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.835] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.836] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.836] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.836] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.836] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.836] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini") returned 38 [0054.836] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.836] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.836] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini") returned 38 [0054.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x9c) returned 0x3caf860 [0054.836] lstrcpyW (in: lpString1=0x3caf860, lpString2="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Links\\desktop.ini" [0054.836] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.836] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.836] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0054.836] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Windows") returned -1 [0054.836] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Program Files") returned -1 [0054.836] lstrcmpiW (lpString1="Desktop.lnk", lpString2="Program Files (x86)") returned -1 [0054.836] lstrcmpiW (lpString1="Desktop.lnk", lpString2="$Recycle.bin") returned 1 [0054.836] lstrcmpiW (lpString1="Desktop.lnk", lpString2="System Volume Information") returned -1 [0054.836] lstrcmpiW (lpString1="Desktop.lnk", lpString2=".") returned 1 [0054.836] lstrcmpiW (lpString1="Desktop.lnk", lpString2="..") returned 1 [0054.836] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk") returned 38 [0054.836] StrStrIW (lpFirst="Desktop.lnk", lpSrch=".lolkek") returned 0x0 [0054.836] lstrcmpW (lpString1="Desktop.lnk", lpString2="LOLKEK.txt") returned -1 [0054.836] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk") returned 38 [0054.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x9c) returned 0x3caf908 [0054.836] lstrcpyW (in: lpString1=0x3caf908, lpString2="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk") returned="\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk" [0054.836] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.836] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.836] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0054.836] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Windows") returned -1 [0054.836] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Program Files") returned -1 [0054.836] lstrcmpiW (lpString1="Downloads.lnk", lpString2="Program Files (x86)") returned -1 [0054.836] lstrcmpiW (lpString1="Downloads.lnk", lpString2="$Recycle.bin") returned 1 [0054.836] lstrcmpiW (lpString1="Downloads.lnk", lpString2="System Volume Information") returned -1 [0054.836] lstrcmpiW (lpString1="Downloads.lnk", lpString2=".") returned 1 [0054.836] lstrcmpiW (lpString1="Downloads.lnk", lpString2="..") returned 1 [0054.836] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk") returned 40 [0054.836] StrStrIW (lpFirst="Downloads.lnk", lpSrch=".lolkek") returned 0x0 [0054.836] lstrcmpW (lpString1="Downloads.lnk", lpString2="LOLKEK.txt") returned -1 [0054.836] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk") returned 40 [0054.836] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa4) returned 0x3cb1928 [0054.836] lstrcpyW (in: lpString1=0x3cb1928, lpString2="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk") returned="\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk" [0054.836] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.837] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.837] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0054.837] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Windows") returned -1 [0054.837] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Program Files") returned 1 [0054.837] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="Program Files (x86)") returned 1 [0054.837] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="$Recycle.bin") returned 1 [0054.837] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="System Volume Information") returned -1 [0054.837] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2=".") returned 1 [0054.837] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="..") returned 1 [0054.837] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned 43 [0054.837] StrStrIW (lpFirst="RecentPlaces.lnk", lpSrch=".lolkek") returned 0x0 [0054.837] lstrcmpW (lpString1="RecentPlaces.lnk", lpString2="LOLKEK.txt") returned 1 [0054.837] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned 43 [0054.837] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb0) returned 0x3ca9ab8 [0054.837] lstrcpyW (in: lpString1=0x3ca9ab8, lpString2="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned="\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk" [0054.837] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.837] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.837] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0054.837] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.837] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Links\\LOLKEK.txt") returned 37 [0054.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Links\\LOLKEK.txt" (normalized: "c:\\users\\default\\links\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.838] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.838] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.839] CloseHandle (hObject=0x23c) returned 1 [0054.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.839] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0054.839] lstrcmpiW (lpString1="Local Settings", lpString2="Windows") returned -1 [0054.839] lstrcmpiW (lpString1="Local Settings", lpString2="Program Files") returned -1 [0054.839] lstrcmpiW (lpString1="Local Settings", lpString2="Program Files (x86)") returned -1 [0054.839] lstrcmpiW (lpString1="Local Settings", lpString2="$Recycle.bin") returned 1 [0054.839] lstrcmpiW (lpString1="Local Settings", lpString2="System Volume Information") returned -1 [0054.839] lstrcmpiW (lpString1="Local Settings", lpString2=".") returned 1 [0054.839] lstrcmpiW (lpString1="Local Settings", lpString2="..") returned 1 [0054.839] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Local Settings") returned 35 [0054.839] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.839] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Local Settings" | out: lpString1="\\\\?\\C:\\Users\\Default\\Local Settings") returned="\\\\?\\C:\\Users\\Default\\Local Settings" [0054.839] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Local Settings", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Local Settings\\*") returned="\\\\?\\C:\\Users\\Default\\Local Settings\\*" [0054.839] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.839] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.840] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Music", cAlternateFileName="")) returned 1 [0054.840] lstrcmpiW (lpString1="Music", lpString2="Windows") returned -1 [0054.840] lstrcmpiW (lpString1="Music", lpString2="Program Files") returned -1 [0054.840] lstrcmpiW (lpString1="Music", lpString2="Program Files (x86)") returned -1 [0054.840] lstrcmpiW (lpString1="Music", lpString2="$Recycle.bin") returned 1 [0054.840] lstrcmpiW (lpString1="Music", lpString2="System Volume Information") returned -1 [0054.840] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0054.840] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0054.840] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Music") returned 26 [0054.840] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.840] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Music" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music") returned="\\\\?\\C:\\Users\\Default\\Music" [0054.840] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Music", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music\\*") returned="\\\\?\\C:\\Users\\Default\\Music\\*" [0054.840] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Music\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.840] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.840] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.840] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.840] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.840] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.840] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.840] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.840] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.840] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.840] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.840] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.840] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.840] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.840] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.840] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.840] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.840] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.840] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.840] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.840] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.840] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.840] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.840] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini") returned 38 [0054.840] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.840] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.841] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini") returned 38 [0054.841] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x9c) returned 0x3caf9b0 [0054.841] lstrcpyW (in: lpString1=0x3caf9b0, lpString2="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Music\\desktop.ini" [0054.841] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.841] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.841] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.841] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.841] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Music\\LOLKEK.txt") returned 37 [0054.841] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Music\\LOLKEK.txt" (normalized: "c:\\users\\default\\music\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.841] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.841] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.842] CloseHandle (hObject=0x23c) returned 1 [0054.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.842] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0054.842] lstrcmpiW (lpString1="My Documents", lpString2="Windows") returned -1 [0054.842] lstrcmpiW (lpString1="My Documents", lpString2="Program Files") returned -1 [0054.842] lstrcmpiW (lpString1="My Documents", lpString2="Program Files (x86)") returned -1 [0054.842] lstrcmpiW (lpString1="My Documents", lpString2="$Recycle.bin") returned 1 [0054.842] lstrcmpiW (lpString1="My Documents", lpString2="System Volume Information") returned -1 [0054.842] lstrcmpiW (lpString1="My Documents", lpString2=".") returned 1 [0054.842] lstrcmpiW (lpString1="My Documents", lpString2="..") returned 1 [0054.842] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\My Documents") returned 33 [0054.842] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.842] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\My Documents" | out: lpString1="\\\\?\\C:\\Users\\Default\\My Documents") returned="\\\\?\\C:\\Users\\Default\\My Documents" [0054.842] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\My Documents", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\My Documents\\*") returned="\\\\?\\C:\\Users\\Default\\My Documents\\*" [0054.842] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.842] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.842] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NetHood", cAlternateFileName="")) returned 1 [0054.843] lstrcmpiW (lpString1="NetHood", lpString2="Windows") returned -1 [0054.843] lstrcmpiW (lpString1="NetHood", lpString2="Program Files") returned -1 [0054.843] lstrcmpiW (lpString1="NetHood", lpString2="Program Files (x86)") returned -1 [0054.843] lstrcmpiW (lpString1="NetHood", lpString2="$Recycle.bin") returned 1 [0054.843] lstrcmpiW (lpString1="NetHood", lpString2="System Volume Information") returned -1 [0054.843] lstrcmpiW (lpString1="NetHood", lpString2=".") returned 1 [0054.843] lstrcmpiW (lpString1="NetHood", lpString2="..") returned 1 [0054.843] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NetHood") returned 28 [0054.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.843] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\NetHood" | out: lpString1="\\\\?\\C:\\Users\\Default\\NetHood") returned="\\\\?\\C:\\Users\\Default\\NetHood" [0054.843] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\NetHood", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\NetHood\\*") returned="\\\\?\\C:\\Users\\Default\\NetHood\\*" [0054.843] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.843] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.843] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="Windows") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="Program Files") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="Program Files (x86)") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="$Recycle.bin") returned 1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="System Volume Information") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0054.843] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned 31 [0054.843] StrStrIW (lpFirst="NTUSER.DAT", lpSrch=".lolkek") returned 0x0 [0054.843] lstrcmpW (lpString1="NTUSER.DAT", lpString2="LOLKEK.txt") returned 1 [0054.843] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned 31 [0054.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x613be0 [0054.843] lstrcpyW (in: lpString1=0x613be0, lpString2="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" | out: lpString1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT") returned="\\\\?\\C:\\Users\\Default\\NTUSER.DAT" [0054.843] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.843] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.843] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="Windows") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="Program Files") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="Program Files (x86)") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="$Recycle.bin") returned 1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="System Volume Information") returned -1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".") returned 1 [0054.843] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="..") returned 1 [0054.843] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0054.843] StrStrIW (lpFirst="NTUSER.DAT.LOG", lpSrch=".lolkek") returned 0x0 [0054.843] lstrcmpW (lpString1="NTUSER.DAT.LOG", lpString2="LOLKEK.txt") returned 1 [0054.843] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0054.843] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x90) returned 0x3cc7db0 [0054.843] lstrcpyW (in: lpString1=0x3cc7db0, lpString2="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" | out: lpString1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" [0054.843] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.844] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.844] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="Windows") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="Program Files") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="Program Files (x86)") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="$Recycle.bin") returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="System Volume Information") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".") returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="..") returned 1 [0054.844] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0054.844] StrStrIW (lpFirst="NTUSER.DAT.LOG1", lpSrch=".lolkek") returned 0x0 [0054.844] lstrcmpW (lpString1="NTUSER.DAT.LOG1", lpString2="LOLKEK.txt") returned 1 [0054.844] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0054.844] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x94) returned 0x3dd8a80 [0054.844] lstrcpyW (in: lpString1=0x3dd8a80, lpString2="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" | out: lpString1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" [0054.844] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.844] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.844] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="Windows") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="Program Files") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="Program Files (x86)") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="$Recycle.bin") returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="System Volume Information") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".") returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="..") returned 1 [0054.844] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0054.844] StrStrIW (lpFirst="NTUSER.DAT.LOG2", lpSrch=".lolkek") returned 0x0 [0054.844] lstrcmpW (lpString1="NTUSER.DAT.LOG2", lpString2="LOLKEK.txt") returned 1 [0054.844] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned 36 [0054.844] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x94) returned 0x3dd8d00 [0054.844] lstrcpyW (in: lpString1=0x3dd8d00, lpString2="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" | out: lpString1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2") returned="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2" [0054.844] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.844] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.844] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Windows") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Program Files") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="Program Files (x86)") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="$Recycle.bin") returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="System Volume Information") returned -1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0054.844] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0054.844] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0054.844] StrStrIW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpSrch=".lolkek") returned 0x0 [0054.845] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="LOLKEK.txt") returned 1 [0054.845] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0054.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x134) returned 0x6177b0 [0054.845] lstrcpyW (in: lpString1=0x6177b0, lpString2="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0054.845] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.845] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.845] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Windows") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Program Files") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="Program Files (x86)") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="$Recycle.bin") returned 1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="System Volume Information") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0054.845] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0054.845] StrStrIW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpSrch=".lolkek") returned 0x0 [0054.845] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="LOLKEK.txt") returned 1 [0054.845] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0054.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c8) returned 0x3e35670 [0054.845] lstrcpyW (in: lpString1=0x3e35670, lpString2="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0054.845] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.845] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.845] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Windows") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Program Files") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="Program Files (x86)") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="$Recycle.bin") returned 1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="System Volume Information") returned -1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0054.845] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0054.845] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0054.845] StrStrIW (lpFirst="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpSrch=".lolkek") returned 0x0 [0054.845] lstrcmpW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="LOLKEK.txt") returned 1 [0054.845] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0054.845] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c8) returned 0x3e35848 [0054.845] lstrcpyW (in: lpString1=0x3e35848, lpString2="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0054.845] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.845] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.845] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0054.845] lstrcmpiW (lpString1="ntuser.ini", lpString2="Windows") returned -1 [0054.845] lstrcmpiW (lpString1="ntuser.ini", lpString2="Program Files") returned -1 [0054.845] lstrcmpiW (lpString1="ntuser.ini", lpString2="Program Files (x86)") returned -1 [0054.845] lstrcmpiW (lpString1="ntuser.ini", lpString2="$Recycle.bin") returned 1 [0054.845] lstrcmpiW (lpString1="ntuser.ini", lpString2="System Volume Information") returned -1 [0054.846] lstrcmpiW (lpString1="ntuser.ini", lpString2=".") returned 1 [0054.846] lstrcmpiW (lpString1="ntuser.ini", lpString2="..") returned 1 [0054.846] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned 31 [0054.846] StrStrIW (lpFirst="ntuser.ini", lpSrch=".lolkek") returned 0x0 [0054.846] lstrcmpW (lpString1="ntuser.ini", lpString2="LOLKEK.txt") returned 1 [0054.846] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned 31 [0054.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x613c68 [0054.846] lstrcpyW (in: lpString1=0x613c68, lpString2="\\\\?\\C:\\Users\\Default\\ntuser.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\ntuser.ini") returned="\\\\?\\C:\\Users\\Default\\ntuser.ini" [0054.846] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.846] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.846] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0054.846] lstrcmpiW (lpString1="Pictures", lpString2="Windows") returned -1 [0054.846] lstrcmpiW (lpString1="Pictures", lpString2="Program Files") returned -1 [0054.846] lstrcmpiW (lpString1="Pictures", lpString2="Program Files (x86)") returned -1 [0054.846] lstrcmpiW (lpString1="Pictures", lpString2="$Recycle.bin") returned 1 [0054.846] lstrcmpiW (lpString1="Pictures", lpString2="System Volume Information") returned -1 [0054.846] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0054.846] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0054.846] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures") returned 29 [0054.846] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.846] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures") returned="\\\\?\\C:\\Users\\Default\\Pictures" [0054.846] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures\\*") returned="\\\\?\\C:\\Users\\Default\\Pictures\\*" [0054.846] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.846] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.846] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.846] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.846] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.846] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.846] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.846] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.846] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.846] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.846] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.846] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.846] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.846] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.846] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.846] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.847] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.847] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.847] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.847] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.847] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.847] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.847] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.847] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini") returned 41 [0054.847] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.847] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.847] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini") returned 41 [0054.847] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa8) returned 0x3cb19d8 [0054.847] lstrcpyW (in: lpString1=0x3cb19d8, lpString2="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini" [0054.847] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.847] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.847] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.847] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.847] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Pictures\\LOLKEK.txt") returned 40 [0054.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\LOLKEK.txt" (normalized: "c:\\users\\default\\pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.847] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.847] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.848] CloseHandle (hObject=0x23c) returned 1 [0054.848] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.848] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0054.848] lstrcmpiW (lpString1="PrintHood", lpString2="Windows") returned -1 [0054.848] lstrcmpiW (lpString1="PrintHood", lpString2="Program Files") returned -1 [0054.848] lstrcmpiW (lpString1="PrintHood", lpString2="Program Files (x86)") returned -1 [0054.848] lstrcmpiW (lpString1="PrintHood", lpString2="$Recycle.bin") returned 1 [0054.848] lstrcmpiW (lpString1="PrintHood", lpString2="System Volume Information") returned -1 [0054.848] lstrcmpiW (lpString1="PrintHood", lpString2=".") returned 1 [0054.848] lstrcmpiW (lpString1="PrintHood", lpString2="..") returned 1 [0054.848] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\PrintHood") returned 30 [0054.848] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.848] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\PrintHood" | out: lpString1="\\\\?\\C:\\Users\\Default\\PrintHood") returned="\\\\?\\C:\\Users\\Default\\PrintHood" [0054.848] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\PrintHood", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\PrintHood\\*") returned="\\\\?\\C:\\Users\\Default\\PrintHood\\*" [0054.849] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.849] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Recent", cAlternateFileName="")) returned 1 [0054.849] lstrcmpiW (lpString1="Recent", lpString2="Windows") returned -1 [0054.849] lstrcmpiW (lpString1="Recent", lpString2="Program Files") returned 1 [0054.849] lstrcmpiW (lpString1="Recent", lpString2="Program Files (x86)") returned 1 [0054.849] lstrcmpiW (lpString1="Recent", lpString2="$Recycle.bin") returned 1 [0054.849] lstrcmpiW (lpString1="Recent", lpString2="System Volume Information") returned -1 [0054.849] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0054.849] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0054.849] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Recent") returned 27 [0054.849] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.849] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Recent" | out: lpString1="\\\\?\\C:\\Users\\Default\\Recent") returned="\\\\?\\C:\\Users\\Default\\Recent" [0054.849] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Recent", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Recent\\*") returned="\\\\?\\C:\\Users\\Default\\Recent\\*" [0054.849] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Recent\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.849] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.849] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0054.849] lstrcmpiW (lpString1="Saved Games", lpString2="Windows") returned -1 [0054.849] lstrcmpiW (lpString1="Saved Games", lpString2="Program Files") returned 1 [0054.849] lstrcmpiW (lpString1="Saved Games", lpString2="Program Files (x86)") returned 1 [0054.849] lstrcmpiW (lpString1="Saved Games", lpString2="$Recycle.bin") returned 1 [0054.849] lstrcmpiW (lpString1="Saved Games", lpString2="System Volume Information") returned -1 [0054.849] lstrcmpiW (lpString1="Saved Games", lpString2=".") returned 1 [0054.849] lstrcmpiW (lpString1="Saved Games", lpString2="..") returned 1 [0054.849] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games") returned 32 [0054.849] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.849] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games") returned="\\\\?\\C:\\Users\\Default\\Saved Games" [0054.849] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games\\*") returned="\\\\?\\C:\\Users\\Default\\Saved Games\\*" [0054.849] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e2d8 [0054.849] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.849] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.849] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.850] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.850] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.850] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.850] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.850] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.850] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.850] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.850] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.850] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.850] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.850] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.850] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.850] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.850] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.850] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.850] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.850] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.850] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.850] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.850] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini") returned 44 [0054.850] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.850] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.850] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini") returned 44 [0054.850] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb4) returned 0x3cb9198 [0054.850] lstrcpyW (in: lpString1=0x3cb9198, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini" [0054.850] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.850] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.850] FindNextFileW (in: hFindFile=0x62e2d8, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.850] FindClose (in: hFindFile=0x62e2d8 | out: hFindFile=0x62e2d8) returned 1 [0054.850] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Saved Games\\LOLKEK.txt") returned 43 [0054.850] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\LOLKEK.txt" (normalized: "c:\\users\\default\\saved games\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.851] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.851] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.852] CloseHandle (hObject=0x23c) returned 1 [0054.852] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.852] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Searches", cAlternateFileName="")) returned 1 [0054.852] lstrcmpiW (lpString1="Searches", lpString2="Windows") returned -1 [0054.852] lstrcmpiW (lpString1="Searches", lpString2="Program Files") returned 1 [0054.852] lstrcmpiW (lpString1="Searches", lpString2="Program Files (x86)") returned 1 [0054.852] lstrcmpiW (lpString1="Searches", lpString2="$Recycle.bin") returned 1 [0054.852] lstrcmpiW (lpString1="Searches", lpString2="System Volume Information") returned -1 [0054.852] lstrcmpiW (lpString1="Searches", lpString2=".") returned 1 [0054.852] lstrcmpiW (lpString1="Searches", lpString2="..") returned 1 [0054.852] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches") returned 29 [0054.852] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.852] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Searches" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches") returned="\\\\?\\C:\\Users\\Default\\Searches" [0054.852] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Searches", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\*") returned="\\\\?\\C:\\Users\\Default\\Searches\\*" [0054.852] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.898] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.898] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.898] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.898] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.898] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.898] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.898] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.898] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.898] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.898] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.898] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.898] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.898] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.898] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.898] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.898] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.898] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.898] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.898] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.898] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.898] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.898] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.898] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini") returned 41 [0054.898] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.898] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.898] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini") returned 41 [0054.898] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa8) returned 0x3cb1a88 [0054.898] lstrcpyW (in: lpString1=0x3cb1a88, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini" [0054.899] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.899] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.899] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0054.899] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Windows") returned -1 [0054.899] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Program Files") returned -1 [0054.899] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="Program Files (x86)") returned -1 [0054.899] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="$Recycle.bin") returned 1 [0054.899] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="System Volume Information") returned -1 [0054.899] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0054.899] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0054.899] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 50 [0054.899] StrStrIW (lpFirst="Everywhere.search-ms", lpSrch=".lolkek") returned 0x0 [0054.899] lstrcmpW (lpString1="Everywhere.search-ms", lpString2="LOLKEK.txt") returned -1 [0054.899] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 50 [0054.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbe4c8 [0054.899] lstrcpyW (in: lpString1=0x3cbe4c8, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" [0054.899] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.899] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.899] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0054.899] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Windows") returned -1 [0054.899] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Program Files") returned -1 [0054.899] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="Program Files (x86)") returned -1 [0054.899] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="$Recycle.bin") returned 1 [0054.899] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="System Volume Information") returned -1 [0054.899] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0054.899] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0054.899] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 57 [0054.899] StrStrIW (lpFirst="Indexed Locations.search-ms", lpSrch=".lolkek") returned 0x0 [0054.899] lstrcmpW (lpString1="Indexed Locations.search-ms", lpString2="LOLKEK.txt") returned -1 [0054.899] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 57 [0054.899] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x3e370e8 [0054.899] lstrcpyW (in: lpString1=0x3e370e8, lpString2="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" [0054.899] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.899] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.899] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0054.900] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.900] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Searches\\LOLKEK.txt") returned 40 [0054.900] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\LOLKEK.txt" (normalized: "c:\\users\\default\\searches\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.901] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.901] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.902] CloseHandle (hObject=0x23c) returned 1 [0054.902] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.902] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="SendTo", cAlternateFileName="")) returned 1 [0054.902] lstrcmpiW (lpString1="SendTo", lpString2="Windows") returned -1 [0054.902] lstrcmpiW (lpString1="SendTo", lpString2="Program Files") returned 1 [0054.902] lstrcmpiW (lpString1="SendTo", lpString2="Program Files (x86)") returned 1 [0054.902] lstrcmpiW (lpString1="SendTo", lpString2="$Recycle.bin") returned 1 [0054.902] lstrcmpiW (lpString1="SendTo", lpString2="System Volume Information") returned -1 [0054.902] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0054.902] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0054.902] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\SendTo") returned 27 [0054.902] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.902] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\SendTo" | out: lpString1="\\\\?\\C:\\Users\\Default\\SendTo") returned="\\\\?\\C:\\Users\\Default\\SendTo" [0054.902] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\SendTo", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\SendTo\\*") returned="\\\\?\\C:\\Users\\Default\\SendTo\\*" [0054.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.902] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.902] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0054.903] lstrcmpiW (lpString1="Start Menu", lpString2="Windows") returned -1 [0054.903] lstrcmpiW (lpString1="Start Menu", lpString2="Program Files") returned 1 [0054.903] lstrcmpiW (lpString1="Start Menu", lpString2="Program Files (x86)") returned 1 [0054.903] lstrcmpiW (lpString1="Start Menu", lpString2="$Recycle.bin") returned 1 [0054.903] lstrcmpiW (lpString1="Start Menu", lpString2="System Volume Information") returned -1 [0054.903] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0054.903] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0054.903] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Start Menu") returned 31 [0054.903] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.903] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Start Menu" | out: lpString1="\\\\?\\C:\\Users\\Default\\Start Menu") returned="\\\\?\\C:\\Users\\Default\\Start Menu" [0054.903] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Start Menu", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Start Menu\\*") returned="\\\\?\\C:\\Users\\Default\\Start Menu\\*" [0054.903] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.903] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0054.903] lstrcmpiW (lpString1="Templates", lpString2="Windows") returned -1 [0054.903] lstrcmpiW (lpString1="Templates", lpString2="Program Files") returned 1 [0054.903] lstrcmpiW (lpString1="Templates", lpString2="Program Files (x86)") returned 1 [0054.903] lstrcmpiW (lpString1="Templates", lpString2="$Recycle.bin") returned 1 [0054.903] lstrcmpiW (lpString1="Templates", lpString2="System Volume Information") returned 1 [0054.903] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0054.903] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0054.903] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Templates") returned 30 [0054.903] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.903] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Templates" | out: lpString1="\\\\?\\C:\\Users\\Default\\Templates") returned="\\\\?\\C:\\Users\\Default\\Templates" [0054.903] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Templates", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Templates\\*") returned="\\\\?\\C:\\Users\\Default\\Templates\\*" [0054.903] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Templates\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="ꐴ瘵ꊣ䛦ͣ疨徰c纈0ͣͣ㦭䚗徰cͣ热/徰c읈a麈\\헍皮")) returned 0xffffffff [0054.903] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.903] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 1 [0054.903] lstrcmpiW (lpString1="Videos", lpString2="Windows") returned -1 [0054.903] lstrcmpiW (lpString1="Videos", lpString2="Program Files") returned 1 [0054.903] lstrcmpiW (lpString1="Videos", lpString2="Program Files (x86)") returned 1 [0054.903] lstrcmpiW (lpString1="Videos", lpString2="$Recycle.bin") returned 1 [0054.903] lstrcmpiW (lpString1="Videos", lpString2="System Volume Information") returned 1 [0054.903] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0054.903] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0054.904] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos") returned 27 [0054.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.904] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default\\Videos" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos") returned="\\\\?\\C:\\Users\\Default\\Videos" [0054.904] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default\\Videos", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos\\*") returned="\\\\?\\C:\\Users\\Default\\Videos\\*" [0054.904] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.904] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.904] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.904] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.904] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.904] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.904] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.904] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.904] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.904] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.904] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.904] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.904] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.904] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.904] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.904] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.904] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.904] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.904] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.904] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.904] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.904] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.904] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.904] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini") returned 39 [0054.904] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.904] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.904] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini") returned 39 [0054.904] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa0) returned 0x3cafb00 [0054.904] lstrcpyW (in: lpString1=0x3cafb00, lpString2="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini") returned="\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini" [0054.904] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.905] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.905] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.905] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.905] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\Videos\\LOLKEK.txt") returned 38 [0054.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\LOLKEK.txt" (normalized: "c:\\users\\default\\videos\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.905] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.905] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.906] CloseHandle (hObject=0x23c) returned 1 [0054.906] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.906] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 0 [0054.906] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0054.906] wsprintfW (in: param_1=0x635fb0, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default\\LOLKEK.txt") returned 31 [0054.906] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\LOLKEK.txt" (normalized: "c:\\users\\default\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0054.907] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.907] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0054.907] CloseHandle (hObject=0x250) returned 1 [0054.907] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x635fb0 | out: hHeap=0x5a0000) returned 1 [0054.907] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0054.907] lstrcmpiW (lpString1="Default User", lpString2="Windows") returned -1 [0054.907] lstrcmpiW (lpString1="Default User", lpString2="Program Files") returned -1 [0054.907] lstrcmpiW (lpString1="Default User", lpString2="Program Files (x86)") returned -1 [0054.907] lstrcmpiW (lpString1="Default User", lpString2="$Recycle.bin") returned 1 [0054.907] lstrcmpiW (lpString1="Default User", lpString2="System Volume Information") returned -1 [0054.907] lstrcmpiW (lpString1="Default User", lpString2=".") returned 1 [0054.907] lstrcmpiW (lpString1="Default User", lpString2="..") returned 1 [0054.907] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Default User") returned 25 [0054.907] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.907] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Default User" | out: lpString1="\\\\?\\C:\\Users\\Default User") returned="\\\\?\\C:\\Users\\Default User" [0054.907] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Default User", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Default User\\*") returned="\\\\?\\C:\\Users\\Default User\\*" [0054.907] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default User\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="ꐴ瘵ꐣ䛦ͣ疨읈a纈0ͣͣ㼭䚗읈aͣ热/읈a麈\\庠\\헍皮咽瑆?b麈\\␖")) returned 0xffffffff [0054.908] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0054.908] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.908] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.908] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.908] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.908] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.908] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.908] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.908] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.908] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\desktop.ini") returned 24 [0054.908] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.908] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.908] lstrlenW (lpString="\\\\?\\C:\\Users\\desktop.ini") returned 24 [0054.908] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x64) returned 0x3e3a6b8 [0054.908] lstrcpyW (in: lpString1=0x3e3a6b8, lpString2="\\\\?\\C:\\Users\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\desktop.ini") returned="\\\\?\\C:\\Users\\desktop.ini" [0054.908] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.908] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.908] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Public", cAlternateFileName="")) returned 1 [0054.908] lstrcmpiW (lpString1="Public", lpString2="Windows") returned -1 [0054.908] lstrcmpiW (lpString1="Public", lpString2="Program Files") returned 1 [0054.908] lstrcmpiW (lpString1="Public", lpString2="Program Files (x86)") returned 1 [0054.908] lstrcmpiW (lpString1="Public", lpString2="$Recycle.bin") returned 1 [0054.908] lstrcmpiW (lpString1="Public", lpString2="System Volume Information") returned -1 [0054.908] lstrcmpiW (lpString1="Public", lpString2=".") returned 1 [0054.908] lstrcmpiW (lpString1="Public", lpString2="..") returned 1 [0054.908] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public") returned 19 [0054.908] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5fc600 [0054.908] lstrcpyW (in: lpString1=0x5fc600, lpString2="\\\\?\\C:\\Users\\Public" | out: lpString1="\\\\?\\C:\\Users\\Public") returned="\\\\?\\C:\\Users\\Public" [0054.908] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\*") returned="\\\\?\\C:\\Users\\Public\\*" [0054.908] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\*", lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62d918 [0054.908] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.908] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.908] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.908] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.908] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.908] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.908] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.908] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.908] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.908] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.908] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.909] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.909] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.909] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.909] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0054.909] lstrcmpiW (lpString1="Desktop", lpString2="Windows") returned -1 [0054.909] lstrcmpiW (lpString1="Desktop", lpString2="Program Files") returned -1 [0054.909] lstrcmpiW (lpString1="Desktop", lpString2="Program Files (x86)") returned -1 [0054.909] lstrcmpiW (lpString1="Desktop", lpString2="$Recycle.bin") returned 1 [0054.909] lstrcmpiW (lpString1="Desktop", lpString2="System Volume Information") returned -1 [0054.909] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0054.909] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0054.909] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop") returned 27 [0054.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.909] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop") returned="\\\\?\\C:\\Users\\Public\\Desktop" [0054.909] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Desktop", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\*") returned="\\\\?\\C:\\Users\\Public\\Desktop\\*" [0054.909] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.909] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.909] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.909] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.909] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.909] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.909] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.909] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.909] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.909] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.909] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.909] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.909] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.909] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.909] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.909] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0054.909] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="Windows") returned -1 [0054.909] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="Program Files") returned -1 [0054.909] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="Program Files (x86)") returned -1 [0054.909] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="$Recycle.bin") returned 1 [0054.909] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="System Volume Information") returned -1 [0054.909] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".") returned 1 [0054.909] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="..") returned 1 [0054.909] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 46 [0054.909] StrStrIW (lpFirst="Adobe Reader X.lnk", lpSrch=".lolkek") returned 0x0 [0054.909] lstrcmpW (lpString1="Adobe Reader X.lnk", lpString2="LOLKEK.txt") returned -1 [0054.909] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 46 [0054.909] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xbc) returned 0x3cc60d0 [0054.909] lstrcpyW (in: lpString1=0x3cc60d0, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned="\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" [0054.909] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.909] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.910] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.910] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini") returned 39 [0054.910] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.910] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.910] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini") returned 39 [0054.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa0) returned 0x3cafba8 [0054.910] lstrcpyW (in: lpString1=0x3cafba8, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini" [0054.910] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.910] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.910] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0054.910] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Windows") returned -1 [0054.910] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Program Files") returned -1 [0054.910] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="Program Files (x86)") returned -1 [0054.910] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="$Recycle.bin") returned 1 [0054.910] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="System Volume Information") returned -1 [0054.910] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".") returned 1 [0054.910] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="..") returned 1 [0054.910] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned 45 [0054.910] StrStrIW (lpFirst="Google Chrome.lnk", lpSrch=".lolkek") returned 0x0 [0054.910] lstrcmpW (lpString1="Google Chrome.lnk", lpString2="LOLKEK.txt") returned -1 [0054.910] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned 45 [0054.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb8) returned 0x3cb9018 [0054.910] lstrcpyW (in: lpString1=0x3cb9018, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned="\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk" [0054.910] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.910] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.910] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0054.910] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="Windows") returned -1 [0054.910] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="Program Files") returned -1 [0054.910] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="Program Files (x86)") returned -1 [0054.910] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="$Recycle.bin") returned 1 [0054.910] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="System Volume Information") returned -1 [0054.910] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".") returned 1 [0054.910] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="..") returned 1 [0054.910] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned 47 [0054.910] StrStrIW (lpFirst="Mozilla Firefox.lnk", lpSrch=".lolkek") returned 0x0 [0054.910] lstrcmpW (lpString1="Mozilla Firefox.lnk", lpString2="LOLKEK.txt") returned 1 [0054.910] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned 47 [0054.910] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xc0) returned 0x3cc5db0 [0054.910] lstrcpyW (in: lpString1=0x3cc5db0, lpString2="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned="\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" [0054.910] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.911] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.911] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0054.911] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.911] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Desktop\\LOLKEK.txt") returned 38 [0054.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\LOLKEK.txt" (normalized: "c:\\users\\public\\desktop\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.911] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.911] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.912] CloseHandle (hObject=0x23c) returned 1 [0054.912] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.912] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.912] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.912] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.912] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.912] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.912] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.912] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.912] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.912] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\desktop.ini") returned 31 [0054.912] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.912] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.912] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\desktop.ini") returned 31 [0054.912] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x613a48 [0054.912] lstrcpyW (in: lpString1=0x613a48, lpString2="\\\\?\\C:\\Users\\Public\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\desktop.ini" [0054.912] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.912] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.912] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0054.912] lstrcmpiW (lpString1="Documents", lpString2="Windows") returned -1 [0054.912] lstrcmpiW (lpString1="Documents", lpString2="Program Files") returned -1 [0054.912] lstrcmpiW (lpString1="Documents", lpString2="Program Files (x86)") returned -1 [0054.912] lstrcmpiW (lpString1="Documents", lpString2="$Recycle.bin") returned 1 [0054.912] lstrcmpiW (lpString1="Documents", lpString2="System Volume Information") returned -1 [0054.912] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0054.912] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0054.912] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents") returned 29 [0054.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.913] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Documents" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents") returned="\\\\?\\C:\\Users\\Public\\Documents" [0054.913] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Documents", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\*") returned="\\\\?\\C:\\Users\\Public\\Documents\\*" [0054.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.913] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.913] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.913] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.913] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.913] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.913] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.913] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.913] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.913] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.913] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.913] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.913] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.913] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.913] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.913] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.913] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.913] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.913] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.913] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.913] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.913] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.913] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.913] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini") returned 41 [0054.913] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.913] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.913] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini") returned 41 [0054.913] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa8) returned 0x3cb1b38 [0054.913] lstrcpyW (in: lpString1=0x3cb1b38, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini" [0054.913] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.913] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.913] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0054.913] lstrcmpiW (lpString1="My Music", lpString2="Windows") returned -1 [0054.913] lstrcmpiW (lpString1="My Music", lpString2="Program Files") returned -1 [0054.914] lstrcmpiW (lpString1="My Music", lpString2="Program Files (x86)") returned -1 [0054.914] lstrcmpiW (lpString1="My Music", lpString2="$Recycle.bin") returned 1 [0054.914] lstrcmpiW (lpString1="My Music", lpString2="System Volume Information") returned -1 [0054.914] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0054.914] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0054.914] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\My Music") returned 38 [0054.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.914] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Music") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Music" [0054.914] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Music", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*" [0054.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Space眖", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨Hν纈0ͣͣ㨭䚗Hνͣ热/Hν였_읈a헍皮")) returned 0xffffffff [0054.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.914] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0054.914] lstrcmpiW (lpString1="My Pictures", lpString2="Windows") returned -1 [0054.914] lstrcmpiW (lpString1="My Pictures", lpString2="Program Files") returned -1 [0054.914] lstrcmpiW (lpString1="My Pictures", lpString2="Program Files (x86)") returned -1 [0054.914] lstrcmpiW (lpString1="My Pictures", lpString2="$Recycle.bin") returned 1 [0054.914] lstrcmpiW (lpString1="My Pictures", lpString2="System Volume Information") returned -1 [0054.914] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0054.914] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0054.914] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures") returned 41 [0054.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.914] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures" [0054.914] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*" [0054.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Space眖", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨Hν纈0ͣͣ㨭䚗Hνͣ热/Hν였_읈a헍皮")) returned 0xffffffff [0054.914] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.914] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0054.914] lstrcmpiW (lpString1="My Videos", lpString2="Windows") returned -1 [0054.914] lstrcmpiW (lpString1="My Videos", lpString2="Program Files") returned -1 [0054.914] lstrcmpiW (lpString1="My Videos", lpString2="Program Files (x86)") returned -1 [0054.914] lstrcmpiW (lpString1="My Videos", lpString2="$Recycle.bin") returned 1 [0054.914] lstrcmpiW (lpString1="My Videos", lpString2="System Volume Information") returned -1 [0054.914] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0054.914] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0054.914] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\My Videos") returned 39 [0054.914] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.914] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Videos" [0054.914] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Videos", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*" [0054.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Windows Live Space眖", cAlternateFileName="ꐴ瘵ꄣ䛦ͣ疨Hν纈0ͣͣ㨭䚗Hνͣ热/Hν였_읈a헍皮")) returned 0xffffffff [0054.915] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0054.915] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0054.915] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.915] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Documents\\LOLKEK.txt") returned 40 [0054.915] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\LOLKEK.txt" (normalized: "c:\\users\\public\\documents\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.915] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.915] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.916] CloseHandle (hObject=0x23c) returned 1 [0054.916] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.916] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0054.916] lstrcmpiW (lpString1="Downloads", lpString2="Windows") returned -1 [0054.916] lstrcmpiW (lpString1="Downloads", lpString2="Program Files") returned -1 [0054.916] lstrcmpiW (lpString1="Downloads", lpString2="Program Files (x86)") returned -1 [0054.916] lstrcmpiW (lpString1="Downloads", lpString2="$Recycle.bin") returned 1 [0054.916] lstrcmpiW (lpString1="Downloads", lpString2="System Volume Information") returned -1 [0054.916] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0054.916] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0054.916] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads") returned 29 [0054.916] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.916] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads") returned="\\\\?\\C:\\Users\\Public\\Downloads" [0054.916] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Downloads", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads\\*") returned="\\\\?\\C:\\Users\\Public\\Downloads\\*" [0054.916] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.916] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.917] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.917] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.917] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.917] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.917] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.917] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.917] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.917] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.917] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.917] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.917] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.917] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.917] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.917] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.917] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.917] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.917] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.917] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.917] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.917] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.917] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.917] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini") returned 41 [0054.917] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.917] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.917] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini") returned 41 [0054.917] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa8) returned 0x3cb1be8 [0054.917] lstrcpyW (in: lpString1=0x3cb1be8, lpString2="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini" [0054.917] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.917] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.917] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.917] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.917] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Downloads\\LOLKEK.txt") returned 40 [0054.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\LOLKEK.txt" (normalized: "c:\\users\\public\\downloads\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.918] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.918] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.918] CloseHandle (hObject=0x23c) returned 1 [0054.918] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.918] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0054.918] lstrcmpiW (lpString1="Favorites", lpString2="Windows") returned -1 [0054.918] lstrcmpiW (lpString1="Favorites", lpString2="Program Files") returned -1 [0054.918] lstrcmpiW (lpString1="Favorites", lpString2="Program Files (x86)") returned -1 [0054.918] lstrcmpiW (lpString1="Favorites", lpString2="$Recycle.bin") returned 1 [0054.919] lstrcmpiW (lpString1="Favorites", lpString2="System Volume Information") returned -1 [0054.919] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0054.919] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0054.919] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Favorites") returned 29 [0054.919] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.919] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\Public\\Favorites") returned="\\\\?\\C:\\Users\\Public\\Favorites" [0054.919] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Favorites", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Favorites\\*") returned="\\\\?\\C:\\Users\\Public\\Favorites\\*" [0054.919] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.919] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.919] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.919] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.919] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.919] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.919] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.919] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.919] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.919] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.919] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.919] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.919] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.919] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.919] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.919] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0054.919] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.919] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Favorites\\LOLKEK.txt") returned 40 [0054.919] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Favorites\\LOLKEK.txt" (normalized: "c:\\users\\public\\favorites\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.920] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.920] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.920] CloseHandle (hObject=0x23c) returned 1 [0054.920] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.921] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0054.921] lstrcmpiW (lpString1="Libraries", lpString2="Windows") returned -1 [0054.921] lstrcmpiW (lpString1="Libraries", lpString2="Program Files") returned -1 [0054.921] lstrcmpiW (lpString1="Libraries", lpString2="Program Files (x86)") returned -1 [0054.921] lstrcmpiW (lpString1="Libraries", lpString2="$Recycle.bin") returned 1 [0054.921] lstrcmpiW (lpString1="Libraries", lpString2="System Volume Information") returned -1 [0054.921] lstrcmpiW (lpString1="Libraries", lpString2=".") returned 1 [0054.921] lstrcmpiW (lpString1="Libraries", lpString2="..") returned 1 [0054.921] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries") returned 29 [0054.921] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.921] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Libraries" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries") returned="\\\\?\\C:\\Users\\Public\\Libraries" [0054.921] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Libraries", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\*") returned="\\\\?\\C:\\Users\\Public\\Libraries\\*" [0054.921] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.921] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.921] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.921] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.921] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.921] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.921] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.921] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.921] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.921] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.921] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.921] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.921] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.921] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.921] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.921] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.921] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.921] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.921] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.921] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.921] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.921] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.921] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.921] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini") returned 41 [0054.921] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.921] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.921] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini") returned 41 [0054.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa8) returned 0x3cb1c98 [0054.922] lstrcpyW (in: lpString1=0x3cb1c98, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini" [0054.922] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.922] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.922] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0054.922] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="Windows") returned -1 [0054.922] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="Program Files") returned 1 [0054.922] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="Program Files (x86)") returned 1 [0054.922] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="$Recycle.bin") returned 1 [0054.922] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="System Volume Information") returned -1 [0054.922] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".") returned 1 [0054.922] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="..") returned 1 [0054.922] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 51 [0054.922] StrStrIW (lpFirst="RecordedTV.library-ms", lpSrch=".lolkek") returned 0x0 [0054.922] lstrcmpW (lpString1="RecordedTV.library-ms", lpString2="LOLKEK.txt") returned 1 [0054.922] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 51 [0054.922] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd0) returned 0x3cbe3f0 [0054.922] lstrcpyW (in: lpString1=0x3cbe3f0, lpString2="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" [0054.922] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.922] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.922] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 0 [0054.922] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0054.922] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Libraries\\LOLKEK.txt") returned 40 [0054.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\LOLKEK.txt" (normalized: "c:\\users\\public\\libraries\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0054.923] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0054.923] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0054.923] CloseHandle (hObject=0x23c) returned 1 [0054.923] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0054.923] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Music", cAlternateFileName="")) returned 1 [0054.923] lstrcmpiW (lpString1="Music", lpString2="Windows") returned -1 [0054.923] lstrcmpiW (lpString1="Music", lpString2="Program Files") returned -1 [0054.923] lstrcmpiW (lpString1="Music", lpString2="Program Files (x86)") returned -1 [0054.923] lstrcmpiW (lpString1="Music", lpString2="$Recycle.bin") returned 1 [0054.923] lstrcmpiW (lpString1="Music", lpString2="System Volume Information") returned -1 [0054.923] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0054.923] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0054.923] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music") returned 25 [0054.923] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0054.923] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music") returned="\\\\?\\C:\\Users\\Public\\Music" [0054.923] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Music", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\*") returned="\\\\?\\C:\\Users\\Public\\Music\\*" [0054.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0054.924] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.924] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.924] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.924] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.924] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.924] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.924] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.924] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.924] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.924] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.924] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.924] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.924] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.924] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.924] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.924] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.924] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.924] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.924] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.924] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.924] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.924] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.924] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini") returned 37 [0054.924] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.924] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.924] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini") returned 37 [0054.924] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x98) returned 0x3dd8c60 [0054.924] lstrcpyW (in: lpString1=0x3dd8c60, lpString2="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Music\\desktop.ini" [0054.924] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.924] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.924] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0054.924] lstrcmpiW (lpString1="Sample Music", lpString2="Windows") returned -1 [0054.924] lstrcmpiW (lpString1="Sample Music", lpString2="Program Files") returned 1 [0054.924] lstrcmpiW (lpString1="Sample Music", lpString2="Program Files (x86)") returned 1 [0054.924] lstrcmpiW (lpString1="Sample Music", lpString2="$Recycle.bin") returned 1 [0054.924] lstrcmpiW (lpString1="Sample Music", lpString2="System Volume Information") returned -1 [0054.924] lstrcmpiW (lpString1="Sample Music", lpString2=".") returned 1 [0054.924] lstrcmpiW (lpString1="Sample Music", lpString2="..") returned 1 [0054.924] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music") returned 38 [0054.924] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0054.925] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music" [0054.925] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*" [0054.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0054.936] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0054.936] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0054.936] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0054.936] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0054.936] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0054.936] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.936] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0054.936] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0054.936] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0054.936] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0054.936] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0054.936] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0054.936] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.936] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.936] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.936] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0054.936] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0054.936] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0054.936] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0054.936] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0054.936] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.936] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.936] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned 50 [0054.936] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0054.936] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0054.936] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned 50 [0054.936] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbe318 [0054.936] lstrcpyW (in: lpString1=0x3cbe318, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" [0054.936] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.936] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.936] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0054.936] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="Windows") returned -1 [0054.936] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="Program Files") returned -1 [0054.936] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="Program Files (x86)") returned -1 [0054.936] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="$Recycle.bin") returned 1 [0054.937] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="System Volume Information") returned -1 [0054.937] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".") returned 1 [0054.937] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="..") returned 1 [0054.937] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 50 [0054.937] StrStrIW (lpFirst="Kalimba.mp3", lpSrch=".lolkek") returned 0x0 [0054.937] lstrcmpW (lpString1="Kalimba.mp3", lpString2="LOLKEK.txt") returned -1 [0054.937] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 50 [0054.937] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xcc) returned 0x3cbe240 [0054.937] lstrcpyW (in: lpString1=0x3cbe240, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" [0054.937] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0054.966] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0054.966] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0054.966] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="Windows") returned -1 [0054.966] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="Program Files") returned -1 [0054.966] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="Program Files (x86)") returned -1 [0054.966] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="$Recycle.bin") returned 1 [0054.966] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="System Volume Information") returned -1 [0054.966] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".") returned 1 [0054.966] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="..") returned 1 [0054.966] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 68 [0054.966] StrStrIW (lpFirst="Maid with the Flaxen Hair.mp3", lpSrch=".lolkek") returned 0x0 [0054.966] lstrcmpW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="LOLKEK.txt") returned 1 [0054.966] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 68 [0054.966] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x114) returned 0x5fc018 [0054.966] lstrcpyW (in: lpString1=0x5fc018, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" [0054.966] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.023] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.023] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0055.023] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="Windows") returned -1 [0055.023] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="Program Files") returned 1 [0055.023] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="Program Files (x86)") returned 1 [0055.023] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="$Recycle.bin") returned 1 [0055.023] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="System Volume Information") returned -1 [0055.023] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".") returned 1 [0055.024] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="..") returned 1 [0055.024] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 53 [0055.024] StrStrIW (lpFirst="Sleep Away.mp3", lpSrch=".lolkek") returned 0x0 [0055.024] lstrcmpW (lpString1="Sleep Away.mp3", lpString2="LOLKEK.txt") returned 1 [0055.024] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 53 [0055.024] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cc0010 [0055.024] lstrcpyW (in: lpString1=0x3cc0010, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" [0055.024] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.116] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.116] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 0 [0055.116] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0055.116] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\LOLKEK.txt") returned 49 [0055.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\LOLKEK.txt" (normalized: "c:\\users\\public\\music\\sample music\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0055.118] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.118] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0055.118] CloseHandle (hObject=0x2a0) returned 1 [0055.118] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0055.118] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0055.118] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0055.118] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Music\\LOLKEK.txt") returned 36 [0055.118] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\LOLKEK.txt" (normalized: "c:\\users\\public\\music\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0055.119] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.119] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0055.120] CloseHandle (hObject=0x23c) returned 1 [0055.120] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0055.120] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0055.120] lstrcmpiW (lpString1="Pictures", lpString2="Windows") returned -1 [0055.120] lstrcmpiW (lpString1="Pictures", lpString2="Program Files") returned -1 [0055.120] lstrcmpiW (lpString1="Pictures", lpString2="Program Files (x86)") returned -1 [0055.120] lstrcmpiW (lpString1="Pictures", lpString2="$Recycle.bin") returned 1 [0055.120] lstrcmpiW (lpString1="Pictures", lpString2="System Volume Information") returned -1 [0055.120] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0055.120] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0055.120] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures") returned 28 [0055.120] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0055.120] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures") returned="\\\\?\\C:\\Users\\Public\\Pictures" [0055.120] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\*") returned="\\\\?\\C:\\Users\\Public\\Pictures\\*" [0055.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0055.120] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0055.120] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0055.120] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0055.120] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0055.120] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0055.120] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.120] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0055.120] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0055.121] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0055.121] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0055.121] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0055.121] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0055.121] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.121] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.121] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.121] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0055.121] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0055.121] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0055.121] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0055.121] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0055.121] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.121] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.121] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini") returned 40 [0055.121] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0055.121] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0055.121] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini") returned 40 [0055.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa4) returned 0x3cb17c8 [0055.121] lstrcpyW (in: lpString1=0x3cb17c8, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini" [0055.121] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.121] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.121] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0055.121] lstrcmpiW (lpString1="Sample Pictures", lpString2="Windows") returned -1 [0055.121] lstrcmpiW (lpString1="Sample Pictures", lpString2="Program Files") returned 1 [0055.121] lstrcmpiW (lpString1="Sample Pictures", lpString2="Program Files (x86)") returned 1 [0055.121] lstrcmpiW (lpString1="Sample Pictures", lpString2="$Recycle.bin") returned 1 [0055.121] lstrcmpiW (lpString1="Sample Pictures", lpString2="System Volume Information") returned -1 [0055.121] lstrcmpiW (lpString1="Sample Pictures", lpString2=".") returned 1 [0055.121] lstrcmpiW (lpString1="Sample Pictures", lpString2="..") returned 1 [0055.121] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures") returned 44 [0055.121] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0055.121] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures" [0055.121] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*" [0055.121] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0055.134] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0055.134] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0055.134] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0055.134] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0055.134] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0055.134] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.134] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0055.134] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0055.134] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0055.134] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0055.134] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0055.134] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0055.134] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.134] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.134] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0055.134] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="Windows") returned -1 [0055.134] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="Program Files") returned -1 [0055.134] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="Program Files (x86)") returned -1 [0055.134] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="$Recycle.bin") returned 1 [0055.134] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="System Volume Information") returned -1 [0055.134] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".") returned 1 [0055.134] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="..") returned 1 [0055.135] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 62 [0055.135] StrStrIW (lpFirst="Chrysanthemum.jpg", lpSrch=".lolkek") returned 0x0 [0055.135] lstrcmpW (lpString1="Chrysanthemum.jpg", lpString2="LOLKEK.txt") returned -1 [0055.135] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 62 [0055.135] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xfc) returned 0x3ec4758 [0055.135] lstrcpyW (in: lpString1=0x3ec4758, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" [0055.135] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.181] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.181] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0055.182] lstrcmpiW (lpString1="Desert.jpg", lpString2="Windows") returned -1 [0055.182] lstrcmpiW (lpString1="Desert.jpg", lpString2="Program Files") returned -1 [0055.182] lstrcmpiW (lpString1="Desert.jpg", lpString2="Program Files (x86)") returned -1 [0055.182] lstrcmpiW (lpString1="Desert.jpg", lpString2="$Recycle.bin") returned 1 [0055.182] lstrcmpiW (lpString1="Desert.jpg", lpString2="System Volume Information") returned -1 [0055.182] lstrcmpiW (lpString1="Desert.jpg", lpString2=".") returned 1 [0055.182] lstrcmpiW (lpString1="Desert.jpg", lpString2="..") returned 1 [0055.182] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 55 [0055.182] StrStrIW (lpFirst="Desert.jpg", lpSrch=".lolkek") returned 0x0 [0055.182] lstrcmpW (lpString1="Desert.jpg", lpString2="LOLKEK.txt") returned -1 [0055.182] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 55 [0055.182] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbc408 [0055.182] lstrcpyW (in: lpString1=0x3cbc408, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" [0055.182] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.387] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.387] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.387] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0055.387] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0055.387] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0055.387] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0055.387] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0055.388] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.388] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.388] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned 56 [0055.388] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0055.388] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0055.388] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned 56 [0055.388] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x3e371d8 [0055.388] lstrcpyW (in: lpString1=0x3e371d8, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" [0055.388] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.388] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.388] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0055.388] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="Windows") returned -1 [0055.388] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="Program Files") returned -1 [0055.388] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="Program Files (x86)") returned -1 [0055.388] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="$Recycle.bin") returned 1 [0055.388] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="System Volume Information") returned -1 [0055.388] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".") returned 1 [0055.388] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="..") returned 1 [0055.388] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 59 [0055.388] StrStrIW (lpFirst="Hydrangeas.jpg", lpSrch=".lolkek") returned 0x0 [0055.388] lstrcmpW (lpString1="Hydrangeas.jpg", lpString2="LOLKEK.txt") returned -1 [0055.388] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 59 [0055.388] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca7668 [0055.388] lstrcpyW (in: lpString1=0x3ca7668, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" [0055.388] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.388] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.388] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0055.388] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="Windows") returned -1 [0055.388] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="Program Files") returned -1 [0055.388] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="Program Files (x86)") returned -1 [0055.388] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="$Recycle.bin") returned 1 [0055.388] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="System Volume Information") returned -1 [0055.388] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".") returned 1 [0055.388] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="..") returned 1 [0055.388] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 58 [0055.388] StrStrIW (lpFirst="Jellyfish.jpg", lpSrch=".lolkek") returned 0x0 [0055.388] lstrcmpW (lpString1="Jellyfish.jpg", lpString2="LOLKEK.txt") returned -1 [0055.388] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 58 [0055.388] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xec) returned 0x3ca7760 [0055.388] lstrcpyW (in: lpString1=0x3ca7760, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" [0055.388] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.388] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.389] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0055.389] lstrcmpiW (lpString1="Koala.jpg", lpString2="Windows") returned -1 [0055.389] lstrcmpiW (lpString1="Koala.jpg", lpString2="Program Files") returned -1 [0055.389] lstrcmpiW (lpString1="Koala.jpg", lpString2="Program Files (x86)") returned -1 [0055.389] lstrcmpiW (lpString1="Koala.jpg", lpString2="$Recycle.bin") returned 1 [0055.389] lstrcmpiW (lpString1="Koala.jpg", lpString2="System Volume Information") returned -1 [0055.389] lstrcmpiW (lpString1="Koala.jpg", lpString2=".") returned 1 [0055.389] lstrcmpiW (lpString1="Koala.jpg", lpString2="..") returned 1 [0055.389] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 54 [0055.389] StrStrIW (lpFirst="Koala.jpg", lpSrch=".lolkek") returned 0x0 [0055.389] lstrcmpW (lpString1="Koala.jpg", lpString2="LOLKEK.txt") returned -1 [0055.389] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 54 [0055.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xdc) returned 0x3cbc7a8 [0055.389] lstrcpyW (in: lpString1=0x3cbc7a8, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" [0055.389] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.389] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.389] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0055.389] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="Windows") returned -1 [0055.389] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="Program Files") returned -1 [0055.389] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="Program Files (x86)") returned -1 [0055.389] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="$Recycle.bin") returned 1 [0055.389] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="System Volume Information") returned -1 [0055.389] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".") returned 1 [0055.389] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="..") returned 1 [0055.389] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 59 [0055.389] StrStrIW (lpFirst="Lighthouse.jpg", lpSrch=".lolkek") returned 0x0 [0055.389] lstrcmpW (lpString1="Lighthouse.jpg", lpString2="LOLKEK.txt") returned -1 [0055.389] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 59 [0055.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf0) returned 0x3ca83f8 [0055.389] lstrcpyW (in: lpString1=0x3ca83f8, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" [0055.389] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.389] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.389] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0055.389] lstrcmpiW (lpString1="Penguins.jpg", lpString2="Windows") returned -1 [0055.389] lstrcmpiW (lpString1="Penguins.jpg", lpString2="Program Files") returned -1 [0055.389] lstrcmpiW (lpString1="Penguins.jpg", lpString2="Program Files (x86)") returned -1 [0055.389] lstrcmpiW (lpString1="Penguins.jpg", lpString2="$Recycle.bin") returned 1 [0055.389] lstrcmpiW (lpString1="Penguins.jpg", lpString2="System Volume Information") returned -1 [0055.389] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".") returned 1 [0055.389] lstrcmpiW (lpString1="Penguins.jpg", lpString2="..") returned 1 [0055.389] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 57 [0055.389] StrStrIW (lpFirst="Penguins.jpg", lpSrch=".lolkek") returned 0x0 [0055.389] lstrcmpW (lpString1="Penguins.jpg", lpString2="LOLKEK.txt") returned 1 [0055.389] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 57 [0055.389] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe8) returned 0x3e374a8 [0055.389] lstrcpyW (in: lpString1=0x3e374a8, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" [0055.389] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.390] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.390] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0055.390] lstrcmpiW (lpString1="Tulips.jpg", lpString2="Windows") returned -1 [0055.390] lstrcmpiW (lpString1="Tulips.jpg", lpString2="Program Files") returned 1 [0055.390] lstrcmpiW (lpString1="Tulips.jpg", lpString2="Program Files (x86)") returned 1 [0055.390] lstrcmpiW (lpString1="Tulips.jpg", lpString2="$Recycle.bin") returned 1 [0055.390] lstrcmpiW (lpString1="Tulips.jpg", lpString2="System Volume Information") returned 1 [0055.390] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".") returned 1 [0055.390] lstrcmpiW (lpString1="Tulips.jpg", lpString2="..") returned 1 [0055.390] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 55 [0055.390] StrStrIW (lpFirst="Tulips.jpg", lpSrch=".lolkek") returned 0x0 [0055.390] lstrcmpW (lpString1="Tulips.jpg", lpString2="LOLKEK.txt") returned 1 [0055.390] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 55 [0055.390] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe0) returned 0x3cbc6c0 [0055.390] lstrcpyW (in: lpString1=0x3cbc6c0, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" [0055.390] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.390] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.390] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0055.390] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0055.390] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\LOLKEK.txt") returned 55 [0055.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\LOLKEK.txt" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0055.391] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.392] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0055.392] CloseHandle (hObject=0x2a0) returned 1 [0055.392] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0055.392] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0055.392] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0055.392] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Pictures\\LOLKEK.txt") returned 39 [0055.392] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\LOLKEK.txt" (normalized: "c:\\users\\public\\pictures\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0055.393] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.393] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0055.394] CloseHandle (hObject=0x23c) returned 1 [0055.394] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0055.394] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0055.394] lstrcmpiW (lpString1="Recorded TV", lpString2="Windows") returned -1 [0055.394] lstrcmpiW (lpString1="Recorded TV", lpString2="Program Files") returned 1 [0055.394] lstrcmpiW (lpString1="Recorded TV", lpString2="Program Files (x86)") returned 1 [0055.394] lstrcmpiW (lpString1="Recorded TV", lpString2="$Recycle.bin") returned 1 [0055.394] lstrcmpiW (lpString1="Recorded TV", lpString2="System Volume Information") returned -1 [0055.394] lstrcmpiW (lpString1="Recorded TV", lpString2=".") returned 1 [0055.394] lstrcmpiW (lpString1="Recorded TV", lpString2="..") returned 1 [0055.394] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV") returned 31 [0055.394] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0055.394] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV") returned="\\\\?\\C:\\Users\\Public\\Recorded TV" [0055.394] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\*") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\*" [0055.394] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0055.394] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0055.394] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0055.394] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0055.394] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0055.394] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0055.394] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.394] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0055.394] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0055.394] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0055.394] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0055.394] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0055.394] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0055.394] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.394] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.394] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.394] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0055.394] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0055.394] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0055.395] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0055.395] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0055.395] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.395] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.395] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini") returned 43 [0055.395] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0055.395] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0055.395] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini") returned 43 [0055.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xb0) returned 0x3ca9c28 [0055.395] lstrcpyW (in: lpString1=0x3ca9c28, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini" [0055.395] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.395] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.395] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0055.395] lstrcmpiW (lpString1="Sample Media", lpString2="Windows") returned -1 [0055.395] lstrcmpiW (lpString1="Sample Media", lpString2="Program Files") returned 1 [0055.395] lstrcmpiW (lpString1="Sample Media", lpString2="Program Files (x86)") returned 1 [0055.395] lstrcmpiW (lpString1="Sample Media", lpString2="$Recycle.bin") returned 1 [0055.395] lstrcmpiW (lpString1="Sample Media", lpString2="System Volume Information") returned -1 [0055.395] lstrcmpiW (lpString1="Sample Media", lpString2=".") returned 1 [0055.395] lstrcmpiW (lpString1="Sample Media", lpString2="..") returned 1 [0055.395] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media") returned 44 [0055.395] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0055.395] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media" [0055.395] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*" [0055.395] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0055.396] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0055.396] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0055.396] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0055.396] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0055.396] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0055.396] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.396] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0055.396] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0055.396] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0055.396] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0055.396] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0055.396] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0055.396] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.396] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.396] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.396] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0055.396] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0055.396] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0055.396] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0055.396] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0055.396] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.396] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.396] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned 56 [0055.396] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0055.396] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0055.396] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned 56 [0055.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe4) returned 0x3e37598 [0055.396] lstrcpyW (in: lpString1=0x3e37598, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" [0055.396] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.396] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.396] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0055.396] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="Windows") returned -1 [0055.396] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="Program Files") returned 1 [0055.396] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="Program Files (x86)") returned 1 [0055.396] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="$Recycle.bin") returned 1 [0055.396] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="System Volume Information") returned 1 [0055.396] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".") returned 1 [0055.396] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="..") returned 1 [0055.396] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 74 [0055.396] StrStrIW (lpFirst="win7_scenic-demoshort_raw.wtv", lpSrch=".lolkek") returned 0x0 [0055.396] lstrcmpW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="LOLKEK.txt") returned 1 [0055.396] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 74 [0055.396] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12c) returned 0x3ca73d0 [0055.397] lstrcpyW (in: lpString1=0x3ca73d0, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" [0055.397] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.397] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.397] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0055.397] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0055.397] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\LOLKEK.txt") returned 55 [0055.397] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\LOLKEK.txt" (normalized: "c:\\users\\public\\recorded tv\\sample media\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0055.397] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.397] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0055.398] CloseHandle (hObject=0x2a0) returned 1 [0055.398] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0055.398] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0055.398] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0055.398] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Recorded TV\\LOLKEK.txt") returned 42 [0055.398] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\LOLKEK.txt" (normalized: "c:\\users\\public\\recorded tv\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0055.398] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.398] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0055.399] CloseHandle (hObject=0x23c) returned 1 [0055.399] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0055.399] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 1 [0055.399] lstrcmpiW (lpString1="Videos", lpString2="Windows") returned -1 [0055.399] lstrcmpiW (lpString1="Videos", lpString2="Program Files") returned 1 [0055.399] lstrcmpiW (lpString1="Videos", lpString2="Program Files (x86)") returned 1 [0055.399] lstrcmpiW (lpString1="Videos", lpString2="$Recycle.bin") returned 1 [0055.399] lstrcmpiW (lpString1="Videos", lpString2="System Volume Information") returned 1 [0055.399] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0055.399] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0055.399] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos") returned 26 [0055.399] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x3bd0048 [0055.399] lstrcpyW (in: lpString1=0x3bd0048, lpString2="\\\\?\\C:\\Users\\Public\\Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos") returned="\\\\?\\C:\\Users\\Public\\Videos" [0055.399] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Videos", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\*") returned="\\\\?\\C:\\Users\\Public\\Videos\\*" [0055.399] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\*", lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e498 [0055.399] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0055.399] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0055.399] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0055.400] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0055.400] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0055.400] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.400] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0055.400] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0055.400] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0055.400] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0055.400] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0055.400] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0055.400] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.400] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.400] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.400] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0055.400] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0055.400] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0055.400] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0055.400] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0055.400] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.400] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.400] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini") returned 38 [0055.400] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0055.400] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0055.400] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini") returned 38 [0055.400] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x9c) returned 0x3cafa58 [0055.400] lstrcpyW (in: lpString1=0x3cafa58, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini" [0055.400] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.400] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.400] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0055.400] lstrcmpiW (lpString1="Sample Videos", lpString2="Windows") returned -1 [0055.400] lstrcmpiW (lpString1="Sample Videos", lpString2="Program Files") returned 1 [0055.400] lstrcmpiW (lpString1="Sample Videos", lpString2="Program Files (x86)") returned 1 [0055.400] lstrcmpiW (lpString1="Sample Videos", lpString2="$Recycle.bin") returned 1 [0055.400] lstrcmpiW (lpString1="Sample Videos", lpString2="System Volume Information") returned -1 [0055.400] lstrcmpiW (lpString1="Sample Videos", lpString2=".") returned 1 [0055.400] lstrcmpiW (lpString1="Sample Videos", lpString2="..") returned 1 [0055.400] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos") returned 40 [0055.400] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x10000) returned 0x5ec010 [0055.400] lstrcpyW (in: lpString1=0x5ec010, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos" [0055.400] lstrcatW (in: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\*" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*" [0055.400] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x62e258 [0055.401] lstrcmpiW (lpString1=".", lpString2="Windows") returned -1 [0055.401] lstrcmpiW (lpString1=".", lpString2="Program Files") returned -1 [0055.401] lstrcmpiW (lpString1=".", lpString2="Program Files (x86)") returned -1 [0055.401] lstrcmpiW (lpString1=".", lpString2="$Recycle.bin") returned 1 [0055.401] lstrcmpiW (lpString1=".", lpString2="System Volume Information") returned -1 [0055.401] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.401] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0055.401] lstrcmpiW (lpString1="..", lpString2="Windows") returned -1 [0055.401] lstrcmpiW (lpString1="..", lpString2="Program Files") returned -1 [0055.401] lstrcmpiW (lpString1="..", lpString2="Program Files (x86)") returned -1 [0055.401] lstrcmpiW (lpString1="..", lpString2="$Recycle.bin") returned 1 [0055.401] lstrcmpiW (lpString1="..", lpString2="System Volume Information") returned -1 [0055.401] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.401] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.401] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.401] lstrcmpiW (lpString1="desktop.ini", lpString2="Windows") returned -1 [0055.401] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files") returned -1 [0055.401] lstrcmpiW (lpString1="desktop.ini", lpString2="Program Files (x86)") returned -1 [0055.401] lstrcmpiW (lpString1="desktop.ini", lpString2="$Recycle.bin") returned 1 [0055.401] lstrcmpiW (lpString1="desktop.ini", lpString2="System Volume Information") returned -1 [0055.401] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.401] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.401] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned 52 [0055.401] StrStrIW (lpFirst="desktop.ini", lpSrch=".lolkek") returned 0x0 [0055.401] lstrcmpW (lpString1="desktop.ini", lpString2="LOLKEK.txt") returned -1 [0055.401] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned 52 [0055.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd4) returned 0x3cc00f0 [0055.401] lstrcpyW (in: lpString1=0x3cc00f0, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" [0055.401] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.401] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.401] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0055.401] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="Windows") returned -1 [0055.401] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="Program Files") returned 1 [0055.401] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="Program Files (x86)") returned 1 [0055.401] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="$Recycle.bin") returned 1 [0055.401] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="System Volume Information") returned 1 [0055.401] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".") returned 1 [0055.401] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="..") returned 1 [0055.401] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 53 [0055.401] StrStrIW (lpFirst="Wildlife.wmv", lpSrch=".lolkek") returned 0x0 [0055.401] lstrcmpW (lpString1="Wildlife.wmv", lpString2="LOLKEK.txt") returned 1 [0055.401] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 53 [0055.401] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd8) returned 0x3cbff30 [0055.401] lstrcpyW (in: lpString1=0x3cbff30, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" [0055.401] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0055.401] ReleaseSemaphore (in: hSemaphore=0xac, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0055.402] FindNextFileW (in: hFindFile=0x62e258, lpFindFileData=0x363ee8c | out: lpFindFileData=0x363ee8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0055.402] FindClose (in: hFindFile=0x62e258 | out: hFindFile=0x62e258) returned 1 [0055.402] wsprintfW (in: param_1=0x5ec010, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\LOLKEK.txt") returned 51 [0055.402] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\LOLKEK.txt" (normalized: "c:\\users\\public\\videos\\sample videos\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0055.402] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.402] WriteFile (in: hFile=0x2a0, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363ee84, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363ee84*=0x10, lpOverlapped=0x0) returned 1 [0055.403] CloseHandle (hObject=0x2a0) returned 1 [0055.403] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5ec010 | out: hHeap=0x5a0000) returned 1 [0055.403] FindNextFileW (in: hFindFile=0x62e498, lpFindFileData=0x363f10c | out: lpFindFileData=0x363f10c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0055.403] FindClose (in: hFindFile=0x62e498 | out: hFindFile=0x62e498) returned 1 [0055.403] wsprintfW (in: param_1=0x3bd0048, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\Videos\\LOLKEK.txt") returned 37 [0055.403] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\LOLKEK.txt" (normalized: "c:\\users\\public\\videos\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0055.403] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.403] WriteFile (in: hFile=0x23c, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f104, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f104*=0x10, lpOverlapped=0x0) returned 1 [0055.404] CloseHandle (hObject=0x23c) returned 1 [0055.404] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x3bd0048 | out: hHeap=0x5a0000) returned 1 [0055.404] FindNextFileW (in: hFindFile=0x62d918, lpFindFileData=0x363f38c | out: lpFindFileData=0x363f38c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Videos", cAlternateFileName="")) returned 0 [0055.404] FindClose (in: hFindFile=0x62d918 | out: hFindFile=0x62d918) returned 1 [0055.404] wsprintfW (in: param_1=0x5fc600, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\Public\\LOLKEK.txt") returned 30 [0055.404] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\LOLKEK.txt" (normalized: "c:\\users\\public\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x250 [0055.404] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.404] WriteFile (in: hFile=0x250, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f384, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f384*=0x10, lpOverlapped=0x0) returned 1 [0055.405] CloseHandle (hObject=0x250) returned 1 [0055.405] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5fc600 | out: hHeap=0x5a0000) returned 1 [0055.405] FindNextFileW (in: hFindFile=0x62d8d8, lpFindFileData=0x363f60c | out: lpFindFileData=0x363f60c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5a38f0, cFileName="Public", cAlternateFileName="")) returned 0 [0055.405] FindClose (in: hFindFile=0x62d8d8 | out: hFindFile=0x62d8d8) returned 1 [0055.405] wsprintfW (in: param_1=0x61c748, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\Users\\LOLKEK.txt") returned 23 [0055.405] CreateFileW (lpFileName="\\\\?\\C:\\Users\\LOLKEK.txt" (normalized: "c:\\users\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0055.406] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.406] WriteFile (in: hFile=0x144, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f604, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f604*=0x10, lpOverlapped=0x0) returned 1 [0055.406] CloseHandle (hObject=0x144) returned 1 [0055.406] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x61c748 | out: hHeap=0x5a0000) returned 1 [0055.407] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0055.407] lstrcmpiW (lpString1="Windows", lpString2="Windows") returned 0 [0055.407] FindNextFileW (in: hFindFile=0x5c1f68, lpFindFileData=0x363f88c | out: lpFindFileData=0x363f88c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0055.407] FindClose (in: hFindFile=0x5c1f68 | out: hFindFile=0x5c1f68) returned 1 [0055.407] wsprintfW (in: param_1=0x5c9e88, param_2="%ls\\%ls" | out: param_1="\\\\?\\C:\\LOLKEK.txt") returned 17 [0055.407] CreateFileW (lpFileName="\\\\?\\C:\\LOLKEK.txt" (normalized: "c:\\lolkek.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0055.408] lstrlenA (lpString="LOL\nNNNNNNNN\nKEK") returned 16 [0055.408] WriteFile (in: hFile=0x140, lpBuffer=0x30b33c*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x363f884, lpOverlapped=0x0 | out: lpBuffer=0x30b33c*, lpNumberOfBytesWritten=0x363f884*=0x10, lpOverlapped=0x0) returned 1 [0055.410] CloseHandle (hObject=0x140) returned 1 [0055.410] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5c9e88 | out: hHeap=0x5a0000) returned 1 Thread: id = 17 os_tid = 0x938 Thread: id = 18 os_tid = 0x978 Thread: id = 19 os_tid = 0x9d8 Thread: id = 20 os_tid = 0xa4c